I have been looking for a custom firmware for this router...but haven't found anything on the net! Microsofts firmware for this thing SUCKS! But I think it could be an awesome router with the right firmware. (great signal and range). I knew it was a broadcom, so I took a few snaps of the innards to see if it was another router branded with the "microsoft" name.
http://scatcat.fhsu.edu/~cmhansen/router.jpg
http://web.archive.org/web/20070124180629im_/http://scatcat.fhsu.edu/~cmhansen/router.jpg

sure enough, the Microsoft name is on the PCB...but all the chips look very standard...like they could run Linux!

Here is the radio (wireless card):
http://scatcat.fhsu.edu/~cmhansen/radio.jpg
http://web.archive.org/web/20060628064410im_/http://scatcat.fhsu.edu/~cmhansen/radio.jpg

PLEASE let me know if you find ANY compatible firmware for this thing...even if it is a stock netgear/buffalo/etc. Stock Linksys wouldn't be bad. Most of all, I want to enable wireless bridge/AP Client mode. Please email me if you find out anything
email me (chuckman@gmx.net)
Thanks
Chuck

to me it looks very familair to the WL500g, if you are willing to risk you can try to flash a custom WL500g or WLHDD firmware into it

but you should not do this when you are not familair recovering the unit from dead

Linksys firmware will not run, cause it uses different design for ethernet ports. Asus, Belkin, Buffalo firmwares are potentially able to run. Openwrt also.
Are you familar with hardware? Your device has JTAG port, so you could save current flash content (to analyze bootloader - one option is really make sense) and then flash whatever you want. This is risk free.

I don't know what kind of pinout the jtag has...could you point me to a site that gives the pinout? I assume I just have to solder a DB-9 cable to the jtag header with the right pinout. If you could help me with that and saving the firmware, I could email it to you for analysis (since I don't know what I'm looking for in the firmware) Soldering is no biggie for me. (don't tell M$ since its Windows CE :)
Chuck

http://openwince.sourceforge.net/jtag/iPAQ-3600/

Scrolling down through the article, the hack got this simple cable to work on his ipaq. Of course, my JTAG is 12pin, not 10pin. I assume the pinout is the same??? And can someone point the flash chip out on this thing? (maybe under the wireless card)....the software on the site says it supports intel or amd flash chips...maybe it would work.

It has 16MB RAM, and im guessing 4MB flash (M$ can't fit CE on less than that im guessing)

Chips seem to be the same, minus the layout.

So I wonder if there is any opperational difference between this and an Asus WL500g...

Also, the BCM4702 natively supports USB...so I can add a usb port to this router? Maybe someone can figure out the connections to do such a thing

http://openwince.sourceforge.net/jtag/iPAQ-3600/

Scrolling down through the article, the hack got this simple cable to work on his ipaq. Of course, my JTAG is 12pin, not 10pin. I assume the pinout is the same??? And can someone point the flash chip out on this thing? (maybe under the wireless card)....the software on the site says it supports intel or amd flash chips...maybe it would work.

Check this:
http://www.openwrt.org/forum/viewtopic.php?t=647



It has 16MB RAM, and im guessing 4MB flash (M$ can't fit CE on less than that im guessing)

Chips seem to be the same, minus the layout.

So I wonder if there is any opperational difference between this and an Asus WL500g...

The difference are in GPIO mappings (this includes LEDs, reset buttons, etc...).

I have the cable made, but have been looking for easy to use, compatible software. What JTAG programs are best for the BCM4702? For Windows?

well, you need linux box and the package from the above link, which supports access based on the ejtag specs. to my knoweledge broadcom does not publically release any detailed specs for the bcm47xx.

Thanks for the link to the pdf!

I am trying to run the wrt54g flash tool on windows under Cygwin, but I can't figure out how to compile it. I don't know much about Linux either, that is why I was trying to find a jtag flashing program for windows. Is there a link to a pre-compiled version? I assume I can't just compile it under any C compiler since it was written to be compiled under Linux.

Im a newb when it comes to using Unix and Linux. :confused:

this program uses direct access to printer port, so you should use real linux for this to work. You could try distros like Knoppix, which are booting right from CD. As for compiling - just decompress the zip and type "make".

Thanks for steering me clear of Cygwin for this project! The "make" command was absent from cygwin (or I wasn't using it right???). I compiled the source without a hitch in Knoppix, and ran it (gave me the options), but after running -backup:wholeflash (with options) it said something of the sort "access to port0 not allowed". So I thought AH root user! So I read im supposed to use su and that loggs me on as root. So I do, browse to the Desktop folder, type DIR and enter, and I see the wrt54g exe I compiled. So I simply type "wrt54g" and hit enter like I had before and it said "FIle not found".

Maybe I need to be logged into desktop as "root" instead of "knoppix"
How do I do that?

How do I gain access to read/write to hard drive/flash drive in Knoppix?

As soon as I get this figured out, I will try to flash. I noticed in the c code, his program does a check for a BCM47xx processor and displays an error if one isn't found. So hopefully this bit of code works on the MN700 BCM4702.

I know I gotta be doing something stupid...

Thanks,
Chuck

hi! so any news so far? I've yet another guy, which is trying to get wl500g running, so far he was able to download entire flash, but bootloaded looks like corrupted.
I suspect problems with his cable.
So, I'm looking for your whole flash.

Your problems is probably due to loaded lp module - try doing
lsmod
and if it's there - rmmod lp, then run it again.

Good point on device access/ 1p module. I will try to disable the module if running.

Is that what is causing "file not found" when I try to run the exe under root?
It runs ok otherwise. (but no access to parallel port...which could be fixed by what you are saying, so I wouldn't have to worry about running it as root)

I am confident my cable is good as I have checked/double checked it, and I have made cables before too. I made it overly short--with cat5 too boot--, which probably wasn't needed, but should ensure a good connection (and it looks nice :)

I should be able to dink around with it tomorrow. I will keep you posted and thanks for the good help.
Chuck

well, looks like your problem is that it should be launched like this: ./wrt54g, not just wrt54g, i.e. you should prepend path to the name.
Please try to extract current flash (I have one, but bootloaded seems to be corrupted, other parts could be identified - non-volatile params, registry, runtime image). Also, upgrade to latest microsoft firmware, so it would be possible to identify firmware parts in the flash.

I wonder why knoppix ran just "wrt54g" fine under the knoppix user, as I didn't have to typ ./ infront. Well, I knew it had to be something stupid. I will try that and let you know where I get tomorrow.

My MN700 is updated, (as I was hoping to see AP client mode in it) and I will see about saving a copy of the fw. I wonder if there is another possible source of the corruption besides his cable...different flash chip maybe? But if the program only depends on the BCM47xx, and if the BCM47xx has standard flash interface, I don't see a problem there, but this is purely a guess on my part.
Chuck

Got past the weird port error, but now...
Cable problemo...

According to this...
http://scatcat.fhsu.edu/~cmhansen/diag.jpg
http://web.archive.org/web/20060523021851im_/http://scatcat.fhsu.edu/~cmhansen/diag.jpg
and this...
http://scatcat.fhsu.edu/~cmhansen/connector.jpg
http://web.archive.org/web/20060523021851im_/http://scatcat.fhsu.edu/~cmhansen/connector.jpg
I made my connector completely right but completely wrong by pic # 2. I counted the pins on the top (12) and 13 on the bottom (db25) in his pic. According to the pinout, there are only supposed to be resistors @ pin 2,3,4 and 13, and pins 20 and 25 connected (ground) with a common wire. OK. Now on my db25, the 12 pins, when on top, are pins 14-25, from left to right. judging by his connector, since his 3 resistors are on the bottom left, the pins on his go from 1-13 on the bottom, right to left, and 14-25 on top, right to left. On mine, it is 1-13, LEFT TO RIGHT, and 14-25, LEFT TO RIGHT on top. Are db25 connectors for older serial cables labeled differently than for parallel ports? At first seeing the chip detection error, I thought "i'll check my cable". And I looked at his connector and HOLY CRAP mine is reversed. Im just ticked right now so im gonna maybe change my pinout to match his db25 tonight, or some other night. Im working on HW tomorrow so I might not mess wit it then. I didn't connect pins 1 and 11, as he said they are un-needed.
Any clue why we would have differently labeled pinouts on our db25's, besides maybe mine being for serial, his for parallel? I thought all db25's were standard.
Thanks,
Chuck

update...
cable updated. It looks like his now. It will take too long to try it tonight, I'll wait till tomorrow. (can I cancel it if it begins to read the flash?)

yes, you could cancel reading. btw, most of the time during the reading is spent in the code, which shows you fancy progress messages... You could change the code, so it will output progress every 256 bytes, not 16 as it doing now.

What tests can I run in Knoppix to verify my parallel port is running?
No lp module is loaded. After updating cable to match Sveasoft's, I get the same error (and the pwr WAS on the router). Otherwise, it should have worked. My mobo is an Nforce2, and I don't know if knoppix would have fits with it or not.

Me and a few others have been pushing for a hack on this router. The microsoft firmware doesn't seem to cut it. We asked sveasoft, right here http://www.dslreports.com/forum/remark,12466800~mode=flat

Also if someone can program in .NET, maybe they can provide modules?

"The Wireless Base Station MN-700 is powered by Windows® CE .NET 4.2,enabling Microsoft, its partners and other developers to create additional applications and benefits for customers"


Hopefully someone figures out a Hack!

this was a great router, and microsoft had a really slick interface for it. It is a crying shame they refused to fix the bugs.

Well, we've already 1.9.2.7-3c firmware running on this box. Minor cleanups are needed for both firmware and bootloader.

So this is doable, and already running for some? Will it be doable for the end user, or do we hack our way through to get it to work.

At the moment JTAG cable is required, but it's very simple. See above.
Probably it's also possible to reflash it directly from WinCE, but we've not tried this.

I am very intrested in this, dont have a jtag cable though. Hm, if flashing from WinCE were possible... This default Microsoft firmware just seems too buggy right now, it keeps freezing using bittorent or emule or something that creates lots of load for a long time. This work is truely wonderful :P

You need to build cable yourself, it's extremely cheap...
I do not have any plans to play with WinCE and original loader, this requires to much time and I do not have this unit at all. The only problem is that MS loader uses 192k of flash, while we're using 256k, so I'm not sure if MS firmware will accept larger loader image (this is the only part which needs to written, once done it will flash firmware itself).
Finally, the device is now works with WL-500g firmware. I've also prepared new bootloader image, which should be flashed via JTAG using Linux. I will post instructions later, including some info required to make application above to work with Macronix flash chip used in the MN-700.
To make this work I've remotely controlled guy, owning this unit, which has build jtag cable and gathered required info. So, now it just works. He has about 7 units, which would be flashed this way.
BTW, mn-700 is the most inexpensive unit in the USA ($35), which is based on the broadcom reference design and it could work with linux based firmwares now.

I bought this router because it was cheap, and used that broadcom chipset! Now does that bootloader stuff interfere with the working of the router while being updated with the JTAG? Well, I'm a novice at using JTAG cables and such, from what i've seen only it looks like serial port things (lack of better terms). Do you need special hardware, or just a PC a cable and the router. Also, if this firmware works, and it works well, will it be periodically updated, or just a one time flash and thats what you got. Sorry for all the questions, but I like information that I dont know, and it may come to benefit me :P

Now does that bootloader stuff interfere with the working of the router while being updated with the JTAG? Well, I'm a novice at using JTAG cables and such, from what i've seen only it looks like serial port things (lack of better terms). Do you need special hardware, or just a PC a cable and the router.

no special hardware required, just read pdf from the zip in the openwrt link above. Yes, you need PC with parallel port, cable and the router.


Also, if this firmware works, and it works well, will it be periodically updated, or just a one time flash and thats what you got. Sorry for all the questions, but I like information that I dont know, and it may come to benefit me :P
Yes, once you upgrade bootloader, you will then be able to use ANY ASUS WL-500g firmware including custom firmwares from this forum.
You need to use JTAG only once to flash bootloader. The bootloader itself is able to flash ANY firmware. Once done - you will have everything.

Alright thats about all I need to know, well I also wonder if the extra features like print server and webcam server will mess anything up, since the MN700 does not support that. I guess I'll just wait for instructions on how to do this! If not too much trouble too, if someone could post where to connect the jtag and how to make it, that'd help me, I'd like to say it'd help others too, but I maybe just misinformed! I do see some jtag stuff at the beginning of the thread, but naturally, I dont really understand some of it, only the basic concept, of cable to router, you run linux like knoppix. Soldering required?

Why not? All you need is a usb port(chips are the same), and maybe some minor mods. I remember reading the BCM4702 nativley supports USB. It might be as simple as soldering four wires to the board :) The mass storage aspect is quite appealing.
Anyway, I haven't tried to read the flash under Knoppix again. I don't see anything wrong with my cable, so I might try a true linux distro (or different computer??). If anyone knows a trick or two, let me know. My router is fine, it works still (but it STILL has windows on it) : ]

Oleg...thanks for the info! On your cable, is your VCC and TRST connected with a resistor? (pins 1 and 11 on JTAG, right?) I made mine without. Problem? I might have to wait for the detailed step by step :(
At least I feel like I have contributed a bit to the cause.

Excellent work!


Alright thats about all I need to know, well I also wonder if the extra features like print server and webcam server will mess anything up, since the MN700 does not support that, my guess is if you dont use it, it wont mess anything up! I guess I'll just wait for instructions on how to do this! If not too much trouble too, if someone could post where to connect the jtag and how to make it, that'd help me, I'd like to say it'd help others too, but I maybe just misinformed!

I did post the pinout for the jtag and serial. You should be able to make it just by looking at the picture and matching it up with the pinout. (what I had to do, as my db25 was labeled differently than the pinout for the db25 indicated)

this was a great router, and microsoft had a really slick interface for it. It is a crying shame they refused to fix the bugs.
Chupa will take off where M$ left it [to die]
my sentiments exactly! They could have at least added functioning AP client mode to the list of to-do's.
As for custom firmwares, I think the Asus was the answer right off the bat.

Oleg...thanks for the info! On your cable, is your VCC and TRST connected with a resistor? (pins 1 and 11 on JTAG, right?) I made mine without. Problem? I might have to wait for the detailed step by step :(

No, this pins are stays disconnected, so your cable is right.
Were you able to detect CPU?

It didn't detect the CPU. It listed possible causes, and one was a different chip version on the WRT54g. My cable was wrong at first (flipped from left to right), then I made it right. It's connected to the proper jtag pins (though I don't have a header on the jtag) My router still works ok. No lp module running
i'm stumped...but I am glad someone has been able to save the flash for you to look over. Sorry it's taking me so long just to get THIS far!

Well, no flash contents is needed at this time. This was needed just in case if you want to move back.
The CPU should be detected with no problems (but you need to play with pressing Enter and turning your device on). Check you cable once again...
The only minor modification is to change flash detection for Macronix and flash write function.
But you need to detect your CPU first. At first there was some detection problems, but this was cable related - it should be really short (finally that guy ended up with 25 inch long cable made of CAT5 twisted pair, althought he had problems with reading - it's still noisy). Also you may want to remove resistor which is coming to LPT pin 13 - mn-700 already has 470 ohm here.
which id your cable returns for cpu?

My cable is almost exaclty 25 inches also.
the cpu id I was getting was the exact same as if it wasn't plugged in at all.
I will try again, playing with the timing and trying to remove the resistor.

if you get 0xffff as an id - then your cable is not correctly wired.

my ID I get is FFFFFFFF (ie all ones, 32 of em)
but...that is ONLY when loading 2.4 kernel and running under su (root)
When running under su in 2.6, I get
Failed to lock /dev/parport0: No such device or address
Like I say, I am new to Linux and might just need to config my parallel port.

without su :
Failed to open /dev/parport0: Permission Denied
on both 2.4 and 2.6 kernel.

That isn't a prob though, as su seems to be working for root access.
I have the wires connected properly on the jtag, according to the pinout (unless my jtag on my MN700 is "reversed" from left to right : )

Hm, this upgrade looks complicated, *sigh*. My router just crashed again too, bittorrent killed it or something, but at least I got Tom Clancy's Splinter Cell 3 - Chaos Theory Single Player demo!! All these cable problems, and for a person like me who hasn't done it before, things are sort of looking hopeless, hopefully things get sorted!

Maybe this would be useful. Anyways, could someone try to update the firmware with software, obviously someone who can restore it incase a major fault. Although I have no idea of how to do this, but you could replace the MSBNDownloader.exe's MN700_02.01.02.0590_EBOOT_REL16.BIN and MN700_02.01.02.0590_NK_REL16_COMP.BIN with the linux ones? Sure it isn't that easy, but probably not impossible. http://hri.sourceforge.net/hw/mn100/logbook.html

my ID I get is FFFFFFFF (ie all ones, 32 of em)
but...that is ONLY when loading 2.4 kernel and running under su (root)

ok, try connecting pin 13 to ground. Your readings should be 00000000, if it does not - you've not correctly numbered pins...

ok, try connecting pin 13 to ground. Your readings should be 00000000, if it does not - you've not correctly numbered pins...
That is what I did. My pins WERE numbered incorrectly on my db25, so I made my cable to look exaclty like the one in the photo from the debrick guide. I will double check connections at jtag. BTW, with 2.4 kernel, with nothing plugged into the parallel port, I get the same cpu ID, FFFFFFFF.
In 2.6 kernel, the program plain doesn't work with the parallel port. I get the "Failed to lock" error.

so, any ETA on the modified bootloader? I have one MN700 and i want to try it.

Hi! I have mn-700, JTAG cable ready and working (it detects processor), and jtag tools and wrt54g programs compiled and working on my linux box. So obviously I want to flash new firmware on my router. Can sameone answer this for me:

1. which of two (jtag or wrt54g) programs is better/more convenient to backup my original flash "just in case..." :)

2. someone wrote that bootloader and/or custom firmware for wl500g needs little modification, is this still true with firmware 1.9.2.7-4 (changelog states that it has basic support for mn-700) and if it needs mod. can someone give more info about what needs to be changed to the sources

3. and the most lame question (sorry). how to flash it?? I mean is the file wl500g-1.9.2.7-4.trx whole flash, kernel part or what, sorry but i just don't know. What would be the best procedure to flash this firmware to the router using either one of the programs i mentioned i have.

PLEASE HELP - THANKS IN ADVVANCE

so, any ETA on the modified bootloader? I have one MN700 and i want to try it.
As you can mention it's already available. :)

1. which of two (jtag or wrt54g) programs is better/more convenient to backup my original flash "just in case..." :)

I never heard of program called "jtag". :) Could you please provide a link to it? We've used wrt54g program for flashing unit (but we've modified it a bit to support MX flash chips).



2. someone wrote that bootloader and/or custom firmware for wl500g needs little modification, is this still true with firmware 1.9.2.7-4 (changelog states that it has basic support for mn-700) and if it needs mod. can someone give more info about what needs to be changed to the sources

You need to flash firmware independent bootloader. It's already available, just PM me with MAC address of your unit - I will need to encode it.



3. and the most lame question (sorry). how to flash it?? I mean is the file wl500g-1.9.2.7-4.trx whole flash, kernel part or what, sorry but i just don't know. What would be the best procedure to flash this firmware to the router using either one of the programs i mentioned i have.

PLEASE HELP - THANKS IN ADVVANCE
You need to flash bootloader using wrt54g program by issuing command like this


./wrt54g -flash:cfe

once done your unit will work just like wl500g unit does and you will be able to flash 1.9.2.7-4 (and future versions) wl500g firmware using Firmware Restoration Tool. You will no longer need to use JTAG then.

currently i'm getting this:

wrtjtag -flash:cfe /noreset


Probing bus...
CHIP ID: 00000100011100010000000101111111 (0471017F)
*** Found a Broadcom BCM4702 Rev 1 chip ***

Enabling Memory Writes...Done

Configuring Memory...Done


*** You Selected to Flash the CFE.BIN ***
=========================
Flashing Routine Started
=========================
Probing for AMD Flash...ID:(000000C2)... *** Unable to Locate AMD Flash Chip ***

i can backup the cfe/nvram/kernel fine. but it won't erase or flash.

using WRT54G EJTAG DeBrick Utility v2.2, win32 version. also if i don't use /noreset, it hangs after "Resetting processor...\nDone"

You need to adjust utility to support MX flash chips. There should be a check for 0x1 as an ID - you should add 0xc2 as one of the possibilities. Do you've source code?

ah, ok. i'll boot from linux and fix it source. thanks.

Once bootloader is correctly flashed, the power LED should start blinking with yellow indicating recovery mode. Use ASUS utility to upload 1.9.2.7-4 firmware. Once done, the unit should reboot, and the led should become yellow (bootloader), then it will be turned off by firmware and finally become green indicating that unit is completely booted with firmware.

ok, booted from a slackware installation cd and used the modified wrt54g binary (which i compiled on another box) to flash pmon.

after booting back from windows, the asus utility didn't see the device at first. rebooted the device. ping replys started coming back, but asus util still couldn't update.

so i just tftp'd the firmware and it's now working. hellooo, WL500!

fixing wrtjtag.exe

back up the file, and then open it with an hex editor. (ultraedit is good)

look for: 01 5E 74 14 68 B8 AA
replace with: 01 5E EB 14 68 B8 AA (replace the 74 with EB)

that removes the amd-flash check from wrtjtag.exe. so you can use it with the mn700.

by the way, that wrtjtag.exe i'm talking about is located at: http://www.ranvik.net/prosjekter-privat/jtag_for_wrt54g_og_wrt54gs/
just get it and replace the byte before using with mn700. (if you don't edit it, you won't be able to erase/write to flash. backup always works)

and everybody thank Oleg for the info and pmon images :)


edit: by the way, the win32 wrtjtag.exe is twice as slow compared to the linux "wrt54g" binary. (23 secs to go up 1% in win32, 11 secs in linux. also in windows if you set it to low priority or use some cpu power -like watching a movie while flashing-, it tends to hang sometimes.)

if asus flash util fails (in recovery mode), the appropriate way to flash is:

- open up a "ping -t 192.168.1.1" window
- get in recovery mode: power off, hold reset, power on, wait one second, release reset. the power led should start blinking slowly in orange.
- ping replys should start coming shortly. you can now close the ping window.
- run the asus flash util, select the firmware, hit upload (it will fail, just wait till it fails)
- close the flash util
- use a tftp client to upload the firmware. like this, in winxp: tftp.exe -i 192.168.1.1 put firmwareimage.trx
- wait a few (around 10, for example) seconds just to be safe

- if you are flashing an ASUS firmware, it won't self-boot. just plug the power off, and replug it. it should boot and the green leds should light up. (login from web with admin/admin)

- if you are flashing openwrt, it will take some time until the self-init is complete. do not turn the device off. and wait until you see the green leds come up. if everything goes OK, you should be able to telnet to the box. after logging in, reboot the box (via the "reboot" command, or by cycling power) so the filesystem is completely initialized. (firmware i used was: OpenWRT Experimental Generic JFFS2 4MB ( http://openwrt.org/downloads/experimental/bin/openwrt-generic-jffs2-4MB.trx))

fixing wrtjtag.exe

back up the file, and then open it with an hex editor. (ultraedit is good)

look for: 01 5E 74 14 68 B8 AA
replace with: 01 5E EB 14 68 B8 AA (replace the 74 with EB)

that removes the amd-flash check from wrtjtag.exe. so you can use it with the mn700.

by the way, that wrtjtag.exe i'm talking about is located at: http://www.ranvik.net/prosjekter-privat/jtag_for_wrt54g_og_wrt54gs/
just get it and replace the byte before using with mn700. (if you don't edit it, you won't be able to erase/write to flash. backup always works)

and everybody thank Oleg for the info and pmon images :)


edit: by the way, the win32 wrtjtag.exe is twice as slow compared to the linux "wrt54g" binary. (23 secs to go up 1% in win32, 11 secs in linux. also in windows if you set it to low priority or use some cpu power -like watching a movie while flashing-, it tends to hang sometimes.)
if possible please include the (altered) util in your post so other people can use it as well

the modified wrtjtag-modified.exe along with the required files to run it is attached. you would still want to read HairyDairyMaid_WRT54G_v2_DeBrick_Guide.pdf first, which is available in several places, including the above url.

ok, booted from a slackware installation cd and used the modified wrt54g binary (which i compiled on another box) to flash pmon.

after booting back from windows, the asus utility didn't see the device at first. rebooted the device. ping replys started coming back, but asus util still couldn't update.

so i just tftp'd the firmware and it's now working. hellooo, WL500!
The reason for that is what your PC has multiple network interfaces. ASUS utility is buggy so it could not handle this.

The reason for that is what your PC has multiple network interfaces. ASUS utility is buggy so it could not handle this.

i even tried disabling all the extra interfaces with no luck. anyway, openwrt kernel doesn't recognize the radio, (tho it's kinda working anyhow, captured it's beacon signal via another AP running kismet) do you exactly know what steps to take (in the openwrt source tree, prolly just kernel configuration) to get it running?

also, what does the "Basic MN-700 support" you added to the latest firmware consist of? i'm too lazy and tired to fetch both versions and do a diff, maybe you can sum it up for us?

i even tried disabling all the extra interfaces with no luck. anyway, openwrt kernel doesn't recognize the radio, (tho it's kinda working anyhow, captured it's beacon signal via another AP running kismet) do you exactly know what steps to take (in the openwrt source tree, prolly just kernel configuration) to get it running?

I've no idea.



also, what does the "Basic MN-700 support" you added to the latest firmware consist of? i'm too lazy and tired to fetch both versions and do a diff, maybe you can sum it up for us?
LED and RESTORE button support (this is hw dependent).

Just wanted to let you know that after few tries I was able to flash new firmware to my mn700

Right now I'm using 1.9.2.7-4 customized firmware and it's working great.

NOTE to anyone trying to make it work:
YOUR CABLE CAN'T BE LONGER THAN 20-25 cm!!!!!!!!!!!!!!!

At first my was a little longer and I was able to flash new bootloader.... but it just didn't work. And I tried it many times - believe me it's very annoying. But once I cut my cable almost in half - one flashing was enough. The rest is very easy just as it is explained in forum. IMHO it's worth it :))))

THANKS TO OLEG FOR BOOTLOADER AND FIRMWARE!

Woo, the stuff works :P I think......someone should send me a cable lol.

EDIT: OK, that's better.

Cool! Nice work you guys. But... don't you think this thread should be somewhere else? I can't imagine anyone looking for it would think of it being here.

tomilius, this forum is directly linked from google :P so people know where to find it!

NEWBIE so please don't chew me alive!

There is a hack for mn700 now? Can you please describe the process in short as I don't quite get it (yes I read all 61 posts before mine twice over).

Second, what does the new firmware people are putting on it do as it is not mentioned and I would like to know the benefits of such firmware.

Thanks a mil,

Rico

the mn700 seems to reboot whenever i try to transfer something via the wireless interface. after 4 or 5 megabytes transferred, it reboots. probably kernel panic. (and can't attach a serial to see what's going on because they didn't include the uart)

tried with the latest Oleg firmware and the latest (Mar28) OpenWrt experimental, same result.

also the unit sometimes reboots itself (sometimes 1-3 times per hour) whenever I use it or not. disabled the radio and it didn't reboot then.

any recommendations? other mn700 owners having the same problems?

The same thing happens with wl500g as well, there seems to be wireless module issue. So, just wait for the next GPL ball from ASUS - it should contain an updated driver (1.9.3.5 binary has it).

I will try using the altered windows debrick utility Disq posted, and shorten my cable to 6" (currently 24"), that could have been one reason why I wasn't getting pwr to the par port--(FFFFFFFF) cpu id.

Also, would it be much trouble to write a script to code a specific MAC in the bootloader? Or hex editor replace instructions??? Also, the current firmware for the wl500g has the HW led and reset support for the mn700, right? Good work on the firmware!
Chuck

I will try using the altered windows debrick utility Disq posted, and shorten my cable to 6" (currently 24"), that could have been one reason why I wasn't getting pwr to the par port--(FFFFFFFF) cpu id.

Also, would it be much trouble to write a script to code a specific MAC in the bootloader? Or hex editor replace instructions??? Also, the current firmware for the wl500g has the HW led and reset support for the mn700, right? Good work on the firmware!
Chuck
FFFFFFFF means, that your cable is either disconnected or not correctly wired. As for bootloader - PM me your MAC address and I will prepare bootloader for you.
Yes, mn700 led and button are supported now.

I've read thru all of the posts on here regarding the MN-700, but it's kinda kludgy. Can somone post a decent step by step guide to flashing the firmware with either the wrt54g or wl500g stuff. Perhaps some specifics on the JTAG cable and what needs to be modified in the software.

Thanks!

Well, I found this page through google, which I've read through several times. It seems that I will have a little project on my hands playing with an old MN-700 my roomates and I replaced with a WRT54G.

As I hate to see hardware not be utilized, I figured perhaps we could do some sort of wireless bridge to the xbox across the house, only to find the MN-700 firmware doesn't support it. Hopefully I can figure this out, as this will be my first time working with jtag, but I have worked with soldering and reflashing small chips in some of my classes.

After I build my cable and start playing I am sure I will have some questions, but right now I'd just like to thank you guys for the work you've put into this!

First, thank you all for this great work.

After having build a jtag cable I tried to backup the whole flash. It seems that this worked, so I thought my cable should be ok. But when trying to flash the new cfe, I get a few (10-15) "ERROR ON READ". And when I backup the newly flashed cfe it differs from the file on disk and after powering on the device I can't tftp the new firmware. So I think something (flashing) isn't working yet. Is this a cable problem? My cable is around 8 cm and I used the v2.2 of the debrick util.
Anybody an idea?

Thanks!

flash the new cfe, I get a few (10-15) "ERROR ON READ". And when I backup the newly flashed cfe it differs from the file on disk and

that sometimes happened to me too, especially when i loaded the system (watching a movie etc) whilst flashing, and everytime i got that i had to restart (restart flashing). you might try using linux (you'll need to a) edit the source, remove the chiptype check and b) "insmod lp" before flashing)

Hi
I was wondering, would the pin trick (http://openwrt.org/OpenWrtDocs/Troubleshooting) work on the mn-700 with stock firmware/bootloader? If npt, guess I'll have to build a jtag cable soon ;-)

cheers
/Stig

Hi All
Just wanted to say that now (thanks to Oleg!) my MN-700 rouns the 1.9.2.7-5 firmware. Did the flashing from my Novell Linux Desktop installation on my old laptop. Had to make an alias for parport0 in modprobe.conf before it worked. Also, doing a telinit 1 made a lot of difference, as all flash attempts from runlevel 3/5 failed...

About the cable... THE PICTURES IN THE DEBRICK PDF ARE MIRRORED!!! Just pay attention to the pin diagrams, and youll be fine :-p

Now, how do i solder on a USB port? ;-)

cheers
/Stig

Now, how do i solder on a USB port? ;-)

Do you really need this? If so, post your system log (reboot first) and make a hi-res picture of the BCM4702 and surroundings on the top side of PCB and from the reverse side of PCB.

Well, the router is *so* much better than with the MS WinCE on it, so I'm quite happy as it is. Still, I wouldn't mind beeing able to hook my printer or a USB flashdisk up to it. It all depends on the risk involved in the process ;-) The top-side of the PCB is just like the picture in this thread, I'll see what I can do about the bottom PCB picture and the syslog when I get home.

cheers!
/Stig

Well, if you do not have experience in playing with hw, then it's risky.
I need a really hi-res picture to be able to read labels on the resistors. Picture from the first post is not so clear.

Well, I'm mostly a software guy, but I have done a bit of tinkering with hardware in the past. I'm afraid I can't produce pictures of proper quality of the PCB, perhaps someone else can help out here?

cheers!
/Stig

Here is the log...

Jan 1 01:00:04 syslogd started: BusyBox v1.00 (2005.05.11-18:29+0000)
Jan 1 01:00:04 dnsmasq[54]: started, version 2.17 cachesize 150
Jan 1 01:00:04 dnsmasq[54]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 24h
Jan 1 01:00:04 dnsmasq[54]: DHCP, /tmp/dnsmasq.log will be written every 28800s
Jan 1 01:00:04 dnsmasq[54]: read /etc/hosts - 5 addresses
Jan 1 01:00:04 dnsmasq[54]: reading /tmp/resolv.conf
Jan 1 01:00:04 kernel: MPPE/MPPC encryption/compression module registered
Jan 1 01:00:04 kernel: Amd/Fujitsu Extended Query Table v1.1 at 0x0040
Jan 1 01:00:04 kernel: Physically mapped flash: Swapping erase regions for broken CFI table.
Jan 1 01:00:04 kernel: number of CFI chips: 1
Jan 1 01:00:04 kernel: Flash device: 0x400000 at 0x1fc00000
Jan 1 01:00:04 kernel: Physically mapped flash: squashfs filesystem found at block 941
Jan 1 01:00:04 kernel: Creating 5 MTD partitions on "Physically mapped flash":
Jan 1 01:00:04 kernel: 0x00000000-0x00040000 : "pmon"
Jan 1 01:00:04 kernel: 0x00040000-0x003e0000 : "linux"
Jan 1 01:00:04 kernel: 0x000eb5b4-0x003e0000 : "rootfs"
Jan 1 01:00:04 kernel: 0x003f0000-0x00400000 : "nvram"
Jan 1 01:00:04 kernel: 0x003e0000-0x003f0000 : "config"
Jan 1 01:00:04 kernel: sflash: chipcommon not found
Jan 1 01:00:04 kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Jan 1 01:00:04 kernel: IP Protocols: ICMP, UDP, TCP
Jan 1 01:00:04 kernel: IP: routing cache hash table of 512 buckets, 4Kbytes
Jan 1 01:00:04 kernel: TCP: Hash tables configured (established 1024 bind 2048)
Jan 1 01:00:04 kernel: ip_conntrack version 2.1 (128 buckets, 1024 max) - 344 bytes per conntrack
Jan 1 01:00:04 kernel: ip_conntrack_pptp version 1.9 loaded
Jan 1 01:00:04 kernel: ip_nat_pptp version 1.5 loaded
Jan 1 01:00:04 kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jan 1 01:00:04 kernel: ipt_time loading
Jan 1 01:00:04 kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Jan 1 01:00:04 kernel: IPv6 v0.8 for NET4.0
Jan 1 01:00:04 kernel: IPv6 over IPv4 tunneling driver
Jan 1 01:00:04 kernel: NET4: Ethernet Bridge 008 for NET4.0
Jan 1 01:00:04 kernel: 802.1Q VLAN Support v1.7 Ben Greear <greearb@candelatech.com>
Jan 1 01:00:04 kernel: All bugs added by David S. Miller <davem@redhat.com>
Jan 1 01:00:04 kernel: FAT: bogus logical sector size 2560
Jan 1 01:00:04 kernel: FAT: bogus logical sector size 2560
Jan 1 01:00:04 kernel: NTFS: Unable to set blocksize 512.
Jan 1 01:00:04 kernel: VFS: Mounted root (squashfs filesystem) readonly.
Jan 1 01:00:04 kernel: Mounted devfs on /dev
Jan 1 01:00:04 kernel: Freeing unused kernel memory: 72k freed
Jan 1 01:00:04 kernel: Warning: unable to open an initial console.
Jan 1 01:00:04 kernel: Algorithmics/MIPS FPU Emulator v1.5
Jan 1 01:00:04 kernel: eth0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.90.7.0
Jan 1 01:00:04 kernel: eth1: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.90.7.0
Jan 1 01:00:04 kernel: PCI: Enabling device 01:01.0 (0004 -> 0006)
Jan 1 01:00:04 kernel: eth2: Broadcom BCM4325 802.11 Wireless Controller 3.90.23.0
Jan 1 01:00:04 kernel: device eth0 entered promiscuous mode
Jan 1 01:00:04 kernel: device eth2 entered promiscuous mode
Jan 1 01:00:04 kernel: br0: port 2(eth2) entering listening state
Jan 1 01:00:04 kernel: br0: port 1(eth0) entering listening state
Jan 1 01:00:04 kernel: br0: port 2(eth2) entering learning state
Jan 1 01:00:04 kernel: br0: port 1(eth0) entering learning state
Jan 1 01:00:04 kernel: br0: port 2(eth2) entering forwarding state
Jan 1 01:00:04 kernel: br0: topology change detected, propagating
Jan 1 01:00:04 kernel: br0: port 1(eth0) entering forwarding state
Jan 1 01:00:04 kernel: br0: topology change detected, propagating
Jan 1 01:00:05 kernel: usb.c: registered new driver usbdevfs
Jan 1 01:00:05 kernel: usb.c: registered new driver hub
Jan 1 01:00:05 kernel: usb-ohci.c: USB OHCI at membase 0xb8004000, IRQ 2
Jan 1 01:00:05 kernel: usb-ohci.c: usb-00:04.0, PCI device 14e4:4715
Jan 1 01:00:05 kernel: usb.c: new USB bus registered, assigned bus number 1
Jan 1 01:00:05 kernel: hub.c: USB hub found
Jan 1 01:00:05 kernel: hub.c: 2 ports detected
Jan 1 01:00:06 kernel: lp0: using parport0 (polling).
Jan 1 01:00:07 kernel: usb.c: registered new driver usblp
Jan 1 01:00:07 kernel: printer.c: v0.13: USB Printer Device Class driver
Jan 1 01:00:07 kernel: hub.c: new USB device 00:04.0-2, assigned address 2
Jan 1 01:00:07 kernel: usb.c: USB device not accepting new address=2 (error=-145)
Jan 1 01:00:07 kernel: hub.c: new USB device 00:04.0-2, assigned address 3
Jan 1 01:00:07 kernel: usb.c: USB device not accepting new address=3 (error=-145)
Jan 1 01:00:07 kernel: hub.c: new USB device 00:04.0-1, assigned address 4
Jan 1 01:00:07 kernel: usb.c: USB device not accepting new address=4 (error=-145)
Jan 1 01:00:08 kernel: hub.c: new USB device 00:04.0-1, assigned address 5
Jan 1 01:00:08 kernel: usb.c: USB device not accepting new address=5 (error=-145)
Jan 1 01:00:09 kernel: usb.c: registered new driver audio
Jan 1 01:00:09 kernel: audio.c: v1.0.0:USB Audio Class driver
Jan 1 01:00:09 kernel: Linux video capture interface: v1.00
Jan 1 01:00:10 udhcpc[80]: udhcpc (v0.9.9-pre) started
Jan 1 01:00:10 kernel: lp driver: get device ID
Jan 1 01:00:10 kernel: neg fail
Jan 1 01:00:11 dnsmasq[54]: read /etc/hosts - 5 addresses
Jan 1 01:00:11 dnsmasq[54]: reading /tmp/resolv.conf
Jan 1 01:00:11 dhcp client: deconfig: lease is lost
Jan 1 01:00:12 kernel: lp driver: get device ID
Jan 1 01:00:12 dropbear[94]: Running in background
Jan 1 01:00:12 kernel: neg fail
Jan 1 00:00:12 kernel: neg fail
Jan 1 00:00:12 kernel: lp driver: get device ID
Jan 1 00:00:12 kernel: neg fail
Jan 1 00:00:12 kernel: neg fail
Jan 1 00:00:13 udhcpc[80]: Lease of 10.0.0.3 obtained, lease time 259200
Jan 1 00:00:13 dnsmasq[54]: read /etc/hosts - 5 addresses
Jan 1 00:00:13 dnsmasq[54]: reading /tmp/resolv.conf
Jan 1 00:00:13 dnsmasq[54]: using nameserver 212.242.40.51#53
Jan 1 00:00:13 dnsmasq[54]: using nameserver 212.242.40.3#53
Jan 1 00:00:14 dhcp client: bound IP : 10.0.0.3 from 10.0.0.1
Jan 1 00:00:18 kernel: lp driver: get device ID
Jan 1 00:00:18 kernel: neg fail
Jan 1 00:00:18 kernel: neg fail
May 12 23:51:38 kernel: lp driver: get device ID
May 12 23:51:38 kernel: neg fail
May 12 23:51:38 kernel: neg fail
May 12 23:51:44 ntp client: Synchronizing time with time.nist.gov ...
May 12 23:51:44 kernel: lp driver: get device ID
May 12 23:51:44 kernel: neg fail
May 12 23:51:44 kernel: neg fail
May 12 23:51:50 kernel: lp driver: get device ID
May 12 23:51:50 kernel: neg fail
May 12 23:51:50 kernel: neg fail
May 12 23:51:56 kernel: lp driver: get device ID
May 12 23:51:56 kernel: neg fail
May 12 23:51:56 kernel: neg fail
May 12 23:52:02 kernel: lp driver: get device ID
May 12 23:52:02 kernel: neg fail
May 12 23:52:02 kernel: neg fail
May 12 23:52:08 kernel: lp driver: get device ID
May 12 23:52:08 kernel: neg fail
May 12 23:52:08 kernel: neg fail
May 12 23:52:14 kernel: lp driver: get device ID
May 12 23:52:14 kernel: neg fail
May 12 23:52:14 kernel: neg fail
May 12 23:52:20 kernel: lp driver: get device ID
May 12 23:52:20 kernel: neg fail
May 12 23:52:20 kernel: neg fail

Ok, you're out of luck then. It's seems USB port is not wired out of the chip.

No usb hardwired out of chip??? Maybe it's still mod-able??? Here are the pics just in case. Let me know which resistors you need to know the resistance of, cause it's still kinda hard to read.

http://scatcat.fhsu.edu/~cmhansen/front.JPG

http://scatcat.fhsu.edu/~cmhansen/back.JPG

I don't know if that helps...if not, I can delete this post since it takes up a bit of space : ].

Success!

For my first trials to flash I used the parallel port of my notebook. Both Linux and Windows tools didn't worked: the written cfe always differed from the binary I used to flash.
Today I tried it with an old Pentium using the Linux tool: it worked perfectly after 2 trials.

Maybe the notebook port isn't shielded enough and captures too much "interference".

Now, I use the latest firmware from Oleg's page and all seems to be fine :-)

Again, thank you for this great work!

Can someone just post the bootloader and how to modify it correctly. This is extremely inefficient if everyone has to PM Oleg to get a bootloader.

Specific questions I have

1. Where can I obtain the bootloader? (link please)

2. When modifying it does the MAC have to match the actual MAC of the MN-700 or the MAC I intend to use?

3. Once the MN-700 is updated with the new bootloader what utility do we use to update the firmware? (link if possible please)


Thanks for your help

Can someone just post the bootloader and how to modify it correctly. This is extremely inefficient if everyone has to PM Oleg to get a bootloader.

That's fine, and it's automated. So, just PM me MAC addresses. :)



Specific questions I have

1. Where can I obtain the bootloader? (link please)

2. When modifying it does the MAC have to match the actual MAC of the MN-700 or the MAC I intend to use?

You could use any MAC address of your choice.



3. Once the MN-700 is updated with the new bootloader what utility do we use to update the firmware? (link if possible please)
ASUS Firmware Restoration Tool, browse ASUS wl500g downloads section on their website for utilities.

Just wanted to post a reply on this thread thanking Oleg and all the other people that have posted info on this project, thanks oleg for the bootloader, excellent work on it BTW. I finally have my mn-700 running custom firmware, and it performs much better so far, haven't had much time to play with it yet though. It took me about 20 tries to get the bootloader installed, the wrtjtag-modified.exe kept hanging up during updates, but it eventually worked. I'm almost positive it had something to do with the configuration of my workstation. But, Nevertheless, it works now. Thanks for this thread. :)

Well, I am posting this message via wireless internet through my MN-700 that is now running the 1.9.2.7-5 firmware. Thanks to everyone with the info for this project, especially Oleg with the bootloader, it went rather smoothly.

It took me about 6 hours from cable assembly to connecting to the internet. I got my cable made right on the first try! It cost me about $5 in parts from the local electronics shop. It found the chip with no problems, although I thought something was wrong as it was freezing after "rebooting processor". I added the /noreset switch and it worked fine after that. I had to flash in Windows because I wasn't sure what to change in the source code for Linux.


There should be a check for 0x1 as an ID - you should add 0xc2 as one of the possibilities.
I am not sure what that means. I am new to Linux so even though I already flashed in windows, could someone explain this a little more in depth so I can learn?

Thanks again for this!

Since I am so grateful for the work put into this project and I like to give back the community, I will type a quick step-by-step guide for those that were asking for one.

This mod requires you to open your hardware and to solder on the board. If you are uncomfortable with desoldering/soldering or unwilling to risk frying your router in the process, this mod may not be for you. If you are like me and had one lying around because you upgraded the piece of crap with something better, then have at it.

There are really only three steps, but they are a little involved.

1) Build a JTAG cable
This is outlined in the earlier posts, but all you need to do is follow these diagrams:

http://oregonstate.edu/~byerss/Images/diag.jpg

http://oregonstate.edu/~byerss/Images/ref.jpg

You will need:
1 - Male DB-25 Connector (with solder cups)
4 - 100ohm resistors
1 - 5 to 12 wire ribbon cable (only 5 wires will be connected)
1 - 12 pin connector
1 - 12 pin header

The pictures of the actual cable in the pdf (http://oregonstate.edu/~byerss/programs/hairydairymaid_debrickv22.zip) posted earlier are reversed so just follow the diagram above. My DB-25 connector was labeled with pin numbers next to the solder cups. From the back (looking at the solder cups) it looked like:

http://oregonstate.edu/~byerss/Images/db25fem.gif

Once you open up the case of the MN-700, you will find the pin numbers for the JTAG port are printed on the board so it should be pretty easy to follow. The finished cable should be no longer than 25cm or about 10 inches, otherwise you will have too much noise in the line. You can use a parallel port extension cord to reach the back of your computer, but I just pulled out my computer and piled up some reams of paper to support the router while flashing.

The last thing, and most time consuming for myself, was to clean out the JTAG port holes on the board and solder in the 12-pin header. You need a soldering iron and either a solder sucker or solder braid to clean out the holes.

Once you have all of this done you are ready to move on to the next step.


2) Use cable to backup/flash bootloader

First you need to get a copy of the modified bootloader from Oleg. Send him a private message with your MAC address of the router and he will hook you up (and make sure you thank him).

Now you can use software either under Windows or Linux. Using a Linux distribution will flash about twice as fast compared to windows, but either work. Since I had to use Windows, as I am sure a lot of people will, I will outline that. First get a copy of your software, which I have mirrored.

Windows (http://oregonstate.edu/~byerss/programs/wrtjtag-modified.zip)
Linux (http://oregonstate.edu/~byerss/programs/wrt54g.zip)

In windows extract the zip to a known location. Then go to start > run and type "cmd" and hit enter. This brings up the command prompt. Browse to the directory you unzipped to and type "wrtjtag-modified" and hit enter. It will display all of the options and switches to use. For example you will want to backup your bootloader from the router in case you run into trouble. To do this type


wrtjtag-modified -backup:cfe /noreset
Connect the JTAG cable and plug in the power to the router, then hit enter. It will start to backup the bootloader. If you get an error you've built your cable wrong.

Next you need to flash the bootloader you obtained from Oleg. Place it in the directory you are running the program from and rename it to "cfe.BIN". Type


wrtjtag-modified -flash:cfe /noreset
Once you hit enter it will start flashing the new bootloader onto the router. If it completes successfully, continue on to the next step. The hard part is over.

3) Flash new firmware with ASUS firmware utility

Head on over to ASUS website and download the utilities package (http://www.asus.com.tw/pub/ASUS/wireless/WL-500g-03/Eng_1380.zip) for the WL-500. Included is a firmware restoration tool we will use to flash the new firmware. You will also need the firmware you are planning on using. I used the 1.9.2.7-5 firmware found on this website. You will also need to turn off all network devices except for the one needed to connect to the router (disable them in the device manager).

Install the ASUS utilities and open the firmware restoration tool. Click "Browse" to tell it where you downloaded your firmware to and hit "Open". To start the firmware update click on "Upload". Once completed you will have a brand new "WL-500g". Hope this helps! Good Luck!

Thanks to the great info I found here, I have managed to reflash my bootloader and firmware to a REAL OS. Who needs WinCE!? Linux rocks!

Now the sky is the limit, and I'd like to add a serial (can I add 2) port to my mn700, so I can adapt it to my home automation system. I haven't found any specific info on the mn700 (I might just not be looking in the right lace) serial ports.

Is the pinout the same as the wl500g? On the openwrt site they indicate you need to convert 3.3V to 12V with a MAX233A, but nothing more.

Can anyone provide any help?

Thanks!

Now the sky is the limit, and I'd like to add a serial (can I add 2) port to my mn700, so I can adapt it to my home automation system. I haven't found any specific info on the mn700 (I might just not be looking in the right lace) serial ports.

Is the pinout the same as the wl500g? On the openwrt site they indicate you need to convert 3.3V to 12V with a MAX233A, but nothing more.

It's not so simple. mn700 requires uart to be soldered on the back side of the PCB...

I'd be happy to do it, if only I knew which parts to use. Has it been done? Is the info available?

I'm willing to lend my MN700 to science

I'd be happy to do it, if only I knew which parts to use. Has it been done? Is the info available?

Unfortunatly no. Should be similar to wrt54g 1.x, which requires uart (read seattle wireless).

I have my MN700 (running the WL firmware) all configured and running fine. Now I configured it as an AP and I can't login to the web interface anymore? What have I done? How can I fix it? Reflash?

Thanks!

Edit:

Actually, I got it back... Somehow, it reverted to "DHCP" for it's IP address, I have no idea why. I reverted to static and voila... feel free to delete this post.

OK gang, I've been beating my head up on this for about 10 days now. I successfully got the CFE upgraded, but then couldn't get it to flash from the net (it would take the tftp image, but never seemed to flash it). many tries later, I've succeeded in fully bricking it (I think erasing the WHOLEFLASH.BIN was probably not a good idea). I get all four LAN lights green for ~2 sec on boot, then only a cable connected LAN light. No power lights at all.

I plan on rebuilding my cable thinking that it's flaked out somehow (it concerns me that backing up the CFE.BIN doesn't give me the same data as the CFE.BIN that I flashed). But in the mean time, anyone want to let me download a WHOLEFLASH.BIN backup? That would give me the option of rebuilding the whole thing with a known state (albeit that it would surely take ~12 hours to do so)....

Any other suggestions?

thanks again gang, while I'm stuck I am enjoying the challenge anyway.

-tv
narwhalDC @t gmail d.ot com

You do not need full flash. Just reflash cfe.bin (and check that flashed image is identical to file) and erase nvram.

I'm having a problem getting my DYNDNS Custom DNS host to update it's IP using Oleg's WL500g-1.9.2.7-6b.trx

In the logs, I get:
Jul 10 22:07:00 ddns update: connected to members.dyndns.org (63.208.196.94) on port 80.
Jul 10 22:07:00 ddns update: invalid hostname: myhostnamegoeshere.com

Is this supposed to work? I can get it to update no problem with $vea$oft's Talisman on a Linksys router.

EDIT:
I telneted to the box and used ez-ipupdate (which is what I assume is used for the DDNS updates), and can update my ip without problems:

Jul 10 23:31:06 ddns update: connected to members.dyndns.org (63.208.196.94) on port 80.
Jul 10 23:31:07 ddns update: request successful

Does anyone know what calls ez-ipupdate in the firmware? There must be a bug in there somewhere.

Hi
I would set it up in the webinterface(IP-config/miscellaneous). :D
Look :eek: at the attachment to see my config.

ACluk90

Hi
I would set it up in the webinterface(IP-config/miscellaneous). :D
Look :eek: at the attachment to see my config.

ACluk90

First, you are using DynDNS and I'm using DynDNS CUSTOM.

:rolleyes: I know how to and WOULD set it up from the web interface if it worked. But the reason I'm trying to do it manually is that it is not working from the web interface. I'm trying to figure out how the web interface translates into actual commands, so I can find what broken and get it fixed.

FYI, there another person with the same problem:
http://wl500g.info/showthread.php?t=2461

I'm having a problem getting my DYNDNS Custom DNS host to update it's IP using Oleg's WL500g-1.9.2.7-6b.trx

In the logs, I get:
Jul 10 22:07:00 ddns update: connected to members.dyndns.org (63.208.196.94) on port 80.
Jul 10 22:07:00 ddns update: invalid hostname: myhostnamegoeshere.com

Is this supposed to work? I can get it to update no problem with $vea$oft's Talisman on a Linksys router.

EDIT:
I telneted to the box and used ez-ipupdate (which is what I assume is used for the DDNS updates), and can update my ip without problems:

Jul 10 23:31:06 ddns update: connected to members.dyndns.org (63.208.196.94) on port 80.
Jul 10 23:31:07 ddns update: request successful

Does anyone know what calls ez-ipupdate in the firmware? There must be a bug in there somewhere.

How ez-update should be called for custom dns? I will then check rc sources...

How ez-update should be called for custom dns? I will then check rc sources...

I suspect it's a problem with the service-type. But I can update manually by typing:

ez-ipupdate -S dyndns-custom -u user:password -h mydomain.com -i the_pppoe_interface

Any luck with this Oleg? (Or simply not the time to look at it?).

This is the only thing missing for my perfect setup!

Worst case PM me the source, I'll have a look.

Sorry, I had no time to check this yet.

Ok, found it. Both static and custom was broken.
Fixed now.

Ok, found it. Both static and custom was broken.
Fixed now.

Where? where?? ;-)

Oleg, you rock!

Which unit you're using? wl500g or deluxe?

MN700 actually... :eek:

MN700 actually... :eek:
ok, wl500g then. :) I will try to prepare test version for you.

ok, wl500g then. :) I will try to prepare test version for you.

Where do I send the check? ;)

Just a quick thanks for the work on this project, which I did on one of my mn-700 this morning. hats off oleg,thanks.

will have another one to do, but for now let see how this performs this week.

Just a quick thanks for the work on this project, which I did on one of my mn-700 this morning. hats off oleg,thanks.

will have another one to do, but for now let see how this performs this week.


Just another quick note, and THANKS. This has raised my 700 from the dead and possible trash heap. Did my second unit and now have WDS working in my home. Talk about a great way to recycle!

Off to locate couple of more if I can find them..

Thanks Oleg!

Unfortunatly no. Should be similar to wrt54g 1.x, which requires uart (read seattle wireless).

Woooohooooo!!!!!

[root@MN700-Shared root]$ cat /proc/tty/driver/serial
serinfo:1.0 driver:5.05c revision:2001-07-08
0: uart:ST16650 port:BF800000 irq:2 baud:120535 tx:606 rx:0 RTS|CTS|DTR|DSR|CD|RI
1: uart:ST16650 port:BF800008 irq:0 tx:0 rx:0 CTS|DSR|CD|RI


http://www.kegit.com/albums/MN700/100_0314.sized.jpg

I haven't installed a MAX232 yet (and I'm missing 2 caps for the crystal), but the fact that the kernel sees it is encouraging.

Oleg, thanks for the info and great work!

I figured out that it appeared to be a problem of too much EMI at the office. Works fine to flash the CFE I built at home, but not at work. Strange.

Anyway, I now can tftp to 192.168.1.1 and get the magic file name to set it to accept an image (and the power light goes from green/amber blink to green-solid). I then put my .trx file as ASUSSPACELINK. Lots of net activity for a couple of seconds, green/amber blink on power LED for a couple of secs, then amber solid power LED, and it sits there--forever (like I've given it hours and no change). In this case, no ping response either. I power cycle it, erase the nvram, power cycle it and back to the top of this paragraph. Argh!

Is it possible I build a bogus CFE? Anyone want to share one w/ me that is known good?

Any other ideas? I'm so close I can taste it, but still not there. Thanks again to all the players here, it's been a great project so far even if it's still not working. At least it doesn't have WinCE on it anymore ;-)

Ok. Steps to be done.

1) Flash the bootloader, which I've prepared for you
2) Read it back to check, that it has byte to byte match.
3) run wrt54g utility again and erase nvram
4) off/on your device, so it would start blinking
5) Use ASUS Windows restoration tool from windows, do not use tftp and flash wl500g 1.9.2.7-6b firmware
6) Once flashed it should reboot and turn on AIR led, as well power led should switch to other color in the end of boot
7) Let me know of your progress :)

x) if it does not boot - use wrt54g utility to read kernel from the flash and send this image to me (or compare it with trx image - should be the same)

Ok, you're out of luck then. It's seems USB port is not wired out of the chip.


Sorry to drag this post out again, but have an interest in using usb on this device as well if it can be hacked in.

I take your statement to mean that MS did not lay traces on the board for usb support? But could one carefully tie into the chip directly from the bottom of the board? If the chipset provides native support are any other support componets needed outside of a usb port? Is there pinout of the chipset posted anywhere on the net?

Thanks..

I take your statement to mean that MS did not lay traces on the board for usb support?

They do not trace usb pins from the bottom of the chip


But could one carefully tie into the chip directly from the bottom of the board?

Unlikely.


If the chipset provides native support are any other support componets needed outside of a usb port? Is there pinout of the chipset posted anywhere on the net?

Well, yes several resistors are needed. The pinout is as following


USB1+ P20
USB1- P21
USB1ctrl P22
USB2+ N21
USB2- N22
USB2ctrl N20

For the first you should try grounding + or - via 15K resistors, so dmesg should stop saying can't assign address. Can't remember which line exactly should be grounded - for now it acts as presense indicator, due to a missing grounding.

They do not trace usb pins from the bottom of the chip




Cool thanks for fast reply, some careful googling did turn up post elsewhere within your site of needed info of whats needed.. just needed to be more skillful with my searches..

http://wl500g.info/showthread.php?t=846

Thanks to Oleg and a corrected CFE.BIN file, my MN-700 is up and running. Ran out of time to play with it before work this morning, so no comments on how it works yet. More updates as they occur.

-tv
PS. The tftp process of loading a .trx image works fine...

First, thanks to Oleg for the cfe, and thanks to sbyers77 for the detailed guide.

I'm not very good with a soldering iron...the longest part of the whole process was trying to clean out the plugs for the pin header. After 4 hours of trying 15W and 25W irons, desoldering braid, desoldering bulb, and even trying to dig the melted solder out with a dental pick, I gave up and just soldered the jtag wires directly to the board. It wasn't pretty but it was effective.

I was able to use wrtjtag-modified.exe to backup cfe and write the new one, but it wouldn't let me do anything else (i.e. erase NVRAM). It just seemed to get stuck. In searching for some help, I came across another guide that is a good supplement for the one here.

http://www.liamm.com/blogtest4/archives/000169hacking_the_microsoft_mn-700.html

Reading the comments section, I saw that other people were having the same problem. There's a posting from July 4 that links to a Windows GUI version of wrtjtag. Not only was that version faster for flashing cfe, it also erased NVRAM without a problem.

Once I used the GUI tool, it was a breeze. Thanks again to everyone who developed this project.

http://www.liamm.com/blogtest4/archives/000169hacking_the_microsoft_mn-700.html

Well, nice guide, except it does not mention the origin of the info (both my site and this forum) and the original author as well... :confused:
Preparing bootloader was not so simple and required A LOT of work. This guide has no credits at all... Also some info provided is just a wild guesses...

Well, nice guide, except it does not mention the origin of the info (both my site and this forum) and the original author as well... :confused:
Preparing bootloader was not so simple and required A LOT of work. This guide has no credits at all... Also some info provided is just a wild guesses...


I do think there was a link there to your site(not here but your own), but agree, should be more credit given where it is due.

Again, thanks for restoring value to this orphaned router....

Adding mmc/sd memory an option?

Just came across this on the openwrt site and was wondering if something like this could be applied to our mn-700s?

Not sure if this would be easier to do than trying to add usb or not. Just was looking for a way for extra memory...

adding mcc/sd memory card (http://wiki.openwrt.org/OpenWrtDocs/Customizing#head-00b294c0c885db1d544fbfcd48e9367d20b38b5a)

Yes, this is possible in the way similar to wrt54g. Probably you will need to change gpio numbers in the kernel module.
BCM5325M pins:


5 MISO GPIO5
6 MOSI GPIO4
7 SCK GPIO3
8 SS# GPIO2

Yes, this is possible in the way similar to wrt54g. Probably you will need to change gpio numbers in the kernel module.
[/code]

no fear of hardware mods, but not having a good programming background this might be just beyond my reach. Maybe a wishlist item in the future if enough folks show interest? I need to find the reader slot gizmo to load the sd card first anyway.

not sure this is the right place to post this, but since i have the mn-700 I started here. But what would keep from turning one of these into a DNS server?

The only problem is the available space. You've to recompile firmware or switch to openwrt.

Well I have my 3rd mn-700 that I'm working with. Same laptop and cable that I used for the first 2. But won't flash. Getting all 1's and F's. Tried a 2nd computer same error. Cable is only about 4 inches long so cable lenght should not be a factor. Using winxp. Nothing really different other than I'm using a different AV, AVG on the machine. But the second machine I tried did not have any AV on it.

Only thing I can see is this one might be an older unit than the first 2 that I worked with. The flash chip has a different sticker on it than the others. But the wrtjtag util will not see the chip.

Just won't detect the chip. Ohm'ed out cable, resistors etc... But I suppose I could make another one.

Still boots microsoft software and did update the microsoft bin so its still working .

Any clues??

edit:

Looking at the board I'm concerned that I have good conx back to the chip, I see that not only do I go thru the 100 ohm resistor but the board also has its own resistors (4.7k?) but after that hard to trace back (using a lupe), and checking for cold solder joints or bridges. Where do the jtag conx go back to? The broadcom chip? If so what pins so I can trace it back. Since microsoft never put the connector on I'm sure it was never tested and may have never worked,any ideas? Wonder if they left anything off this one, I will open one of my working units to compare.

More info: error
CHIP ID: 11111111111111111111111111111111 (FFFFFFFF)

if I remove the power from the rtr I get

CHIP ID: 00000000000000000000000000000000 (00000000)


I saw the message about removing resistor from pin 13 but still same error.


Why the other 2 went so smooth and this one giving me fits.. dunno


logic probe shows pulse from pc up to the resistors on the mn-700, but nothing on the backside of the mn-700 onboard resistors. (guess I should note that I mounted my 100 ohm resistors on the board itself, just as I had done before) so I have signal up to onboard resistors from the jtag conx. Probe shows logic low at all points behind the resistors on mn-700.

ok see now that the resistors are to tie the logic low when not in use. So need to probe back to the broadcom chip somehow and find out why its not getting/reading the chip.

Any timing issues between chips?

Hi all:

Would anyone know what the GPIO is for the power led? I've installed openwrt on the MN700, but the power led remains off at all times. Theres an S99done in init.d that should set the led on, but I assume the address is wrong.

Thanks in advance.

Hi all:

Would anyone know what the GPIO is for the power led? I've installed openwrt on the MN700, but the power led remains off at all times. Theres an S99done in init.d that should set the led on, but I assume the address is wrong.

Thanks in advance.
Restore button is GPIO7, power LED is GPIO6.

Well ok see now that the resistors are to tie the logic low when not in use. So need to probe back to the broadcom chip somehow and find out why its not getting/reading the chip.

Any timing issues between chips?
Most likely some resistors are not mounted or something like this. If you make a hi-res picture of jtag surroundings, then probably we would find an answer. :)
BCM4702 JTAG pins:

TRST A3
TDO B3
TDI C3
TCK B4
TMS A4
TEST_ENABLE E4

Restore button is GPIO7, power LED is GPIO6.

Stupid question, but how can I flick the led on? What memory location is GPIO6, and what values does it support (various colors are possible for the LED I think).

The number stays for the bit number. The gpio port itself is accessible via /dev/gpio/*. You've to read outen, OR it with 0x40 (GPIO6) and write back - this should turn power led on. Then you will need to play with bit 6 in the /dev/gpio/out to change LED color.

That did the trick, thanks!

so, it works now? :)

so, it works now? :)


Yes Sir!!! ty

I deleted that image, all we need is someone looking at it as being correct. :o

Just finished my 4th unit. Got your bin/overlay and nvserial. Fired up knoppix and made the bin myself. ( feeling better now!)

I'm thinking 4 units covers my home pretty well. 2 upstairs and 2 downstairs.

Maybe I need one to hang out the back to cover my deck area. :D

Now that I have these working was wonder what if anyone is doing for cooling, noticed that asus has heatsinks on cpu and switch..

Is it worthwhile doing, or just add a small fan. Hate to add moving parts. Maybe just a few more cooling vents?

Oleg, are you still handing out Boot ROM files for MN-700 routers? I have one that I bought about a year ago that I would like to get Linux running on.

Do you need anything from me besides the MAC address of my MN-700?

By the way, have you seen this post about flashing the MN-740? It seems that the same process should be used to flash a new boot ROM for the MN-700 as well. Maybe it could save some time and elimate the need for the JTAG?

http://www.dslreports.com/forum/remark,13360873

Oleg, are you still handing out Boot ROM files for MN-700 routers? I have one that I bought about a year ago that I would like to get Linux running on.

Do you need anything from me besides the MAC address of my MN-700?

By the way, have you seen this post about flashing the MN-740? It seems that the same process should be used to flash a new boot ROM for the MN-700 as well. Maybe it could save some time and elimate the need for the JTAG?

http://www.dslreports.com/forum/remark,13360873
MN-740 is a completely different product, which do not use windows ce. It's just an MS branded OEM stuff.
Yes, you need MAC only.

Sorry have a 2 part question, is there a wl command that will allow me to extract signal levels at the rtr? Want to somehow monitor levels at each rtr within my wds.

Is there a command reference for the wl command posted anywhere?

Thanks.

First off, the link that everyone seems to be posting on the subject (besides this thread) has moved. The blog entry is now here:

http://www.liamm.com/?p=77

Second, I'm wondering if the wl-500g firmware supports a couple features the MN-700 is missing:

- DHCP reservations (by name and/or MAC address)
- Some sort of QoS or TCP/IP prioritizing (by destination port and/or source IP, etc)

Also, is there a decent comparison of the OpenWRT vs the stock/modified wl500g? Stability and/or features?

My MN-700 has been quite stable with the latest Microsoft firmware, but I managed to crash it with bittorrent last night, even though it hasn't been a problem before. Has anyone successfully gone back to the Microsoft firmware, or even tried to?

Second, I'm wondering if the wl-500g firmware supports a couple features the MN-700 is missing:

- DHCP reservations (by name and/or MAC address)
- Some sort of QoS or TCP/IP prioritizing (by destination port and/or source IP, etc)


After successfully reflashing my MN-700 with the modified WL-500g firmware (1.9.2.7-6b), I'll answer my own questions for the next person.

Yes, the WL500 firmware has DHCP reservations and some sort of QoS (min and max for ip/port combinations for upload and download). It also has a ton of other features I'll probably never use.

On a side note, I noticed my PPTP VPN to work connects a heck of a lot faster than it used to. The WL-500 firmware must be a heck of a lot faster at setting up the GRE protocol mapping.

No complaints so far (except maybe the terrible color scheme in the web interface. :D )

jus wonderin if anyone has made an adapter for an external antenna could one just take it off j1 wheere the main anttenna port is and add a mini jack for say an external powered antenna for extra range??

jus wonderin if anyone has made an adapter for an external antenna could one just take it off j1 wheere the main anttenna port is and add a mini jack for say an external powered antenna for extra range??

This guy looks like he just soldered some coax where the old antenna was:

http://gallery.liamm.com/gallery/v/Tech-Stuff/MN700/S4010162.jpg.html

on the subject of external antenna mods i have seen only one but it is not described in any detail. i need to know what the awg of the coax coming off the antenna lead on the broadcom board is.

as per directions i went out and bought a set of resistors 1/2w 100ohm is this correct? no guides show the minimum wattage needed if there is one i just wanna know it would help.and as far as the gpio mappings being different from the asus wl500 does that mean most the mods discussed about the asus can be done with tweaking (ie the digital display). and has anyone succssfullt made a rs232 port for it the openwrit site says it can be done however i can find no info (i guess im blind). and what about the uart port on the inside has anyone done anything with this?

esgrove, those are the same resistors I got and seem to have acheived communication with the MN700.

I now have a problem when I'm trying to write the cfe.bin to the device it keeps crapping out on me at about 4%. I've shortened up my cables pretty good.

do they have to be REALLY short? Use a special kind of cable? I'm using UNtwisted cat5 at the moment.

The device seems to erase and backup fine, although I've found with my shortend cable the "80 Iteration Hammering" phase of the process seems to be taking longer.

I'm using 0.99 beta gui on XP laptop, I made my cfe.bin in Slax then moved it to my windows box.

So I've gone through this entire procedure up to the ASUS upload part. There I'm having problems. First however, a summary of what I did. I'm going to be overly verbose so that anyone else doing this in a 'rig' way can not feel so bad about it, and learn from my problems. Also, in between steps I unplugged/plugged in my router.

I built the JTAG connector fine, however, I couldn't get the solder out of the grounds on the mn-700. No matter how long I left my little radio shack soldering iron (set to 30w) on the hole, the solder would not melt. This happened on all the holes, so I'm assuming the heat was just transferring down the ground path. Anyway, no big deal, I just made a dent in it, globbed some solder on, and soldered all the wires to their corresponding holes (rigged it).

So I was having a couple problems in the jtag upload. Whenever I'd try and upload it would just sit there at the "Resetting Processor...\nDone" screen. So going off one of the other posts, I changed my command to ./wrt54g -flash:cfe /noreset. This did the trick, the firmware uploaded. I checked that the upload worked properly by checking the backup (./wrt54g -flash:cfe /noreset) with diff (diff CFE.BIN CFE.BIN.SAVED.#HERE) and they matched. So my rigged connector seems to be ok.

Next I erased the nvram (./wrt54g -erase:nvram /noreset). This went fine. The router now is in a state where the power light flashes green/amber (indicating recovery mode). However, I can't get the stupid ASUS util to work nor can I get the router to give me an ip. HOWEVER, if I set my ip as 192.168.1.NOT_ONE and make my gateway 192.168.1.1 I can ping 192.168.1.1 so I assume that means the router's doing something (note: i of course have all my other connections [wireless] disabled when I do this and this computer is NOT sharing it's internet, so this must be the router responding). Even when I do this the ASUS util says "No wireless device in recovery mode is found."

So now instead I tried to tftp up to it. So I did tftp -i 192.168.1.1 put wg01090207_WL500g_EN.trx. This completes successfully. But still, I can't connect to the router (through the web or telnet, after multiple plug in / unplug in). If I switch back to DHCP I'm still not getting an address, ... So I'm not sure what to do now.

I've tried plugging the ethernet cable into the router's lan ports, it's modem port, tried having my computer with and without connection sharing, and so on. All to no luck. I still have a router with a flashing amber/green led.

I'm thinking this might have to do with the same thing causing my ./wrt54g commands to require /noreset? Any pointers for what to try next? Do I have to connect to the lan jack and have something connected to the modem (shouldn't have to)? Should I try erasing all the memory and reuploading the cfe?

EDIT: Note, I've tried on a different computer to see if I can get the router to respond to a ping and I can't, so I may have had connection sharing on when I did the ping -t ... test, but I'm pretty sure I didn't.

Also, is there a way to run a set of diagnostics on the router? For instance, to make sure I didn't fry something when soldering?

Hopefully I've found the cause of my problem. I was using a CFE I generated (using Oleg's stuff (?, I think) from this site: http://wl500g.dyndns.org/mn700/). However, in my mn700.txt file I wasn't putting the : in the mac address. I assumed it wanted the mac address in the form it's written on the router, not in the true mac address form. I'll update when I know what happens (reflashing now).

:) One mn-700 up and running here. The problem was the MAC address thing. Funny (?) part of it is, I thought of checking that multiple times, but every time thought "No, don't check that, it's too obvious. I double checked that when I put it in."

Guess it shows to double check everything when debugging.

Quaffle,

What kind of cable did you use to make your jtag. I used untwisted cat5 (tried to keep it real short) but I think I'm getting EMI.

I'm going to try using IDE ribbon this time.

Quaffle,

What kind of cable did you use to make your jtag. I used untwisted cat5 (tried to keep it real short) but I think I'm getting EMI.

I'm going to try using IDE ribbon this time.

I'm not entirely sure what type of cable I'm using. It's just a little ribbon cable that I got from the store. It's basically just a bunch of really thin wires (30 gauge'ish) glued together.

My cable is only about 8 inches (20 cm'ish) long.

So I was messing with some settings on my router and decided I wanted to get everything back to normal. So ..., I decided to start over and reflash everything and go from there.

Well I believe I started to flash, then I realized the version I was flashing was the wrong version, so I stopped it (thinking I'm just going to write over it anyway, so who cares). But now it won't reflash.

Under windows or linux my flash stops at just over 5% and hangs. If I kill the process and retry it I get an error that it cannot locate the AMD Flash chip. So I unplug it and try again and ...

It always stops at the same place, so what could this be? Did I kill the router when I decided to stop the flash?

Under windows or linux my flash stops at just over 5% and hangs. If I kill the process and retry it I get an error that it cannot locate the AMD Flash chip. So I unplug it and try again and ...

It always stops at the same place, so what could this be? Did I kill the router when I decided to stop the flash?

Not sure what the problem was. But I just kept trying to flash it. Erased it a bunch of times, repeat. Eventually I just gave up, started it one last time and went to bed, then it worked...

Might have been the cable shorting or something, I double and triple checked and it didn't seem to be touching, but it was late and I couldn't really tell.

I should make a FAQ of all my problems...

Not sure if anyone is still reading this thread but thought I'd try anway.

I successfully flashed my MN-700 following the directions in this thread and was using Oleg's latest custom firmware 1.9.2.7-6b. I'm been very happy with the additional features and specifically the fact that I didn't have to reboot the router after heavy downloading periods as before with the MS firmware. However, I did notice the following problem where the wireless signal decreases over time and my laptop can't get an ip address. Here's the scenario:

1. after rebooting the router, all is fine. My laptop can pick up the ssid and the signal is good.
2. after a period of approx 12 hrs, sitting in the same spot as previously, the laptop can't pick up the ssid. It seems the wireless signal decreases over time.
3. only a reboot of the router will re-enable the wireless signal and allow my laptop to pick up the ssid.
4. i'm using wep, haven't tried with it wide open.
5. tried increasing the radio signal from 19 to 30 but still had the problem.
6. tried the official asus firmware but had problems with wired lan connections accessing the internet while using BT. Even the router config page was timing out.
7. currently have restored the MS firmware to see if it's a hardware problem with the router.

While using the MS firmware, I never had any of these issues. Just wondering if anyone is running into similar problems.

Thanks.

Hi,

i just installed OpenWRT on my MN-700 and now this beast is a really advanced DSL router including DynDNS, IPv6 and VPN support :)

Some hints to others:

Flashing the CFE seems to be the most tricky part. I had to retry several times until the read back CFE and the original one didn't differ. Maybe it's a side effect of using /noreset, as it looks like the CPU starts running after most of the CFE is flashed and this might cause the watchdog to interfer. No clue why the debrick tool hangs after resetting the CPU.

Directly installing OpenWRT after flashing CFE didn't work for me (OpenWRT simply hung). Probably, OpenWRT is confused by the empty NVRAM. So I installed Olegs firmware first, booted it once and than replaced it by OpenWRT.

The Broadcom ethernet driver et.ko runs unstable and causes reboots in WhiteRussian RC3 and RC4. Installing kmod-b44 and replacing et by b44 in /etc/modules fixes this problem. RC5 has fixed this problem.

Thanks to all to make this happen! :)

Jochen

Ok, I've:
(1)Built my passive JTAG.
(2) Ran Wrtmodified and backed up the firmware.


But I cannot run nvserial from kubuntu. It says command not recognized or something to that effect.

What am I doing wrong? Can somebody just email me a cfe.bin with the following mac:
00:0D:3A:23:FB:6A

edfcmc@(no spam)yahoo.(no spam).com

Ok, I've:
(1)Built my passive JTAG.
(2) Ran Wrtmodified and backed up the firmware.


But I cannot run nvserial from kubuntu. It says command not recognized or something to that effect.



Two things.

1: You have to be in the same directory as it and preface it with a period and a forward slash: ./nvserial

2: It has to be executable. It might not be. Try 'chmod +x nvserial' to make it executable.

I installed linux yesterday on an MN-700 that i bought used at a thrift store for $5.

It was essentially dead when i got it - the 1500uf cap right next to the jtag port was bulging and leaking, so i replaced it. 1500uf 6.3v isn't a size i keep around, so i replaced it with an old cap pulled from an old motherboard paralleled with a very new, low-esr 220uf and an 0.1uf ceramic disc.

An EE friend of mine suggested the old cap may have failed in part due to high frequency ripple that a small ceramic or film cap would take care of. I'll buy a nice Nichicon UPW 1500uf 6.3v the next time i order from Mouser, but for now this mess of caps seems to be working just fine.

While people are in there, they should check to make sure this capacitor is flat across the top, and is not leaking. It's the reservoir capacitor at the end of the switchmode dc-dc converter that turns the unregulated 12vdc power input into regulated 3.3vdc, and the whole board relies on it. If it looks like it's bulging on the top, you should replace it. Mouser part number 647-UPW0J152MPH is superior to the original capacitor. Please remember to observe polarity when replacing electrolytic caps.

A tip for people having trouble installing the header: It's nearly impossible to suck the solder out of the ground holes, since they're connected to ground plane on both sides of the board. I have a very good Weller WTCPn soldering iron and I'm reasonably well experienced with my solder sucker and i couldn't get it done.

It's much easier just to drill out the solder. You will need a fairly tiny bit - Harbor Freight Tools sells a selection of eensy carbide bits for use in rotary tools for a few bucks. They're essentially pcb drill bits - and they have a color-coded plastic ring on the shank. All you have to do is hold it between thumb and forefinger and twist - solder comes out like it's cheese.

As for the passive jtag interface: Using one of these things is just begging for trouble. Since you only have to get the CFE loaded once, I guess it's reasonable to go cheap & easy with the jtag interface.

If you have to do more than one, it might be worth your while to build a buffered jtag. All you need is a 74hc244 (or 74ls244 in a pinch), a 3v power supply (batteries work fine - even a single 3v lithium coin), and a few standard resistor networks. I can post a schematic & instructions if someone wants it.

In any case, it's unfortunate that the instructions floating around the 'net don't stress that the user should certainly read back the CFE after flashing it and diff it against the one they tried to load. There is a relatively high probability of corruption with a passive jtag like this. It may take a few tries.

It would help if people actually grounded the ground lines on the ribbon cable, too.

Also, iirc it wasn't clear in the instructions that /noreset may actually be required on this hardware. Which means that we're jtagging dangerously.

Here's the skinny: the JTAG debugger interface is a method of giving the cpu commands without having to modify memory. When you program a flash chip through jtag, you're very slowly giving the cpu commands that modify memory. If there's already a program running, it may shoot you in the foot.

Usually, in these situations, there's a jumper or pads somewhere on the board that you can short at power-on time to trap the bootloader, so that the board powers up but no programs are loaded - it doesn't actually boot up. If we have that on the mn-700 board, I don't know where it is.

That being the case, I'd recommend that people first erase the CFE (./wrt54g -erase:cfe /noreset) and then power cycle the board before attempting to program the new CFE. I'm certain you can get away without doing that, but I prefer to improve my odds of success rather than live dangerously.

While you're in there, you should probably -erase:nvram as well.

As for the rest of the process:

I started out trying to follow the recommended instructions, and have come to the conclusion that this was a waste of time. Maybe it's just because I'm a big geek, but as i started trying some different images, i found it to be much more convenient to stay in linux and use tftp per the openwrt instructions for the wl500g than to reboot into windows and use the asus utility.

Note that in linux, if your network is not already 192.168.1.x, you'll need to become root and "ifconfig eth0:0 192.168.1.2 netmask 255.255.255.0 up" to access the box until you change the address.

Note that unless the nvram has been erased, the bootloader will boot up with the last ip address the box was configured to use. If that wasn't 192.168.1.1, tftp won't find it there. if you erase the nvram, it'll default back to 192.168.1.1.

I also didn't find a way to erase the nvram from within windows - maybe I just didn't have all the right asus goo? doesn't matter at this point.

The modified version of 1.9.2.7-7b for the WL500g was horribly unstable on my mn-700. It seemed like it didn't always boot up, and then I'd go try to configure it to use the correct network, and it'd work as an access point but i could never get back into the administration interface until i reloaded the flash again.

The 1.7.5.9-5 version didn't have that problem, but it sure wasn't happy with the nvram left over from 1.9.

I have no stability problems with OpenWRT WhiteRussian RC4. As noted above, the et driver should be replaced with the b44 driver. In future OpenWRT releases, this is rumored to be the default.

The switch ports don't seem to work in OpenWRT - I think the bridge stuff just isn't set up properly, and I'll look at that later. There's a kmod-switch package for OpenWRT that's supposed to do a better job of this, but it isn't available for RC4. I may track it down anyway.

I recommend the jffs2 version of OpenWRT. you need the regular 'brcm' trx file.

I have had no stability issues whatsoever with OpenWRT. I never ran into the problems people have had witht he et driver, but i wonder if this is what was really causing the problems with the latest wl500g firmware. Maybe it's using the same driver, and when it starts up it's got a ton of daemons running and it's very chatty on the ethernet - maybe that's enough traffic to cause the instability. When OpenWRT boots up, it's not doing anything fancy, and the web administration interface isn't enough to give it fits.

Note that it's normal for the jffs2 version of openwrt to boot up with a read-only filesystem the first time around. But you can just reboot it. Or telnet in and 'mount -o remount,rw /', probably.

I haven't grokked what incantation i need to use to turn on the power LED when it's finished booting, but I'll figure it out. I'm aware of the gpio stuff that needs to be done, but my shell scripting mojo is very rusty.

Thanks Eric for the comments. Oleg was kind enough to send me a modified cfe.bin with the appropriate MAC, but I still want to figure out how to get nvserial to work. (I will try later on tonight when I have some time to devote to this project.).

Electrolytic Cap
Yeah, I noticed that my electrolytic cap was bulging just a tad. I guess even Microsoft was inflicted by the bad cap disaster that started in Taiwan. (See www.badcaps.net for pictures, story etc.) I plan on replacing it once I get a large enough order for Mouser.

Solder
Luckily my hardware skills are better than my software skills, but I picked up this tip either from Nuts & Volts forums or from badcaps.net forums, but a great way to clear holes from printed circuit boards is to use a stainless steel dental pick (or needle) while heating the hole and pushing through the hole since the solder cannot stick to stainless steel. Another option is to use a long piece of solid gauge coper wire like from a cat 5 cable or coax such as rg6 and use it like above (push trough the hole while heating it with the soldering iron). Obviously the solder is going to stick to the copper wire so once it is used it is useless afterwords. I've been able to clean holes using the dental pick technique with a 5 dollar soldering iron. ALthough I've been itching to get a Metcal pretty soon. SOlder wick might work in general if we are not talking about a multilayered through hole board also but it is more of an art to get used to desoldering stuff with it without pad lifting etc. THe drill technique works great too as i've had to use that trick also; the only downside to the drill technique is the loss of burning smell of flux and solder and the finger burns from mistakenly touching the wrong of the soldering iron when trying to clean the holes.

Jtag Cable
Can you please post your schematic for the buffered jtag? I've seen a couple on the 'net and I would just like to compare for reference. The one's I have seen make a big stink about the use of a 74HCT for TTL levels from the parrallel port. I plan I building a universal buffered jtag pretty soon since my passive one is pretty MN700/WRT54G specific due to the header and pinout of the device. I've come across some post somewhere ( I will edit this post once I find the reference) where the guy added some schmitt trigger buffers for noise before the the 74HC buffer because he claimed there was tons of noise spikes messing with the input of the buffers and he claimed everythign was hunky dory once he added the schmitt triggers. I did "purchase" a bufferd jtag from ebay, but the thing was so shoddily put together that I am afraid of buring up my parrallel port although the builder did take the effort of removing the flux from the solder connections; that design incorporated two SIP style resistors devices and a quad buffer chip but everything was sloppily put together....


EDITED FOR LINK TO JTAG CABLE DISCUSSION
http://neil.franklin.ch/Usenet/comp.arch.fpga/20010723_Homemade_Xilinx_parallel_cable_problem


Here is the link where people discussed cable length., schmitt triggers etc.

Electrolytic Cap
Yeah, I noticed that my electrolytic cap was bulging just a tad. I guess even Microsoft was inflicted by the bad cap disaster that started in Taiwan. (See www.badcaps.net for pictures, story etc.) I plan on replacing it once I get a large enough order for Mouser.


Yeah, I'm not sure how much of this is really the bad electrolyte issue.

Electrolytic caps have come a very long way in the last 15 years, and the new electrolyte chemistries may have specific implementation consdierations that are not well understood by the people who use them. Some capacitor manufacturers have insisted that failed caps in the field are the result of inappropriate implementation.

Higher voltage caps can sometimes be more durable. It might be reasonable to get something like a 25v version of that Nichicon UPW and lay it on it's side on the board (it'll be too tall to stand up in the case). Theoretically, the 6.3v cap should be fine since it's only 'seeing' 3.3 volts. Be certain you get the high temperature (105c) version, whatever cap you get.

Also, switching power supplies have gotten much, much faster. It's not uncommon to see switchers running at mhz speeds, and that's certainly going to put a different kind of strain on the cap.




Jtag Cable
Can you please post your schematic for the buffered jtag? I've seen a couple on the 'net and I would just like to compare for reference. The one's I have seen make a big stink about the use of a 74HCT for TTL levels from the parrallel port. I plan I building a universal buffered jtag pretty soon since my passive one is pretty MN700/WRT54G specific due to the header and pinout of the device. I've come across some post somewhere ( I will edit this post once I find the reference) where the guy added some schmitt trigger buffers for noise before the the 74HC buffer because he claimed there was tons of noise spikes messing with the input of the buffers and he claimed everythign was hunky dory once he added the schmitt triggers. I did "purchase" a bufferd jtag from ebay, but the thing was so shoddily put together that I am afraid of buring up my parrallel port although the builder did take the effort of removing the flux from the solder connections; that design incorporated two SIP style resistors devices and a quad buffer chip but everything was sloppily put together....

From your description, the schematic i have is identical to what you bought on ebay.

He probably followed the instructions to the letter, which results in a chip with two resistor networks soldered directly to the legs on one side, another on the other side, and two loose 100ohm resistors as well.

These cables are designed for use on STMicro (*cough*) systems.

It may look like hell, but it probably works just fine as long as he doesn't have wires shorting out or something.

It may be preferable to use HCT chips, or, heck, use the AHCT just to spend a few more cents. I built one with a Motorola 74ls244 that worked just as well as a later one i built with a Ti 74hct244. I never had a corrupt bit written with either one of them - keep in mind that i was always careful to trap the bootloader before programming. I've also used them on StrongARM based systems.

An increasing number of parallel ports signal at 3.3 volts. This doesn't seem to cause problems with printers, but makes some passive parallel port interfaces more problematic than they were on older parallel ports. In this case, the HCT version of the chip doesn't necessarily get you anything. The jtag port for sure is 3.3 volt, but parallel ports vary, so anybody screaming that i NEED the ttl version just isn't paying attention.

fwiw, the low-power schottky (LS) version of the chip actually switches faster than the HC and HCT versions, but the HC(T) are a tiny bit faster to notice that they're being signalled. The AHC(T) versions are an attempt to make the cmos chips as fast as the schottky chips. The HC versions were a failed attempt at making cmos chips as fast as schottky chips.

Inspite of having two of those things, I haven't used them in a while and couldn't find them, so i went with 4 resistors this time around, and i had to write twice before it read back properly.

However, the jtag side of the cable itself has two considerations that people always seem to ignore.

1: keep its short. Like 8 inches. If you want it to be further from your computer than that, feel free to buy a 6 foot IEEE1284 (high speed parallel) rated db25 cable. That's what i used. The distance between buffer and jtag interface should be short.

2: You really should use ribbon cable, and every other line really should be grounded, at both ends. Those ground pins are there for a reason.

However, different jtag programs twiddle different bits on the parallel port. The document i have may need to be interpreted vs. what the de-brick utility expects.

Gimme a few days and I'll look it over. I don't think it needs to be any more complex than it already is, with regard to the schmidt triggers.

THanks Oleg:
Here are a couple of pointers:

1. There is a "step by step" in this thread on page 6.
2. If you can't get nvserial to work, you need to PM OLEG for the CFE.BIN as stated on page 6 of this thread.
3.Keep your passive jtag cable short.
4. If you gotta use windows (like i did), you can use the wrtjtag-modified program that is linked in this thread. (You use this program with your jtag cable to backup cfe.bin and flash the modified cfe.bin). THis program also allows you to erase the nvram.
5. When disasemling the router, you need to remove the clear plastic cover from the front LED's to crack it open after you have unscrewed the four holding screws.

MN700 linux hack is on two other sites (Liamm and techimo--so google it) but this thread is has all the info that you need.

I haven't grokked what incantation i need to use to turn on the power LED when it's finished booting, but I'll figure it out. I'm aware of the gpio stuff that needs to be done, but my shell scripting mojo is very rusty.

This isn't hard either. There is a gpio tool at http://downloads.openwrt.org/utils/ or a precompiled package at http://www.ethernal.org/openwrt/ wich can be installed using ipkg. Then you can control the power LED with is connected to GPIO 6:

gpio disable 6
gpio enable 6

Ah, thanks for the link. I figured it would make sense for such an app to exist, but was not aware that it did.

Noticed some new attempts at this mod... For the new guys, have you experienced any wireless signal issues? See my post a bit further up on this page.

What firmware are you guys running? OpenWRT? I may give it another shot since RC5 is out. I had White Russian RC4 running on it and it was unstable. Ran fine for a while but then would stop running during the night. Sometimes had to reboot a few times before it was back.

I've since reverted back to the MS firmware but may give it another shot.

RC5 isn't out. I'm using RC4. You can get pre-RC5 images, though, and i plan to try one.

RC4 is guaranteed to have some stability issues if you don't install kmod-b44 and stop using the et driver. You will have to ssh in and edit a file to do this. It's not required in pre-RC5 images.

I don't use my wireless heavily and haven't touched the mn700 in a few days, but it's been up. I'll see if it's still up and running well tonight.

I am using RC4 and have not had major problems. The switch ports don't work but this could be a configuration issue. Or a driver issue which would be probably resolved by RC5.

It doesn't always reboot, like you said. It's possible that boot_wait should be set to 'off' in the nvram. The wrt54g hardware list states that some boxes should have it turned on and some should have it turned off, and lists "n/a" for the mn700. Doesn't make sense. In any case, it's only there to give you a chance to tftp an image before it boots, and you can always tftp a new image by holding down that button during power-on.

I'll disable boot-wait and see if it reboots more happily tonight, after i see if the wireless is still running reasonably well after ~3 days uptime.

So far openwrt whiterussian rc4 is much, much, much more stable than the modified asus firmware. What was infuriating about the asus firmware was the way that i could only get into the admin interface maybe once out of every 10 times i rebooted it but it always worked as an access point anyway, so it had obviously booted in some sense.

Ericj,

I'd be interested if your wireless is still working. Interestingly, I never had any issues getting into the Admin screens while using the custom asus firmware. It was only wireless signal issues, everything else was solid.

What do you mean, "the switch ports don't work with RC4"? I did have to manually set the interfaces initially but did have wired connections working well.

Maybe the switch ports work just fine and i just need to remap the ports. Troubling that there's no vlan0 device, though.

Wireless is working fine. Pulled a cd image off my NFS server at a measured rate of about 24mbps, and some of the wired ethernet between the AP and the nfs server is pretty questionable so i think this is entirely reasonable.

I'm not set up to do raw network socket performance tests right at the moment, but i really don't think it's necessary to go that far.

While it was transfering, it the link fell back to 34mbps a few times but never stopped plugging away and kept retraining back up to 54mbps.

I forgot that i'd rebooted it (soft) a few days ago - uptime is 2 days and 9 hours.

I'd say your wireless connection is good :)

Another great site is http://www.macsat.com/macsat/content/view/13/30/

There's a tutorial to set up OpenWRT which I followed. Just make sure you change the interface names accordingly as per the table since the MN700 interfaces are not the same as the WRT54g or WL500g Deluxe.

This stuff needs to get plugged into the OpenWRT wiki, where people will know to look for it.

Maybe that's a weekend project for me . . . .

Noticed some new attempts at this mod... For the new guys, have you experienced any wireless signal issues? See my post a bit further up on this page.

What firmware are you guys running? OpenWRT? I may give it another shot since RC5 is out. I had White Russian RC4 running on it and it was unstable. Ran fine for a while but then would stop running during the night. Sometimes had to reboot a few times before it was back.

I've since reverted back to the MS firmware but may give it another shot.

I've been up and running Oleg's latest firmware 1.9.2.7-7b I have had no issues with the wired portion of the router. Up until last night, 1/30/06 I've hadnt had any issues with the wireless portion but in this case the radio just shut off. I had to reboot the router to get it to work. Kind of weird. Oh well, but everyrthing is working fine.

Well I decided to give the mn700 another shot and jtagged it over the weekend using a buffered jtag. Interestingly, it would not write the custom cfe.bin and would only reach 4% and freeze. Tried two jtags with the same results. In the end, I had to write the original cfe.bin to it, reboot, then write the custom one and it was fine. Read the cfe.bin file and did a compare which turned up no differences.

Flashed Oleg's latest 1.9.2.7-7b and all was well. Have noticed the same problem as before with the wireless signal degrading over time, approx 48 hrs. Rebooting the router will restore the wireless signal.

I may give OpenWRT another try next. Only thing stopping me is that it's not straightforward to enable uPNP which I use for video chats etc.




I've been up and running Oleg's latest firmware 1.9.2.7-7b I have had no issues with the wired portion of the router. Up until last night, 1/30/06 I've hadnt had any issues with the wireless portion but in this case the radio just shut off. I had to reboot the router to get it to work. Kind of weird. Oh well, but everyrthing is working fine.

Again, had to reboot the router this morning 2/6/06 to turn on the radio. Note: the enable radio button doesnt work. Only a reboot will get everything working again.

After looking again at the pictures in the pdf, it's obvious to me that neither the pictures are reversed, nor are they taken of a DB-25 Female. The adapter itself is upside down in the pic. It's assembled properly, resistors at 2, 3, 4, and 13, grounds connected at 20 and 25.

And on that note... disregard any of the following:


The pictures of the actual cable in the pdf (http://oregonstate.edu/~byerss/programs/hairydairymaid_debrickv22.zip) posted earlier are reversed...

For the information of any readers, these pictures are not reversed. The person who made this document used a female 25-pin d-sub (parallel) connector.

Though, if you use a male 25-pin d-sub connector and follow the diagrams and pictures in that document, it /will not/ work.

For those of you who will flame me for this post, check out the cable used to attach the JTAG adapter to his/her computer. I bet it's straight-through (wired 1-1, 2-2, 3-3, etc.) and has male connectors on both ends.

I finally got around to ordering an appropriate replacement capacitor, ended up with a Nichicon UUD 1500uf 6.3v - which is an ultra-low-profile (for it's capacity) SMT cap. 10x10mm, actually smaller than the original. Mouser PN 647-UUD0J152MN (90 cents).

Since it's an SMT capacitor, you have to straighten the legs and pull off the little plastic base, to turn it back into a normal radial cap.

Neat thing: now my MN-700 boots up every time. it used to sometimes not really boot up when plugged in cold.

I've got a problem, though. the dnsmasq package in openwrt somehow got enabled (I don't remember, might have been me), which had the thing handing out dhcp addresses and offering itself up as a dns server. I really haven't had the time to play with it, so it's been unplugged for the last few weeks, and i don't recall what i was doing the last time i fiddled with it.

And now it's address is only accessable via wireless, and it's not working as an access point anymore.

I've noticed that eth1, the lan device, comes up with no mac address. And brctl tells me it's not included in the bridge.

Even after manually assigning mac and ip addresses to eth1, I can't access the mn700 through the lan ports. It used to bridge between the wireless and the wan port (eth2), but it's not bridging anymore.

Anybody running Whiterussian RC4 know what i need to put in nvram for this thing to work properly?

The bug report that references the b44 driver implies that it should be coupled with a switch.o driver, but i can't find an ipkg for it.

how did anyone performing this hack get past the jtag utility freezeing at around 4%

figured it out u cant erase the wholeflash
has to be something on the router to flash cfe

I have an MN-700 network flash utility if it might come in handy for someone. This way you might not need the cable.

The number stays for the bit number. The gpio port itself is accessible via /dev/gpio/*. You've to read outen, OR it with 0x40 (GPIO6) and write back - this should turn power led on. Then you will need to play with bit 6 in the /dev/gpio/out to change LED color.

Would you provide an example command? I'm having trouble figuring out how to read outen, perform the OR, and then write back.

i love this hack:D

got 2 units running now(openwrt RC4)

in next time i will try to install a Atheros 5GHz wlan card:cool:

I have successfully became my mn-700 to wl-500g according to "a step-step guide to reflash the mn-700". Especially thank Oleg for bootloader of mn-700,and thank sbyers77 for his reflashing method.Now I can connect internet by PPPOE on the wl-500g.:)

Someone (itwas jochen, Post #139) mentioned that installing OpenWrt right away doesn't work due to the empty NVRAM confusing the firmware. I didn't read that until after installing OpenWrt and as a result my router is bricked - I can't install Oleg's Firmware as the installation of OpenWrt disabled the boot-time TFTP check and I can't boot into OpenWrt. I also didn't think of backing up the NVRAM so I can't turn TFTP back on. Holding the reset button down during boot didn't do anything, either.

Does somebody have a NVRAM image that I could JTAG over, preferably with boot_wait enabled?

Just erase nvram, you do not need nvram image.

Hmm. In that case something appears to be wrong with my OpenWrt - the router does not accept telnet or any other traffic; all connections time out. The WLAN is silent. Erasing the NVRAM changes nothing.

I'll try flashing the kernel via JTAG - maybe that'll work.

Okay, that didn't work. Apparently the kernel was not transmitted cleanly. Maybe I fried something in the router...

I'll experiment some more. If the next JTAG kernel flash doesn't go smoothly I'll try to mod the debricker. Then I'll throw away the router and get a new one.
Is it possible to send a block of data, read it back, verify it and then send the next block? That way the debricker would be less vulnerable to transmission errors during long sends... Even though sending might take forever.

Could someone tell me what pins on the DB-25 connect to what pins on the board.

I keep getting "unrecongnized chip"

Can someone tell me if this allows alternate firmware or only MSFT's?

Just wanted to let everyone know. I followed the instructions and was able to flash DD-WRT with the Asus tool to my mn700. Seems to be working great!

Thanks!

Just wanted to let everyone know. I followed the instructions and was able to flash DD-WRT with the Asus tool to my mn700. Seems to be working great!

Thanks!

I spoke too soon. There seems to be a problem with the nvram. web interface of DD-wrt works great, but if i try to save changes and reboot, the power light turns orange and i have to reboot again. At this point, the router has been reset to default settings.

It seems like it can't save to nvram. Is this an issue because the the cfe oleg has come up wit does not support dd-wrt?

Thanks!

hi cliefan,

i too have read up on this post+many others but i am a step behind you. i am currently "stuck" in the

./wrt54g -flash:cfe

stage...

if you guessed it correctly, i am receiving (ffffff) error
ie. cable problems.

however i am 99% sure my cable is built correctly. (i have made 2, both with different materials)

after numourous tries,

switching the router off, and hitting enter, i am still reciving the (fffff) error.

i then decided to look under the PCB of the MN-700 board and noticed that the ground for the JTAG(s) dont "lead anywhere"?

could this mean that my version of the board does not have a ground for the JTAG?

if this is true, then that would explain my cable connection issue.

can someone please check their boards?

thank you.

I spoke too soon. There seems to be a problem with the nvram. web interface of DD-wrt works great, but if i try to save changes and reboot, the power light turns orange and i have to reboot again. At this point, the router has been reset to default settings.

It seems like it can't save to nvram. Is this an issue because the the cfe oleg has come up wit does not support dd-wrt?

Thanks!

Problem is with the filter_services variables being too long. With SP2, clear filter_services2 and everything will work perfectly

nvram set filter_services2=
nvram commit

Hello... I hope that some of the masterminds of this forum are still reading! I've been trying to flash an MN700 to the Asus firmware. I think that I've read just about every forum out there but still stuck! JTAG is built and works fine. I can flash CFE, clear NVRAM and do anything with the JTAG cable without problems. BUT whenever I try to use the ASUS Firmware Utility it always errors out. When I try to flash using TFTP in windows it always times out. I can press and hold the reset and put it into restore mode, but have not been able to load a flash on there. I even spent 40 hours loading the firmware using JTAG, but was never able to access using 192.168.1.1. I've tried loading the wl500g-clear-nvram.trx and the accompanying restore, but even that will not load.

One more thing I can think of, I made my own cfe.bin in Linux, but that was simple once I put my MAC in the cfe.txt file. Is it possible that if I somehow screwed the cfe.bin file I am getting this issue? If so, is Oleg still offering his assistance?

Thanks to anyone for the help!:)

Hello... I hope that some of the masterminds of this forum are still reading! I've been trying to flash an MN700 to the Asus firmware. I think that I've read just about every forum out there but still stuck! JTAG is built and works fine. I can flash CFE, clear NVRAM and do anything with the JTAG cable without problems. BUT whenever I try to use the ASUS Firmware Utility it always errors out. When I try to flash using TFTP in windows it always times out. I can press and hold the reset and put it into restore mode, but have not been able to load a flash on there. I even spent 40 hours loading the firmware using JTAG, but was never able to access using 192.168.1.1. I've tried loading the wl500g-clear-nvram.trx and the accompanying restore, but even that will not load.

One more thing I can think of, I made my own cfe.bin in Linux, but that was simple once I put my MAC in the cfe.txt file. Is it possible that if I somehow screwed the cfe.bin file I am getting this issue? If so, is Oleg still offering his assistance?

Thanks to anyone for the help!:)

Try turning off your windows firewall when using the ASUS Firmware Utility. Sometimes I was able to get it to work, sometimes it would error out. The "symptom" that I always had was that running the ASUS Firmware Utility would change the power led from firmware restoration mode (alternating between green and orange) to just green, but no firmware would be uploaded. Turning off the Windows Firewall fixed this for me. Also, perhaps the following Wiki article for MN-700 and DD-WRT firmware might help:
http://www.dd-wrt.com/wiki/index.php/MN-700

I finally got around to working with my MN700 and having a bit of problems...

I have made my cable properly but can't seem to get the unit to properly update the CFE.

it will get anywhere between 25 and 60% flashed then just stop progressing.... as if it's locked...

I FINALLY got it to properly flash once however had my MAC address wrong so now I've corrected and trying to do again...

any suggestions on how to keep this locking up from occuring??

I'm using wrt54g under knoppix 5
wrt54g -flash:cfe /noreset

Thanks for all the work !

hmm.. got it to flash ok again...

the light is alternating between green and orange yet I can't seem to ping 192.168.1.1

wondering if perhaps I'm doing \something incorrectly when creating the cfe

hmm.. got it to flash ok again...

the light is alternating between green and orange yet I can't seem to ping 192.168.1.1

wondering if perhaps I'm doing \something incorrectly when creating the cfe

I use this Windows JTAG software (here (http://www.ranvik.net/prosjekter-privat/jtag_for_wrt54g_og_wrt54gs/new-winxp_ejtag_debrick_v%5b1%5d.99beta/))

I normally don't even bother trying to ping 192.168.1.1. I believe the ASUS Firmware Restoration Tool actually operates on layer 2 (MAC level) rather than on layer 3 (IP layer), because I have been able to use this tool regardless of the IP I have set (either DHCP or manual on pretty much any network). Are you able to upload a firmware with the ASUS Restoration Tool?

hmm.. got it to flash ok again...

the light is alternating between green and orange yet I can't seem to ping 192.168.1.1

wondering if perhaps I'm doing \something incorrectly when creating the cfe

i´ve had the same probleme, so i trie´d it without change of my mac
and it worked, so maybe give it a try.

I changed my mac with with nvram settimgs don´t know if it posible in this firm?

p.s. sorry for my bad english

Hi guys, and thanks for this exelent manual ..

Well,

I did solder connector on router board, i did make jtag cable, i did flash boot loader, ........ but also i did ERASE WHOLE FLASH by mistake ... :mad:

Is there ANY GOOD SOUL who is willing to send me whole flash on email?

WIll be apriciated, :)

Vladimir - komigenie@gmail.com

You do not need full flash. Just flash a bootloader.

You do not need full flash. Just flash a bootloader.

ok, i flash boot loader, and i can ping router, but i cant put any firmware in it ..
Asus tool dont see router ...

wrtjtag for windows cant do any good, is freezing after some time ...

wrtjtag-modified.exe doing the job, and like i said, after flashin boot loader, i have blinking "orange-green" led ..

when i try to flash firmare:

tftp -i 192.168.1.1 put WRT54GS_3.37.2_ETSI_code.bin
nothing happens ..

is just hanging, no ectivity on lan led - nothing ..

and, now i am reflashing boot loader 15th times .. getting old .. :(

Dont ask me HOW, but i did it ..

MN700 is running Asus firmware here .. Thanx !

Thank you OLEG!! Thank you!!

You did a great job !! Thank you for your support !! After 5 days working....my MN700 is running with open WRT !!
Whithout your support it will never be done !!

Thank you for the cfe image!!


Greetings from Germany

mcklauth

my mn700's power LED is alternating colors, none of the other leds come on, even when i put a molded streight thru cable between my laptop and the router. JTAG's work w/o a problem.

i have erased whole
i uploaded modified CFE i made in linux
pulled power plug waited 20 seconds
pluged it in and it sends me right into the alternating LED
so i plug in my ethernet, the corrisponding led does NOT light up, windows says its unpluged.
i use the asus tool and it doesn't even start to look.


if i plug my ethernet into the WAN port it does light up and flash when data is being xmitted or recved but the asus tool does not work.

my mn700's power LED is alternating colors, none of the other leds come on, even when i put a molded streight thru cable between my laptop and the router. JTAG's work w/o a problem.

i have erased whole
i uploaded modified CFE i made in linux
pulled power plug waited 20 seconds
pluged it in and it sends me right into the alternating LED
so i plug in my ethernet, the corrisponding led does NOT light up, windows says its unpluged.
i use the asus tool and it doesn't even start to look.


if i plug my ethernet into the WAN port it does light up and flash when data is being xmitted or recved but the asus tool does not work.

i am also very very new to this... so when people mention the pin 10 or what ever trick i have no clue what you are talking about! lol i have a decent understanding of linux and a strong background in windows. i am also fairly decent at electronics.

hi. i have an MN700 and i'd like to replace the firmware. problem is: i have two left hands when it comes to electronics -- i doubt i'd be able to solder anything together. making my own cable seems pretty complex for me. i don't know where to get the requisite components or anything. i wonder, is there anyone in the greater Toronto area with a cable i could borrow?

hey everyone i seemed to have knocked off part L10 off my board its a tiny little sucker but does any one know what it is? for now i have a glob of solder over where it is suppose to be and everything seems ok so far... i've included a pic of where it is. any help will be appriciated!!! (btw i used a pic of a mn700 with the thing still where its suppose to be!)

http://www.corwindc.net/mn700/router.jpg

http://wl500g.info/showthread.php?t=7661

even with a glob of solder over where its suppose to be it works and im now running the asus software... now is there a way to get usb on the mn700? i found treads where people mentioned it but never any definitive yes or no

Hi

Hard to tell from the picture where it is for, but L10 name let me assume it was an inductivity. Seems not to be for the Oszillator abouve, and not clearly for the power supply. Shorting it is a clever idea, and if its working this way, dont thing about again ;).

Greets
Wlanman

Hi

Hard to tell from the picture where it is for, but L10 name let me assume it was an inductivity. Seems not to be for the Oszillator abouve, and not clearly for the power supply. Shorting it is a clever idea, and if its working this way, dont thing about again ;).

Greets
Wlanman

hehe i dont think about it... i just thought to my self... wtf.. why not.. whats the worst thats gonna happen? start a fire? well my house is still standing.

now on the other hand is that chip the broadcom one nearest to l10 suppose to get really HOT??? i mean it was geting hot enough to not be able to touch for more than 1-2 seconds... i put a make shift heat sink on it for now but i'd like your input on this

I had some trouble with my mn700 in May, and other projects took priority, so i ignored it until xmas break.

I have resurrected it, and added some notes to the openwrt wiki.

fwiw, the most recent version of Oleg's firmware i tried on my mn-700 exhibited the same random reboots as were experienced with the et ethernet driver in openwrt whiterussian rc4.

My mn-700 is now running whiterussian rc6 and has been quite stable for about a day since i put it in place of the wrt54gs v.2 i ebayed out of frustration in june.

In whiterussian rc6 the only thing that doesn't work out of the box is the power LED.

Just thought I'd pop in and add some additional data points for anyone considering this hack.

First to start off. Many thanks to the contributers of this hack. and thank you Oleg for the bootimage.

Now with my experience. I have built my jtag cable but cannot get it to detect with my computer's parallel port. any tips? I have resolder all wires but still no go. :( any idea?

Update.. I have finally manage to flash the CFE file. But now the Power LED stays Amber.. I can't get into recovery mode.. :confused: I have reflashed the CFE a couple of times already. no luck.. Did I brick this router??? :(

**update** Got it working finally. I just keep reflashing the CFE and after like 10+ times the alternate power led starting to blink..! yay!! Thanks guys!

Thx for Oleg!!!
The CFE.bin provided by him work perfect!!!
Not all the computer's printer port works.
I've tried 4 computer. Only the old one works.
The dell and Hp won't work.
Backup the data b4 flash.
Because one of my computer can flash up to 4% then hang.
Then I used another compter to flash the backup and re-do again!!

I don't know why I can't gen my CFE.bin using nvserial.
Can I use Hexedit to edit another CFE.bin to my own MAC's CFE.bin??
Any chech-sum on it??

Any Linux system to use??

Thx!!!

Thx for Oleg!!

:-)

Could Someone Help Me.

I'll try to flash my MN700 Router with the Jtag connector.

Download the MN700 Boot loader from Oleg here : http://wl500g.dyndns.org/mn700/mn700.zip


I'll Patch it with My MAC adresse replacing in mn700.txt

00:0D:3A:28C:6E like this


And when I try flashing with wrt54g the process stop at 4%.

I'll try under linux and under windows with wrt54g-modifed, this is the same.

Can someone post me a CFE.BIN patched with my MAC adresse Please.

perhaps i'll have the wrong.

Now My power led Router is out.

Can someone help me please ^^ thanks in advance

I had the same problem so I did a whole flash erase 2 times. Then loaded cfe and it took it all the way through. Read it back and it was exactly the same.

I still have bootloader issue since I didn't build the cfe with a linux box (that I don't have). I did it in a hex editor. But, I don't think I did it correctly. Can someone post a cfe.bin file that I can use to compare with mine?

thanks oled...ygpm

I spent the last couple hours trying to load a bootloader again. the process locked up on me again at 38%. So I tried erasing a few times and now it always locks up at 4% (at exactly the same address) every time. After messing around I noticed that the large capacitor below the jtag pins is bulging. It does measure 3.3v but I would bet that this cap is leaky. I'm going to replace it before doing anything else.

edit:
Working with asus fw and with dd-wrt

I don't know what to try anymore. I have no problem flashing the cfe except that I have to use the /noreset option. I have compared both files the only difference is there are a bunch of extra FFFFF at the end of the file I created with nvserial which I guess is just to fill any empty space on the chip. I have tried erasing the nvram and still no go. I have no lights when I restart the router except for 1 light that identifies where my ethernet cable is plugged in. Does anyone have any idea? Oh I did erase the kernel before I flashed the cfe I don't know if that is my problem. Can anyone create the cfe.bin for me just in case i'm doing something wrong? 00:0D:3A:28:C7:E4

Here is what I used with nvserial within Damn Small Linux

# Microsoft MN700 board

boardtype=bcm94710ap
boardnum=mn700

# 4710 CPU clock frequency in Mhz
# Only valid value is 125, anything else defaults to 100Mhz
clkfreq=125

# 4710 SDRAM controller parameters
sdram_init=0x0419
sdram_config=0x0000
sdram_refresh=0x8040

# 4710 MAC and PHY parameters
et0macaddr=00:0D:3A:28:C7:E4
et0phyaddr=30
et0mdcport=0
et1macaddr=00:0D:3A:28:C7:E4
et1phyaddr=5
et1mdcport=1

# PMON variables
dl_ram_addr=a0001000
os_ram_addr=80001000
os_flash_addr=bfc40000
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
scratch=a0180000
boot_wait=on
watchdog=3000
hardware_version=WL500-02-02-01-00
regulation_domain=0X30DE


Hope someone is still watching this thread :)


---------------------
UPDATE
---------------------

Oleg sent me new cfe.bin. Worked flawlessly.
Thank you

Try this: http://wl500g.dyndns.org/mn700/000D3A28C7E4.zip

Try this: http://wl500g.dyndns.org/mn700/000D3A28C7E4.zip

Thank you very much your cfe file worked on the first try. :)

Hi there !
I followed the instructions on the forum and succesfully flashed the bootloader , then loaded the oleg´s firmware, but here comes the creepy part , I wanted to try the openwrt firmare ,so I messed up and flashed the cfe ,but when reaching 80 % it failed ,so i had the worst idea:confused: , I did a wholeflash erase , so I ruined all .Now I wonder if any of you can mail me the wholeflash.bin file to start over again.
Thanks!!!!

Hello,
i tryed to flash my MN-700 but i still got an error with the wrtjtag.
Error: CHIP ID: 11111111111111111111111111111111 (FFFFFFFF)

It seems the the cable or the connection is bad but i build the cable 3times and testet the connections of the jtag on the board.
On page 8 of this tread "hsddlawley" wrote he has the same problem with flashing this unit, but finally he got it to work.
I read his posts but i do not understand what he has done to got it work.
So please can someone give me a hint?

Hi all,

I just fhashed my MN700 with a cbe.bin I created. Everything looks fine since after I reboot the router the power light keeps alternating green/amber.
When I try to use the Asus upload utility the lamp goes to a steady green but the utility says it cann't find any device and fails to upload the new firmware.
Does anyone has any suggestion of what could be going wrong?
BTW, I cann't ping my router neither. I tryed ping 192.168.1.1.

My MN700.txt I used to create the cfe.bin is:

# Microsoft MN700 board

boardtype=bcm94710ap
boardnum=mn700

# 4710 CPU clock frequency in Mhz
# Only valid value is 125, anything else defaults to 100Mhz
clkfreq=125

# 4710 SDRAM controller parameters
sdram_init=0x0419
sdram_config=0x0000
sdram_refresh=0x8040

# 4710 MAC and PHY parameters
et0macaddr=00:0D:3A:2C:F8:0C
et0phyaddr=30
et0mdcport=0
et1macaddr=00:0D:3A:2C:F8:0D
et1phyaddr=5
et1mdcport=1

# PMON variables
dl_ram_addr=a0001000
os_ram_addr=80001000
os_flash_addr=bfc40000
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
scratch=a0180000
boot_wait=on
watchdog=3000
hardware_version=WL500-02-02-01-00
regulation_domain=0X30DE

Thanks for any help! :)

I think i found my problem.
I desoldered the cap near the jtag-connector because it's seems to be damaged. And really it was. So i soldered a new one.
Now i started a new run. I used wrtjtag 4.8 with -probeonly and he found the chip.
Now i started to make a backup of the cfe, but wrtjag hangs. So i tried the v.99 beta for WindowsXP and really it starts creating the backup. After that i flashed the cfe.bin i found in this tread, because i have no linux at this time. Finally i flashed the cfe succesfull and whit the Asus-tool i installed the newes Asus-firmware.
Later at home i will try to flash my one cfe.bin

But in the moment i'm still happy...:D

could anoyone backup the wholeflash.bin and mail it to me? I´m stucked here since I haven´t got it , thanks a lot!!! my mail is thembones2002@hotmail.com

Hi all,


My MN700.txt I used to create the cfe.bin is:

# 4710 MAC and PHY parameters
et0macaddr=00:0D:3A:2C:F8:0C
et0phyaddr=30
et0mdcport=0
et1macaddr=00:0D:3A:2C:F8:0D
et1phyaddr=5
et1mdcport=1




You have to change the mac.
et0macaddr and et1macaddr must be the same.

I just got a MN700. It works normally with the standard firmware, but I bought it with the intention of flashing some Linux-based firmware. I've tried all day to get this thing going, but I always get:

CHIP ID: 00000100011100010000000101111111 (0471017F)
*** Unrecognized Chip ***
*** This is not a Broadcom BCM47XX chip ***

I've tried Linux and Windows, two computers, various versions of the jtag utilities, etc. It returns the correct ID the second time, but not the first. Hence it misses the 4702 detection code. Forcing it past that just makes it hang later on.

At first I soldered on headers and used the same cable I used to rescue my WAP54G, which has the same pinout as the WRT54G's JTAG. I used pin 6 for ground. Fearing my headers or the pin selection for ground were wrong, I took them off and resoldered directly onto the board using pin 2 for ground. I still get the same result.

Before soldering directly I had tried to use the cable with my WAP54G again and it worked perfectly. So I'm quite sure the resistors (100 ohm) are fine.

Any ideas?

Thanks!

I'm glad I found this site. I dug and old MN-700 out of the garage dusted it off, installed the 12 pin header, built the jtag, and downloaded all necessary files. Unfortunately I don't know much about linux. I have Redhat on a dual boot laptop and Ubuntu in a recycled desktop but have spent little time using them. I use the syntax posted in the forum for creating the cfe file using nvserial but I keep coming up with command not found. I have all three files in the \home\ranylun directory I use root login in a terminal window, change to the driectory where the files are. I set the nvserial properties to executable. I'd like to learn what I'm doing wrong but if someone could also create the cfe file for me I would appreciate it.

Here are the contents of my mn700.txt file with my mac adress embedded.

# Microsoft MN700 board

boardtype=bcm94710ap
boardnum=mn700

# 4710 CPU clock frequency in Mhz
# Only valid value is 125, anything else defaults to 100Mhz
clkfreq=125

# 4710 SDRAM controller parameters
sdram_init=0x0419
sdram_config=0x0000
sdram_refresh=0x8040

# 4710 MAC and PHY parameters
et0macaddr=00:0D:3A:72:B6:F4
et0phyaddr=30
et0mdcport=0
et1macaddr=00:0D:3A:72:B6:F4
et1phyaddr=5
et1mdcport=1

# PMON variables
dl_ram_addr=a0001000
os_ram_addr=80001000
os_flash_addr=bfc40000
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
scratch=a0180000
boot_wait=on
watchdog=3000
hardware_version=WL500-02-02-01-00
regulation_domain=0X30DE

All help appreciated.

Thanks,
Roy
royan@spamcop.net

+=+=+=+=+=+
| UPDATE |
+=+=+=+=+=+

I have made progress (for those who may have similar difficulty.) I downloaded Knoppix and ran it from CD. The nvserial runs but the file system is read-only so the cfe.bin that is generated doesn't write to disk. When I try to change permissions for the folder I get a response that I don't have sufficient privilege and I can't log in as root because I don't know what password to use. I think I'm close to getting this licked but work gets in the way.

+=+=+=+=+=+
| UPDATE |
+=+=+=+=+=+

Issue solved!! For the benefite of others, I clicked the K in lower left (start equiv of Win), clicked KNOPPIX, clicked ROOT SHELL, typed psswd, typed a random password, hit enter, typed the password again, hit enter and password entered successfully. Typed exit.

Right clicked the drive icon on the desktop and from the menu clicked on change read/write mode. When asked if sure I want to changed partition to write I clicked yes.

Went to the directory containing the files, opened terminal window, executed nvserial -i mn700.bin -o cfe.bin mn700.txt and in a short time the command prompt returned and ls showed the cfe.bin in the directory (around 256 K in size). Since I'm self directing the process I hope it went correctly and will flash.

+=+=+=+=+=+
| UPDATE |
+=+=+=+=+=+

I had a little difficulty with the flash. I used the windows version so I had to move all files to a directory I created in the root of C: drive so it would be asy to run dos in a command window. I started by using the command

wrtjtag -backup:cfe

It would properly i.d. the processor but would freeze after processor reset. After a couple of tries I decided to try

wrtjtag -backup:cfe /noreset

voila....the backup process started scrolling down my screen. After quite awhile it finished and I had the original microsoft cfe backed up on my drive.

I turned the router off and on and then did the flash

wrtjtag -flash:cfe /noreset

The flash started scrolling down my screen and about a half hour later that completed normally (it seems, I hope).
After power cycling the router the power LED alternately blinks yellow-green-yellow-green.....

I'm ready for the firmware upload and at this point I have a question if anyone if reading this.

WHAT IS MY BEST CHOICE (STABILITY VS. FEATURES)? Is Oleg's 1.9.2.7-6b best or should I go older or newer. Hope someone's reading this.

Thanks,
Roy

I have successfully completed upgrading the firmware of the MN-700 using DD-WRT SVN 3953. I see that Firmware v1.9.2.7 CR4 from this site offers basic functionality for the MN-700. At this time I am only needing bridge or repeater capability. Can someone tell me if there are any firmware revisions from this site that are particularly good on the MN-700 or any that I should avoid? Thanks in advance, Roy

**Update**

I figured out that the reason I was having such a hard time finding the Asus Restoration Utiliy is because it's not listed as that on the Asus site. It's listed as Asus Wireless Utility or something and that contains the Firmware Restoration Utility. I did use that to upload my new firmware which I got at the link below. Found at DD-WRT.

http://www.dd-wrt.com/wiki/index.php/MN-700

Be sure to read carefully if you go there to download the firmware. Only 2 versions are supposedly working with the MN-700. The link I provided gives a link to the svn that supports the MN-700.

Also make a note that the Asus Firmware Restoration Utility by default only sees .trx and .img files but it does not see .bin files which is what the
dd-wrt firmware is. So you will need to click the little drop down menu and select "All files"

They also provide links to the asus stock firmware, Olegs firmware, and OpenWRT firmware all of these are supposed to work with the MN-700.

With the DD-WRT firmware with DHCP enabled I have problems, just like I did with the original mn-700 firmware. It seems that it has problems assigning new addresses, and clearing the ones that havn't been used. I set it to only allow 3 dhcp clients so that I could have 3 computers get connected. This was after I had left my house and gone somewhere else with the router. It still had my computer name and address from my home listed in the DHCP clients table and I think thats why it would only allow me to configure two at my second location. It was kinda annoying. So I allowed for more clients and it solved my problem temporarily until a few restarts later with the pc's and I was back to not being able to recieve an address. This was the same issue I had with the original firmware so I was kinda angry.

I decided to use static IP's, and I prefer it actually...I did this same setup with the original firmware and it would only allow for one computer at a time. Weird huh? But it worked nicely with the dd-wrt firmware. Also note that the dd-wrt has some problems when trying to log into the router, perhaps this could be a security feature the dd-wrt guys setup but the router seems to not allow any http logins after 2 or 3 within less than a few minutes.

Has anyone had any success with DHCP with other firmwares?

Also dd-wrt has a TON of options.

**End Update**



Hey roylund,

I'm glad to see someone is involved in this around the same time as I am. I was beginning to feel alone and it seemed like I had missed the flashing thing for this router by a couple years.

I think your problem with the error "command not found" with nvserial may have been because you didn't type "./nvserial" or did you?

I'm glad to see you got things working.

After many many hours I have successfully flashed the firmware with the Windows WRT/JTAG Program made by HairyDairyMaid.

(making notes)
Here is the link where I downloaded the Windows version:

http://www.ranvik.net/prosjekter-privat/jtag_for_wrt54g_og_wrt54gs/new-winxp_ejtag_debrick_v%5B1%5D.99beta/

The file is named WRTJTAG.exe

I made sure to read the README.txt
I put the io.dll file into 3 places but I think it only need to be in the root folder that I made where I put the exe. The other places I put it were in my system and system32 folder.

I also placed my cfe.bin file into the folder I created that contained the io.dll and wrtjtag.exe.

I too made my cfe.bin in linux. I used Ubuntu 7.10 to do it. I had a few of the same problems I saw on this forum. Just to note them here they are:

When using nvserial be sure to put ./ in front of it. That is a period then a slash. And also like you mentioned roylund it needs to be made as an executable. For other reading you can acconplish this by right clicking on the file and go to permissions, then check the box. If you are using command line then you may want to read the man pages for chmod.

Also Make sure nvserial is in the same folder as the stuff for your boot loader.


Some other things that were pretty tough I thought was the whole JTAG connector thing. I will post my pictures and all the next time I post when I have unhooked my connector.

I used two diagrams. this one:

http://www.liamm.com/images/wrt_jtag.png

and this one:

http://scatcat.fhsu.edu/~cmhansen/diag.jpg

I liked the first one cause it showed both rows to the JTAG when representing the device and it had the square around pin 1 which helped reassure me I had it right.

The second link has the numbers for the pins.
I used a db25 connector I took off of some old school device I had in my garage. I would have an old parallel cable but this device I had made it much easier on it.

Also for people reading make a note that the jtag on the mn-700 zigzag in their count. So where it says 1 and 2 you need to remember 3 is next to 1 and 5 is next to 3 and so on. (i'm assuming this is the case with most devices?)

When I used the linux version of the wrt54g program I kept hanging after the processor message. I let it hang for about 13 hours the first time then 3 or so the second time. During these hours I began reading this forum and scouring the internet only to find out that many others had the same problem. For some reason the windows version did not have any problem.

But I completely redid my jtag also...so I dunno. However i never recieved any chip id error with the linux version or windows version unless I was unplugged or my jtag had come undone.

This was very helpful in troubleshooting:

CHIP ID: 00000000000001100000000001111111 (0006007F) = link (to long kabel max 20cm long kabel!!)
CHIP ID: 11111111111111111111111111111111 (FFFFFFFF) = no power no link
CHIP ID: 00010100011100010010000101111111 (1471217F) = you done it
CHIP ID: 00000000000000000000000000000000 (00000000) = you have got one ore more ins worng

Although I don't think the chip id for "you done it" is how the one for the mn-700 will be.
Mine was 0471017F.

The link for the chip id's and other info is here:

http://www.ranvik.net/prosjekter-privat/jtag_for_wrt54g_og_wrt54gs/jtag%20fix%20for%20MN-700%20(not%20teste)/IMPORTONT_IF_ERROR.txt

I followed this link for the beginning of the project until I became stumpped. It's not a great how to for begineers and I think it was intended for an audience that has done some flashing before. After reading many of the comments on that page I began to wonder if the person who posted the how to actually performed the flash. If you read carefully through the posts it's odd.

http://www.liamm.com/tech/hacking-the-microsoft-mn-700/

I got my bootloader from there. Or accually from Oleg cause the link there is for Oleg's site I think. Which I think eventually led me here.

Now after I flashed it using that bootloader I'm wondering what to do? I'm done with JTAG right? I'm afraid to unhook it if I need it again cause it's very delicate.

Do i just ftp into it? Where do I obtain the Asus firmware restoraion file? This link http://www.asus.com.tw/pub/ASUS/wireless/WL-500g-03/Eng_1380.zip is broken.

I'm stuck at the moment. But the hardest part is out of the way right!!?!??

Hey Daren, good to hear from someone. You touched on some good points and issues I faced along the way. It seems the DD-WRT firmware is generally geared to the WRT54G series of Linksys routers so I suspect the Oleg firmware is focused more on the Asus routers and should be better for the MN-700. I hope someone who has tried a few versions, or perhaps Oleg, picks up on this thread and can recommend something that is fairly stable and will exploit most of the capabilities of the MN-700. My next project is a WRT54G-TM that I just got.

Regards,
Roy

hello guys,

I'd like to bother you here as i can see here is some life (unlike on others threads). I see you are having a interesting discussion here and i believe that some of you are keen enough to help me.

I want to de-brick a WL550gE box with jtag cable (i have tried almost everything) but I don't know where to find correct pinout for this box.

here is original link for my problem http://wl500g.info/showthread.php?t=12483

i have done some soldering (just guessing pins) but with no success yet.

please reply there if you have some advice.

sorry for bothering once again...

I can't connect and flash the cfe file using windows or linux. I keep receiving CHIP ID: 11111111111111111111111111111111 (FFFFFFFF) = no power no link. I built my jtag connector, but something must not be right. I know the cable and headers are soldered correctly. I used a DVOM and check for opens, shorts, and to make sure they went to the correct pins. When ground pin 13, the CHIP ID changes to 0x00000..... I bypassed the resistor on pin 13 also to check, but it had no effect.

I have only tried two different pc's, so maybe its the computers. One is really old, can barely run linux (couldnt even make the wrt54g file) and the other is newer and is running vista.

Thanks,
Jeremiah

Does any have troubles in cold boot with the mn700? Sometimes the power light wont come on and I have to keep resetting the power until it works. This has happened for years. Maybe this problem is affecting my flashing ability.

I still have had no luck with my router. I know for sure my cable is correct. I will try more pc's, but it may be my router. I traced the lines to the broadcom chip, no opens or anything. I cant see the solder points on the chip, so idk.

Consults a question with the fellow friends，I have the MN700. And three days ago succeed flash DD-WRT system. This morning has turned off several MN700 power sources, presents the breakdown, the phenomenon is often bright for the yellow, PING does not pass router. I have made “wrtjtag-modified.exe - flash:cfe /noreset” again, demonstrates normally.
After the installment completes, with the line connection computer and the MN-700 random LAN mouth, for the MN-700 power failure, then holds down the Reset button not to put, puts through the power, about 10 to 20 seconds later, the MN-700 power source lamp does not present between the orange color and the green glitters. Please ask how to solve this problem, was the router is bad?

It's nice to finally find an active discussion on this topic. Here is my status thus far.

I have successfullt JTAG'ed my mn700. I can write to it but, I think my cfe.bin is bad. I cannot get the router into restoration mode afterwards. I cannot get nvserial to run in linux. My MAC is 00:0D:3A:6D:08:60

Can some please create and email (or post) a cfe.bin with this MAC ? Or even give some instruction on how to get nvserial running under Ubuntu 7.10 ?

Thanks in advance.

Hi guys , just wondering if anyone who has the router and jtag working can make a wholeflash backup and mail it to me ,I had the router working with no problems but when trying another firmware I erased the wholeflash.bin,I would highly appreciate that,thanks.

:confused:
I managed to get nvserial to work in Ubuntu and I created a cfe.bin with my MAC address. However, when I try to flash it using the JTAG GUI, it always hangs at 4%. I try to flash from DOS using wrtjtag-modified and it hangs in various spots. I can sucessfully flash the microsoft boot image, but it is only 95K and does me no good. I have tried erasing several times and reflashing the cfe.bin but it always hangs. My JTAG cable is correct and is 6 inches long.

Anyone have any ideas or pointers?

:confused:
I managed to get nvserial to work in Ubuntu and I created a cfe.bin with my MAC address. However, when I try to flash it using the JTAG GUI, it always hangs at 4%. I try to flash from DOS using wrtjtag-modified and it hangs in various spots. I can sucessfully flash the microsoft boot image, but it is only 95K and does me no good. I have tried erasing several times and reflashing the cfe.bin but it always hangs. My JTAG cable is correct and is 6 inches long.

Anyone have any ideas or pointers?

Try a different computer maybe? Or perhaps changing the operating mode of the parallel port in bios - generally you can specify epp, ecp, or normal. sometimes there's a ps/2 style mode as well.

I'm flashing my 2nd mn-700 today and i'm amazed at how hard it is this time because my first time around was really fairly straightforward and easy. I don't remember which version of wrt54g i used on linux when i did my first one, and the cable i used is long, long gone. But i know i used linux.

Built a new cable, and spent hours trying different versions of wrt54g and different command-line arguments.

Basically it would either not start at all or it would die at 3% or 4%.

In order to get it to die at 4% i had to specify /nobreak.

specifying /nodma would always result in a non-starter - which makes no sense, it's supposed to be slower but less trouble-prone.

wrtjtag-modified.exe seems to be working from a different (but mostly identical) laptop under XP. It's very, very slow, so i suppose it could still fail on me.

Edit: the wrtjtag-modified that's attached to a post several pages previous in this thread was ultimately successful. It ran through without stopping, so i did a backup of what I'd just written, used 'comp' to compare it with the cfe.bin i'd written, and found that there was a single-bit error. Erased the cfe a couple more times, wrote it again, and the 2nd time the backup matched what was supposed to be written, so now I'm finally done jtagging my 2nd mn700. Just wanted to reiterate to people: this process can get hinky, so always read back what you wrote via jtag and compare it to the original to see if the write was really successful and uncorrupted. Sometimes something goes wrong.

I never could get the JTAG GUI to get past 4%. I used wrtjtag-modified and managed to get my cfe.bin on it. I can even get the alternating green/amber LED but, I cannot access it via IP (The ASUS utility cannot find the device). I got several errors on the load, I have to use the /noreset switch to even come close. I suspected noise on the JTAG cable so I added some ferite to it and that helped a great deal but, I still can't access it. I may try cutting down the cable length some more. (It is already under 8 inches). I can't get wrt54g to run from my Ubuntu box either. It says /dev/parport0 does not exist. I think it is listed as a different device name.

I lost the R6 carelessly, so the MN-700 ROUTER could not work.

please could you tell me which model of the R6 in the chart shows .
http://www.tupianguanjia.com/bin/2658/router.jpg

I never could get the JTAG GUI to get past 4%. I used wrtjtag-modified and managed to get my cfe.bin on it. I can even get the alternating green/amber LED but, I cannot access it via IP (The ASUS utility cannot find the device). I got several errors on the load, I have to use the /noreset switch to even come close.

It looks like /noreset is required for this board, so just use it. I also recommend that you just go ahead and keep using wrtjtag-modified.exe as well.

Make sure that the flash was completely successful by running "wrtjtag-modified -backup:cfe /noreset" and running "comp" to compare CFE.BIN with the file output by the backup process. 'comp' is an interactive program - it'll just ask you which two files you want to compare. There should be no differences. If there is a difference, run "wrtjtag-modified -erase:cfe /noreset" a few times, then flash the cfe again.

I'd recommend clicking the upload button on the firmware restoration app right before plugging in the power on the router.

Also, don't do this while connected to your whole network. Just run one ethernet cable from the computer running the firmware restoration app to the router.

Make sure your computer's address is in the 192.168.1.x address range.

Make sure that firewall software isn't blocking the firmware restoration utility.

I lost the R6 carelessly, so the MN-700 ROUTER could not work.

please could you tell me which model of the R6 in the chart shows .


Looks like 850 ohms.

You don't necessarily need a surface mount part there, either. You could get a 1/4 or 1/8 watt axial part and solder it from the small pad to the left of it in that picture to the big huge ground plane to the right of it. Just use a razor blade to scrape away the green mask and swab the copper lightly with a good flux, and pre-tin it with solder before tacking down the resistor.

Hi all! I have build a JTAG cable and I test it with a multimeter. It look good. When I try to jtag the routeur I got FFFFFFFFFFFF error.. I have try with the Windows JTAG soft (with GUI) I'm on XP and I disable the antivirus. And I have try on the différent PC.

Any Idea?

Hello all the title says it all. Everything seems to flash ok, but no power led, no blink. No ping, no TFTP, no asus util

I have tried to download a known good cfe.bin from Oleg just to see if that was the problem, but that did seem to be the problem.

Maybe is the way I am doing it.
I am trying to use HairyDairy v4.8 util on Ubuntu. Is this why it not working?
I do the erase:cfe, kernel, nvram then the flash:cfe.

Does anyone know if this works.

I did see some posts about changing the code and something about "R6" but I don't know if that should be the next step.

I also have a ByteblasterMV cable I was thinking about trying to use as my cable might be on the long side.

Do all versions of the MN-700 have the same hardware other than the MAC change?

Thanks for any input you can give.
-Fargodude

I'm just starting to attempt this modification and im just a little worried, ive started to solder my jtag cable and from what i see on the diagram (http://downloads.openwrt.org/people/inh/reference/JTAGschem.png), 17-25(pc) are ground wires and can be placed on any 2,4,6,10,12 (jtag) ??? the way i have done it was
(25-2) (24-4) (23-6) (22-8) (21-10)
does this sound correct?

Also does anyone know if Radioshack carries the 12 pin header male and female, so far ive soldered straight into the router.... which i see may cause problems down the line in case i need to restore or something of that sort i would have to re solder..

closest thing i have done to this is put a mod chip into an xbox and flash it and my first go i bricked an xbox motherboard so im taking this project in stride.

once i get this connector finished i will be back in the forums because alot of these tutorials i have seen leave you to figure out some small items

Does anyone have any suggestions for me?

I have tried everything.

I think maybe were I have gone wrong is that I did a
-erase:cfe
-erase:nvram
-erase:kernel
before I did a ./wrt54g -flash:cfe

So I am still stuck. When I do a ./wrt54g -flash:cfe everything seem to work, but when I try to ping it I get nothing. I also don't see a power light.

PLEASE PLEASE can someone help me?

Thanks
Dustin

I thank everyone for there help in this matter. But after much agony I fixed it myself.

To flash this router, I have found you must use a utility called
"wrt54 modified" or something to that effect.

Everything works great then.

It also appears that the mega version is to large for this unit. I chose the vpn version and everything works great.

Thanks to all the hackers that put this thing together.

I am having problems getting nvserial to run on Ubuntu. Is it possible to take someone else's CFE.bin and just edit the MAC address?

I finally got nvserial to work! It took a lot of time and multiple tries but it works!

Might I please get the CFE.bin with the MAC address of
00:0D:3A:70:50:F4 ?

Thanks in advance, I'm really looking forward to testing it out. :)

Hi -

Is anyone able to provide me with a cfe.bin for my router MAC address of 00-0D-3A-6E-2A-BA

I'm not really Linux skilled, so if someone could help me out that would be great.

Thanks in advance and thanks for the tread - great to be able to get some use out of my old router.