C6300v2 Firmware Update

0 views

Skip to first unread message

Nell Barreto

unread,

Aug 3, 2024, 4:12:14 PM8/3/24

to doylimipos

I've downloaded the Nighthawk app, but it keeps telling me that my firmware is out of date. If I try to do anything in the app (open it even), it tells me my firmware is out of date and to "Open routerlogin.net" or "connect with anywhere access".

If I click "open routerlogin.net", it sends me to the web portal (Genie) and I get nowhere because there's nothing in there that allows me to "check for firmware updates". I've literally clicked on every option within the Genie and there's nothing in there that says firmware or update.

If I click "connect with anywhere access", it tells me that I don't have any devices available which isn't true. At the moment, the app is completely worthless to me and I'd like to be able to manage the device using the app, but at this rate, I'm about to return the whole thing.

having all kinds of problems with my c6300v2 on spectrum. I noticed in other threads that some people have firmware 2.01.14 or higher, yet mine is at 1.03.04 which (duh) might explain some of my problems.

Have had the same exact problem 2 years ago there hasn't been any fix to this issue to nighthawk it's worthless the app.
You have to manually check the router gateway if any icon pops up for firmware updates against the provider you use.
Haven't seen any in 2 years
Calling support thru netgear and provider has proved nothing went thru whole deal Uninstall reinstall the factory reset and still the same issue.

C and CM series modems are not user FW updatable. Only the ISPs can push FW updates to these modems after NG sends them FW for the ISP to first test out on there systems to be sure it works, then they can push out to these modems. Be aware that some ISPs will not update user owned modems. Been like this for a long time.

This was happening at the height of Covid in April 2020. Of course Cox blamed my equipment. I went and bought the same model new.. and the problem followed. Many home visits and neighborhood repairs were enacted. No relief. I'm convinced it was the firmware that Cox controls. I did finally get escalation - Cox brought me out a different model modem to test out. It was affiliated with a Cox service account, not my own account. And that test modem ran flawlessly but Cox support never followed up nor reclaimed the modem. And that account was finally shut off by Cox after about 6 months. I plugged my original modem back in at that time and LO AND BEHOLD - it now ran flawlessly without the lease drops for months. Until this weekend. I am back to the original issue. But with a new twist - the 2.4ghz wifi on the modem will no longer connect a channel and thus will not broadcast.

So is anyone else experiencing this? I am engaged with "support" to ask when this firmware was rolled out. At some point I will go thru the motions of contacting "support" to change my mac id and whip out my other C6300v2 (you remember, the one I originally replaced) so I can enjoy the phenomena on it too.

And rather than answer my direct quiestion about firmware age and address my request to have that original ticket reopened, sweet Taina B. has recommended I try rebooting my hardware and then hastily did so to dump me out of chat. This is a game I know very well from last year.

Although OpenWrt does run on the R6300 v2 only 802.11g is supported, Broadcom 802.11an support is very sketchy on OpenWrt in general; Broadcom 802.11ac support is non-existent. Kindly direct your complaints to Broadcom, not to the OpenWrt developers or community :).

If you have already installed OpenWrt and like to reflash for e.g. upgrading to a new OpenWrt version you can upgrade using the mtd command line tool. It is important that you put the firmware image into the ramdisk (/tmp) before you start flashing.

There are at least three variants of the R6300v2 device. Charter (an ISP) puts out a custom R6300v2 unit with "Model: R6300v2" on the bottom and blue coloring on the front, not the standard yellow. When you open the stock firmware web interface you will note a "CH" at the end of the stock firmware name/version.

Note: Some users have needed to reset NVRAM from the CLI, see the "NO 30-30-30 reset..." section below for details. While these last few steps may not be necessary, the wiki author has performed them without issues.

Note 2: While not always necessary it is also a best practice to set your computer to a static IP of 192.168.1.8 (or to whatever subnet the router is on) for flashing. Also when flashing from a windows client I like to open a command prompt window and pass the following command (no quotes) "ping 192.168.1.1 -t -i 200" and watch the TTL responses during the process. Remember to set your client back to get IP from DHCP when you are finished.

Flashing back to Netgear Firmware is supported. Just use the dd-wrt web interface and upload netgear firmware. Since netgear is not using the same password var as dd-wrt you have to reset the router after you flashed back to netgear firmware, otherwise the netgear webif will not accept the default password. (Per Kong's pre-Oct. 2014 "readme" file.)

Reset notes: In early 2015, Kong announced a reset is required for certain upgrades as well. Do NOT restore an NVRAMBAK from previous build as it will undo the reset. While not always necessary, a reset with manual configuration is recommended for large version changes, and required before reporting issues.

In case you have a Netgear router, check if your router supports DD-WRT firmware here. If it does, you can flash your router with it. More information on how to install this firmware can be found here.

The firmware, a program that executes in a dedicated way and with a specific purpose in a microcontroller or microprocessor, is usually stored in a persistent memory device like a NAND/NOR flash or EEPROM.

The TAP interface implements a finite state machine (16 states) that allows access to a group of registers (IR, DR) to instrument the chip. The control of this state machine is done through the pins TMS and TCK. Through this state machine, it is possible to select an operation via the IR register (Instruction Register) and pass parameters or check the result via the DR register (Data Register).

Each instruction has its own DR (Data Register), which has a variable size. Three instructions are defined by the JTAG standard and must be implemented by the manufacturer (BYPASS, EXTEST, SAMPLE/PRELOAD). Other instructions are optional, but are also usually implemented (eg, IDCODE).

In addition to the instructions defined by the standard, the chip manufacturer can implement other instructions as needed. In this way, many manufacturers extend the JTAG interface with debugging and memory access functions (eg: MIPS EJTAG).

Information about supported JTAG instructions and the pins on a chip is usually documented in a file called BSDL (Boundary Scan Description Language), a subset of VHDL (VHSIC Hardware Description Language).

With JTAG we can control the execution of the firmware (stop the execution, inspect the memory, configure breakpoints, execute the code step-by-step, etc). We can also inspect the state of the processor and its registers, read and write to memory and access any I/O device connected to the processor.

Through a feature called Boundary Scan, the JTAG interface allows access to all the pins of the chip! In this way, we can individually read and write to each pin, and consequently manipulate the peripherals connected to the processor/microcontroller (GPIO, memory, flash, etc).

Because the JTAG interface is very convenient for the development and production of the hardware! Developers use the JTAG interface to debug the firmware running on the device. Also, the JTAG interface is used as a tool for programming and testing the device in production.

OpenOCD (Open On-Chip Debugger) is an open source tool for communicating with JTAG interfaces. The project has been around for many years, connects easily to GDB and has a very comprehensive support of JTAG adapters and hardware devices.

With the JTAG adapter connected to the WRT54G, we can use UrJTAG to test communication with the JTAG interface and extract the device ID using the IDCODE instruction (this ID is a unique number assigned by JEDEC to each chip model manufactured in the world).

Visual inspection can help to identify the flash memory chip. Searching the Internet for information about the hardware platform or products with similar hardware can also help, as well as the documentation of the chip (SoC, processor, etc).

In my case, as I am using a MIPS based router, I can try the EJTAG instructions (a MIPS extension of the JTAG protocol) to identify the memory mapping of the chip. From the output below, we can see that the flash address of the device is 0x1FC00000 (line 19).

The JTAG interface is a fantastic tool for doing security research on electronic devices, and today several open, popular and inexpensive JTAG adapters can facilitate the process, requiring just a little knowledge and a lot of free time. Fun is guaranteed!

About the author: Sergio Prado has been working with embedded systems for more than 25 years. If you want to know more about his work, please visit the About Me page or Embedded Labworks website.