Linksys Internet router gone toast, replacing FLASH ROM make sense?
nelfrikandel
I have a Linksys BEFSR41 Internet router, which is toasted after
firmware problems.
After previous postings and contact with Linksys support I concluded
my Linksys is toast, I have no warranty, so the device is garbage or
an expensive 4 port switch at best.
Since I don't like to give up, I opened the router. Turns out to be a
well accessible device, existing of 2 PCB's, the lower one being the 4
port switch, and the upper one has all the WAN functionality. They're
interconnected with a 34 pin (FDD like) connector and can be taken
apart by removing a single screw.
I found there's an FLASH ROM on the Upper PCB, which can easily be
removed and replaced. The upper PCB being the WAN side of the device,
I take it this might be the ROM containing the firmware (it's the only
flashable device).
After scratching off the sticker covering it, I could identify it as a
MEGAWIN MM29F040P-90, which is a pretty common 4 Megabit (512k x
8-bit) CMOS 5-volt flash memory chip, also used in DVD and MP3
players.
Would replacing this FLASH PROM with a blank one, and reflashing the
firmware be the way to have a functioning router again?
Nelle
ro...@mauve.demon.co.uk
> Hi,
>
> I have a Linksys BEFSR41 Internet router, which is toasted after
> firmware problems.
> Would replacing this FLASH PROM with a blank one, and reflashing the
> firmware be the way to have a functioning router again?
Possibly, if the problem is corruption of the flash ROM.
However, it's almost certain that to be able to reflash it in the device,
it'd need a small "boot ROM", which would not be present in the new ROM.
So, you need to reprogram it, which could as easily be done with the old
one, if you had a programmer, and a copy of a good ROM.
Perhaps you might find someone with one, that you could persuade, if you
had a copy of the ROM.
--
http://inquisitor.i.am/ | mailto:inqui...@i.am | Ian Stirling.
---------------------------+-------------------------+--------------------------
<Squawk> Pieces of eight!
<Squawk> Pieces of eight!
<Squawk> Pieces of eight!
<Squawk> Pieces of eight!
<Squawk> Pieces of eight!
<Squawk> Pieces of nine!
<SYSTEM HALTED: parroty error!>
nelfrikandel
wrote:
>
>Possibly, if the problem is corruption of the flash ROM.
>
>However, it's almost certain that to be able to reflash it in the device,
>it'd need a small "boot ROM", which would not be present in the new ROM.
>
>So, you need to reprogram it, which could as easily be done with the old
>one, if you had a programmer, and a copy of a good ROM.
>Perhaps you might find someone with one, that you could persuade, if you
>had a copy of the ROM.
>
router, powering it up, and trying to connect to the router through
it's IP to flash the ROM doesn't make any sense at all. The router
will need some code to even boot up. So I will need to program the ROM
in some kind of ROM programmer. I'm sure I can find somebody who can
do that.
Would it work if I take the binary file from the the firmware upgrade
from linksys WEB pages, take that with me and have it flashed it the
ROM? Or is there more to it? Could I do that using the old ROM, or can
that be physically corrupted (causing all this in the fist place)
Michael A. Terrell
You need someone to pull a working flash memory chip and clone it for
you. The chip you have should still be good, but you have corrupted the
boot section that brings it up enough to program the rest of the chip.
It is a pain in the ass, but it can be done. I had access to a
programmer and software at my last job, but they closed the plant ad
moved it 1000 miles away from here, so I can't read the one I have, or
copy it for you till I find the parts to finish building my programer.
You might watch local flea markets or E-bay and find another unit
cheap. Then you can fix the old one, and have a working spare. You can
also keep the binary image on disk in case you ever need it again.
--
Michael A. Terrell
Central Florida
nelfrikandel
<ter...@mfi.net> wrote:
> You need someone to pull a working flash memory chip and clone it for
>you. The chip you have should still be good, but you have corrupted the
>boot section that brings it up enough to program the rest of the chip.
>It is a pain in the ass, but it can be done. I had access to a
>programmer and software at my last job, but they closed the plant ad
>moved it 1000 miles away from here, so I can't read the one I have, or
>copy it for you till I find the parts to finish building my programer.
>You might watch local flea markets or E-bay and find another unit
>cheap. Then you can fix the old one, and have a working spare. You can
>also keep the binary image on disk in case you ever need it again.
>--
Turns out I do have access to a programmer! One thing I need to
understand: Does the "firmware" as posted on the suppliers website
contain the complete contents of the chip? So if I pull that code from
the FTP site, and take it with me to the programmer, flash it, I'm
done??
Or is the firmware just the application software, and is the boot
portion something apart, i.e. not included in the code that is
commonly referred to as firmware???
In the last case, I indeed need access to an identical one, to clone
it. That might be the most complicated part. Or is it possible that
someone pulls that entire code from a chip, and posts it somewere?
(getting there slowly !!!)
Jos
Jeff Liebermann
(nelfrikandel) wrote:
>I have a Linksys BEFSR41 Internet router, which is toasted after
>firmware problems.
So, what are the symptoms? Toast is rather vague.
I had a flash upgrade on a BEFSR41 go nuts on me once. After much
tinkering, I figured I had killed it. However, Linksys support had a
trick up it's sleeve. Hold the reset button down for well over 60
seconds after power on. Nothing thrilling will happen on the front
panel lights. Apparently, there are 3 levels of reset in the unit.
1 second just reboots the router. 10 seconds resets the user
accessible parameters back to default. 60 seconds resets everything.
--
Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
(831)421-6491 pgr (831)336-2558 home
http://www.LearnByDestroying.com WB6SSY
je...@comix.santa-cruz.ca.us je...@cruzio.com
John Kimball
in Message id: <3ddcf7da.2588421@news>:
>Or is the firmware just the application software, and is the boot
>portion something apart, i.e. not included in the code that is
>commonly referred to as firmware???
Thinking logically, if the binary file is exactly 524288 bytes, it would
be a good indicator that the boot block is included in the image file.
--
Peeve: That line women draw around their lips. It's your
fricken' mouth, lady. If I ever forget where it is, I'll just
listen for the noise source.
-Steve Daniels-
ro...@mauve.demon.co.uk
> <ter...@mfi.net> wrote:
>
>> You need someone to pull a working flash memory chip and clone it for
>>you. The chip you have should still be good, but you have corrupted the
> Turns out I do have access to a programmer! One thing I need to
> understand: Does the "firmware" as posted on the suppliers website
> contain the complete contents of the chip? So if I pull that code from
> the FTP site, and take it with me to the programmer, flash it, I'm
> done??
>
> Or is the firmware just the application software, and is the boot
> portion something apart, i.e. not included in the code that is
> commonly referred to as firmware???
>
> In the last case, I indeed need access to an identical one, to clone
> it. That might be the most complicated part. Or is it possible that
> someone pulls that entire code from a chip, and posts it somewere?
It can be complex.
For example, the "boot ROM" bit may take an encoded file, decode and check
it's valid, and then program it.
The firmware is everthing that's programmed into the chip, it usually has
two parts, one with the application software, and another with a program
just smart enough to download the application software from the network.
There may be a third part, that allows the updating of the 'boot ROM'.
So, the website download may contain everything from a complete binary image,
which the program on the PC downloads bits of to the router, to an encrypted
file that just gets sent raw to the router.
In most cases, you'll probably not find a directly suitable binary file
in a website download, it'll need at least some processing.
--
http://inquisitor.i.am/ | mailto:inqui...@i.am | Ian Stirling.
---------------------------+-------------------------+--------------------------
He who lives in a glass house should not invite he who is without sin.
Joakim
Probably not, because the router needs its firmware to be able to
upgrade itself. It is really irritating. My D-Link router got toasted
that way too, when upgrading firmware. Maybe it is possible to program
it in an flash programmer, but then you would need the image which may
not be possible to get easily. Why can't they just use a
(non-changeable) bootstrap program so you can reprogram even if it
stops working. The same with PC's... But the price will be higher, and
if you mess up the upgrade the warranty usually won't cover it, so
they have almost nothing to win. Maybe someone already does this (but
then i have missed it).
Andre
>
> I have a Linksys BEFSR41 Internet router, which is toasted after
> firmware problems.
(snip)
> Would replacing this FLASH PROM with a blank one, and reflashing the
> firmware be the way to have a functioning router again?
This may work . However you will need to obtain a known good image and
use an external programmer . Reason being that without code in the
FLASH the router will not boot up so flashing is not possible .
(IIRC)
THis is not a major hassle, just find someone with a compatible FLASH
programmer .
>
> Nelle
nelfrikandel
<john...@hotmail.com> wrote:
>on Thu, 21 Nov 2002 15:19:42 GMT nelfri...@hotmail.com (nelfrikandel)
>in Message id: <3ddcf7da.2588421@news>:
>
>>Or is the firmware just the application software, and is the boot
>>portion something apart, i.e. not included in the code that is
>>commonly referred to as firmware???
>
>Thinking logically, if the binary file is exactly 524288 bytes, it would
>be a good indicator that the boot block is included in the image file.
I've downloaded al available firmware revisions from the FTP site.
Unpackeed, all include a code.bin file which are mostly between 300
and 375Kb in size. However firmware 1117 (the oldest available on the
site) is 603.194 bytes, that one is the only one which is not a *.bin,
but has the extension *.IMG.
Could it be that one is a complete one, including the boot part?
nelfrikandel
wrote:
>
>It can be complex.
>For example, the "boot ROM" bit may take an encoded file, decode and check
>it's valid, and then program it.
>The firmware is everthing that's programmed into the chip, it usually has
>two parts, one with the application software, and another with a program
>just smart enough to download the application software from the network.
>There may be a third part, that allows the updating of the 'boot ROM'.
>So, the website download may contain everything from a complete binary image,
>which the program on the PC downloads bits of to the router, to an encrypted
>file that just gets sent raw to the router.
>In most cases, you'll probably not find a directly suitable binary file
>in a website download, it'll need at least some processing.
>
to do would be getting an identical router, extract the EPROM and
clone it's contents onto a new one. Only hard part would be to get
somebody with a identical router.
Is it at all possible to read the complete code from a good one, save
it into a file store it on a floppy, or even email it?
Well, I've come from ready to give up and throw the router away, to
this far. I think however now thereá a way to recover it. Thanks!
nelfrikandel
<je...@comix.santa-cruz.ca.us> wrote:
>So, what are the symptoms? Toast is rather vague.
>
>I had a flash upgrade on a BEFSR41 go nuts on me once. After much
>tinkering, I figured I had killed it. However, Linksys support had a
>trick up it's sleeve. Hold the reset button down for well over 60
>seconds after power on. Nothing thrilling will happen on the front
>panel lights. Apparently, there are 3 levels of reset in the unit.
>1 second just reboots the router. 10 seconds resets the user
>accessible parameters back to default. 60 seconds resets everything.
>
I described the complete story in an earlier posting in this
newsgroup. I will quote my original post below, for your information
Here ´s the complete story:
First of all the router worked flawlessly since I purchased it in
december 2000. Recently I flashed it to 1.43, than it worked fine for
a couple of days. Yesterday it went bizirk.
* Yesterday, connecting to MOHAA game server, the connection dropped
* Checked the router, password had been reset to default (admin)
however it used to have a personal password
* Both the `router name` en `domain name` fields were blank
* Reenterred the correct entry in these fields, pressed apply
Setup screen came back with fields empty again!
second time browser came with `DNS error, page not found`
* Also resetting password was not accepted, stays `admin`
* LAN side (DHCP, IP peer to peer access) still worked fine
* I tried reflashing firmware 1.43 Flash failed at 16%
* retried this for some times, everytime fail. Also older FW failed.
* Then HTTP interface was not accessible anymore
* DIAG light blinked, still ping response, but no DHCP function
* client PC´s could still connect to each other using fix IP adresses
Then I tried a procedure as described in this NG, Linksys
knowledgebase and some FAQ´s, resetting one client PC´s nic to 10MB/s
half duplex, ping the device, and try a new flash. Pinged OK, But both
the new (1.43 included) flash tool as the older (tftp.exe) reported
unable to write to flash, Red Diag keeps blinking.
As a last resort I tried the long reset (60+ seconds) as suggested in
newsgroup, now the LINK and DIAG light are on, no Ping response, and
flash tool gives `unable to get response from server`
The LAN ports keep working properly, and on static IP peer to peer
networking is possible, but any further access to the device is
denied.
nelfrikandel
>This may work . However you will need to obtain a known good image and
>use an external programmer . Reason being that without code in the
>FLASH the router will not boot up so flashing is not possible .
>(IIRC)
>
>THis is not a major hassle, just find someone with a compatible FLASH
>programmer .
>
I got hold of someone with a flash programmer. Now all I need is a
known good image!
Jeff Liebermann
(nelfrikandel) wrote:
>First of all the router worked flawlessly since I purchased it in
>december 2000. Recently I flashed it to 1.43, than it worked fine for
>a couple of days. Yesterday it went bizirk.
(...)
>As a last resort I tried the long reset (60+ seconds) as suggested in
>newsgroup, now the LINK and DIAG light are on, no Ping response, and
>flash tool gives `unable to get response from server`
So much for following my great advice. No warranty expressed or
implied.
>The LAN ports keep working properly, and on static IP peer to peer
>networking is possible, but any further access to the device is
>denied.
This sounds like some kind of progressive deterioration in some
component. My guess(tm) is that the clock oscillator is dying. I
returned one BEFSR41 that had this problem. The 4 port switch section
worked just fine with a dead clock, but the router section was dead.
The clue is that the original upgrade succeeded but something failed
days later. Trying to reflash and having it die at 16% probably
trashed the flash. However, I suspect something else is amis. Did
you do the usual general tests such as power supply voltage and clock
function?
Good luck.
ro...@mauve.demon.co.uk
> wrote:
>>
>>It can be complex.
>>For example, the "boot ROM" bit may take an encoded file, decode and check
>>it's valid, and then program it.
> Guess you're right. I have access to a flash porgrammer, so the thing
> to do would be getting an identical router, extract the EPROM and
> clone it's contents onto a new one. Only hard part would be to get
> somebody with a identical router.
>
> Is it at all possible to read the complete code from a good one, save
> it into a file store it on a floppy, or even email it?
Yes, trivial, if you can find a working one, with a programmer, and someone
willing to open it.
> Well, I've come from ready to give up and throw the router away, to
> this far. I think however now there? a way to recover it. Thanks!
--
http://inquisitor.i.am/ | mailto:inqui...@i.am | Ian Stirling.
---------------------------+-------------------------+--------------------------
Paranoia: A game for the whole family, and anyone else who might be watching.
markjen
sounds like a hardware problem to me and aren't these things something like
$35 after rebate?
- Mark
nelfrikandel
wrote:
They cost €95.- to €105.- (EURO) out here, so around 100US$
No rebates. I know they're selling at $65.-at amazon.com, but they
charge $38 for shipping abroad. Still a cool 100!
So from my point of view, I now have a rather expensive 10/100 switch
(cuz this part keeps working fine, even if I completerly blow the
router part, these functions are completely separated) or I can at
least give it a try. A replacement EEPROM costs about $6, I have
friends that know how top program, and have acces to a EPROM
Programmer.
nelfrikandel
wrote:
>Yes, trivial, if you can find a working one, with a programmer, and someone
>willing to open it.
>
Well, I 'm trying to get the linksys people to send me the file, but
no luck so far!
nelfrikandel
<je...@comix.santa-cruz.ca.us> wrote:
>
>So much for following my great advice. No warranty expressed or
>implied.
No sweat, this was before you told me. The suggestion came from a
linksys forum on broadband.com
(http://www.dslreports.com/forum/equip,16)
>This sounds like some kind of progressive deterioration in some
>component. My guess(tm) is that the clock oscillator is dying. I
>returned one BEFSR41 that had this problem. The 4 port switch section
>worked just fine with a dead clock, but the router section was dead.
It makes sense that the switch section keeps working. I took the case
apart, and it turns out that the router part and the switch are two
different PCBs, mounted on top of each other, connected with a 34 pins
connector. The switch part has the main power supply, and will keep
functioning even if you leave the router part away and power it up.
>The clue is that the original upgrade succeeded but something failed
>days later. Trying to reflash and having it die at 16% probably
>trashed the flash. However, I suspect something else is amis. Did
>you do the usual general tests such as power supply voltage and clock
>function?
Nope, don't have the equipment to test these thingies myself.
So you suggest the trashed flash is not the cause of my problems, but
a consequence of another part amis...
How can I recognise a clock oscilator? I have electronically skilled
(R&D) collegues, who could sold and replace a part like that.
John Kimball
in Message id: <3ddd57fc.4173375@news>:
>On Thu, 21 Nov 2002 12:30:24 -0500, John Kimball
><john...@hotmail.com> wrote:
[...]
>>Thinking logically, if the binary file is exactly 524288 bytes, it would
>>be a good indicator that the boot block is included in the image file.
>
>I've downloaded al available firmware revisions from the FTP site.
>Unpackeed, all include a code.bin file which are mostly between 300
>and 375Kb in size. However firmware 1117 (the oldest available on the
>site) is 603.194 bytes, that one is the only one which is not a *.bin,
>but has the extension *.IMG.
>
>Could it be that one is a complete one, including the boot part?
It would appear that none of the files you posess is the exact hex file
that you need. Perhaps if you plead for the rom image file from their
support staff?
nelfrikandel
<john...@hotmail.com> wrote:
>
>It would appear that none of the files you posess is the exact hex file
>that you need. Perhaps if you plead for the rom image file from their
>support staff?
>
´possible legal consequences´
Seems they're keener on having me purchase a replacing unit.
(Quod non!!!) :+(
William R. Walsh
> (R&D) collegues, who could sold and replace a part like that.
It's most likely going to be a silver-colored can, quite possibly with a
frequency printed on it.
William
Andre
No, just the boot block .
It may be easier to get hold of than the full image . It may even be
identical on many similar routers .
-Andre
David Rouse
utilities, such as ones for PC bios have a switch to make a
backup copy of the bios before reprogramming. I just happen
to use the same router myself. I downloaded the firmware
update just last night and was going to flash it today. I'm
a little nervous about it now. but I'll probally go ahead
anyways. In the past I've found that if you open up the
flash utility(some of them anyways) with a hex editor you
can find the command line switchs as text strings.
Hopefully, a backup will include the boot block. I'll
investigate and if I have any luck, I'll get back to you.
Best of luck
Dave
David Rouse
server. It turns out that the zip file for ver. 1.2.06 has a
binary file that is One meg in size. Inside of it there is a
text string that names it something like tl000.hex. Worth
looking at least.
Dave
J-Dog
> Hi,
>
> I have a Linksys BEFSR41 Internet router, which is toasted after
> firmware problems.
>
> my Linksys is toast, I have no warranty, so the device is garbage or
> an expensive 4 port switch at best.
>
> Since I don't like to give up, I opened the router. Turns out to be a
> well accessible device, existing of 2 PCB's, the lower one being the 4
> port switch, and the upper one has all the WAN functionality. They're
> interconnected with a 34 pin (FDD like) connector and can be taken
> apart by removing a single screw.
>
> I found there's an FLASH ROM on the Upper PCB, which can easily be
> removed and replaced. The upper PCB being the WAN side of the device,
> I take it this might be the ROM containing the firmware (it's the only
> flashable device).
>
> After scratching off the sticker covering it, I could identify it as a
> MEGAWIN MM29F040P-90, which is a pretty common 4 Megabit (512k x
> 8-bit) CMOS 5-volt flash memory chip, also used in DVD and MP3
> players.
>
> firmware be the way to have a functioning router again?
>
You might have an eaiser time simply going to best buy, purchasing
another one, then swap the two out and just return it.
markjen
> another one, then swap the two out and just return it.
And you see nothing wrong with this approach?
- Mark
nelfrikandel
>nelfri...@hotmail.com (nelfrikandel) wrote in message news:<3ddcbf7f.10332218@news>...
>> Hi,
<snip>
>You might have an eaiser time simply going to best buy, purchasing
>another one, then swap the two out and just return it.
Disregarding the ethical questions, I'm not sure it will work.
First of all, they cost over $100 out here. So that's quite a risk,
Second, there's a warranty-seal that breaks when opening the case, and
you need to open it to access the PROM. Third, mine is a V1, and the
currently selling are V2, and I don't know if they're at all similar
inside... Next, I peeled the label of the EEPROM to determine what it
was. When they will open it at repair, tampering will be immediately
clear. Last, extracting an EPROM is not without risk of damaging,
especially if you don't have the right tool, so I risk to whaste
another $100.
Anyway, the device is over 2 years old now, warranty is out of the
question even more so because I bought it online at Amazon straigth
from the States before there was even a distributor here. The local
distri will recognize it is an USA one, because of the power supply.