Resurrecting a Bricked Netgear R6300v1

Sweating bullets yet? Did you just flush a chunk of change down the toilet because of a lame mistake? That’s certainly the question I was asking myself when I flashed my router with the wrong firmware.. sigh. I can offer some words of comfort though, there’s a good chance you will recover it if you follow along.

First things first, put the question of “Did I really brick my router?” to rest. There’s an amazing DD-WRT thread called the peacock thread (named simply for ease of searching) that should be considered required reading. If you try all the things and you still land back here, then you’re safe to read on. Since I’ve done the research and suffered, there’s no reason you should have to. So I put together an up-to-date guide on recovering a bricked Netgear R6300v1. Many thanks to the useful information on openrouter.com by @predmer for a similar router, which inspired this post.

Here’s the checklist with reference links:

It’d be a good idea to get the software setup before we start taking things apart. Install homebrew and Xcode command line tools if you haven’t already, then install minicom with brew: $ brew install minicom, this is the serial port terminal program that connects to the flash chip of the router.

brew minicom

The drivers for the USB to Serial cable are already installed in later versions of OS X, so there should be no need, but they’re here if you need them. Verify the cable is recognised by connecting the USB to Serial cable to your mac only, and type $ ls /dev/tty.* in terminal. If you see something to the effect of /dev/tty.usbserial-XXXXXXXX in the list then take note of it, we’ll need it for later.

Terminal tty search

Download the original firmware from Netgear’s site, and open the TFTP client mentioned in the checklist. Set the IP to 192.169.1.1 and browse to the firmware location. The password can be filled out with password, the default router password. Set this window aside for now, you’ll need it when it comes time to flash the router.

TFTP Server
In order to better the chances of communicating with the router, manually specify your IP to be on the same subnet. To do this, open Network from System Preferences select your Ethernet connection. Set the IP address to 192.168.1.48 (can be any number higher than 1), subnet mask 255.255.255.0, the router/gateway setting can be left blank or be set to 192.168.1.1.

Network Preferences
Now prep the USB to Serial cable. Unplug it from the mac and use a precision torx to pry the small clips off of the black, orange and yellow leads then pull them out of the casing. To avoid causing a short, wrap small bits of electrical tape around each lead, leaving the holes accessible.

TTL-232R-3V3TTL-232R-3V3

Unplug all cables from the router and unscrew the two screws securing the bottom stand. Once that is removed, it will reveal two more screws to extract. Now, use a slot precision screwdriver to pry open the case, start from the top of the router and slide it down each side. It should take very little force to pop it open.

Netgear R6300

Once the back side of the router is off, you will notice the board is facing the wrong direction with 3 screws holding it in place. It would be a good idea at this point to ground yourself with an antistatic wrist strap or at least touching a grounded bit of metal before touching the board. Remove the 3 screws with the Torx T7 screwdriver and carefully flip the board over, resting it on a hard surface, taking care not to detach any wires.

Netgear R6300

Attach the black, yellow and orange leads to the pinout as shown.

R6300 leads attached

Assure the power switch is in OFF position, connect the power adapter, and ethernet (not in the yellow Internet port). Open a new terminal window and setup minicom: $ minicom -s. In minicom setup, open Serial Port Setup, then set Serial Device to the value you grabbed earlier: /dev/tty.usbserial-XXXXXXXX, also set Hardware Flow Control to No, then exit.

terminal minicom

It’s important now to TURN OFF YOUR WIFI, if you don’t, you’re liable to have connection issues when you attempt to flash this router, or worse.

Once you’ve exited out, you’ll be thrown into minicom. Once there, you should power up the router manually using the power button. As soon as you see information being presented in minicom press CTRL-C, if it’s pressed in time you’ll be thrown into a CFE> prompt. The timing of this is key, if you do not get to the CFE prompt immediately, reboot the router and try again (and again). Once there, fire up the TFTP server by typing: $ tftpd

terminal cfe prompt

If it’s successful, you’ll probably see a flashing green light on the router. This is the time to attempt to flash the router with your TFTP client and the original firmware. The following screenshot shows a successful TFTP connection, I also have a separate terminal window running a constant ping just to affirm when the router was ready for firmware, which isn’t really necessary.

terminal tftp server

If the TFTP client fails to connect, there are a couple things you can do. Try rebooting the router and getting back to the CFE prompt, type CFE> nvram erase, reboot and attempt running CFE> tftpd again. If that doesn’t work, try CFE> flash -noheader : flash1.trx and TFTP in immediately before it times out. Patience is the key here, your glimmer of hope will be a flashing green light; it can be frustrating but if you’ve made it to the CFE prompt there’s a very good chance you’ll get it.

Fortunately for me, I was able to start the TFTP server after the second or third try, once the firmware transfer was complete I rebooted and hit the router’s admin interface in a browser. It felt good.

success

Best of luck!

Comments