Resurrecting a Bricked Netgear R6300v1
Sweating bullets yet? Did you just flush a chunk of change down the toilet because of a lame mistake? That’s certainly the question I was asking myself when I flashed my router with the wrong firmware.. sigh. I can offer some words of comfort though, there’s a good chance you will recover it if you follow along.
First things first, put the question of “Did I really brick my router?” to rest. There’s an amazing DD-WRT thread called the peacock thread (named simply for ease of searching) that should be considered required reading. If you try all the things and you still land back here, then you’re safe to read on. Since I’ve done the research and suffered, there’s no reason you should have to. So I put together an up-to-date guide on recovering a bricked Netgear R6300v1. Many thanks to the useful information on openrouter.com by @predmer for a similar router, which inspired this post.
Here’s the checklist with reference links:
- OS X
- Homebrew and Xcode command line tools
- A TFTP client
- The original Netgear R6300v1 firmware
- Torx and Slot precision screwdrivers
- Torx T7 screwdriver (T6 will do)
- TTL-232R-3V3 USB to Serial cable
- Ethernet cable
- Electrical tape
- Anti-static wrist strap (optional)
It’d be a good idea to get the software setup before we start taking things apart. Install homebrew and Xcode command line tools if you haven’t already, then install minicom with brew:
$ brew install minicom, this is the serial port terminal program that connects to the flash chip of the router.
The drivers for the USB to Serial cable are already installed in later versions of OS X, so there should be no need, but they’re here if you need them. Verify the cable is recognised by connecting the USB to Serial cable to your mac only, and type
$ ls /dev/tty.* in terminal. If you see something to the effect of
/dev/tty.usbserial-XXXXXXXX in the list then take note of it, we’ll need it for later.
Download the original firmware from Netgear’s site, and open the TFTP client mentioned in the checklist. Set the IP to 188.8.131.52 and browse to the firmware location. The password can be filled out with
password, the default router password. Set this window aside for now, you’ll need it when it comes time to flash the router.
192.168.1.48(can be any number higher than 1), subnet mask
255.255.255.0, the router/gateway setting can be left blank or be set to
Now prep the USB to Serial cable. Unplug it from the mac and use a precision torx to pry the small clips off of the black, orange and yellow leads then pull them out of the casing. To avoid causing a short, wrap small bits of electrical tape around each lead, leaving the holes accessible.
Unplug all cables from the router and unscrew the two screws securing the bottom stand. Once that is removed, it will reveal two more screws to extract. Now, use a slot precision screwdriver to pry open the case, start from the top of the router and slide it down each side. It should take very little force to pop it open.
Once the back side of the router is off, you will notice the board is facing the wrong direction with 3 screws holding it in place. It would be a good idea at this point to ground yourself with an antistatic wrist strap or at least touching a grounded bit of metal before touching the board. Remove the 3 screws with the Torx T7 screwdriver and carefully flip the board over, resting it on a hard surface, taking care not to detach any wires.
Attach the black, yellow and orange leads to the pinout as shown.
Assure the power switch is in OFF position, connect the power adapter, and ethernet (not in the yellow Internet port). Open a new terminal window and setup minicom:
$ minicom -s. In minicom setup, open Serial Port Setup, then set Serial Device to the value you grabbed earlier:
/dev/tty.usbserial-XXXXXXXX, also set Hardware Flow Control to No, then exit.
It’s important now to TURN OFF YOUR WIFI, if you don’t, you’re liable to have connection issues when you attempt to flash this router, or worse.
Once you’ve exited out, you’ll be thrown into minicom. Once there, you should power up the router manually using the power button. As soon as you see information being presented in minicom press CTRL-C, if it’s pressed in time you’ll be thrown into a
CFE> prompt. The timing of this is key, if you do not get to the CFE prompt immediately, reboot the router and try again (and again). Once there, fire up the TFTP server by typing:
If it’s successful, you’ll probably see a flashing green light on the router. This is the time to attempt to flash the router with your TFTP client and the original firmware. The following screenshot shows a successful TFTP connection, I also have a separate terminal window running a constant ping just to affirm when the router was ready for firmware, which isn’t really necessary.
If the TFTP client fails to connect, there are a couple things you can do. Try rebooting the router and getting back to the CFE prompt, type
CFE> nvram erase, reboot and attempt running
CFE> tftpd again. If that doesn’t work, try
CFE> flash -noheader : flash1.trx and TFTP in immediately before it times out. Patience is the key here, your glimmer of hope will be a flashing green light; it can be frustrating but if you’ve made it to the CFE prompt there’s a very good chance you’ll get it.
Fortunately for me, I was able to start the TFTP server after the second or third try, once the firmware transfer was complete I rebooted and hit the router’s admin interface in a browser. It felt good.
Best of luck!