Hello,

damn, I bricked a WRT54g. I flashed the original Linksys-firmware with WR RC3 once, which worked (not through tftp though, but through the webfrontend, although I switched boot_waid=on through ping-bug). I flashed a second time, because I forgot to compile start-stop-daemon into busybox.

The 2nd flash didn't work through tftp either, so I did it with the proposed "mtd -e linux -r write openwrt-xxx-xxx.trx linux" (before that I ran "dd if=openwrt-wrt54g-squashfs.bin of=firmware.trx bs=32 skip=1" to get a working image.

The device flashed, rebooted and is now in a bricked state, where only the power-led keeps blinking. No DMZ- or wifi-led, so failsafe-mode is not an option. The device is not pingable, although about 70 % of the packets get lost.

What might be the problem? Is there any hope? And especially: why could that happen? I flashed a lot of Asus- and older WRT54g-routers, but never a v 3.1. Is there any special behaviour on these devices?

Thanks a lot in advance for any help,
--Sinus

Ok, I managed to flash with tftp during boot_wait. Before that I used atftp, which didn't work.

The device booted now, but still wasn't accessible. So I flashed the Linksys-Original again and did a great mistake: I reseted to factory defaults hoping to get the device in blank state and flashed White Russian RC3-jffs (this time the precompiled one from the website, which is about 100 k larger than my self-compiled). But I forgot to set boot_wait again.

This shouldn't have been a problem if the new image would have worked, but it still is not accessible. The leds show up they should and I can also activate failsafe-mode by pressing reset during DMZ-led, so that DMZ blinks.

So I have two questions:
1. Is there a little hope to rescue the device without using JTAG and loosing warranty?
2. Since I think there is no hope I would like to understand why failsafe doesn't work. Can anybody clarify this? This would be very helpful for next time.

Thanks a lot,
--Sinus

Resetting to defaults after flashing back to linksys should not have been a problem. I normally do this if I have to resort to flashing back to linksys or dd-wrt as part of recovery - in fact this is the reason I go back to other firmware (to press reset for 15 seconds and set to factory defaults).

Open the case and short the flash 15/16 to antenna ground.

Failsafe seems to have a problem, at least with v3.1 hw. See my other post. As to why your initial flash of WR doesn't seem to work I don't have a clue. I've flashed at least a dozen v3.1 linksys's and never had a problem on initial flash other than once having to manually run firstboot. But bear in mind that the initial flash will take a while because of firstboot.

- DL

(Last edited by dl on 27 Oct 2005, 22:56)

Thanks for that idea, but "opening the case" implicates loosing warranty, I think. Anyway I'm already considering this, 'cause the devices aren't really expensive.

But still I have questions regarding this:

1. Does this procedures (short 15/16 to antenna) work with all WRT54g v3.1?
2. I searched openwrt.org and also the web for a detailed instruction, but I seem too dumb. Can you tell me a link where it's described in deep?
3. What exactly does it do? I mean since the files on the jffs-partition are broken now. How does the device boot afterwards/what is the difference to the previous boot without shorting those pins?

I hope you can answer the questions, that would clarify a lot.

Thanks a lot,
--Sinus

I'm not really concerned about warranty, but I've found that the little sticker bridging the case parts usually remains intact even after opening and reassembling, so there should be little sign of having opened.

I've done it on several with no problems.

Check the wiki including the link to Void Main's page with photos and detailed instructions. The only modification I'd recommend is to use a piece of hook-up wire rather than a screwdriver or knife blade as this is less likely to do damage to the solder. Also I've found shorting to the antenna ground block to be much more reliable than simply shorting between pins.

- DL

Thank you a lot. I opened the case (the warranty sign is destroyed now), shorted the pins and could flash again.

Now the next problem comes up: I can flash jffs-images, but squashfs-images fail to boot. They seem to boot correctly regarding the led-states, but I'm not able to access the device.

I erased OpenWrt- and Linux-"partitions", but still squashfs fails. This might be due to the smaller size of the image, but still I have no clue how to tell squashfs-partitions not to access the broken parts. I can activate failsafe-mode and it starts, but the device remains unaccessable.

What can I do here, since I want to use the squashfs-version?

Regarding worrying about voiding the warranty. Wouldn't installing a firmware other than the official Linksys firmware void the warranty? In fact just running the ping hack to enable boot_wait might be enough to void the warranty. I haven't actually read the warranty but I can't imagine that the actions already taken didn't void it. There just isn't any outside physical evidence of it. Maybe I'm too honest but I wouldn't send it in if I bricked it installing a 3rd party firmware. Luckily I've only bricked one of mine one time and luckily there was someone on these forums that explained how to unbrick it by shorting the pins (which was the basis of my unbricking page). Now I have 3 of these stupid little things and a few more at work doing various things they were never designed to do.

Regarding your squashfs not working. Could it be a corrupt image? That's all I've ever used. I have uploaded them and not have them properly boot after installing but I was able to boot failsafe mode, log in and run "firstboot" and everything was fine after that.