OpenWrt Forum Archive

Topic: Revert back to factory firmware on WZR-HP-G300NH

The content of this topic has been archived on 12 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

*See guide to recovery below, figured it out on my own*


Close to a year ago I installed OpenWRT Backfire (10.03, r20728) on my WZR-HP-G300NH.  I created some custom packages for use with a monitoring project I was working on and haven't touched it since.

The problem is I've kind of forgotten how to do most of this stuff and can not figure out out to put the factory firmware back on it. 

Few notes:

The web interface is broken but I have telnet access to the device.

I have the latest stock firmware ready to go: wzrhpg300nh-176 (not trx or bin, no file extension on it.  Weighs in at 20.6MB.

I can't set boot wait as it seems this doesn't support the nvram command anymore so I can't TFTP the image, not that it would do me any good apparently as you can't flash images larger than 3mb in this fashion?

I think I can figure out how to SCP it to the router as I was doing this back when I was making ipkg's.

I've read several different ways to issue a command to flash the firmware, I'm not sure which one I should use.  Also I read some people tried using the mtd command to flash back to factory only to get a permission denied errors?  Also I noticed some people having to trim the header off .bin files, do I need to do anything special as there is no file extension with the stock firmware?

Please, anyone, I just want to use this router again.  If I can get the stock firmware on it I will be out of your hair for good, I swear.

(Last edited by fusioncases on 9 Sep 2011, 18:28)

Ok so it appears I posted this question a while back and I didn't realize I got a response until now:

I tried what LinkZ suggested, now all I get is a blinking red Diag light.  I can't ping the factory IP or what I had it set to  I tried power cycling it and holding down the reset button but to no avail.  Is it dead for good or is there another way for me to get firmware onto it?

After further reading I learned about 'uboot' and the ability to add a serial port to the router.  I purchased the correct cable (TTL-232R-3V3-AJ) and audio jack to go along with it.  I also opened the router in preparation for the cable.  I'm good at soldering so no worries there.

Am I on the right track?  Is there hope to upload in uboot mode?  If not I think it will be handy to have the cable around for future adventures so no loss there.  Any pointers on what commands to issue to do the firmware flash?

The good news is I can TFTP images to it but none of the firmware images work.  I used all of the available firmware images from Buffalo and DD-WRT.  Even after doing 30/30/30 resets.

The interesting thing is that if I flash it to the webflash firmware per BS's suggestion the Wireless light comes on but the diag light still blinks.  If I flash it with the buffalo firmware the router light comes on and the diag light blinks.  I've tried pinging it and logging into the web interface on several different IPs.

Any suggestions?

I hadn't tried that firmware yet.  I just tried flashing it with the one in your post and now the wireless light stays on and the diag light is gone but the router is still out to lunch.  Is there something that these firmwares aren't overwriting?  Is there a firmware out there that will overwrite everything?

Anyone have any ideas?  I don't understand why all of these successful flashes aren't bringing the router back to life.  To me it seems like there is more going on here.  Or something I am not doing right or am missing.  I've also tried the 30/30/30 reset before and after every flash, though the reset doesn't seem to actually do anything, the router doesn't give any indication that a reset has taken place.

Once the parts for the serial cable come in it seems as though this isn't going to fix the problem either, correct?  I mean if I can already upload a firmware to it what good will uploading the same firmware via serial help me, right?

So since the firmware portion is all well and good, what is left to do to recover this router?

After hours and hours of messing with this I was able to get the openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin firmware onto the unit (same firmware that I had "upgraded" to from the original) and I can successfully get into the web interface.

Please, if anyone knows how to get the stock firmware back on it from this point let me know.  I've already tried using the web interface to flash it to several different firmwares (DD-WRT, stock) without any luck, it doesn't think they are valid.  From the on I've tried to TFTP firmware to it but that bricks it.  It seems like large firmwares over TFTP make the router unhappy.  I'm hesitant to try the mtd method again as that is what sent me down 10 hours of troubleshooting to get back to this point.

Certainly there must be someone on these forums who knows the proper way to flash back to factory default firmware.

I've also noticed during all of this that the process is very inconsistent.  If I brick the router trying a firmware I sometimes have to reflash to the openwrt firmware many times.  That doesn't always work though, sometimes I need to forgo the 30/30/30 reset.  I once simply held the reset in with the power disconnected and then released the reset before powering it back on and that seemed to fix it... Kind of odd. 

The weirdest thing out of all this though is that even after a unsuccessful flash and then several reflashes to openwrt it somehow remembered my root password.  How is that even possible?  It goes from being bricked to being fixed with a fresh firmware and it somehow already knows my old password?  Clearly I am missing something here that no one is telling me about.

Buffalo has their 'user friendly' firmware and the Professional DD-WRT firmware versions on their website available for download, I have used both without any issues using a Ubuntu TFTP process to flash them, the newer Buffalo's are a little tricky with TFTP. My question is why do you want to do that, I have had nothing but trouble with both of those versions and have switched to OpenWRT Backfire 10.03.1-RC5 which has been working for almost a week without ANY issues.

First I want to make it very clear I appreciate your attempt at helping fyi, it's amazing that as long as this thread has been going you were the only person who even tried to help.  It is unfortunate that people who "get it" are off doing their own thing and helping with development while everyone else is left to fend for themselves.

I was able to finally figure it out while tinkering on my own; hopefully some poor soul who ends up in a similar situation will find this useful.  Some of the below instructions are strewn through many posts in many different threads on different forums and as usual a healthy dose of human error thrown in with improper syntaxes and non-existent commands.  Hopefully I am able to clean up some of the errors and put everything in one place.  I was half tempted to be on my merry way after fixing it never to tread these waters again but I figured that is exactly the kind of attitude I hate.  Instead, I will share the exact and complete steps I pieced together.

First you need to get openwrt functional if it isn't already.  I was able to do this following fyi's suggestions for tftp along with additional research.

How to set up a TFTP environment in Windows Vista/7:

1) Set up the proper physical environment.  To do this, configure your network as such: Router LAN port 1 to> Switch port 1.  Laptop/Desktop LAN port to> Switch port 2.  Why a switch?  With some network cards they go to sleep/take a while to find which way is up when their interface is disconnected and reconnected.  The switch keeps a foot in the door so to speak while you are restarting things.

2) Set up your network on the Laptop/Desktop.  The boot environment uses an IP of on the router, regardless of what you have it set to in OpenWRT.  Set the NIC card on the Laptop/Desktop to for the IP, for the Subnet Mask and for the Gateway.

3) Set a static arp entry.  The arp command wouldn't work for me to set a static entry, apparently it's a bug in windows that will happen occasionally.  Instead, I needed to use netsh.  Open a command prompt as an administrator (right click on command prompt and select run as administrator).  After a command prompt is open, type the following command: netsh -c "interface ipv4" .  Use the quotes and hit enter after typing this.  It will bring you to a "netsh interface ipv4>" command prompt.  Once here type the following: set neighbors "Local Area Connection" 02-aa-bb-cc-dd-1a .  "Local Area Connection" is the name of the NIC card you configured for the address earlier.  Use the quotes.  The name can be found in network connections in the control panel, this is the only part of the command that might differ for you, though it shouldn't if you only have one NIC in your system.  Hit enter after typing this command.  Verify the arp entry by typing arp -a, you should see a static entry for with a MAC of 02-aa-bb-cc-dd-1a.  If you screwed up the command delete it using: arp –d or if you screwed up the IP address type the incorrect IP address there instead.  This in essence gives you a free pass through the door you cracked open earlier.  You don’t need to ask for directions to do anything so to speak, you have a map to the destination.

4) Install TFTP client.  Go into control panel, program and features, click on turn windows features on or off.  Scroll down until you see TFTP client, check this box and hit OK.  After it finishes installing reboot your Laptop/Desktop.

So now that you have a environment conducive to flashing, the real “fun” begins.

Grab the openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin firmware:

Open command prompt and change directory to the download location.  In my case “cd c:\users\username\desktop” without the quotes.  Type: tftp -i PUT openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin .  Don’t hit enter yet though.  Unplug the power from your router and plug it back in again, immediately hit the enter key on your desktop/laptop.  Apparently, during boot up the router waits for a short period to see if it should accept a new firmware package, this is your window of opportunity to upload the openwrt firmware.  It should only take about a second to finish the upload, DO NOT touch your router, walk away from it for 15 minutes.  Do not believe any of the lights on the router.  They are lying to you, they are begging for you to brick the router.  When you come back you MIGHT be in good shape, change your IP to (no need to delete the arp entry yet) and try to telnet into it.  If you can, change the password using the passwd command, exit the telnet session and restart the router.  You should be able to get to the web interface (  If you can’t do any of this try holding down the reset button for 30 seconds, then unplug the power, release the button and hold again for another 30, plug the power in, release the button and hold for another 30.  If all else fails try this entire step again and wait 15 more minutes.  I had to do it twice for some reason as the device would respond to ping but would not respond to telnet or http requests.

That’s it, you should be in good shape with openwrt.  The next step is to get something far more user friendly loaded onto the device.

Download the wzr-hp-g300nh-dd-wrt-webupgrade-MULTI.bin from and place it on your desktop.  Also download the windows version of “DD” from and place it on your desktop.  Heck, while you are in the downloading mood go ahead and grab the original firmware for the Buffalo, don’t bother with Buffalo’s site for this one though because you won’t find it.  Register and log in to the dd-wrt forums and download it from this link:  Might as well grab the latest firmware from Buffalo, as of this post it was wzrhpg300nh-176.

Got everything?  Good, this is the home stretch to a functional router.

Open a command prompt and change directory to your desktop were all the goodies are.  Type the following: dd bs=28 skip=1 if= wzr-hp-g300nh-dd-wrt-webupgrade-MULTI.bin of=firmware.bin .  This is stripping the encrypted header off the firmware and outputting the file as firmware.bin, if you don’t do this the flash will not succeed.

Now to flash the router to our hacked up firmware.bin.  Follow the same steps as before when flashing the squashfs firmware above but use the command: tftp -i PUT firmware.bin.  Yes, you really do need to walk away from the router for an extended period of time, yes, those lights are still lying to you.

Once done you now have dd-wrt up and running.  I wouldn’t call it entirely functional though, it wasn’t stable enough to leave as the production firmware (it locks up just trying to save certain settings) and would go out to lunch if left running for a few hours.  But that’s ok because it serves as a stepping stone to a reliable and useable firmware.

At this point you can actually use the web interface to upgrade to the wzrg300nh_original.bin you downloaded from the dd-wrt forums, it will take quite a bit of time to complete this flash.  Once this is done you can upgrade to the latest official release from Buffalo.

That’s it!  You’re done!  After all this I can say without a doubt the original firmware is the most “reliable” and rather feature packed.  DD-WRT is buggy and doesn’t really offer anything over the stock firmware.  I would have never been able to do dev work without OpenWRT though, great firmware, terrible support for this router.  I did what I needed to do on it though and learned a lot of useful information along the way so it was a positive experience, downright maddening but still positive.

(Last edited by fusioncases on 23 Aug 2011, 06:52)

Interesting guide but I figured it out on my own back in July so unfortunately that wouldn't have helped.  Also, after reading your guide I see some omissions and errors that would have prevented it from working anyways.  For example, the MAC address instructions you provide didn't work for me, you have to use 02-aa-bb-cc-dd-1a for whatever reason, at least that's the way it was for me and many others. 

The biggest issue with the guide is that it simply wouldn't have worked in my situation, you can't flash from openwrt to anything but the hacked up dd-wrt firmware, or another openwrt fimrware of course.  I tried every firmware available from DD-WRT and Buffalo.  Heck, if it was as simple as your guide I would have been done long ago.  I'm not the only one either, there's a reason I was able to put all the pieces together to get a working router, people were in the same exact boat as me, any other firmware bricked the router regardless of flash or reset procedure.  Also, 6 minutes wasn't even close to long enough between firmware flashes for me, kinda strange you could get away with that, other people described much longer wait times too.

Because I had written this guide I decided to go through it again using your instructions since I knew I would be able to recover the router.  Your method results in a bricked router.  My method results in a functional router running the stock firmware.  Strange indeed, I wonder why yours is any different, I can only surmise that your environment is different in some crucial way or your guide is simply wrong/incomplete given the situation.

(Last edited by fusioncases on 9 Sep 2011, 18:29)

Hi, i also am having problem with my router,

I was using OpenWRT 10.3 RC3, but i want to go back to stock firmware (1.74) as I cannot config the router to run at 300 Mbs.
But something went wrong, perhaps i flashed the wrong firmware ... now the router's sitting there blinking red diag led twice every 2 seconds.
I tried to TFTP every firmware possible, OpenWRT, DD-WRT, stock ..., the command prompt shows TFTP transfer successful every time, but no firmware seems to stick on it. The red diag led still blinking.

can you help fusioncases? I read that you have to flash several times to make it work, but im really clueless now ...

Thanks in advance,

Duy Hung

The discussion might have continued from here.