Big thanks to Z3r0
Without him I would have been totally screwed, and if you're reading this,so would you.
So please give him lots of money (or a big thank you or something).
Hi there everyone!
I just spent probably the better part of a week trying to recover my DSL502T Gen II from a bad firmware upgrade.
If you're in the same position, or you're just looking to install openwrt on your modem, then read on.
Obviously I can't guarantee that this will work for you as well, so if you're router is still working just fine proceed with caution.
If it's already broken then you've got nothing to loose.
TL;DR If it's not broken don't fix it :p
I had no idea about openwrt, or routers or anything in this department until about a week ago, so hopefully this tutorial is easy enough to follow. If you're having any trouble, or the links are down please send me an email at
herbert (dot) todd (at) gmail.com
Anyway down to business.
What you will need:
The folder of software you'll need: Download Here
A PC running Windows XP, with a parallel port (the big pink one you plugged printers into in the 90's)
A screwdriver to get into the modem case
Basic computer skills
Basic soldering skills and equipment (soldering iron, solder, etc)
Electrical components:
1 x Male Parallel Port
5 x 100 ohm resistors
5 x Pin clip things (Have no idea what the term is. I scavenged mine from the frontpanel of a computer, but any will do.)
Wire
Here's an overview of what we're going to do:
First we're going to build a JTAG cable. Never heard of it? Neither had I. Long story short it lets you connect your computer directly to the processor of certain devices, like routers, gaming consoles etc.
Once we've done that we need to use this connection to wipe the router clean, and upload our new files. After that we're going to connect it up through the ethernet cable again and upload the rest of the files.
Once that's done its just a simple matter of setting up the new software.
Let's get started.
1. Making the JTAG cable
This is our end product (click pictures for full version)
The pins on the male parallel plug should be numbered.
You need to solder the resistors to pins 2, 3, 4, 13.
Also solder a short length of wire to pins 20 and 25 (as per the picture)
Now solder a length of wire with a jumper clip on the end to the resistors.
Also join the two short lengths of wire from pins 20 and 25 together, and attach one wire with a jumper clip onto that.
(Closer view of it, hopefully you get the idea)
It is VERY IMPORTANT that the wires are only about 15cm long (as in the pictures). If they are too much longer the cable WILL NOT WORK.
2. Solder Resistor to Router.
Open up your router and solder the final 100 ohm resistor from the pin labelled 1 to the pin labelled 8.
We will be using this set of pins in the bottom left hand corner, they should be labelled JP1
3. Attach the jumper clips to the correct pins.
Please follow this diagram:
It's going to take some fiddling around with to get to work, but trust me. The layout is right.
4. Load the driver.
Now we're going to use a piece of software called tjtag to flash the new software onto the modem.
But before we can use it we need to load a driver for it.
You have to repeat this process every time you restart your computer before you use the tjtag software.
Copy the tjtag folder from your resources file to your desktop or somewhere.
Now copy the giveio.sys file from that folder to C:/WINDOWS/System32/drivers.
Next open up the loaddrv.exe program in the tjtag folder.
A window should open up. Change the text that says c:/windows/system32/drivers so that it says c:/windows/system32/drivers/giveio.sys.
Now click the install button, and then the start button.
The driver is ready to go, so close the program now.
5. Check that the modem is correctly connected
Now we're ready to use tjtag.
Open command prompt (cmd) and change directory to the tjtag folder.
Now type in and run "tjtag -probeonly"
This command will check that the modem is correctly connected.
This is a successful probe. This is what you want to see.
If you see something more like this, something isn't working.
Chances are that your router isn't turned on, or the cable isn't hooked up right / built right.
Fiddle around with the cable a little. Sometimes just separating the wires a little and moving the modem as far away from the computer as the wires will allow helps.
6. Erase the router
As of this step there is no turning back!
The next thing we need to do is completely wipe the router to make way for the new firmware.
This will only work if the probe was successful. If it wasn't, go back and keep trying. I promise that the diagrams are right.
In the same command prompt, run the command "tjtag -erase:custom /window:0x90000000 /start:0x90000000 /length:0x40000 /nocwd"
This should have erased the entire flash chip, from the region 0x90000000 to 0x90040000. Understanding these regions is highly relevant to setting up openwrt on your router.
7. Load the new bootloader
Now that we've completely wiped the router we can start loading on the software. The first thing we need to load is the bootloader. The bootloader talks directly to the router hardware, and is the first thing we need to load back on.
Side Note About regions (atleast that's what I think they're called):
Those big numbers above (0x900.. etc) are referring to an area of the memory inside the router. At this point we are just using those numbers to refer to the area we want to erase or fill, but soon we will start calling them by a different simpler name; "mtd".
Think of them as partitions.
In this router there should be 5 of these partitions; mtd0, mtd1, mtd2, mtd3, mtd4.
Each of these partitions has a region assigned to it, and serves a certain purpose (which I don't completely understand seeing how I'm learning this as I go, appologies if I'm talking a complete load of rubbish).
In the DSL502T the default regions for the mtd's are as follows:
mtd start end purpose
0 0x900b1000 0x903e0000 filesystem?
1 0x90020090 0x900b1000 kernel?
2 0x90000000 0x90010000 BOOTLOADER
3 0x90010000 0x90020000 CONFIG
4 0x90020000 0x903e0000 Filesystem again? (We will upload our openwrt image here later)
We will change the addresses of some of these later.
Anyway back on topic...
The first thing we want to flash is the mtd2.
Go into the tjtag folder and rename mtd2.bin to custom.bin. This allows us to flash it to the router with the -flash:custom command.
To do this we will issue the following command: "tjtag -flash:custom /window:0x900000000 /start:0x90000000 /length:0x10000"
Notice how we are flashing the range that corresponds to the mtd partition in the table above?
Expect this to take a long time, perhaps about 20-30 minutes. Coffee break!
You should be seeing a lot of this.
8. Load the config into mtd3
You're still here? Good.
Okay next we want to flash the mtd3.bin image into the mtd3 partition (ranging from 0x90010000 - 0x90020000).
Delete the old custom.bin file in the jtag folder and rename mtd3.bin to custom.bin.
Now issue a similar command to above to flash the new custom.bin (the mtd3.bin) to a different partition:
"tjtag -flash:custom /window:0x90010000 /start:0x90010000 /length:0x10000 /nocwd"
This should also take about 20-30 minutes and look almost identical to the the last flash we did. **(It only took 2 minutes for me last time so don't be surprised if it doesn't take long at all)
9. Change the mtd1 address
If you've made it this far, that's great! You're ready to start setting up and installing openwrt.
Turn off your router, unplug the JTAG cable from it and screw it back together. We won't be needing to use it for the remainder of this tutorial. I highly recommend that you leave the resistor soldered onto the router however, in case you do something wrong with openwrt and need to start the tutorial again.
Plug it into the power (and only the power) and turn it on. The power light should come on, and then about 30 seconds later the USB light should begin to flash.
This is the routers way of telling us that the bootloader is installed and working properly, but there is no firmware for it to load.
Now connect it to your computer via ethernet.
Next you need to change your ip settings to match the router in this funny state.
I have a Telecom NZ model, so the settings for me are as follows:
IP: 5.8.8.99
Subnet mask: 255.0.0.0
gateway: 5.8.8.8
dns 1: 5.8.8.8
dns 2: 4.2.2.2
If this doesn't work for the following step you may need to try changing all the 5's to 10's. (ip:10.8.8.99, gateway: 10.8.8.8 etc)
Hopefully you know how to change you ip, but incase you don't: Control panel > Network Connections > Right click you ethernet adapter > properties > double click Internet Protocol (tcp/ip).
Open up command prompt and start up the router. After about 5 seconds very quickly enter the command "telnet 5.8.8.8 21" (or 10.8.8.8 if that applies)
You should be Greeted with a screen saying "220 ADAM2 FTP Server ready."
If not turn off the router, exit command prompt and try again. You have to get the timing right.
Be careful: in the telnet program you can't backspace, if you make an error you have to press enter and start typing the line again.
Now we will enter commands to change the mtd1 address
Enter this: USER adam2
It will reply: 331 Password required for adam2.
Enter this: PASS adam2
It will reply: 230 User adam2 successfully logged in.
Enter this: SETENV mtd1,0x90020000,0x903e0000
It will reply: 200 SETENV command successful
At this point you can close the command prompt (because there appears to be no other way to quit the telnet program).
We basically just changed the address of mtd1, so that it is the same as mtd4 (which is where we are about to upload the openwrt image to)
10. Upload and install openwrt
Open command prompt and enter "ftp 5.8.8.8" (or 10.8.8.8 if that applies to you)
It will ask you for a username and a password, both are "adam2"
Once you've logged in enter the following commands:
"quote MEDIA FLSH" < yes that's FLSH, not FLASH
"bin"
"hash"
Now enter:
put (location of the openwrt.img file) "fs mtd4"
For example, if you had the folder in C:\ you would enter:
put "C:\dsl502t-openwrt\openwrt.img" "fs mtd4"
The openwrt image will then upload.
The whole process should look like this:
Now quit command prompt and turn off the router.
11. Change your IP and DNS settings back to DHCP
Pretty self explanitory.
Control panel > Network Connections > Right click you ethernet adapter > properties > double click Internet Protocol (tcp/ip).
12. Plug in the phone line and start up the router
Congratulations! Openwrt is now successfully installed on your DSL502T
When the router has started up (may take a minute or two) point your browser at 192.168.1.1 to confirm that the router is working. By default there is no password.
NOTE: at this point you still won't have an internet connection. In order to use the phone jack we have to set up a new interface, bringing us to the final step.
13. Configuring your internet connection.
This one had me stumped for quite a while, but I finally figured it out.
Log in to LuCi (the software at 192.168.1.1 in your browser) and change mode to "Administration" (click administration in the top right hand corner).
Now go to Network (top left) > Interfaces.
At the bottom of the page enter "wan" into the text box and press "add entry".
It will then prompt you to fill in the details for the interface. Most of these settings will depend on your ISP. Give them all call up if you don't know them. They will happily tell you.
For the interface section select "-- custom --" and enter "ppp0".
For Telecom NZ the settings are as follows.
Protocol: PPoA
Bridge interfaces.
Interface: ppp0
username: (your username/front of your email address).xadsl@xtra.co.nz
password: (your email password)
PPoA Encapsulation: VC
VPI: 0
VCI: 100
Replace default route: Yes
Use peer DNS: Yes
Enable ipv6 on ppp link: No
Enjoy your wonderful new salvaged router.
If you need help or the links are down, please try and contact me at
herbert (dot) todd (at) gmail.com
(Last edited by granyte on 17 Feb 2013, 01:19)