Hi All

I have a Netgear WNDR4300 which has a corrupted bootloader due to a recent power failure. the device keeps restarting every second. I connected a serial cable and found that it is giving a "checksum mismatch" error. So device failed starting before it reaches the u-boot. I don't have any JTAG cable to trouble shoot.

But I see chinese forum talking about a new bootloader called "Breed" but the instructions are in chinese so I have problem understanding them,

http://www.right.com.cn/forum/thread-170402-1-1.html

Can any one please help me debricking my device ? or summarize the instructions appears in the above URL ?

find_hif: bootstrap = 0xaf055b

WASP BootROM Ver. 1.1
Nand Flash init
ONFI: Control setting = 0xb44

hdr: [0xbd004000 : 0xbd004000 : 0x3000 : 0xc200e86c]

nand_load_fw: read 6 pages

nand_load_fw: 0x10000 0x800 0xbd0047f0

nand_load_fw: 0x20000 0x800 0xbd004ff0

nand_load_fw: 0x30000 0x800 0xbd0057f0

nand_load_fw: 0x40000 0x800 0xbd005ff0

nand_load_fw: 0x50000 0x800 0xbd0067f0

f/w 0 read complete, jumping to 0xbd004000

initialize PLL & DDR

sri
Wasp 1.2
Wasp (16bit) ddr1 init
setting for 40
fw1: Nand Init
leave FW1
f/w 0 execution complete

hdr: [0xa0100000 : 0xa0100000 : 0x11000 : 0xb4da1a60]

nand_load_fw: read 34 pages

nand_load_fw: 0x70000 0x800 0xa01007f0

nand_load_fw: 0x80000 0x800 0xa0100ff0

nand_load_fw: 0x90000 0x800 0xa01017f0

nand_load_fw: 0xa0000 0x800 0xa0101ff0

nand_load_fw: 0xb0000 0x800 0xa01027f0

nand_load_fw: 0xc0000 0x800 0xa0102ff0

nand_load_fw: 0xd0000 0x800 0xa01037f0

nand_load_fw: 0xe0000 0x800 0xa0103ff0

nand_load_fw: 0xf0000 0x800 0xa01047f0

nand_load_fw: 0x100000 0x800 0xa0104ff0

nand_load_fw: 0x110000 0x800 0xa01057f0

nand_load_fw: 0x120000 0x800 0xa0105ff0

nand_load_fw: 0x130000 0x800 0xa01067f0

nand_load_fw: 0x140000 0x800 0xa0106ff0

nand_load_fw: 0x150000 0x800 0xa01077f0

nand_load_fw: 0x160000 0x800 0xa0107ff0

nand_load_fw: 0x170000 0x800 0xa01087f0

nand_load_fw: 0x180000 0x800 0xa0108ff0

nand_load_fw: 0x190000 0x800 0xa01097f0

nand_load_fw: 0x1a0000 0x800 0xa0109ff0

nand_load_fw: 0x1b0000 0x800 0xa010a7f0

nand_load_fw: 0x1c0000 0x800 0xa010aff0

nand_load_fw: 0x1d0000 0x800 0xa010b7f0

nand_load_fw: 0x1e0000 0x800 0xa010bff0

nand_load_fw: 0x1f0000 0x800 0xa010c7f0

nand_load_fw: 0x200000 0x800 0xa010cff0

nand_load_fw: 0x210000 0x800 0xa010d7f0

nand_load_fw: 0x220000 0x800 0xa010dff0

nand_load_fw: 0x230000 0x800 0xa010e7f0

nand_load_fw: 0x240000 0x800 0xa010eff0

nand_load_fw: 0x250000 0x800 0xa010f7f0

nand_load_fw: 0x260000 0x800 0xa010fff0

nand_load_fw: 0x270000 0x800 0xa01107f0

Checksum mismatch. 0xb4da1a60 != 0xb2d1e53a

From your log, I am guessing you are have the NAND model as the chinese forum says.
Double check this and use the correct bin file.

Seems like post #2 contains the information you need.
Translation in-line below. (Note: I am not responsible for what happens if you follow these instructions. Good luck)

通过原厂 U-Boot 刷入 Breed
Using factory u-boot to flash Breed

在 OpenWrt 中通过 mtd 命令刷入，请参考 http://www.right.com.cn/forum/thread-154561-1-1.html 帖子 1 楼。
Using Openwrt's MTD command to flash, visit the first post on http://www.right.com.cn/forum/thread-154561-1-1.html

这里介绍从 U-Boot 刷入 Breed 的方法：
Introduction to flashing Breed via U-boot.
参考 http://www.right.com.cn/forum/thread-154561-1-1.html 帖子 2 楼方法搭建 TFTP 环境
In reference to method in post #2 http://www.right.com.cn/forum/thread-154561-1-1.html to setup TFTP environment

然后再在原厂 U-Boot 中执行以下命令：
Then, execute this under factory Uboot

1.
tftp 0x80000000 breed-ar9344-wndr4300-nand.bin
此命令作用为通过 TFTP 服务器将 Breed 文件传入到内存地址 0x80000000 处
This command's purpose is to use TFTP to transfer Breed file to ram address 0x80000000

此时要记下输出中
Remember to note down the output
Bytes transferred = AAAAA (BBBBB hex)
中的 BBBBB 数值
i.e. the value in BBBBB

2.
nand erase 0x0 0x40000
此命令作用为擦除 NAND 开头 256KB 的数据
this command is used to erase NAND's 256KB header

3.
nand write 0x80000000 0x0 0xBBBBB
此命令作用为向 NAND 中写入 Breed
This command is used to write Breed into NAND
其中 BBBBB 要替换为第 1 步中记录的数值
The BBBBB value need to be replaced from the value in step 1

[Image]

以上操作之后，重启便可通过按压复位键 5~10 秒进入 Breed
After the above operation, reboot and you can enter Breed by pressing the reset button for 5-10 seconds.
-------------
After translating, I don't think this will help you when your Uboot is gone.
What you need to do is in the post #3's instructions but that will require you to have SPI flash programmer and soldering. I don't think you have both of these tools, so there is no point translating.

(Last edited by ericwongcm on 26 Mar 2016, 07:41)

Hi

Thank you so much for your response. Much appreciated.

Yes, you are correct. My u-boot is gone, so post #3 is the one which I am looking for. I do have soldering iron and stuffs, but I do not have SPI flash programmer. Is there any thing which I can buy from ebay ? Can you recommend one or help me build one (I am basically a engineering student)

Thanks much
Navas

I never need to use one, so I have no suggestion in this aspect but I bet buying a SPI flash programmer would cost more than a new router itself. You may be better off borrowing one at your University or something, those working in these things will surely have one around.

Even if you have one, you will need to have very good soldering skills to be able to take the flash chip off and then put it back on without frying it.

Thanks Man,

I think I will look for a better router then, do you have any suggestion ?