Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2]

Author Topic: Unlocking Sky DG834GT  (Read 31660 times)

BritBrat

  • Kitizen
  • ****
  • Posts: 1359
Re: Unlocking Sky DG834GT
« Reply #15 on: October 14, 2009, 06:47:57 PM »

Download the recovery software anyway just in case something does go wrong, but I am sure it will be fine.

Just do not abort or turn anything off while it is flashing the new firmware, when I do it I leave the computer totaly alone and wait.
Logged

bigbossa

  • Member
  • **
  • Posts: 70
Re: Unlocking Sky DG834GT
« Reply #16 on: October 14, 2009, 06:49:35 PM »

Cheers man ...no worries  ;) thanks for your help
Logged

bigbossa

  • Member
  • **
  • Posts: 70
Re: Unlocking Sky DG834GT
« Reply #17 on: October 15, 2009, 10:50:04 AM »

OK just to update ,upgraded to DGTeam firmware this morning and all is well . Will have to experiment with the SNR .I want get my line speed up .I have a long line approx 3 miles from the exchange.My last router was on the blink (Netgear DG834Gv3) and seemed to be randomly disconnecting in the night ,so my SNR would never lower.
Hope things get better with the DG834GT and the DGTeam firmware ?
Logged

pintosal

  • Reg Member
  • ***
  • Posts: 181
Re: Unlocking Sky DG834GT
« Reply #18 on: October 15, 2009, 12:00:35 PM »

I actually turn off my DG834GT router when I go to bed, and then turn it on again in the morning when I need internet access.

This means that the router synchs at higher speed because the SNRM drops and most of the line errors happen after dark due to radio interference of one kind or another.
Logged

HPsauce

  • Helpful
  • Kitizen
  • *
  • Posts: 2606
Re: Unlocking Sky DG834GT
« Reply #19 on: October 15, 2009, 12:15:10 PM »

I actually turn off my DG834GT router when I go to bed
Unless you go to bed at sunset that is unlikely to help.
In most areas interference is at a peak mid-evening.
Logged

y4mz

  • Just arrived
  • *
  • Posts: 2
Re: Unlocking Sky DG834GT
« Reply #20 on: March 05, 2010, 07:41:02 PM »

Thought this might be helpful to Linux users:

I was able to successfully flash a Sky locked DG834GT with the standard firmware (version 1.03.22) using a C program I found here https://dev.openwrt.org/attachment/ticket/2897/nftp.2.c

I'm no programmer but I managed to amend the code to bypass it's firmware image verification check so DG834GT images could be used.

I can only say it worked me - there's no guarantee it won't brick your router.

Here's the code:
Code: [Select]

/*****************************************************************************\
*                                                                             *
*  nftp                                                                       *
*                                                                             *
*  Upload a firmware image to a bricked Netgear router using raw Ethernet     *
*  frames.                                                                    *
*                                                                             *
*  Only tested with a DG834Gv4. Don't blame me if this breaks your router!    *
*                                                                             *
*  First version written by matteo (aka rootkit). I tried upslug2 but it      *
*  didn't work and eventually uploaded something that still didn't make the   *
*  router boot.                                                               *
*                                                                             *
*  After looking at a packet dump of a proper upgrade done using the Windows  *
*  tool, I figured enhancing this program would be easier than trying to      *
*  understand how upslug2 is supposed to work. I don't like C++.              *
*                                                                             *
*  This code isn't pretty, but I hacked it together quickly to get the job    *
*  done. Hope it'll help someone.                                             *
*                                                                             *
*  Wilmer van der Gaast. <wilmer@gaast.net>                                   *
*                                                                             *
\*****************************************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h>
#include <arpa/inet.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
                     
#define NFTP_PROBE_LEN 0x40
#define NFTP_MAX_PKT_LEN 1600
#define NFTP_PROBE_RESP_LEN 0x66
#define ETH_P_NFTP 0x8888

#define NFTP_BLOCK_SIZE 1024
#define IMG_VERIFY_BUF 65536
#define IMG_VERIFY_STRING "sercomm"

typedef enum {
NFTP_TYPE_HWINFO = 0,
NFTP_TYPE_UPGRADESTART = 1,
NFTP_TYPE_UPGRADEDATA = 2,
NFTP_TYPE_REBOOT = 3,
NFTP_TYPE_UPGRADEVERIFY = 4,
} nftp_type_t;

#define DEBUG

#ifdef DEBUG
#define D(x, ...) fprintf(stderr, x"\n", __VA_ARGS__)
#else
#define D(...)
#endif

void usage(char *arg0)
{
fprintf(stderr, "Usage: %s -u/-v iface file.img\n"
"Example:\n\t %s -u eth0 firmware.img\n", arg0, arg0);
exit(1);
}

int sockfd;
unsigned char src_mac[ETH_ALEN];
unsigned char dst_mac[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
struct sockaddr_ll socket_address;
unsigned char pkt_buffer[NFTP_MAX_PKT_LEN];
unsigned char *etherhead = pkt_buffer;
unsigned char *data = pkt_buffer + 14;
uint16_t *nftp_type = (uint16_t*) (pkt_buffer + 14);
uint16_t *nftp_sequence = (uint16_t*) (pkt_buffer + 16);
uint16_t *nftp_offset = (uint16_t*) (pkt_buffer + 18);
uint16_t *nftp_chunk = (uint16_t*) (pkt_buffer + 20);
uint16_t *nftp_payload_len = (uint16_t*) (pkt_buffer + 22);
unsigned char *nftp_payload = pkt_buffer + 24;
int send_pkt_len;
int recv_pkt_len;

int nftp_send()
{
int st;

/*set the frame header*/
memcpy((void*)pkt_buffer, (void*)dst_mac, ETH_ALEN);
memcpy((void*)(pkt_buffer+ETH_ALEN), (void*)src_mac, ETH_ALEN);
((struct ethhdr*)etherhead)->h_proto = ETH_P_NFTP;

socket_address.sll_halen = ETH_ALEN;
memcpy(socket_address.sll_addr, dst_mac, ETH_ALEN);

(*nftp_sequence)++;
send_pkt_len = (*nftp_payload_len) + 24;

st = sendto(sockfd, pkt_buffer, send_pkt_len, 0,
(struct sockaddr*)&socket_address, sizeof(socket_address));

if (st == -1) {
perror("sendto");
/* Rules of proper programming don't apply in a hack like this. :-P */
exit(1);
}
}

int nftp_recv()
{
uint16_t st;

do {
recv_pkt_len = recvfrom(sockfd, pkt_buffer, NFTP_PROBE_RESP_LEN, 0, NULL, NULL);
if (recv_pkt_len == -1) {
perror("recvfrom");
return 1;
}
} while (((struct ethhdr*)etherhead)->h_proto != ETH_P_NFTP);

if (*nftp_payload_len == 2) {
st = *(uint16_t*)(nftp_payload);
} else {
st = 0;
}

return st;
}

int nftp_sendrecv()
{
uint16_t sequence;
int st;

nftp_send();
sequence = *nftp_sequence;

while (1) {
st = nftp_recv();

if (*nftp_sequence != sequence) {
D("Received unexpected packet seq=%d (expected %d)",
  *nftp_sequence, sequence);
continue;
} else if (st != 0) {
fprintf(stderr, "Received non-0 response from router, aborting.\n");
exit(1);
}

return st;
}
}

int nftp_sendfile(int imgfd, int imgsize, char *status)
{
int imgoffset;

lseek(imgfd, 0, SEEK_SET);
*nftp_chunk = imgoffset = 0;
while (read(imgfd, nftp_payload, NFTP_BLOCK_SIZE) == NFTP_BLOCK_SIZE) {
*nftp_payload_len = NFTP_BLOCK_SIZE;
nftp_sendrecv();
*nftp_chunk += (NFTP_BLOCK_SIZE >> 4);
imgoffset += NFTP_BLOCK_SIZE;
fprintf( stderr, "\r%s: %10d/%d bytes",status, imgoffset, imgsize );
}
}

int main(int argc, char *argv[])
{
int send_result = 0, res, imgfd, upgrade = 0;
struct stat imginfo;
struct ifreq iface;
char *buf, *s;

if(argc < 3)
usage(argv[0]);

if (strcmp(argv[1], "-u") == 0) {
upgrade = 1;
} else if (strcmp(argv[1], "-v") != 0) {
usage(argv[0]);
}

/* Initialize the raw socket stuff. Most of this can be reused during
   the whole session. */
sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if (sockfd == -1) {
if(geteuid() != 0) {
fprintf(stderr, "You should probably run this program as root.\n");
}
perror("socket");
return 1;
}
seteuid(getuid());
strncpy(iface.ifr_name, argv[2], IFNAMSIZ);

imgfd = open(argv[3], O_RDONLY);
fstat(imgfd, &imginfo);
if (imginfo.st_size % NFTP_BLOCK_SIZE) {
fprintf(stderr, "File size should be a multiple of %d.\n", NFTP_BLOCK_SIZE);
return 1;
}

res = ioctl(sockfd, SIOCGIFHWADDR, &iface);
if(res < 0){
perror("ioctl");
exit(1);
}

/*our MAC address*/
memcpy(src_mac, iface.ifr_hwaddr.sa_data, ETH_ALEN);
D("Sending frame on %s (%x:%x:%x:%x:%x:%x)", iface.ifr_name,
  src_mac[0], src_mac[1], src_mac[2], src_mac[3], src_mac[4], src_mac[5]);

/*RAW communication*/
socket_address.sll_family   = PF_PACKET;
/*we don't use a protocoll above ethernet layer
*   ->just use anything here*/
socket_address.sll_protocol = htons(ETH_P_NFTP);

/*index of the network device
* see full code later how to retrieve it*/
res = ioctl(sockfd, SIOCGIFINDEX, &iface);
if(res < 0){
perror("ioctl");
exit(1);
}
socket_address.sll_ifindex  =iface.ifr_ifindex;

/* ARP hardware identifier is ethernet */
socket_address.sll_hatype   = ARPHRD_ETHER;

/* target is another host */
socket_address.sll_pkttype  = PACKET_OTHERHOST;

*nftp_type = NFTP_TYPE_HWINFO;
send_pkt_len = NFTP_PROBE_LEN;

nftp_send();
nftp_recv();

/* Now we know where to talk to, stop broadcasting! */
memcpy(dst_mac, pkt_buffer + ETH_ALEN, ETH_ALEN);
D("Found a router at %x:%x:%x:%x:%x:%x", dst_mac[0], dst_mac[1], dst_mac[2], dst_mac[3], dst_mac[4], dst_mac[5]);
D("Router is a %s", pkt_buffer + 0x1C);
D("Current version is %x%x", pkt_buffer[0x4A], pkt_buffer[0x4B]);
D("Max upgrade size is %d kb", (pkt_buffer[0x16] | (pkt_buffer[0x17] << 8) | (pkt_buffer[0x18] << 16)) - 20);

/* Some kind of verification of the firmware image. This really is
   just some guess work based on what I saw in upslug2 and the images
   for my router (not compatible with upslug2). */
buf = malloc(IMG_VERIFY_BUF);
lseek(imgfd, -IMG_VERIFY_BUF, SEEK_END);
read(imgfd, buf, IMG_VERIFY_BUF);
s = (char*) memmem(buf, IMG_VERIFY_BUF, nftp_payload, (size_t) (*nftp_payload_len));
if (s == NULL ||
    strncasecmp(s - strlen(IMG_VERIFY_STRING), IMG_VERIFY_STRING, strlen(IMG_VERIFY_STRING)) != 0 ||
    strncasecmp(s + *nftp_payload_len, IMG_VERIFY_STRING, strlen(IMG_VERIFY_STRING)) != 0) {
fprintf(stderr, "Could not find \"magic hardware header\" in this image.\n"
                "Uploading this is not recommended but press Enter if you wish to continue.\n");
read(0, buf, 1);
}

*nftp_type = NFTP_TYPE_UPGRADESTART;
*nftp_offset = 0;
*nftp_chunk = 0;
*nftp_payload_len = 0;

nftp_sendrecv();

if (upgrade) {
/* When the first packet comes in, the router will start
   erasing flash before it sends an ACK. Keep the user
   updated in the meantime. */
printf("Erasing flash, this will take around ten seconds...\n");
*nftp_type = NFTP_TYPE_UPGRADEDATA;
nftp_sendfile(imgfd, imginfo.st_size, "Upgrading");
printf("\nUpload completed, will now verify:\n");
}

*nftp_type = NFTP_TYPE_UPGRADEVERIFY;
nftp_sendfile(imgfd, imginfo.st_size, "Verifying");

if (upgrade) {
*nftp_type = NFTP_TYPE_REBOOT;
*nftp_payload_len = 0;
nftp_sendrecv();
}

printf("\nFirmware updated/verified successfully!\n");

return 0;
}

Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43467
  • Penguins CAN fly
    • DSLstats
Re: Unlocking Sky DG834GT
« Reply #21 on: March 05, 2010, 10:36:18 PM »

Thanks for that information, y4mz :)
Logged
  Eric

waz101

  • Just arrived
  • *
  • Posts: 2
Re: Unlocking Sky DG834GT
« Reply #22 on: March 11, 2010, 11:00:33 PM »

Thought this might be helpful to Linux users:

I was able to successfully flash a Sky locked DG834GT with the standard firmware (version 1.03.22) using a C program I found here https://dev.openwrt.org/attachment/ticket/2897/nftp.2.c

I'm no programmer but I managed to amend the code to bypass it's firmware image verification check so DG834GT images could be used.

I can only say it worked me - there's no guarantee it won't brick your router.

Here's the code:
Code: [Select]

/*****************************************************************************\
*                                                                             *
*  nftp                                                                       *
*                                                                             *
*  Upload a firmware image to a bricked Netgear router using raw Ethernet     *
*  frames.                                                                    *
*                                                                             *
*  Only tested with a DG834Gv4. Don't blame me if this breaks your router!    *
*                                                                             *
*  First version written by matteo (aka rootkit). I tried upslug2 but it      *
*  didn't work and eventually uploaded something that still didn't make the   *
*  router boot.                                                               *
*                                                                             *
*  After looking at a packet dump of a proper upgrade done using the Windows  *
*  tool, I figured enhancing this program would be easier than trying to      *
*  understand how upslug2 is supposed to work. I don't like C++.              *
*                                                                             *
*  This code isn't pretty, but I hacked it together quickly to get the job    *
*  done. Hope it'll help someone.                                             *
*                                                                             *
*  Wilmer van der Gaast. <wilmer@gaast.net>                                   *
*                                                                             *
\*****************************************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h>
#include <arpa/inet.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
                    
#define NFTP_PROBE_LEN 0x40
#define NFTP_MAX_PKT_LEN 1600
#define NFTP_PROBE_RESP_LEN 0x66
#define ETH_P_NFTP 0x8888

#define NFTP_BLOCK_SIZE 1024
#define IMG_VERIFY_BUF 65536
#define IMG_VERIFY_STRING "sercomm"

typedef enum {
NFTP_TYPE_HWINFO = 0,
NFTP_TYPE_UPGRADESTART = 1,
NFTP_TYPE_UPGRADEDATA = 2,
NFTP_TYPE_REBOOT = 3,
NFTP_TYPE_UPGRADEVERIFY = 4,
} nftp_type_t;

#define DEBUG

#ifdef DEBUG
#define D(x, ...) fprintf(stderr, x"\n", __VA_ARGS__)
#else
#define D(...)
#endif

void usage(char *arg0)
{
fprintf(stderr, "Usage: %s -u/-v iface file.img\n"
"Example:\n\t %s -u eth0 firmware.img\n", arg0, arg0);
exit(1);
}

int sockfd;
unsigned char src_mac[ETH_ALEN];
unsigned char dst_mac[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
struct sockaddr_ll socket_address;
unsigned char pkt_buffer[NFTP_MAX_PKT_LEN];
unsigned char *etherhead = pkt_buffer;
unsigned char *data = pkt_buffer + 14;
uint16_t *nftp_type = (uint16_t*) (pkt_buffer + 14);
uint16_t *nftp_sequence = (uint16_t*) (pkt_buffer + 16);
uint16_t *nftp_offset = (uint16_t*) (pkt_buffer + 18);
uint16_t *nftp_chunk = (uint16_t*) (pkt_buffer + 20);
uint16_t *nftp_payload_len = (uint16_t*) (pkt_buffer + 22);
unsigned char *nftp_payload = pkt_buffer + 24;
int send_pkt_len;
int recv_pkt_len;

int nftp_send()
{
int st;

/*set the frame header*/
memcpy((void*)pkt_buffer, (void*)dst_mac, ETH_ALEN);
memcpy((void*)(pkt_buffer+ETH_ALEN), (void*)src_mac, ETH_ALEN);
((struct ethhdr*)etherhead)->h_proto = ETH_P_NFTP;

socket_address.sll_halen = ETH_ALEN;
memcpy(socket_address.sll_addr, dst_mac, ETH_ALEN);

(*nftp_sequence)++;
send_pkt_len = (*nftp_payload_len) + 24;

st = sendto(sockfd, pkt_buffer, send_pkt_len, 0,
(struct sockaddr*)&socket_address, sizeof(socket_address));

if (st == -1) {
perror("sendto");
/* Rules of proper programming don't apply in a hack like this. :-P */
exit(1);
}
}

int nftp_recv()
{
uint16_t st;

do {
recv_pkt_len = recvfrom(sockfd, pkt_buffer, NFTP_PROBE_RESP_LEN, 0, NULL, NULL);
if (recv_pkt_len == -1) {
perror("recvfrom");
return 1;
}
} while (((struct ethhdr*)etherhead)->h_proto != ETH_P_NFTP);

if (*nftp_payload_len == 2) {
st = *(uint16_t*)(nftp_payload);
} else {
st = 0;
}

return st;
}

int nftp_sendrecv()
{
uint16_t sequence;
int st;

nftp_send();
sequence = *nftp_sequence;

while (1) {
st = nftp_recv();

if (*nftp_sequence != sequence) {
D("Received unexpected packet seq=%d (expected %d)",
 *nftp_sequence, sequence);
continue;
} else if (st != 0) {
fprintf(stderr, "Received non-0 response from router, aborting.\n");
exit(1);
}

return st;
}
}

int nftp_sendfile(int imgfd, int imgsize, char *status)
{
int imgoffset;

lseek(imgfd, 0, SEEK_SET);
*nftp_chunk = imgoffset = 0;
while (read(imgfd, nftp_payload, NFTP_BLOCK_SIZE) == NFTP_BLOCK_SIZE) {
*nftp_payload_len = NFTP_BLOCK_SIZE;
nftp_sendrecv();
*nftp_chunk += (NFTP_BLOCK_SIZE >> 4);
imgoffset += NFTP_BLOCK_SIZE;
fprintf( stderr, "\r%s: %10d/%d bytes",status, imgoffset, imgsize );
}
}

int main(int argc, char *argv[])
{
int send_result = 0, res, imgfd, upgrade = 0;
struct stat imginfo;
struct ifreq iface;
char *buf, *s;

if(argc < 3)
usage(argv[0]);

if (strcmp(argv[1], "-u") == 0) {
upgrade = 1;
} else if (strcmp(argv[1], "-v") != 0) {
usage(argv[0]);
}

/* Initialize the raw socket stuff. Most of this can be reused during
  the whole session. */
sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if (sockfd == -1) {
if(geteuid() != 0) {
fprintf(stderr, "You should probably run this program as root.\n");
}
perror("socket");
return 1;
}
seteuid(getuid());
strncpy(iface.ifr_name, argv[2], IFNAMSIZ);

imgfd = open(argv[3], O_RDONLY);
fstat(imgfd, &imginfo);
if (imginfo.st_size % NFTP_BLOCK_SIZE) {
fprintf(stderr, "File size should be a multiple of %d.\n", NFTP_BLOCK_SIZE);
return 1;
}

res = ioctl(sockfd, SIOCGIFHWADDR, &iface);
if(res < 0){
perror("ioctl");
exit(1);
}

/*our MAC address*/
memcpy(src_mac, iface.ifr_hwaddr.sa_data, ETH_ALEN);
D("Sending frame on %s (%x:%x:%x:%x:%x:%x)", iface.ifr_name,
 src_mac[0], src_mac[1], src_mac[2], src_mac[3], src_mac[4], src_mac[5]);

/*RAW communication*/
socket_address.sll_family   = PF_PACKET;
/*we don't use a protocoll above ethernet layer
*   ->just use anything here*/
socket_address.sll_protocol = htons(ETH_P_NFTP);

/*index of the network device
* see full code later how to retrieve it*/
res = ioctl(sockfd, SIOCGIFINDEX, &iface);
if(res < 0){
perror("ioctl");
exit(1);
}
socket_address.sll_ifindex  =iface.ifr_ifindex;

/* ARP hardware identifier is ethernet */
socket_address.sll_hatype   = ARPHRD_ETHER;

/* target is another host */
socket_address.sll_pkttype  = PACKET_OTHERHOST;

*nftp_type = NFTP_TYPE_HWINFO;
send_pkt_len = NFTP_PROBE_LEN;

nftp_send();
nftp_recv();

/* Now we know where to talk to, stop broadcasting! */
memcpy(dst_mac, pkt_buffer + ETH_ALEN, ETH_ALEN);
D("Found a router at %x:%x:%x:%x:%x:%x", dst_mac[0], dst_mac[1], dst_mac[2], dst_mac[3], dst_mac[4], dst_mac[5]);
D("Router is a %s", pkt_buffer + 0x1C);
D("Current version is %x%x", pkt_buffer[0x4A], pkt_buffer[0x4B]);
D("Max upgrade size is %d kb", (pkt_buffer[0x16] | (pkt_buffer[0x17] << 8) | (pkt_buffer[0x18] << 16)) - 20);

/* Some kind of verification of the firmware image. This really is
  just some guess work based on what I saw in upslug2 and the images
  for my router (not compatible with upslug2). */
buf = malloc(IMG_VERIFY_BUF);
lseek(imgfd, -IMG_VERIFY_BUF, SEEK_END);
read(imgfd, buf, IMG_VERIFY_BUF);
s = (char*) memmem(buf, IMG_VERIFY_BUF, nftp_payload, (size_t) (*nftp_payload_len));
if (s == NULL ||
   strncasecmp(s - strlen(IMG_VERIFY_STRING), IMG_VERIFY_STRING, strlen(IMG_VERIFY_STRING)) != 0 ||
   strncasecmp(s + *nftp_payload_len, IMG_VERIFY_STRING, strlen(IMG_VERIFY_STRING)) != 0) {
fprintf(stderr, "Could not find \"magic hardware header\" in this image.\n"
               "Uploading this is not recommended but press Enter if you wish to continue.\n");
read(0, buf, 1);
}

*nftp_type = NFTP_TYPE_UPGRADESTART;
*nftp_offset = 0;
*nftp_chunk = 0;
*nftp_payload_len = 0;

nftp_sendrecv();

if (upgrade) {
/* When the first packet comes in, the router will start
  erasing flash before it sends an ACK. Keep the user
  updated in the meantime. */
printf("Erasing flash, this will take around ten seconds...\n");
*nftp_type = NFTP_TYPE_UPGRADEDATA;
nftp_sendfile(imgfd, imginfo.st_size, "Upgrading");
printf("\nUpload completed, will now verify:\n");
}

*nftp_type = NFTP_TYPE_UPGRADEVERIFY;
nftp_sendfile(imgfd, imginfo.st_size, "Verifying");

if (upgrade) {
*nftp_type = NFTP_TYPE_REBOOT;
*nftp_payload_len = 0;
nftp_sendrecv();
}

printf("\nFirmware updated/verified successfully!\n");

return 0;
}




I just un-bricked a DG834N using this Code (Just flashing Red/Green. I wrecked it a few months ago testing a firmware), It'd be handy If someone could do a step-by-step guide for us Linux virgins though (It took me 2 days to figure it out!). I got the extra info I needed from this thread http://forum.kitz.co.uk/index.php/topic,6953.0.html

I've put a copy of the code in C here http://buffalonas.com/waz101/oldbacup/nftp.c

This should help you install it

Quote
What format is your compiled version in?
Can it be shared.

The code posted by y4mz compiles very easily on a Linux system and produces a simple command-line Linux executable. To do this, copy the code and save it as nftp.c . Then go to the directory where it's saved and type

Code: [Select]
gcc -o nftp nftp.c
This compiles very quickly to an executable called nftp. Copy the firmware to the same directory, then type

Code: [Select]
nftp -u eth0 <name of firmware file>
(You may need to change eth0 to the name which your system has assigned to the ethernet interface.) You may get a warning about the magic hardware header, but you can just OK this and let the update run. When it's finished the router is ready to use.


Only thing different I found was I needed to enter
Code: [Select]
sudo ./ntfp -u eth0 DG834N_V1.02.15.img enter the system password and press Enter to bypass the magic uploader stuff to make it work


Thanks  ;D
« Last Edit: March 11, 2010, 11:56:18 PM by waz101 »
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43467
  • Penguins CAN fly
    • DSLstats
Re: Unlocking Sky DG834GT
« Reply #23 on: March 12, 2010, 06:50:53 AM »

Yes, you're quite right there, I missed a bit in the how-to. You have to run nftp as root, and of course the ./ is needed to find the executable. I'll go back and edit it.
Logged
  Eric

fossean

  • Just arrived
  • *
  • Posts: 1
Re: Unlocking Sky DG834GT
« Reply #24 on: July 02, 2010, 12:55:56 PM »

Just registered to say a big thanks to y4mz, roseway and waz101 for their help above.  :)

Just got my 'new' DG834GT from ebay this morning, and by lunchtime had successfully bricked it. (I got the 'magic hardware header could not be found' warning when flashing with nftp from the DGTeam site.)

After recompiling nftp with the code above, I resurrected the router. I'm not that great with Linux, but it saves my skin time after time...

Just wish that the Netgear recovery utility would work with Windows 7, it would make things easier.

Great community here, I've been lurking for quite a while.
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43467
  • Penguins CAN fly
    • DSLstats
Re: Unlocking Sky DG834GT
« Reply #25 on: July 02, 2010, 01:05:51 PM »

Welcome to the forum, and I'm glad it helped. :)
Logged
  Eric

ourmark

  • Just arrived
  • *
  • Posts: 1
Re: Unlocking Sky DG834GT
« Reply #26 on: December 30, 2015, 10:23:58 AM »

I also signed up to say thanks for this thread.

I had a spare one of these in a cupboard and was disappointed to find that the ADSL features were all "locked down" when I needed a spare.

I compiled the patched c code and used it as others have done. I now have an unlocked router. Thanks!
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43467
  • Penguins CAN fly
    • DSLstats
Re: Unlocking Sky DG834GT
« Reply #27 on: December 30, 2015, 10:47:46 AM »

Welcome to the forum, and I'm pleased to hear that it worked for you. :)
Logged
  Eric
Pages: 1 [2]
 

anything