Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: bigbossa on October 09, 2009, 06:56:03 PM
-
Hi all
I am about to unlock a Sky DG834GT and was going to use the tutorial http://www.kitz.co.uk/routers/skyDG834GT_flash.htm I have also seen other tutorials which suggest running the file RmDrv.exe first and then run UpgradeWizard.exe. The tutorial on Kitz does not mention running the using RmDrv.exe
Any advice
Thanks
Steve
-
Don't think I ran that RmDrv.exe file.
Just went SKY >>> Netgear firmware >>> DG team firmware.
http://forum.kitz.co.uk/index.php?action=printpage;topic=4484.0
Make sure you do it on a XP machine and not a VISTA.
And welcome to Kitz place. :)
-
Hi BritBrat
Thanks for your welcome .
Sorry to be dumb but are you saying I don't need to run RmDrv.exe file ?
Just don't want to screw it up ;D
Normally I run a Ubuntu box but I will be flashing the router on a XPPro machine.
The Netgear was bought on ebay and is supposed to be unused ..hope it turns up tommrow ;)
-
Think I just did this.
http://kb.netgear.com/app/answers/detail/a_id/263/related/1
Making sure folder contains the correct firmware for the router.
-
Think I just did this.
http://kb.netgear.com/app/answers/detail/a_id/263/related/1
Making sure folder contains the correct firmware for the router.
Alright mate will do that. Blumin router hasn't turned up yet !
-
Ive done several sky unlocks and never used RmDrv.exe
RmDrv.exe is a Service control entry remover to uninstall drivers.
afaik you shouldnt need it unless your lan is having problems communicating directly with the router.
If you do need to use it.. the upgrade process will normally tell you that its having problems communicating and ask you to run it.
-
Thanks kitz much appreciated, will report back on how I get on ;)
-
Well at long last and a very long story my DG834GT has arrived and turns out is not a Sky branded router . The firmware says : A2pB022c.d20e
I really want to use the DGTeam firmware to tweak the SNR .Will it be safe to upgrade from this firmware ?
OK just noticed that at the top of the router page it says : Firmware Version V1.02.13 and then further down under modem : ADSL Firmware Version A2pB022c.d20e
am I mixing the two up ?
Also pretty sure the router was being used with AOL as the login was an AOL one
Can I upgrade to DGTeam the usual way or do I need to use the recovery utility ?
-
For the DGTeam firmware you need Netgear v1.02.16
-
For the DGTeam firmware you need Netgear v1.02.16
So can I just upgrade to Netgear v1.02.16 and then DGTeam through the Netgear web panel . Dont want to have to use the recovery utility as I'm on Linux.
As far as I can see this router is not locked
-
Firmware version 1.02.13 is a standard Netgear version, so there should be no problem upgrading to the DGTeam firmware using the normal upgrade capability in the web interface. A2pB022c.d20e will be the ADSL driver version which is included with firmware 1.02.13. (The ADSL firmware version with the current DGTeam firmware is A2pB023o.d20e, which is included with Netgear firmware 1.02.16.)
[Edit] There should be no need to upgrade to Netgear 1.02.16 first; just upgrade directly to the DGTeam firmware.
-
What Roseway said. ;)
Just upgrade to DGTeam in the normal way.
-
Brilliant !! Thanks guys ;)
-
Are you 100% sure it is the GT model?
It does have that firmware, I was thinking it may have been a DG834
http://kb.netgear.com/app/products/model/a_id/2328
-
Are you 100% sure it is the GT model?
Yep 100% sure
-
Download the recovery software anyway just in case something does go wrong, but I am sure it will be fine.
Just do not abort or turn anything off while it is flashing the new firmware, when I do it I leave the computer totaly alone and wait.
-
Cheers man ...no worries ;) thanks for your help
-
OK just to update ,upgraded to DGTeam firmware this morning and all is well . Will have to experiment with the SNR .I want get my line speed up .I have a long line approx 3 miles from the exchange.My last router was on the blink (Netgear DG834Gv3) and seemed to be randomly disconnecting in the night ,so my SNR would never lower.
Hope things get better with the DG834GT and the DGTeam firmware ?
-
I actually turn off my DG834GT router when I go to bed, and then turn it on again in the morning when I need internet access.
This means that the router synchs at higher speed because the SNRM drops and most of the line errors happen after dark due to radio interference of one kind or another.
-
I actually turn off my DG834GT router when I go to bed
Unless you go to bed at sunset that is unlikely to help.
In most areas interference is at a peak mid-evening.
-
Thought this might be helpful to Linux users:
I was able to successfully flash a Sky locked DG834GT with the standard firmware (version 1.03.22) using a C program I found here https://dev.openwrt.org/attachment/ticket/2897/nftp.2.c (https://dev.openwrt.org/attachment/ticket/2897/nftp.2.c)
I'm no programmer but I managed to amend the code to bypass it's firmware image verification check so DG834GT images could be used.
I can only say it worked me - there's no guarantee it won't brick your router.
Here's the code:
/*****************************************************************************\
* *
* nftp *
* *
* Upload a firmware image to a bricked Netgear router using raw Ethernet *
* frames. *
* *
* Only tested with a DG834Gv4. Don't blame me if this breaks your router! *
* *
* First version written by matteo (aka rootkit). I tried upslug2 but it *
* didn't work and eventually uploaded something that still didn't make the *
* router boot. *
* *
* After looking at a packet dump of a proper upgrade done using the Windows *
* tool, I figured enhancing this program would be easier than trying to *
* understand how upslug2 is supposed to work. I don't like C++. *
* *
* This code isn't pretty, but I hacked it together quickly to get the job *
* done. Hope it'll help someone. *
* *
* Wilmer van der Gaast. <wilmer@gaast.net> *
* *
\*****************************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#define NFTP_PROBE_LEN 0x40
#define NFTP_MAX_PKT_LEN 1600
#define NFTP_PROBE_RESP_LEN 0x66
#define ETH_P_NFTP 0x8888
#define NFTP_BLOCK_SIZE 1024
#define IMG_VERIFY_BUF 65536
#define IMG_VERIFY_STRING "sercomm"
typedef enum {
NFTP_TYPE_HWINFO = 0,
NFTP_TYPE_UPGRADESTART = 1,
NFTP_TYPE_UPGRADEDATA = 2,
NFTP_TYPE_REBOOT = 3,
NFTP_TYPE_UPGRADEVERIFY = 4,
} nftp_type_t;
#define DEBUG
#ifdef DEBUG
#define D(x, ...) fprintf(stderr, x"\n", __VA_ARGS__)
#else
#define D(...)
#endif
void usage(char *arg0)
{
fprintf(stderr, "Usage: %s -u/-v iface file.img\n"
"Example:\n\t %s -u eth0 firmware.img\n", arg0, arg0);
exit(1);
}
int sockfd;
unsigned char src_mac[ETH_ALEN];
unsigned char dst_mac[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
struct sockaddr_ll socket_address;
unsigned char pkt_buffer[NFTP_MAX_PKT_LEN];
unsigned char *etherhead = pkt_buffer;
unsigned char *data = pkt_buffer + 14;
uint16_t *nftp_type = (uint16_t*) (pkt_buffer + 14);
uint16_t *nftp_sequence = (uint16_t*) (pkt_buffer + 16);
uint16_t *nftp_offset = (uint16_t*) (pkt_buffer + 18);
uint16_t *nftp_chunk = (uint16_t*) (pkt_buffer + 20);
uint16_t *nftp_payload_len = (uint16_t*) (pkt_buffer + 22);
unsigned char *nftp_payload = pkt_buffer + 24;
int send_pkt_len;
int recv_pkt_len;
int nftp_send()
{
int st;
/*set the frame header*/
memcpy((void*)pkt_buffer, (void*)dst_mac, ETH_ALEN);
memcpy((void*)(pkt_buffer+ETH_ALEN), (void*)src_mac, ETH_ALEN);
((struct ethhdr*)etherhead)->h_proto = ETH_P_NFTP;
socket_address.sll_halen = ETH_ALEN;
memcpy(socket_address.sll_addr, dst_mac, ETH_ALEN);
(*nftp_sequence)++;
send_pkt_len = (*nftp_payload_len) + 24;
st = sendto(sockfd, pkt_buffer, send_pkt_len, 0,
(struct sockaddr*)&socket_address, sizeof(socket_address));
if (st == -1) {
perror("sendto");
/* Rules of proper programming don't apply in a hack like this. :-P */
exit(1);
}
}
int nftp_recv()
{
uint16_t st;
do {
recv_pkt_len = recvfrom(sockfd, pkt_buffer, NFTP_PROBE_RESP_LEN, 0, NULL, NULL);
if (recv_pkt_len == -1) {
perror("recvfrom");
return 1;
}
} while (((struct ethhdr*)etherhead)->h_proto != ETH_P_NFTP);
if (*nftp_payload_len == 2) {
st = *(uint16_t*)(nftp_payload);
} else {
st = 0;
}
return st;
}
int nftp_sendrecv()
{
uint16_t sequence;
int st;
nftp_send();
sequence = *nftp_sequence;
while (1) {
st = nftp_recv();
if (*nftp_sequence != sequence) {
D("Received unexpected packet seq=%d (expected %d)",
*nftp_sequence, sequence);
continue;
} else if (st != 0) {
fprintf(stderr, "Received non-0 response from router, aborting.\n");
exit(1);
}
return st;
}
}
int nftp_sendfile(int imgfd, int imgsize, char *status)
{
int imgoffset;
lseek(imgfd, 0, SEEK_SET);
*nftp_chunk = imgoffset = 0;
while (read(imgfd, nftp_payload, NFTP_BLOCK_SIZE) == NFTP_BLOCK_SIZE) {
*nftp_payload_len = NFTP_BLOCK_SIZE;
nftp_sendrecv();
*nftp_chunk += (NFTP_BLOCK_SIZE >> 4);
imgoffset += NFTP_BLOCK_SIZE;
fprintf( stderr, "\r%s: %10d/%d bytes",status, imgoffset, imgsize );
}
}
int main(int argc, char *argv[])
{
int send_result = 0, res, imgfd, upgrade = 0;
struct stat imginfo;
struct ifreq iface;
char *buf, *s;
if(argc < 3)
usage(argv[0]);
if (strcmp(argv[1], "-u") == 0) {
upgrade = 1;
} else if (strcmp(argv[1], "-v") != 0) {
usage(argv[0]);
}
/* Initialize the raw socket stuff. Most of this can be reused during
the whole session. */
sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if (sockfd == -1) {
if(geteuid() != 0) {
fprintf(stderr, "You should probably run this program as root.\n");
}
perror("socket");
return 1;
}
seteuid(getuid());
strncpy(iface.ifr_name, argv[2], IFNAMSIZ);
imgfd = open(argv[3], O_RDONLY);
fstat(imgfd, &imginfo);
if (imginfo.st_size % NFTP_BLOCK_SIZE) {
fprintf(stderr, "File size should be a multiple of %d.\n", NFTP_BLOCK_SIZE);
return 1;
}
res = ioctl(sockfd, SIOCGIFHWADDR, &iface);
if(res < 0){
perror("ioctl");
exit(1);
}
/*our MAC address*/
memcpy(src_mac, iface.ifr_hwaddr.sa_data, ETH_ALEN);
D("Sending frame on %s (%x:%x:%x:%x:%x:%x)", iface.ifr_name,
src_mac[0], src_mac[1], src_mac[2], src_mac[3], src_mac[4], src_mac[5]);
/*RAW communication*/
socket_address.sll_family = PF_PACKET;
/*we don't use a protocoll above ethernet layer
* ->just use anything here*/
socket_address.sll_protocol = htons(ETH_P_NFTP);
/*index of the network device
* see full code later how to retrieve it*/
res = ioctl(sockfd, SIOCGIFINDEX, &iface);
if(res < 0){
perror("ioctl");
exit(1);
}
socket_address.sll_ifindex =iface.ifr_ifindex;
/* ARP hardware identifier is ethernet */
socket_address.sll_hatype = ARPHRD_ETHER;
/* target is another host */
socket_address.sll_pkttype = PACKET_OTHERHOST;
*nftp_type = NFTP_TYPE_HWINFO;
send_pkt_len = NFTP_PROBE_LEN;
nftp_send();
nftp_recv();
/* Now we know where to talk to, stop broadcasting! */
memcpy(dst_mac, pkt_buffer + ETH_ALEN, ETH_ALEN);
D("Found a router at %x:%x:%x:%x:%x:%x", dst_mac[0], dst_mac[1], dst_mac[2], dst_mac[3], dst_mac[4], dst_mac[5]);
D("Router is a %s", pkt_buffer + 0x1C);
D("Current version is %x%x", pkt_buffer[0x4A], pkt_buffer[0x4B]);
D("Max upgrade size is %d kb", (pkt_buffer[0x16] | (pkt_buffer[0x17] << 8) | (pkt_buffer[0x18] << 16)) - 20);
/* Some kind of verification of the firmware image. This really is
just some guess work based on what I saw in upslug2 and the images
for my router (not compatible with upslug2). */
buf = malloc(IMG_VERIFY_BUF);
lseek(imgfd, -IMG_VERIFY_BUF, SEEK_END);
read(imgfd, buf, IMG_VERIFY_BUF);
s = (char*) memmem(buf, IMG_VERIFY_BUF, nftp_payload, (size_t) (*nftp_payload_len));
if (s == NULL ||
strncasecmp(s - strlen(IMG_VERIFY_STRING), IMG_VERIFY_STRING, strlen(IMG_VERIFY_STRING)) != 0 ||
strncasecmp(s + *nftp_payload_len, IMG_VERIFY_STRING, strlen(IMG_VERIFY_STRING)) != 0) {
fprintf(stderr, "Could not find \"magic hardware header\" in this image.\n"
"Uploading this is not recommended but press Enter if you wish to continue.\n");
read(0, buf, 1);
}
*nftp_type = NFTP_TYPE_UPGRADESTART;
*nftp_offset = 0;
*nftp_chunk = 0;
*nftp_payload_len = 0;
nftp_sendrecv();
if (upgrade) {
/* When the first packet comes in, the router will start
erasing flash before it sends an ACK. Keep the user
updated in the meantime. */
printf("Erasing flash, this will take around ten seconds...\n");
*nftp_type = NFTP_TYPE_UPGRADEDATA;
nftp_sendfile(imgfd, imginfo.st_size, "Upgrading");
printf("\nUpload completed, will now verify:\n");
}
*nftp_type = NFTP_TYPE_UPGRADEVERIFY;
nftp_sendfile(imgfd, imginfo.st_size, "Verifying");
if (upgrade) {
*nftp_type = NFTP_TYPE_REBOOT;
*nftp_payload_len = 0;
nftp_sendrecv();
}
printf("\nFirmware updated/verified successfully!\n");
return 0;
}
-
Thanks for that information, y4mz :)
-
Thought this might be helpful to Linux users:
I was able to successfully flash a Sky locked DG834GT with the standard firmware (version 1.03.22) using a C program I found here https://dev.openwrt.org/attachment/ticket/2897/nftp.2.c (https://dev.openwrt.org/attachment/ticket/2897/nftp.2.c)
I'm no programmer but I managed to amend the code to bypass it's firmware image verification check so DG834GT images could be used.
I can only say it worked me - there's no guarantee it won't brick your router.
Here's the code:
/*****************************************************************************\
* *
* nftp *
* *
* Upload a firmware image to a bricked Netgear router using raw Ethernet *
* frames. *
* *
* Only tested with a DG834Gv4. Don't blame me if this breaks your router! *
* *
* First version written by matteo (aka rootkit). I tried upslug2 but it *
* didn't work and eventually uploaded something that still didn't make the *
* router boot. *
* *
* After looking at a packet dump of a proper upgrade done using the Windows *
* tool, I figured enhancing this program would be easier than trying to *
* understand how upslug2 is supposed to work. I don't like C++. *
* *
* This code isn't pretty, but I hacked it together quickly to get the job *
* done. Hope it'll help someone. *
* *
* Wilmer van der Gaast. <wilmer@gaast.net> *
* *
\*****************************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#define NFTP_PROBE_LEN 0x40
#define NFTP_MAX_PKT_LEN 1600
#define NFTP_PROBE_RESP_LEN 0x66
#define ETH_P_NFTP 0x8888
#define NFTP_BLOCK_SIZE 1024
#define IMG_VERIFY_BUF 65536
#define IMG_VERIFY_STRING "sercomm"
typedef enum {
NFTP_TYPE_HWINFO = 0,
NFTP_TYPE_UPGRADESTART = 1,
NFTP_TYPE_UPGRADEDATA = 2,
NFTP_TYPE_REBOOT = 3,
NFTP_TYPE_UPGRADEVERIFY = 4,
} nftp_type_t;
#define DEBUG
#ifdef DEBUG
#define D(x, ...) fprintf(stderr, x"\n", __VA_ARGS__)
#else
#define D(...)
#endif
void usage(char *arg0)
{
fprintf(stderr, "Usage: %s -u/-v iface file.img\n"
"Example:\n\t %s -u eth0 firmware.img\n", arg0, arg0);
exit(1);
}
int sockfd;
unsigned char src_mac[ETH_ALEN];
unsigned char dst_mac[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
struct sockaddr_ll socket_address;
unsigned char pkt_buffer[NFTP_MAX_PKT_LEN];
unsigned char *etherhead = pkt_buffer;
unsigned char *data = pkt_buffer + 14;
uint16_t *nftp_type = (uint16_t*) (pkt_buffer + 14);
uint16_t *nftp_sequence = (uint16_t*) (pkt_buffer + 16);
uint16_t *nftp_offset = (uint16_t*) (pkt_buffer + 18);
uint16_t *nftp_chunk = (uint16_t*) (pkt_buffer + 20);
uint16_t *nftp_payload_len = (uint16_t*) (pkt_buffer + 22);
unsigned char *nftp_payload = pkt_buffer + 24;
int send_pkt_len;
int recv_pkt_len;
int nftp_send()
{
int st;
/*set the frame header*/
memcpy((void*)pkt_buffer, (void*)dst_mac, ETH_ALEN);
memcpy((void*)(pkt_buffer+ETH_ALEN), (void*)src_mac, ETH_ALEN);
((struct ethhdr*)etherhead)->h_proto = ETH_P_NFTP;
socket_address.sll_halen = ETH_ALEN;
memcpy(socket_address.sll_addr, dst_mac, ETH_ALEN);
(*nftp_sequence)++;
send_pkt_len = (*nftp_payload_len) + 24;
st = sendto(sockfd, pkt_buffer, send_pkt_len, 0,
(struct sockaddr*)&socket_address, sizeof(socket_address));
if (st == -1) {
perror("sendto");
/* Rules of proper programming don't apply in a hack like this. :-P */
exit(1);
}
}
int nftp_recv()
{
uint16_t st;
do {
recv_pkt_len = recvfrom(sockfd, pkt_buffer, NFTP_PROBE_RESP_LEN, 0, NULL, NULL);
if (recv_pkt_len == -1) {
perror("recvfrom");
return 1;
}
} while (((struct ethhdr*)etherhead)->h_proto != ETH_P_NFTP);
if (*nftp_payload_len == 2) {
st = *(uint16_t*)(nftp_payload);
} else {
st = 0;
}
return st;
}
int nftp_sendrecv()
{
uint16_t sequence;
int st;
nftp_send();
sequence = *nftp_sequence;
while (1) {
st = nftp_recv();
if (*nftp_sequence != sequence) {
D("Received unexpected packet seq=%d (expected %d)",
*nftp_sequence, sequence);
continue;
} else if (st != 0) {
fprintf(stderr, "Received non-0 response from router, aborting.\n");
exit(1);
}
return st;
}
}
int nftp_sendfile(int imgfd, int imgsize, char *status)
{
int imgoffset;
lseek(imgfd, 0, SEEK_SET);
*nftp_chunk = imgoffset = 0;
while (read(imgfd, nftp_payload, NFTP_BLOCK_SIZE) == NFTP_BLOCK_SIZE) {
*nftp_payload_len = NFTP_BLOCK_SIZE;
nftp_sendrecv();
*nftp_chunk += (NFTP_BLOCK_SIZE >> 4);
imgoffset += NFTP_BLOCK_SIZE;
fprintf( stderr, "\r%s: %10d/%d bytes",status, imgoffset, imgsize );
}
}
int main(int argc, char *argv[])
{
int send_result = 0, res, imgfd, upgrade = 0;
struct stat imginfo;
struct ifreq iface;
char *buf, *s;
if(argc < 3)
usage(argv[0]);
if (strcmp(argv[1], "-u") == 0) {
upgrade = 1;
} else if (strcmp(argv[1], "-v") != 0) {
usage(argv[0]);
}
/* Initialize the raw socket stuff. Most of this can be reused during
the whole session. */
sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if (sockfd == -1) {
if(geteuid() != 0) {
fprintf(stderr, "You should probably run this program as root.\n");
}
perror("socket");
return 1;
}
seteuid(getuid());
strncpy(iface.ifr_name, argv[2], IFNAMSIZ);
imgfd = open(argv[3], O_RDONLY);
fstat(imgfd, &imginfo);
if (imginfo.st_size % NFTP_BLOCK_SIZE) {
fprintf(stderr, "File size should be a multiple of %d.\n", NFTP_BLOCK_SIZE);
return 1;
}
res = ioctl(sockfd, SIOCGIFHWADDR, &iface);
if(res < 0){
perror("ioctl");
exit(1);
}
/*our MAC address*/
memcpy(src_mac, iface.ifr_hwaddr.sa_data, ETH_ALEN);
D("Sending frame on %s (%x:%x:%x:%x:%x:%x)", iface.ifr_name,
src_mac[0], src_mac[1], src_mac[2], src_mac[3], src_mac[4], src_mac[5]);
/*RAW communication*/
socket_address.sll_family = PF_PACKET;
/*we don't use a protocoll above ethernet layer
* ->just use anything here*/
socket_address.sll_protocol = htons(ETH_P_NFTP);
/*index of the network device
* see full code later how to retrieve it*/
res = ioctl(sockfd, SIOCGIFINDEX, &iface);
if(res < 0){
perror("ioctl");
exit(1);
}
socket_address.sll_ifindex =iface.ifr_ifindex;
/* ARP hardware identifier is ethernet */
socket_address.sll_hatype = ARPHRD_ETHER;
/* target is another host */
socket_address.sll_pkttype = PACKET_OTHERHOST;
*nftp_type = NFTP_TYPE_HWINFO;
send_pkt_len = NFTP_PROBE_LEN;
nftp_send();
nftp_recv();
/* Now we know where to talk to, stop broadcasting! */
memcpy(dst_mac, pkt_buffer + ETH_ALEN, ETH_ALEN);
D("Found a router at %x:%x:%x:%x:%x:%x", dst_mac[0], dst_mac[1], dst_mac[2], dst_mac[3], dst_mac[4], dst_mac[5]);
D("Router is a %s", pkt_buffer + 0x1C);
D("Current version is %x%x", pkt_buffer[0x4A], pkt_buffer[0x4B]);
D("Max upgrade size is %d kb", (pkt_buffer[0x16] | (pkt_buffer[0x17] << 8) | (pkt_buffer[0x18] << 16)) - 20);
/* Some kind of verification of the firmware image. This really is
just some guess work based on what I saw in upslug2 and the images
for my router (not compatible with upslug2). */
buf = malloc(IMG_VERIFY_BUF);
lseek(imgfd, -IMG_VERIFY_BUF, SEEK_END);
read(imgfd, buf, IMG_VERIFY_BUF);
s = (char*) memmem(buf, IMG_VERIFY_BUF, nftp_payload, (size_t) (*nftp_payload_len));
if (s == NULL ||
strncasecmp(s - strlen(IMG_VERIFY_STRING), IMG_VERIFY_STRING, strlen(IMG_VERIFY_STRING)) != 0 ||
strncasecmp(s + *nftp_payload_len, IMG_VERIFY_STRING, strlen(IMG_VERIFY_STRING)) != 0) {
fprintf(stderr, "Could not find \"magic hardware header\" in this image.\n"
"Uploading this is not recommended but press Enter if you wish to continue.\n");
read(0, buf, 1);
}
*nftp_type = NFTP_TYPE_UPGRADESTART;
*nftp_offset = 0;
*nftp_chunk = 0;
*nftp_payload_len = 0;
nftp_sendrecv();
if (upgrade) {
/* When the first packet comes in, the router will start
erasing flash before it sends an ACK. Keep the user
updated in the meantime. */
printf("Erasing flash, this will take around ten seconds...\n");
*nftp_type = NFTP_TYPE_UPGRADEDATA;
nftp_sendfile(imgfd, imginfo.st_size, "Upgrading");
printf("\nUpload completed, will now verify:\n");
}
*nftp_type = NFTP_TYPE_UPGRADEVERIFY;
nftp_sendfile(imgfd, imginfo.st_size, "Verifying");
if (upgrade) {
*nftp_type = NFTP_TYPE_REBOOT;
*nftp_payload_len = 0;
nftp_sendrecv();
}
printf("\nFirmware updated/verified successfully!\n");
return 0;
}
I just un-bricked a DG834N using this Code (Just flashing Red/Green. I wrecked it a few months ago testing a firmware), It'd be handy If someone could do a step-by-step guide for us Linux virgins though (It took me 2 days to figure it out!). I got the extra info I needed from this thread http://forum.kitz.co.uk/index.php/topic,6953.0.html (http://forum.kitz.co.uk/index.php/topic,6953.0.html)
I've put a copy of the code in C here http://buffalonas.com/waz101/oldbacup/nftp.c (http://buffalonas.com/waz101/oldbacup/nftp.c)
This should help you install it
What format is your compiled version in?
Can it be shared.
The code posted by y4mz compiles very easily on a Linux system and produces a simple command-line Linux executable. To do this, copy the code and save it as nftp.c . Then go to the directory where it's saved and type
gcc -o nftp nftp.c
This compiles very quickly to an executable called nftp. Copy the firmware to the same directory, then type
nftp -u eth0 <name of firmware file>
(You may need to change eth0 to the name which your system has assigned to the ethernet interface.) You may get a warning about the magic hardware header, but you can just OK this and let the update run. When it's finished the router is ready to use.
Only thing different I found was I needed to enter sudo ./ntfp -u eth0 DG834N_V1.02.15.img enter the system password and press Enter to bypass the magic uploader stuff to make it work
Thanks ;D
-
Yes, you're quite right there, I missed a bit in the how-to. You have to run nftp as root, and of course the ./ is needed to find the executable. I'll go back and edit it.
-
Just registered to say a big thanks to y4mz, roseway and waz101 for their help above. :)
Just got my 'new' DG834GT from ebay this morning, and by lunchtime had successfully bricked it. (I got the 'magic hardware header could not be found' warning when flashing with nftp from the DGTeam site.)
After recompiling nftp with the code above, I resurrected the router. I'm not that great with Linux, but it saves my skin time after time...
Just wish that the Netgear recovery utility would work with Windows 7, it would make things easier.
Great community here, I've been lurking for quite a while.
-
Welcome to the forum, and I'm glad it helped. :)
-
I also signed up to say thanks for this thread.
I had a spare one of these in a cupboard and was disappointed to find that the ADSL features were all "locked down" when I needed a spare.
I compiled the patched c code and used it as others have done. I now have an unlocked router. Thanks!
-
Welcome to the forum, and I'm pleased to hear that it worked for you. :)