Unbrick Netgear D6000/D3600 no ping using Linux/Raspberry Pi, serial connection and tftp

[Article backed up from previous site]

This is not a common tftp guide and probably not a common case. This simple process is tested with Netgear D6000 but I’m 99% sure it works also with D3600 as they are similar. Take a look here.

The goal is to break the boot process of the router in order to get the bootloader shell, at which point we can work out things.

The router in this guide suffered a blackout during the process of firmware upgrade.

Symptoms:
no ping
the power led is green
the power led remains green and don’t responds to the reset button(press, long press, 30sec press OFF/ON)
no other leds are turning on
The official windows based manufacturer guide doesn’t work for you.

Things you need:
2 or 1 PCs (one for controlling the RPI via local network using the recommended and standard VNC protocoll, the other one for connecting via ethernet to the router)

A Raspberry PI with GPIO and Raspbian preinstalled OR USB 2.0 to TTL UART Serial Converter

AND

Female to female breadboard jumpers

metal pry tool like those for smartphone repairing

You don’t need a screwdriver as we don’t need to unscrew, just use the pry tool to remove the upper plastic panel by gently twisting the tool.

Once removed the cover you can locate the RS232 pins.

Cause the lack of the official documentation for this model I had to tent the fortune by guessing the pinout. Luckily I did it without blowing anything.

If you mistake the tx/rx connection you will see a blob of random characters. Just make sure to connect GND to GRD the right way.

For the RPI owners

Whatever revision of RPi you have (1 or 2) the GPIO output configuration is the same.

We are interested in GPIO14(TX) and GPIO15(RX), you can choose whatever GND you prefer, I used the near one on the left (Pin No. 6).

This is the reference for some other RPI models just for killing any doubts.

Ready to connect

Make sure that the router is turned off. (this is just the best practice otherwise stay sure, no circuit is gonna blow 😉

Even if you are on Linux with USB to TTL adapter or on RPI the process should be the same. If not let me know in the comments. The process is tested on RPI.

While the GRD of the router connects to the GND of RPI or TTL Adapter the TX of the router should be directly connected to RX of RPI(or adapter) and vice versa. In other words, the RX/TX of each device should be cross-connected.

Now that we are ready to communicate we can install the required software

sudo apt-get install minicom

“Minicom is a text-based serial port communications program. It is used to talk to external RS-232 devices such as mobile phones, routers, and serial console port” read here.

Now that we have installed minicom there’s a mysterious service to disable which by default has control on our ttyAMA0 by default. We will stop it using this command.

sudo systemctl stop serial-getty@ttyAMA0.service
[OPTIONAL] If we want to make sure that this service won’t disturb us in the next session we can definitely disable it.

sudo systemctl disable serial-getty@ttyAMA0.service

All is ready, we are connected, the router is ready to power on, all we know is that it expects some input(CTRL+C) at a given boot interval otherwise it will continue to boot stopping with some error eg kernel panic. So:

We can start minicom.

sudo minicom -b 115200 -o -D /dev/ttyAMA0

Then power on the modem and immediately keep pressing CTRL+C. If you miss the moment the router will keep booting until the first error like in my case:

Power off and power on again.

After some boot output you should see a command line like this

bldr>

(which stands for bootloader)

At this point you can take your time, the device is waiting for your input. If you type “help” or “?” it will give you some interesting options.

At this moment your router is back to replying to ping request via the ethernet port. Let’s configure a static IP address on another machine running Linux:

IP address: 192.168.1.100

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.1.1

If you are unfamiliar with the new ubuntu network configuration you may be more lucky with

nm-connection-editor

You can test by yourself that the router is accepting ping requests.

ping 192.168.1.1

(If you are asking yourself why do I recommend a Linux machine for doing this the answer is because I had bad luck following the official guide from Netgear. I was able to upload the firmware but some CRC check failed resulting in a corrupt binary error, the same procedure worked flawlessly on Linux)

Try flashing the firmware using TFTP.

Download your firmware and extract the binaries:

D6000

D3600

Make sure you have tftp installed:

sudo apt-get install tftp

Then we are ready to flash:

tftp 192.168.1.1
put firmware.bin

Wait some seconds and look at you router’s leds blinking again.

Congratulations!

You recovered your router.