Our Contribution to OpenSource         

Recovering a bricked NETGEAR WGR614 router
Author: Varuna E.


Thought of sharing my experience on recovering the router that had httpd in a non-working state.

Setup:
Netgear WGR614v9 router
Source code: Netgear WGR614v9-V1.2.6_18.0.17WW
Tool chain: hnd-tools-3.2.3
Tools: Telnetenable-0.3
Development system: Fedora 8 kernel 2.6.26

Prime focus was to reduce the foot print of the image on the router; hence, decided to remove the support for NAT.  Ensured that the ../src/linux/linux/.config did not have the ACOS NAT and ACOS NAT FireWall support enabled.  The kernel that resulted was less in size by about 500k.  Things went fine while flashing the router, post reboot, was not able to access the web GUI at all.

Using telnet enable, was able to get into the router and tried to restart /usr/sbin/httpd.  The message given out was that the /dev/acos_nat_cli was not available.  Created the dev file with major 204 and minor 0, and tried to restart httpd.  This did not take me any were as the message still given was that the device file was not accessible. Tried to restart the /sbin/acos_services, and also tried using /sbin/acos_init.  The message on the console was still the non-availability of the required device files for the NAT.  This put me into a situation where I could not recover the httpd, without which I could not flash the router.

I then tried to use the Netgear provided router recovery tool a good number of time, only to receive the message that the router does not have any issue that requires a recovery!  Searching www.myopenrouter.com website, found a couple to pointers such as to use either tftp or tftp2 to get the image onto the router.  Well I was not able to get the router into the flash mode as it was quickly getting into the booting sequence.  There has not been any information about what password to provide in the tftp2 tool as neither the Geardog nor the configured password for the router work.

I tried to use the erase_mtd_block bundle, then again the question was how to get the binary onto the router? Found /usr/bin/tftp on the router.  Figured out that I need to tftp onto my development system and get the binary into the router.  The installation on my development did not have xinetd and tftpd, and these packages were not available on the install media.

The question that still remained was how to flash the router?

This was when I noticed /sbin/erase available while exploring the router through telnet.  Executing /sbin/erase I realised that I need to provide the device name as a parameter.  The question was: what should be the device name? Should it be rootfs or ramfs? Well I do know for sure that embedded systems generally mount the rootfs in the RO mode, was still not sure of the functioning of the erase.

Looking into the source …/src/rc/rc.c, the erase functionality was: mtd_erase(argv[1]). Neither …/src/rc/mtd.c was of any help as there was no mention of the device name.  This is where the contents of /proc/devices came in handy.  Now should the device be mem or acos_nat_cli or raw or nvram? Finally nvram did work which erased the Linux partition and got the router into a state where the Netgear router recovery tool worked.

The learning out of this experience has been:


I explored further on the 4th learning and found that the …/project/acos/httpd/httpd and the …/src/router/mipsel-uclibc/install/httpd/usr/sbin/httpd differ.  Still yet to explore why is there a difference between the two httpd? May be …/src/linux/linux/net/khttpd has the intelligence to pick up from the kernel configuration, which Netgear is not using.


<< back     

Your feedback is warmly appreciated and we look forward to  Hear you at feedback at eudaemonicsystems dot net  or online at http://feedback.eudaemonicsystems.net


Simple, Specific & Insightful