Debrick Routers Using JTAG Cable

From TIAO's Wiki
Revision as of 15:19, 8 February 2009 by Admin (talk | contribs) (Using JTAG Cable to Repair Bricked Router)
Jump to: navigation, search

10 PCS, 10cm x 10cm, 2 layers prototype for $38.80 shipped!

In this tutorial, I am going to show you how to debrick your router using DIYGADGET's dedicated JTAG cable for routers (solderless way).

Before you try to JTAG your router, we highly recommend you to try a few other steps before you JTAG your router.

Things need to try before you JTAG the router

Please read carefully on this article:

Recover from a Bad Flash

If you have tried everything before the section "Recovery by JTAG cable" and it still doesn't work, you can now proceed with the following tutorials on how to save your router by using DIYGADGET's JTAG cable.

Router Basics

I think it is very important to introduce some router basics before we get started. Because we are going to work on these stuff later on to save your router.

You probably already heard of terms like, NVRAM, CFE, FLASH ect. So what are they?

NVRAM

NVRAM stands for nonvolatile RAM. It can hold its contents when the main power source is lost. You may even know this type of memory as static RAM (SRAM), Broadcom based router uses NVRAM to store the startup configuration file. Most bricked routers are caused by a wrong configuration file.

Kernel

The kernel is the central component of router. Its responsibilities include managing the router's resources (the communication between hardware and software components).

A corrupted kernel can also brick a router. The kernel is stored in the onboard FLASH chip.

Common Firmware Environment (CFE)

CFE stands for Common Firmware Environment. The Broadcom Common Firmware Environment (CFE) is a collection of software modules for initialization and bootstrap of designs incorporating Broadcom MIPS64™ processors. CFE is used to bootstrap the OS.

On startup, CFE performs the following low-level initialization:

  1. Reset and ROM trap handler vectors
  2. CPU and FPU initialization
  3. L1 and L2 Cache initialization
  4. Multiprocessor initialization
  5. Memory controller initialization
  6. PCI and LDT bus configuration
  7. Environment variables
  8. Console device initialization
  9. Bootstrap device initialization

Corrupted CFE is an uncommon reason for a bricked router. But it could happen.

Using JTAG Cable to Repair Bricked Router

If you have read this far, it means the only way to debrick your router is by using a JTAG cable. Sorry to hear that! However, don't worry, the steps are really straightforward!

DIYGADGET's Router JTAG Cable

The is the schematic of the JTAG cable:

Router JTAG Schematic

This is the JTAG pinout of the Linksys WRT54G(GS/GL) series routers:

nTRST  1   2 GND
TDI    3   4 GND
TDO    5   6 GND
TMS    7   8 GND
TCK    9  10 GND
nSRST 11  12 GND
Linksys Series Routers JTAG Pinout
DB25 Router Function
2 3 TDI
3 9 TCK
4 7 TMS
5 1 TRST (Not Connected)
13 5 TDO
18-25 2,4,6,8,10 GND


The PCB Layout of DIYGADGET's Router JTAG Cable:

PCB Layout of DIYGADGET's Router JTAG Cable


The internal construction of DIYGADGET's Router JTAG cable:

Internal Construction of DIYGADGET's router JTAG Cable


Disassemble WRT54G/GS/GL) Series Router

There are no screws on the Linksys WRT54G/GS/GL) Series Routers.

Unscrew the antennas from the back (you may need to slide back the antenna caps to unscrew the antennas):

Unscrew the antennas

There is no screws to hold the faceplate. Turn the unit upside down and place your hands between the feet on the side, then push on the blue feet with your thumbs, the faceplate and the back cover are off now:

Pop off the face plate


Now the face plate is off, you can see the board now:

Face plate is off


Locate the JTAG Pins/Pads on the Router

The WRT54G(GS/GL) series routers have the standard JTAG pads on the PCB, It's the JP2 on the pcb as shown in the following pictures:

WRT54G(GS/GL) series JTAG port
WRT54G(GS/GL) series JTAG port


Making The JTAG Connection

This is the exciting part of this tutorial. If your router (like the Linksys WRT54G series) already has the standard 12 pin JTAG pads on the PCB, you mostly like do NOT need to solder wires on your PCB! DIYGADGET provides solderless solution for these routers.

This is what you will receive in your purchase. In this package, you will receive a Router JTAG cable, a 12 PIN header and 6 solderless pins. The solderless pins are provided for solderless operation:

DIYGADGET's Router JTAG Package


10 PCS, 10cm x 10cm, 2 layers prototype for $38.80 shipped!