Search This Blog

Wednesday, October 19, 2011

Unbrick WZR-HP-G300NH2 and then flash DDWRT

1.Download pumpKIN http://kin.klever.net/pumpkin save you wasting time with tftp and the command line

2.Unplug all the ethernet cable and the power cable and connect the computer directly to the router(still leave it off)

3.Go to Control Panel\Network and Internet\Network Connections in win7
right click on local area connection and choose "properties"
choose "internet protocol version 4"
click properties then click "use the following ip address"
Enter these values:
IP address 192.168.11.2, subnet mask 255.255.255.0, default gateway192.168.11.1

4.then turn off firewall go to Control Panel\Network and Internet\Network and Sharing Centre click on windows firewall then
choose "turn windows firewall on or off" then click on every "turn windows firewall off" box.

5.Open a Windows command prompt as Administrator. type cmd in the search box from Start menu, then press Ctrl+Shift+Enter. You will be prompted with the User Account Control dialogue choose yes. OR just right click on CMD and choose run as administrator.
Type the command
route print
to get a list of your NIC(s). Write down the interface number for the LAN card, in my case, it's 10, you may need to scroll up. mine is the first one "Realtek PCIe GBE Family Controller"

6.Now type the command below to get the ARP binding(thanks ermax at DD-WRT forum):
Replacing the number 10 with the interface number

netsh interface ipv4 add neighbors 10 192.168.11.1 02-AA-BB-CC-DD-1A

7.Run pumpKIN utility choose "Put File"

8.Put 192.168.11.1 as remote host, local File is openwrt-ar71xx-generic-wzr-hp-g300nh2-squashfs-tftp.bin

9.Click "ok" and quickly plug the power cable into the back to turn on the router. (within a few seconds)

10. After 5-10 minutes, unplug and replug the router.

11. If there's no WebGUI, you'll have to telnet (Windows 7: add/remove windows features) into 192.168.1.1 and run,
1. cd /tmp
2. wget ftp://dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2011/06-14-11-r17201/buffalo_wzr-hp-g300nh2/wzr-hp-g300nh2-dd-wrt-webupgrade-MULTI.bin
3. dd bs=28 skip=1 if=/tmp/wzr-hp-g300nh2-dd-wrt-webupgrade-MULTI.bin of=/tmp/firmware.bin
4. sysupgrade -n /tmp/firmware.bin

15 comments:

Luke L said...

This was really useful, thanks for all your help.

Modifications: I downloaded the latest version of this firmware, and tried to use the dd command on it on the router, but I ran out of space in /tmp. I had to run dd in Cygwin, then run a Filezilla FTP server on my laptop and wget it from there. Once I did, it flashed perfectly fine.

Can you tell me what the dd command is used for in this instance?

Dr Keenbean said...

You are a damn lifesaver! Thanks so much for this, I had been screwing with this damn thing for about 4 hours.

dave said...
This comment has been removed by the author.
dave said...

So I need help flashing my WZR-HP-G300NH2. When I use the Pumpkin tool it times out and nothing else happens. I have waited for some time for a response from my router but nothing, I only see the power led and red dia symbol-staying steady. Any help would be greatly appreciated.

reshi said...

I managed to get all the way to to telnet part, but it will not connect to the dd-wrt FTP, help?

aliasmrx said...
This comment has been removed by the author.
aliasmrx said...
This comment has been removed by the author.
lpt2007 said...

I flashed my WZR-HP-300NH2 with openwrt image for WZR-HP-300NH now I have diag led flash forever. I try to use your method but not working for me I get time out in PumpKIN.

Turistov said...

Hello, I have troubles on the step №5. When I tipe "route print" i receive list:
0x1 ................. MS TCP Loopback Interface
0x2 ...00 0f ea be 6a 4d ....... NVIDIA nForce Networking Controller

so, what is the number of my nForce Networking Controller?

Turistov said...

Also, my MAC adress number is 00-AA-BB-CC-DD-8C, but wrote 02-AA-BB-CC-DD-1A. Should my MAC adress be like your or not? I cant execute step №6.

Turistov said...

When i tipe:
C:\Documents and Settings\User>netsh interface ipv4 add neighbors 2 192.168.11.1
00-24-a5-f5-7c-8c
I receive
Command interface ipv4 add neighbors 2 192.168.11.1 00-24-a5-f5-7c-8c not found
where the mistake?

Turistov said...

I have some success.
Instead of "netsh interface ipv4 add neighbors 10 192.168.11.1 00-24-a5-f5-7c-8c" I used "arp -s 192.168.11.1 00-24-a5-f5-7c-8c" and that step is OK.
But instead of step №10 i receive message from Pumpkin "Transmission is timed out. Transfer was aborted"
What`s wrong? Where is my mistake?

Sam Leung said...

Regarding Luke L's comment:

Same here! I actually used my iphone (jailbroken of course) to do the dd command. It was fun though.

Regarding others saying transmission timeout:

Assuming your router is bricked (like mine was), just keep repeating the PUT command in pumpkin with the router PLUGGED IN, and eventually it will start transferring.

Unknown said...

Still Works!
Also when you are on Step 11 make sure to adjust your network settings accordingly. IE set your IP address to be dynamically assigned or set your IP address to 192.168.1.2

Eric said...

It was easier to transfer the file with curl -T openwrt-ar71xx-generic-wzr-hp-g300nh2-squashfs-tftp.bin tftp://192.168.11.1 because it prints out nice transfer status.

It did however take many, many tries to get the timing right, but the instructions are correct; use the mac address listed, not the one on your device sticker.