giyad
join:2008-09-04
| [Unlock] WRTP54G Firmware upgrade
Ok, so this may be a stupid question, but I'm new here... I wanted to unlock my WRTP54G from Vonage, FW is 1.00.62. I found this extremely helpful but technical forum telling me to use CYT. Before doing that though, I was wondering if anyone could tell me whether installing the firmware of the WRP400 onto my WRTP54G would be possible? Would that unlock the device for me?
I ask because after buying the WRTP54G, I noticed that the WRP400 exists, and it seems like that device comes unlocked... I figure the routers are from the same company, look exactly the same, so could we just install the firmware of the unlocked device onto the locked one? |
|
GrauerFuchs
join:2008-01-05
 ·SIP Phone
| I strongly doubt it will work. Beyond having different ID codes, they probably have different chipsets inside, which would render the WRTP54G unusable. Take a look at the forum a bit more in depth. With some extra work, you can (using the onboard serial console and the JTAG programming port) convert this machine into a full WRTP54G-NA unit, free for use on all providers. There's a thread here devoted to that unit, and it has the tips and tools needed to guide you in unlocking the router both by CYT (non-permanent) and by flash reprogramming (permanent). |
|
giyad
join:2008-09-04 | Thanks, I won't take the chance then.
Do you have a link for how to flash reprogram the WRTP54G by any chance? I don't use Vonage so I need to get this unlocked, and I'd prefer not to do a temporary one. |
|
GrauerFuchs
join:2008-01-05
·SIP Phone
| A rough list of things to be done to make it a full NA version can be found here: »Re: WRTP54G-ER JTAG Unlock using windows
It was unfortunately never made into an easy how-to, and so it requires knowledge of the modified wrt54g/HDM or tjtag JTAG writing software, a hex editor, and a fair bit of information off of the openwrt wiki site for the WRTP54G. You'll need to use both a JTAG adapter and the serial console to make this happen, so it is rather advanced work. |
|
giyad
join:2008-09-04
| Actually, according to »Devomit Vonage(?) from RTP300/WRTP54G you can use CYT and then just upgrade the firmware that someone has already edited and uploaded in one of those links. The problem Im having is with CYT, its not completing the reset... |
|
mazilo
From Mazilo
Premium
join:2002-05-30
Lilburn, GA
| IIRC, references pointed out on Devomit Vonage thread were written in those days when firmware v1.00.62 wasn't even conceived, let alone released. As such, unlocking based on such references may and/or may be outdated and/or obsolete. |
|
giyad
join:2008-09-04 | damn, any suggestions then? How can I get this thing unlocked? |
|
GrauerFuchs
join:2008-01-05
·SIP Phone
| You can still use the serial console to force a firmware change. You just need to alter the NA firmware for it. So far, the 3.1.24 (or 3.1.27-ETSI) firmwares are good for this. You need a hex editor to change the code pattern in the file. You also need to update the checksum at the end of the file. A script called tichksum is used for this. That script is also in the above-mentioned wiki. Once this is done, go back into the hex editor and change a single byte more in the header to allow it to install from tftp (the appropriate offset is mentioned in the OpenWRT wiki page as well as the WRTP54G hacking threads here (do a search).
Using the serial console, you can instruct the boot loader to install a firmware from a local tftp server. This bypasses all of the V's security, because it never loads their software. With the new firmware in place of IMAGE_A and IMAGE_B, refer back to the wiki for instructions on erasing the CONFIG_A, CONFIG_B, and cyt_private partitions.
When you reboot, the machine will act as an NA.
If you don't want to crack open the box, or are afraid to do a bit of soldering to build up the serial console and level converter, the other option is to use the 'servers' method, often used for tricking and re-programming PAP2s. The WRTP54G will fall for the same trick. You just have a different prefix on the root-level xml file you need to feed it, and a different binary firmware (the one you just altered) to feed it. Wait a good 5 minutes after it has successfully taken the binary image, then do a factory reset.
The only downside to the above methods lies in the fact that you (or possibly someone else) could replace the modified firmware with a locked firmware, and the box would still accept it. |
|
giyad
join:2008-09-04 | Wow thanks haha, a little too much for me... |
|
