Equipment Support > Hardware By Brand > Linksys > [Firmware] BEFSR41 ver. 3

[Firmware] BEFSR41 ver. 3

Have you tried this: »/forum/remark%···ode=flat
--
It is better to have it and not need it, than to need it and not have it.

reply to renardhu
Thanks, but that link cannot help me.
The firmware is corrupt, therefore at this moment the router cannot handle TCP/IP protocol. I have to use the JTAG connector.

That link is for a bad flash, there were a couple linksys firmware upgrades that were good for breaking.

That aside, you are going through an awful lot for a $40 item.
--
It is better to have it and not need it, than to need it and not have it.

I would like to know the solution, not the price
The price is known, but the solution...

I gave you a solution, you want to do it the hard way.

Your solution works when the router can handle TCP/IP protocol, when the router has IP address. In my case the router has not IP address!!! In this case how could I use ping, tftp and/or http??? I tried that way (10M, half duplex, 192.168.1.2/24, ping 192.168.1.1 etc.) sometimes when I received the router many weeks later from one of my colleague.

I would not like to select the hard way, but I have to select that, because other solution isn't possible.

I hope that somebody knows this router better and can help me to find the right "debrick" procedure...

(This router is not so important thing, this is only a challenge", I don't want to repair that at any price, but I am interested in this kind of things.)

Just looking around a bit: »www.google.com/search?hl=en&as_q···e=images

Sniffing the LAN, don't be surprised if you get an ARP "courtesy notification" immediately after boot that it declares itself on 192.168.1.1 and for a short time accepts a tftp transfer of a standard *.bin image to burn FLASH. It was around the V3 time Linksys started that.

If you see that notification, the routine, network and all, is fixed address and in the boot code, not the firmware area of FLASH.

On a secondary note is a header for a serial port. That same boot code may talk to a dumb terminal.

Just a thought. They may not have done this at all on the BEFSR41 and I have no experience past the V1 which I never went that far with. Maybe one of the links above will get some info.

Thanks.
1. I know Google but I could not find anything useful information about my JTAG problem.
2. I tried to check the "ARP courtesy notification" of the router with Wireshark, but the router did not send anything. From another router I can received the expected message...
3. This kind of router has not serial port on the PCB (the serial pins of the CPU are not connected anywhere).

I'm not familiar enough with ARM/H-JTAG to know if you can create arbitrary reads. If so, can you go looking for valid data? That should get the FLASH location. Floating busses usually give themselves away (which may give clues to the DRAM, too).

Yes...
The KS8695 CPU (ARM922T core inside) has an MMU. The MMU translates virtual addresses into physical addresses. How does the CPU handle the memory in the BEFSR41 v3 router? I don't know. This is my problem...
The Google couldn't help me...