Tuesday 29 January 2008

JTAG joy

A couple of weeks ago I managed to pick up an apparently toasted Buffalo WHR-G54S wireless router for a fiver thinking that I might be able to resurrect it. (I realise I can simply buy a new one for £23 from Ebuyer but that wouldn't be half as much fun.) Well, this morning everything has come together - wahey!

What makes this router such a bargain is that it's ideal for running DD-WRT, an alternative firmware to the standard Buffalo offering. I wanted to make a wireless bridge to a neighbour's AP (with their permission of course!) and I've used these before with great success.

On powering up the router had the classic symptoms of a failed flash attempt. All the LAN lights were on and steady and the thing was generally unresponsive. I tried the pin 12 trick to reset the NVRAM.

A quick Google reveals all you need to know about building a JTAG cable, so I'm not going to go into too much detail here. Most of the information talks about the Linksys WRT54G router but it's basically all applicable to the Buffalo. I had most of the bits in my stores and a trip to Maplin completed the inventory. In summary I needed nothing more than a 25 pin D-sub plug, some pin strip, an old IDE ribbon cable, some resistors and my soldering tools.

This particular Buffalo has a few things to watch out for. The JTAG header is intended to go on the underside of the PCB. If you solder a pin-strip to this side you won't be able to put the case back on so I fitted the pin-strips to the "wrong" side and reversed the wiring of the cable. Also a standard unbuffered JTAG cable requires four 100ohm resistors. After some failed attempts to erase the flash, I found some forum chat about the G54S needing 450-480ohm resistors. Adding four 390ohm resistors resulted in a functional, if not very messy cable.

With all the bits in place I erased the flash and reflashed the CFE firmware. The CFE code is the bit that runs the TFTP server on boot and allows the loading of the DD-WRT firmware. I found the trick is to to take your time - the erase and flash took in excess to four hours so don't be impatient!

I had a high-gain antenna left over from a previous project. As the connector wasn't quite as slim as that of the original antenna, I modified the case with a minature file to allow a usual size RP-SMA connector to fit snuggly.

And there we have it. Not too many ways you can have more fun for only a fiver!
Posted by Dicky S at 10:30

1 comment :

Clint said...

You crazy bugger. How long did all that take you?
So where are the photos of this Frankenrouter then??

30 January 2008 at 11:24

Post a Comment

Subscribe to: Post Comments ( Atom )