Aimesh on RT-AC56U

[netmind]

@Special - thanks very much for posting this! It's a couple years on now but still doing good out there. My AC56U is getting an extension on life!

Btw - did you ever make any progress with resolving the Lan1=WAN issue?

In case others are wondering, I have added the AC56U as a node to AIMesh 2.0 routers without any observed issues so far.

 

[Special]

No progress, I tried some things a couple years ago with no luck and haven't tried since.

It's good to know theses routers still have life and people are still using them.

 

[netmind]

I thought maybe I had figured out the port order needed and in my excitement to try it, I tried to flash the cfe without first doing a full reset. I know stupid.... but I was in a hurry/excited .

vlan1ports=4 3 2 1 5*
vlan2ports=0 5u

Well the mtd-write command returned a permission denied error. So I used the "dd" command instead, which gave a really strange out of space error. After the fact, I suspect this is b/c I had done the original 68U flash with default admin, but then afterwards had changed the logon username to something else for security (ie diff user/permissions?).

Long story short, I think cfe write failed and bricked the N56. Since the led's are still mucked, I can't tell much other I can't get a ping and haven't been able to get asus recovery tool or mini-cfe-web to work.

Any suggestions on how to unbrick is welcomed. Lol

Since the CFE/bootloader might be wacked, will I need to go the usb ttl cable route?

 

[ama55]

@Special - many thanks for detailed manual. I have upgraded my AC56U into AC68U at once without any issue. At present it successfully works as an AiMesh node:

 

[pehuang]

Just wanna share my AC56U->AC68U mod experience below :

0. Highly recommend that you had the thermal mod done on your AC56U. I prefer no fans so just use copper sheet and repaste it. The temperate downs about 15~20'C. I did it on every ASUS router I have.

1. Make sure you write down all three MAC addresses. (router / 2.4G / 5G)

2. Find the CFE_All.zip from Google. I got the AC68U CFE from it.

3. Dump the CFE from AC56U for backup. The file size of mine 1.0.2.7 is 512KB - so I pick up the same size AC68U CFE to use.

4. Use CFE editor to open AC68U CFE and modify all MAC MAC addresses as AC56U. Regarding CFE editor I use the advanced mode on right and you may easily compare it from your AC56U CFE backup.

5. Just follow the previous steps copying modded CFE to router and then clean it up.

My result :

It works well. The Ethernet ports are all reverted as mentioned before. Only power LED lit. All USB ports work as well. The idle tempature seems a bit higher?

 

[Payam Nab]

Tried the steps from post #8 and after "mtd-erase2 nvram" it gave "segmentation fault" error, so I tried to reboot with WPS button with no luck, power lid is solid light and no flashing, tried multiple times with reset button and same .... solid power led and no others.
Also tried the firmware recovery software and it cant see the router either.
Got no ping on 192.168.1.1 with ip set as static.

Any idea how to recover it?

 

[Special]

Tried the steps from post #8 and after "mtd-erase2 nvram" it gave "segmentation fault" error, so I tried to reboot with WPS button with no luck, power lid is solid light and no flashing, tried multiple times with reset button and same .... solid power led and no others.
Also tried the firmware recovery software and it cant see the router either.
Got no ping on 192.168.1.1 with ip set as static.

Any idea how to recover it?

"8. In Putty type: chmod u+x mtd-write"

It says "mtd-write" not "mtd-erase2"

I'm not sure how you would go about recovering it

 

[Payam Nab]

"8. In Putty type: chmod u+x mtd-write"

It says "mtd-write" not "mtd-erase2"

I'm not sure how you would go about recovering it

Hi, Thanks for reply,
Done all post #8 steps from 1 -11 with no errors, then in step 11 it says check PS#2

PS#2 From Asusfan999 "Instead of messing with the WPS button and the switch, I found that the command line incantation "mtd-erase2 nvram" followed by "reboot" was much more convenient."

 

[Special]

You may have to use a serial TTL cable to write back the cfe.
This Link might help.

 

[Special]

Here's an earlier post in the thread

"did you try to clear NVRAM via miniCFE?
just keep reset (not WPS) button on and power up router after 5-10s reset off and use Firefox to log to miniCFE 192.168.1.1 From miniCFE you can clear NVRAM and load soft one more time.
not sure why but for same AC56U after mod WPS (I tired EU and NA CFE) and reset are not working but you can use miniCFE to clear NVRAM. This definitely happen for me using 386.1_2 firmware - no issue with 384.19_0 RMerlin."

 

[Payam Nab]

Here's an earlier post in the thread

"did you try to clear NVRAM via miniCFE?
just keep reset (not WPS) button on and power up router after 5-10s reset off and use Firefox to log to miniCFE 192.168.1.1 From miniCFE you can clear NVRAM and load soft one more time.
not sure why but for same AC56U after mod WPS (I tired EU and NA CFE) and reset are not working but you can use miniCFE to clear NVRAM. This definitely happen for me using 386.1_2 firmware - no issue with 384.19_0 RMerlin."

MiniCFE not coming up and no ping on 192.168.1.1
Seems like its bricked because I tried to flash latest merlin instead of flashing default asus firmware first ... will put it back in the closet where it was for last 5 years ...
Thanks for trying to help.

 

[pattox]

Here's how I did it.
You will need Putty, WinSCP, CFEEdit or other hex editor, asus rt-ac68 firmware & mtd-write. * See PS#4 note below*
If you search for "Bay area tech pros" in Google you can find the files.

1. Enable SSH in "Adminitration" - "System" tab.

2. Open Putty and WinSCP and connect them to your router using its Lan ip address. In WinSCP selet SCP as protocol.

3. In putty type:
cat /dev/mtd0 > original_cfe.bin

4. In WinSCP you should be in the /home/root or /root directory hit the refresh icon on right side to see original_cfe.bin.

5. Copy original_cfe.bin form router to your computer by dragging from the right window to your computer in the left window.

6. Open the original_cfe.bin in your editor and find the 2 instances of RT-AC56U and replace with RT-AC68U save the file as new_cfe.bin

7. In WinSCP copy the new_cfe.bin, mtd-write, and RT-AC68U_3.0.0.4_384_45149-g467037b.trx (or any ASUS firmware) back to your router.

8. In Putty type: chmod u+x mtd-write

9. In Putty type: ./mtd-write new_cfe.bin boot

10. In Putty type: mtd-write2 RT-AC68U_3.0.0.4_384_45149-g467037b.trx linux (or whatever firmware you are using)

11. Follow steps below to perform NVRAM Reset, wait for reboot <5 mins
a. Power off router
b. Wait 10 seconds
c. Press and hold WPS button *See PS#2 note below*
d. Power up the router and continue to hold WPS button for 15-20 seconds until power LED starts blinking very quickly.

After reboot it should report as a rt-ac68u.

PS#1 Since initially writing this I uploaded a rt-ac68u official .cfe to it with the correct mac addresses and secret code and it works fine except the WAN is still LAN1 and the power light is the only light that lights up.

PS#2 From Asusfan999 "Instead of messing with the WPS button and the switch, I found that the command line incantation "mtd-erase2 nvram" followed by "reboot" was much more convenient."

PS#3 The USB port does not work unless an AC68u cfe is uploaded to the router as discussed later in the posting.

PS#4 Asusfan9999 reported having better luck with "mtd-write v2" (executable size 733,422) Google to find it.

I came across this thread recently. Like many others, I have an rt AC56U which I haven't used for quite a while. I now need another Aimesh node to fill a gap in wifi coverage and am tempted to try the conversion to an AC68u.

I think there have been some changes to mtd-write version2 since the thread was started and which now some changes to the commands shown.

In particular A) (re 9. In Putty type: ./mtd-write new_cfe.bin boot)
now needs to be something like "./mtd-write -i new_cfe.bin boot"

and B) re10. In Putty type: mtd-write2 RT-AC68U_3.0.0.4_384_45149-g467037b.trx linux

now mtd-write2 needs a <path> and <device>
So I'm not sure how step 10 would have to be translated for this commandto work.

Again, Like others I would like to achieve this conversion but not if the process bricks the router.

Has anyone successfully done this conversion recently using updated commands?

 

[Lucian Tothezan]

hello everyone. i am having an issue in using the cfe i have extracted from my RT-AC68U in order to load it onto my RT-AC56U : after modifying the mac(s) and secret code , i am able to load the cfe onto my 56U, the cli works ok but i cannot use the aimesh feature; it fails with timeout. with the cfe from 56u modified i am able to use the ai mesh but i also need the usb wich is not working with a 56u modified cfe. the cfe from 56u is 1.0.2.3 and the cfe from 68u is 1.0.2.0. thank You in advance for Your help. Best regards,

 

[Lucian Tothezan]

I came across this thread recently. Like many others, I have an rt AC56U which I haven't used for quite a while. I now need another Aimesh node to fill a gap in wifi coverage and am tempted to try the conversion to an AC68u.

I think there have been some changes to mtd-write version2 since the thread was started and which now some changes to the commands shown.

In particular A) (re 9. In Putty type: ./mtd-write new_cfe.bin boot)
now needs to be something like "./mtd-write -i new_cfe.bin boot"

and B) re10. In Putty type: mtd-write2 RT-AC68U_3.0.0.4_384_45149-g467037b.trx linux

now mtd-write2 needs a <path> and <device>
So I'm not sure how step 10 would have to be translated for this commandto work.

Again, Like others I would like to achieve this conversion but not if the process bricks the router.

Has anyone successfully done this conversion recently using updated commands?

hello. i have done it these days but bare in mind that the usb will not work on your 56U. so :
A) ./mtd-write -i new_cfe.bin -d boot
B)(is the same , do not forget the "linux" at the end) mtd-write2 <firmware> linux

it should work

 

[mad_ady]

Thank you @Special and the other contributors for your instructions!

I have retired my RT-56U from router duty, and replaced it with a RT-AX58U. Instead of living in a drawer, the RT-56U will become a mesh node to extend the wifi coverage at my in-laws.

So, here are the steps I did, for future reference (followed the guide in https://www.snbforums.com/threads/aimesh-on-rt-ac56u.55732/post-663816)

1. Reset to factory defaults from the web UI. I am running RMerlin 384.5
2. Set an admin password, enable SSH, Format JFFS on next boot + reboot
3. ssh into the router and save the original cfe:

PC$  ssh [email protected]
[email protected]'s password: 


ASUSWRT-Merlin RT-AC56U 384.5-0 Sun May 13 01:52:57 UTC 2018
admin@RT-AC56U-6CB0:/tmp/home/root# cat /dev/mtd0 > original_cfe.bin
admin@RT-AC56U-6CB0:/tmp/home/root# ls -l original_cfe.bin 
-rw-rw-rw-    1 admin    root        524288 Feb 14 02:06 original_cfe.bin
admin@RT-AC56U-6CB0:/tmp/home/root# exit
Connection to 192.168.1.1 closed.

4. Transfer the saved CFE locally with scp:

PC$  scp -O [email protected]:original_cfe.bin .
[email protected]'s password: 
original_cfe.bin                                        100%  512KB   4.5MB/s   00:00

5. Make a copy and edit it from RT-AC56U to RT-AC68U:

PC$  cp original_cfe.bin new_cfe.bin
PC$  dhex new_cfe.bin

Here are the instances where I made changes:

Check that they were saved:

PC$  strings new_cfe.bin | grep RT-AC
model=RT-AC68U
odmpid=RT-AC68U

6. Get the necessary tools to flash the new AC68U image:
* you can see what the original CFE version is with this command:

PC$  strings original_cfe.bin | grep bl_version
bl_version=1.0.2.3

* download the latest firmware for RT-AC68U from Asus: https://www.asus.com/supportonly/rt-ac68u/helpdesk_bios/
I used the current latest version - 3.0.0.4.386_51733

PC$  cd Downloads/
PC$  unzip FW_RT_AC68U_300438651733.zip 
Archive:  FW_RT_AC68U_300438651733.zip
  inflating: RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx

In order to get mtd-write (not sure why I can't use dd, but didn't want to risk it), I found mtd-write v2 at this link (https://mega.nz/#!R4AWkJSQ!pGw1Vl0j6qS9kYhbOtpvsgbKf-VIRfWRw61HhmIqRDM) - use at your own risk. Unrar it:

PC$  unrar x mtd-write-arm_v2.rar 

UNRAR 7.00 freeware      Copyright (c) 1993-2024 Alexander Roshal


Extracting from mtd-write-arm_v2.rar

Extracting  mtd-write                                                 OK 
All OK
PC$  ls -l mtd-write
-rw-rw-r-- 1 user user 733422 Jan  1  2011 mtd-write

7. transfer modified CFE + mtd-write v2 + new firmware over to the router.

PC$  scp -O ~/new_cfe.bin [email protected]:.
[email protected]'s password: 
new_cfe.bin                                             100%  512KB   2.6MB/s   00:00

Note that newer firmwares might not fit into the ramdrive anymore. I tried 386_51733, and it failed to copy at 98%:

PC$  scp -O ~/Downloads/RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx [email protected]:.
[email protected]'s password: 
RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx                  98%  100MB   2.9MB/s   00:00 ETA
scp: RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx: No space left on device
RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx                 100%  102MB   2.9MB/s   00:35

admin@RT-AC56U-6CB0:/tmp/home/root# rm -f /tmp/RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx 
-sh: can't fork
admin@RT-AC56U-6CB0:/tmp/home/root# ls -l /tmp/RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx 
-sh: can't fork

Should this happen to you, reboot the router, attach a known good USB stick (formatted as ext3), and transfer the files to the USB stick instead:

PC$  scp -O ~/Downloads/RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx [email protected]:/tmp/mnt/sda1/
[email protected]'s password: 
RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx                 100%  102MB   2.8MB/s   00:36    
PC$  scp -O ~/new_cfe.bin [email protected]:/tmp/mnt/sda1/
[email protected]'s password: 
new_cfe.bin                                             100%  512KB   4.0MB/s   00:00 
PC$  scp -O ~/Downloads/mtd-write [email protected]:/tmp/mnt/sda1/
[email protected]'s password: 
mtd-write                                               100%  716KB   2.9MB/s   00:00

I didn't need to transfer mtd-write2, because it was already included in my older RMerlin firmware:

admin@RT-AC56U-6CB0:/tmp/home/root# ls -l /sbin/mtd-write2
lrwxrwxrwx    1 admin    root             2 May 13  2018 /sbin/mtd-write2 -> rc
admin@RT-AC56U-6CB0:/tmp/home/root# mtd-write2
usage: mtd-write2 [path] [device]

8. The moment of truth - flash cfe and firmware from ssh:

PC$  ssh [email protected]
[email protected]'s password: 


ASUSWRT-Merlin RT-AC56U 384.5-0 Sun May 13 01:52:57 UTC 2018
admin@RT-AC56U-6CB0:/tmp/home/root# cd /tmp/mnt/sda1/
admin@RT-AC56U-6CB0:/tmp/mnt/sda1# chmod a+x mtd-write
admin@RT-AC56U-6CB0:/tmp/mnt/sda1# ls -l mtd-write RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx
  new_cfe.bin 
-rw-rw-r--    1 admin    root     106975252 Feb 14 02:04 RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx
-rwxrwxr-x    1 admin    root        733422 Feb 14 02:33 mtd-write
-rw-rw-r--    1 admin    root        524288 Feb 14 02:04 new_cfe.bin
admin@RT-AC56U-6CB0:/tmp/mnt/sda1# ./mtd-write new_cfe.bin boot
Usage: ./mtd-write -i file -d part
admin@RT-AC56U-6CB0:/tmp/mnt/sda1# ./mtd-write -i new_cfe.bin -d boot
admin@RT-AC56U-6CB0:/tmp/mnt/sda1# mtd-write2 RT-AC68U_3.0.0.4_386_51733-g8eebcd2.trx linux
linux: CRC OK

9. Power off, wait 10s, power on router. Make sure you are connecting via cable, to port LAN2 (LAN1 is WAN). Wait a bit (a few minutes) and try to ssh into it:

PC$  ssh [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:ff2UidlZQr9PtCdBzE0uSbUMgK3oPSSRDSxLfuAqjdY.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/user/.ssh/known_hosts:216
  remove with:
  ssh-keygen -f '/home/user/.ssh/known_hosts' -R '192.168.1.1'
Host key for 192.168.1.1 has changed and you have requested strict checking.
Host key verification failed.

It's normal to get a ssh host key error. Clear the old key:

PC$   ssh-keygen -f '/home/user/.ssh/known_hosts' -R '192.168.1.1'
# Host 192.168.1.1 found: line 216
/home/user/.ssh/known_hosts updated.
Original contents retained as /home/user/.ssh/known_hosts.old

Try to connect again:

PC$  ssh [email protected]
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
ED25519 key fingerprint is SHA256:5Q2Q/4C5HxSwLfxuGWDqlbOX4wgmknNbSJZKEmVQyys.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.1.1' (ED25519) to the list of known hosts.
[email protected]'s password: 
admin@RT-AC68U-6CB0:/tmp/home/root# 
admin@RT-AC68U-6CB0:/tmp/home/root# mtd-erase2 nvram
admin@RT-AC68U-6CB0:/tmp/home/root# 
admin@RT-AC68U-6CB0:/tmp/home/root# reboot
admin@RT-AC68U-6CB0:/tmp/home/root#

Wait 5 more minutes, and see if you can login in the web gui.
For some reason, even deleting the nvram, my system still had the old admin password. So I went into the web interface, and did a reset to factory default, with "Initialize all the settings, and clear all the data log for AiProtection, Traffic Analyzer, and Web History." set.

Now, the router looks good to be used as an AI Mesh node. Will test this later on.

Thanks again for the instructions!

 

[mad_ady]

Here's a small update - the converted RT-AC56U works great as an AI Mesh node. I get about 300Mbps wifi 5 speeds with it (compared to 500+Mbps when using an RT-AX52), but it's great for coverage.