What's new

Tutorial ASUS ROUTERS JTAG RECOVERY

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hi, guys.
Bought a broken RT-AC1900P on ebay a week ago. For parts or repair.
A rare beast in our places, that's why extremely desired.
Cosmetically very good but only USB2.0 LED lights.
US $9.01. Not bad.

Appeared to be a broken CFE.
Restored at home in an unusual way, device working well so far.
Anybody interested? The process is cool and not very pleasant, you're warned :D
 
Can you elaborate on the process?
I can, but you won't like it. And mine device is RT-AC1900P, not TM-AC1900, not sure if that matters.

If the CFE is corrupted you have to trash RT-AC68U-like router because there's no known JTAG solution currently.
The only way to repair it is to desolder nand-flash chip (Spansion S34ML01G200TFI00 in my router) and to write a CFE dump to it using a programmer.
The problem is that such programmer costs as 10 good routers or so.

That's why my main idea was to use an old RT-AC66U with CFE inside a SPI chip to reprogram a nand-flash chip for RT-AC1900P.
If you want to follow my way, you will need to:
1. Have a spare RT-AC66U(R) router (it will live after all :D );
2. Have a skill or equipment to desolder and solder TSSOP-48 chips.
3. Know how to connect a serial console to router and to enter commands there.

To say the truth, I just used a nand-flash chip from RT-AC66U to minimize soldering and my RT-AC1900P runs on Zentel A5U1GA31ATS currently :D

Are you still interested?
 
so your idea is to take the nand flash from the bricked router and hook it inside the RT-AC66U in some way and flash it?
my only problem is soldering and desoldering the 48 legs chip. but I would like to know more, I might do it, what else could go wrong after its bricked.
Note: I do have another TM-AC1900 router which also flashed to AC68U and running without issues, not sure if I can use it to revive the bricked one.
Thanks
 
@bossrek, will try to answer the questions one by one.
1. Yes, you understood my idea correctly. RT-AC66U and RT-AC68U (RT-AC1900P too) use similar nand-flash, the chips are swappable.

2. Soldering is really a problem but it can be done with a knife-style soldering iron and a half of a razor blade. Just take enough solder to connect all pins on one side, heat them all together and separate them carefully all together from the PCB with a razor blade. The other side can be unsoldered in the same way.
20180608_065414.jpg
(the photo is after some cleaning, of course, you should use flux)

3. RT-AC66U is a unique device because it has the CFE inside a small SPI chip. That's why all these tricks with soldering flashes and flashing something alien for this device are possible.
There are other ways, say, to use another TM-AC1900, I'm sure it's possible.
But the task will be much more complicated. You will have, say, to solder one flash chip on the top of another, just separate pins #9 (CE# signal) and play with router booting and the two CE#'s after this.
Personally, I already have too poor vision for such games.

4. I cannot say anything about that programmer as I never owned it. But I am not a repairman and don't want to waste $60 for a programmer.

5. Yes, for RT-AC68U the CFE is a part of the nand flash. It's a common practice, AFAIK. RT-AC66U(R) is unique in this sense, AFAIK.
 
Last edited:
Hello.

I know this is an old thread but i may need your expertise regarding my ASUS AC GT5300.

The story behind is that it was thrown in the trash bin in our office so i decided to pick it up and this comes with no warranty.

asusgt-ac5300-8.jpg



https://www.smallnetbuilder.com/wir...reless-ac5300-tri-band-gaming-router-reviewed


asus_gtac5300_fcc_revs.jpg


asus_gtac5300_board_top_naked.jpg



asus_gtac5300_board_bottom.jpg


ISSUE:

WiFi is not detected.

STEPS DONE:

1. 30/30/30 reset and placed it on Rescue Mode
2. Uploaded the 2nd latest firmware update.
3. Erased NVRAM via WPS for 30 Seconds
4. Still no WiFi Broadcast of any kind.
5. Checked the WiFi Signal Broadcast and even searching for WiFi Nodes it says "No Interface"


Hardware Version: 1.411


I've extracted a log from a known working GT-5300 and a known not working GT-5300 from what i've decoded that the non-working model is working fine. I believe this needs to be reflashed via JTAG / USB Serial Interface during rescue mode perhaps.

Based on photos there is a JTAG Header and i'm exploring the possibility to have this working since it boots normally i can access the admin interface.

I'm open to your suggestions and opinions regarding the restoration.

Thanks Everyone!
 

Attachments

  • ASUS GT AC5300 Rapture Working Logs.txt
    46.1 KB · Views: 247
  • ASUS GT AC5300 Rapture Non-Working Logs.txt
    76.2 KB · Views: 261
@MattGuyver, I wish you luck and with the help, you'll find here, I'm sure if it is possible, you'll get this working again.

All I can add is that there is no 30-30-30 reset on Asus routers. :)

Have a quick look at the M&M Config and Nuclear Reset guides in the link in my signature below to try and get the router back to a good/known state.
 
@MattGuyver, I wish you luck and with the help, you'll find here, I'm sure if it is possible, you'll get this working again.

All I can add is that there is no 30-30-30 reset on Asus routers. :)

Have a quick look at the M&M Config and Nuclear Reset guides in the link in my signature below to try and get the router back to a good/known state.

Thank you for the enlightenment. I will be checking the links you provided! :D

PS:

You made me feel alive! HAHA
 
JTAG should only be needed if the bootloader is corrupted. And if the router does boot to the admin webui, then you shouldn't need aserial access either (serial access is typically for development purposes, since Firmware Recovery can be done over Ethernet).

Having one of the radios die isn't unheard of, but having all three dead sound weird to me. Double check that it wasn't forcibly flashed with a firmware from the wrong model. You might also check that the Wifi on/off switch on the router isn't shorted out.
 
JTAG should only be needed if the bootloader is corrupted. And if the router does boot to the admin webui, then you shouldn't need aserial access either (serial access is typically for development purposes, since Firmware Recovery can be done over Ethernet).

Having one of the radios die isn't unheard of, but having all three dead sound weird to me. Double check that it wasn't forcibly flashed with a firmware from the wrong model. You might also check that the Wifi on/off switch on the router isn't shorted out.


Hmmm Lemme check if the switch works on continuity via DMM.

Thanks for the heads up @RMerlin

I love your work by the way.
 


Hello there.

I tried the trick this evening in my country still no go. Now i dunno where to go afterwards. But is there a way to dig there is a broadcast or something?

Likewise checked if there is another item you recommended unfortunately there is no option under professional.

The weird thing is that the wireless channel is O on 2.4GHz 5.0GHz and Upper band 5.0 GHz

I guess i will try to desolder the switch when i have the right tools as mentioned by @RMerlin's advise. I will try this over the weekend if it will work.

One thing i noticed as well the other side of the router doesn't produce heat like the working GT-AC5300


Please let me know your thoughts as well.

Thank you for your kind help :)
 
Channel 0 typically indicates that the radio failed to initialize, generally due to hardware failure (as a disabled radio would be indicated as such).

Watching the router over serial as it boots can provide more insight than what's in dmesg/syslog. The second 5 GHz radio died on my RT-AC5300 last year, I could see it over serial as it got stuck for an extended period of time trying to initialize it, before giving up and continuing to boot.

The GT-AC5300 ain't an old model, and Asus typically provide 2 or 3 years warranty. Have you looked at possibly getting an RMA?
 
Hello, i need help with Asus RT-AC5300, i bought broken one from ebay. Only power led and wan port is lighting when connected, no wifi or lan port light. I connect to router via Jtag and connect to router (see attached). Any ideas is it possible to flash it via Jtag or do somthing to conect it via lan port. Thanks
 

Attachments

  • putty.txt
    22.5 KB · Views: 134
Hello, i need help with Asus RT-AC5300, i bought broken one from ebay. Only power led and wan port is lighting when connected, no wifi or lan port light. I connect to router via Jtag and connect to router (see attached). Any ideas is it possible to flash it via Jtag or do somthing to conect it via lan port. Thanks
It looks like the CFE is booting, at least partially. Try going into Rescue Mode and flashing a stock Asus firmware.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top