What's new

Desolder and Flash Chip question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dribgnikcom

New Around Here
I'm convinced that some revisions of the Asus RT-AC3200 have a fatal flaw in that there is an issue where it can become irreversibly bricked and the recovery mode won't help.

As such, I'm considering desoldering the flash chip from it and have it sent to someone for external flashing.

Now my question is the following:

Asus firmwares are offered as 40mb or so .trx file.

The latest one for example is:
"RT-AC3200_3.0.0.4_382_19466-g27029b5.trx"

The flash chip is the 128MB Spansion/Cypress S34ML01G100TFI00.

Now the question is, does the process just involve flashing said chip with the .trx file (and perhaps padding it to 128MB if required), or will this only work if the CFE is first flashed onto the chip and then the .trx manually uploaded?

And if the latter is the case, can someone please provide me with a raw dump of their RT-AC3200 so that I can do it as I intend?

Thanks

P.S. Does anyone know someone with a flashing device capable of flashing the Spansion chip who would be willing to do so?
 
I'd think safely removing the chip may not be easy task unless OP has proper tools. As already mentioned there are few more things to try.
 
Gentlemen,

Please let's not get into recovery methods... The router is bricked, KAPUT. Recovery is broken on this model, or something else is wrong with this router. I cannot use JTAG because JTAG locations are unknown/unpublished on this router.

The question is simple. If you do not know, then please do not reply.

Here is the TLDR version:

If I desolder the 128MB NAND off the router, is flashing it externally as simple as taking the 40MB .trx file and padding it to 128MB and then flashing it?
 
Gentlemen,

Please let's not get into recovery methods... The router is bricked, KAPUT. Recovery is broken on this model, or something else is wrong with this router. I cannot use JTAG because JTAG locations are unknown/unpublished on this router.

The question is simple. If you do not know, then please do not reply.

Here is the TLDR version:

If I desolder the 128MB NAND off the router, is flashing it externally as simple as taking the 40MB .trx file and padding it to 128MB and then flashing it?
Do you know whether CFE is intact and memory map?
 
Do you know whether CFE is intact and memory map?
I think the CFE is corrupt, I don't know what the memory map is.

I could once get it to show the recovery page, but after using it to flash the stock firmware, it no longer shows up (or maybe it will after leaving it unplugged for a few months, waiting for a full moon, and then standing on one foot while holding my finger high up in the air - I don't mean to sound facetious -- this is really how touchy it is). I've tried discharging the primary input cap to make sure that anything retained is only in the NVRAM and then booting again to try and get it to show, I've tried using the serial console (it has always only just shown gibberish)... The fact of the matter is that I BOUGHT it this way because it was sold at a discount because of its condition.

Is something physically wrong with it? Who knows... If the main CPU was defective, then how did the (albeit dysfunctional) recovery page show up initially.

I want to rule that out by desoldering the flash chip and flashing it externally. If it works, fine. If not, then at least I know there's something wrong hardware-wise.

Is there a way to flash it with what's publicly available (The CFE is available on this forum and the flash from Merlin or Asus), or do I need a dump of a working model?

Thanks
 
I bought the router like this, knowing it would need to be repaired. I paid a good price too :)

No, serial recovery will not work because the CFE is not working.

I have already spoken to someone and have arranged to have the NAND re-flashed for me.

For anyone that's curious on how to do it, all I know is that I need to have the CFE flashed to the NAND first. After that, I will be able to use the serial console. I'm not sure where to go from there, but having a working serial console is the first step. From there it should be pretty easy to look up the procedure of uploading the firmware.
 
One could preflash the CFE onto a NAND, and drop it in - seems like a lot of rework when this is really a SW issue with a corrupt NAND.

In the real world - your NAND chip is likely just fine - you just need to erase it, use JTAG to find the boot vector of the ARM, and load the CFE in-situ from there. You'll need to have the bootvector at a minimum, as the memory mapping and intefaces for a compatible CFE configuration are already there.

I'm not going to tell you step by step, as I generally get good money to do bootstraps like this - but if you search around you'll find it - check the openwrt wiki... you probably won't get a full answer, but you'll find enough info to sort things.

One more tip - if you're going to go forward with desoldering the NAND - put on a socket, makes things much easier afterwords if one is doing board/chip level work.
 
One could preflash the CFE onto a NAND, and drop it in - seems like a lot of rework when this is really a SW issue with a corrupt NAND.

In the real world - your NAND chip is likely just fine - you just need to erase it, use JTAG to find the boot vector of the ARM, and load the CFE in-situ from there. You'll need to have the bootvector at a minimum, as the memory mapping and intefaces for a compatible CFE configuration are already there.

I'm not going to tell you step by step, as I generally get good money to do bootstraps like this - but if you search around you'll find it - check the openwrt wiki... you probably won't get a full answer, but you'll find enough info to sort things.

One more tip - if you're going to go forward with desoldering the NAND - put on a socket, makes things much easier afterwords if one is doing board/chip level work.
I can't JTAG -- there is no info available on that for this model. I'd already considered it, and I have had my eye on a JTAG device I've wanted to purchase for a while now.

Regarding the socket -- SMT TSOP48 sockets are expensive... Not to mention that I don't have a proper reflow setup, so that's out of the question (whereas with re-flowing the bare TSOP48, I can make manual corrections later if there are bridged pins and whatnot).

I have purchased a new S34ML01G100TFI00, and I am paying Bad_Ad84 over at AmiBay to have it flashed for me. We'll use the CFE posted in this thread.

(I should note that my H/W revision is 2.35 and the CFE offered is for 2.34, but that is almost certainly not an issue). After it's soldered back in, I will look up the procedure for restoring the firmware from a serial console (having a CFE re-flashed externally should now give me access to it).

I will post an update, G-D willing, when it's done.
 
Unfortuntely, flashing the CFE on to a new chip and soldering that one on did not fix the problem.

I think that the router has other issues and the problem isn't the flash.

With the new chip in, it behaves as though no chip is present at all. I resoldered the old chip back on, and the old behavior is still there.

There is no output on the serial console with either chip.

Oh well.
 
There was something else at Router that I also have a rt-ac68u that at the start illuminate Lan1.2.3.4 and WAN and otherwise nothing else. I tried reset but no result. I think there is a need for CFE rewriting.
 
Similar threads
Thread starter Title Forum Replies Date
outlaw78 Et8s flash blue ASUS Wireless 11

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top