When you try to flash DD-WRT on Asus AC66U you will stuck on ASUS Recovery Page. DD-WRT won’t work because ASUS will close their hardware to third party software.
If your router is in recovery page just flash original TRX firmware file.
ASUS MIPS Broadcom routers have something like bootloader called CFE. It contains built-in configuration like MAC addresses, interfaces configs etc.
DD-WRT won’t boot on new CFE: 188.8.131.52 (EU) so I downgrade CFE to 184.108.40.206 (EU). Be carefull, you can brick your router.
- HEX editor, on windows you can use HxD: https://mh-nexus.de/en/hxd/
- Pendrive (FAT32 file system)
- PuTTY for telnet connection: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- CFE collection for AC66U: http://www.mediafire.com/download/h3v61arkqaqg6zg/CFE-AC66U.zip
- CFE collection for other ASUS routers: http://www.mediafire.com/download/yoxw8f2xt9j87ca/CFE_AIO.zip
- MTD-WRITE ARM: http://www.mediafire.com/download/q2dbo6ngwpdn87q/mtd-write-arm.zip
CFE source: http://www.snbforums.com/threads/asus-routers-cfe-dumps-collection.17793/
Before you start you have to read this warning and check which version do you have:
Check information and prepare
You have to check current H/W version, bl version (CFE) and memory manufacturer.
- Activate Telnet access in webpanel: [Advanced Settings] -> [Administration] -> [System] -> Enable Telnet – check Yes -> Click [Apply]
- Run putty and set telnet to 192.168.1.1, click Open:
- Run command to check bl version:
nvram get bl_version
- Run command and read part output to check memory chip vendor (work only on ASUS WRT):
dmesg | grep -e "flash" -e "nand" -e "amd" /tmp/syslog.log
Found a Zentel NAND flash with 2048B pages or 128KB blocks; total size 128MB
- Connect pendrive and make current CFE backup. Check the correct path to pendrive:
- Make a backup:
cat /dev/mtd0 > /tmp/mnt/sda/original_cfe.bin
dd if=/dev/mtd0 of=/tmp/mnt/sda/original_cfe1.bin
- Umount pendrive in webpanel (USB icon right-top corner).
- Connect pendrive to computer, copy files (original_cfe.bin and original_cfe1.bin) to safe place. Open one file in HxD – hex editor and search hw_version
- Read and copy three MAC addresses in hex editor, these variables:
- Read H/W version from the box of router
Information about my router.
H/W Version: B0 hw_version=1.5
CFE: 220.127.116.11 bl_version=18.104.22.168
I decided to downgrade to 22.214.171.124 (EU).
Prepare CFE and flash it
- Copy MTD-WRITE v3 to penrive
- Open chosen CFE version [126.96.36.199 (EU)] in hex editor:
- Replace three mac addresses with correct which was red before.
Be careful at the beginning and at the end there is 00 (null) in visible part is a dot, do not remove or replace it.
- Save modified file as new_cfe.bin on pendrive.
- Make sure you want do this.
- Connect pendrive to router and flash CFE with putty:
chmod +x mtd-write
- Flash CFE
mtd-write -i new_cfe.bin -d pmon
mtd-erase -d nvram
- Skip wizard, activate telnet and check with putty CFE version:
nvram get bl_version
- Done. You can flash any DD-WRT Version.