Recovery of BEFSR41 v2 Router (Pin Short Trick) 2011/06/12 by CW Cyrix/Ami Sapphire Last Updated: 2011/06/14 Table of Contents I. How it Came to Be II. The What Is and What For III. Now, the instructions! IV. Notes V. Contact ----****---- I. How It Came to Be The router may show its DIAG light as a solid red light. It is not responding to any command. It can either be a bad firmware flash or a random brick moment, such as a power outage. One even had it sit unused for an extended period of time and it bricked that way! In my case, it was a bad firmware flash. [Stupid me, flashing very old firmware before v1.22...] I only figured it out after I bought a replacement router on eBay, grabbed some datasheets, looking up JTAG devices and software, all in a last-ditch effort to revive the original router. And it wasn't even mine. After accidentally making the DIAG light blink and uploading some proper firmware, I then uploaded the firmware I used to brick the router... just to find out what I did before. Originally, I didn't even unplug the router to get the result I needed, as I just kept striking the CPU's pins like a noob. It took me around half an hour to get the result I wanted. I then looked at the old WRT54G recovery guide. You know, the pin short one. I went, "Hey, if this can apply to the WRT54G, it can apply to the BEFSR41! ...I think." and experimented with pin shorts until I got the result I wanted: the blinking DIAG light. I then reflashed the latest firmware using TFTP and left it alone. From now on, this router is my test router until I really need it. References: http://www.linksysinfo.org/forums/showthread.php?t=47259 http://voidmain.is-a-geek.net/forums/viewtopic.php?t=760 ----****---- II. The What Is and What For This trick is a variation of the WRT54G series flash chip pin trick. It can be used to recover: * from Bad Firmware Flash (which usually results in a blinking DIAG light, but instead results in a solid DIAG light) * in hopes of recovering a bricked/near dead router (solid DIAG light) Although, I think the chances of recovering the router when it is near death is slimmer than bad firmware, in theory. This may not help the ones that got rid of their routers years ago due to this issue, but it may help the ones, especially me, that kept their routers for years and still have a use for them... somehow. Other things cause the router's red DIAG light to go solid: * leaky/failing/failed capacitors (YOU MUST GET THESE REPLACED FIRST) * bad AC adapter/power brick (use another if that is the case) * brownouts (this may lead to internal failure or firmware corruption) References: http://www.askmarvin.ca/forums/index.php?showtopic=5977 http://www.dslreports.com/forum/r5295144-BEFSR41-Solid-Red-Diag-Light http://www.badcaps.net/forum/showthread.php?t=4784 http://www.tek-tips.com/viewthread.cfm?qid=540955&page=20 ----****---- III. Now, the instructions! *Copied from DD-WRT's Wiki* WARNING - This method can cause permanent damage. Success rate is only about 20%. The other 80% is permanent damage to the flash chip rendering the router permanently inoperable. Use at your own risk. You've been warned. *my text* Honestly, it's either this method or a good JTAG kit that would cost upwards 500 USD and ongoing. Steps: 1. Set up your network on the computer. a. You need a STATIC connection to the router. This is because the DHCP server program is on the router, and since the router is not working at this time, you need to follow one of the instructions in this text document: cwcyrix.no-ip.info/guides/befsr41v2/static-connection-instructions.txt Even further in the Notes section are the settings for your wired connection. 2. Ping the router continuously. a. Windows i. Start Menu > Run... [Alt: Win+R], type 'cmd' without quotes, press Enter. Another alternate: Start Menu > Accessories > Command Prompt. [That second alt is in Windows Vista and Windows 7.] ii. Type 'ping -t 192.168.1.1' without quotes and press Enter. Let it run. b. Linux/MacOSX? i. Open the terminal. ii. Type 'ping 192.168.1.1' without quotes and press Enter. Let it run. 3. Unplug the router, if already plugged in. 4. Disassemble the router. a. Remove the blue front cover of your Linksys BEFSR41 v2 router. b. Slide the black top cover off to reveal the PCB (circuit board) of the router. 5. Plug in one end of your Ethernet cable in the computer and the other end in the router PCB. 6. Short pins 1 and 2 on the flash chip [see diagram below] using a small flat head screwdriver to connect them together. Hold it there. a. It is located on the very right of the PCB, next to the CPU, rotated 90 degrees clockwise. It has a notch on the top left corner. The Xs are the designated pins. 4 3 2 1 32 31 30 _=__=__X__X__=__=__=_ / | 5 =| |=29 6 =| |=28 7 =| |=27 8 =| ROUTER'S |=26 9 =| PLCC |=25 10 =| FLASH CHIP |=24 11 =| |=23 12 =| |=22 13 =| |=21 ----------------------- = = = = = = = 14 15 16 17 18 19 20 7. Plug the router back in. You should get a blinking DIAG light. That means it is in fail-safe mode. Look at the command prompt or terminal. You should see pings. If not, try again. 8. Use a TFTP client to upload a good firmware to the router. a. Linksys' TFTP Utility [GUI, Windows Only] i. Download it from here: [to be announced] ii. Execute the program. iii. Server: 192.168.1.1, Password: admin [Locate the firmware you want] iv. Hit Upgrade. It should flash the firmware to the router... and hopefully not hit a snag (e.g. checksum fail). b. Windows' TFTP Client [Command Line] i. It is already installed in Windows installs up to XP and Server 2003. Windows Vista and Windows 7 users should enable it in Programs and Features. It is simply called TFTP Client. ii. Locate the firmware of your choice using Command Prompt commands. (e.g. cd, dir commands) iii. Once you have entered the directory of which the firmware .bin file is located, rename the firmware file to code.bin (preferrably using the rename command), unless it is already named code.bin. Otherwise, you are typing the entire filename in Command Prompt, and that will be tedious. (And even worse with Linux due to its case-sensitive nature.) iv. Enter the command: 'tftp -i 192.168.1.1 PUT code.bin code.bin' without quotes and hit Enter. It should flash the firmware to the router... and hopefully not hit a snag (e.g. code pattern incorrect). c. Linux's and MacOSX's TFTP Client [Command Line] i. It is already installed in every Linux distribution I can think of so far. If there is none on your install, you will need to install one. ii. Locate the firmware of your choice using the appropriate commands. (e.g. cd, dir commands) iii. Once you have entered the directory of which the firmware .bin file is located, rename the firmware file to code.bin (preferrably using the rename command), unless it is already named code.bin. Otherwise, you are typing the entire filename in the terminal, and that will be tedious because of Linux's case-sensitive nature. iv. Enter the commands in the order specified, and press Enter after each one: tftp 192.168.1.1 binary rexmt 1 timeout 60 trace put code.bin It should flash the firmware to the router... and hopefully not hit a snag. You likely will with MacOSX's client, but keep trying. 9. Wait a minute, then attempt to access the admin management screen using 192.168.1.1. If you can access it, you have succeeded in reviving your BEFSR41 v2 router! ----****---- IV. Notes The defaults for this router: Address: http://192.168.1.1/ Username: (blank) Password: admin The defaults for a static connection for your computer: Static IP: 192.168.1.x (where x can be a range from 2 to 253) Subnet mask: 255.255.255.0 (Linux can use either that or 24) Gateway: 192.168.1.1 [optional] *Copied from DD-WRT's Wiki, modified by me* * The -i specifies binary transfer mode. The transfer will fail if you don't specify this. [Windows Only] * The uploading via this command is pretty slow ~5.7kB/s if you are using 10Mbps half duplex mode so it will take about 10 minutes to upload ~3MB image. When you're using 100Mbps full duplex mode, it will go much faster. After the transfer is complete, wait 1-2 minutes for the image to be written to flash. * If TFTP does not work, try changing your network adapter to 10 Mbps half duplex. * Provided you have followed these steps correctly you should notice that the router will eventually reboot, in some cases it will require a power cycle (however if you power cycle wait at least 10 minutes to be sure the flash writing has occurred before you pull the plug). * Enjoy the fact that you did not waste $60 (or $15 xD) and that your router is now functioning again. ----****---- V. Contact If this helped you, you may send an e-mail at this address: mslightyear2001[AT]yahoo[DOT]com ----****---- Search tags: befsr41, befsr41 v2, befsr41v2, recovery, revive, revival, debrick, de-brick, befsr41 recovery, befsr41 revive, befsr41 revival, befsr41 debrick, befsr41 de-brick, befsr41 v2 recovery, befsr41 v2 revive, befsr41 v2 revival, befsr41 v2 debrick, befsr41 v2 de-brick, befsr41v2 recovery, befsr41v2 revive, befsr41v2 revival, befsr41v2 debrick, befsr41v2 de-brick