Hello All,                                                                                                    

I have just unbricked a WRT54G Ver. 2 router using a jtag cable, the HairyDairyMaid utility and reflashing the entire flash with an entire flash backup from another working hsmm node, also a Ver 2. box. After 3 hours, the flash completed without incident. The good news is that the newly flashed router now boots and is an identical clone of the other node. The bad news is that it is an identical clone all the way down to the various ip addresses, and thus the mac address in the node.

I've tried changing the ip address in the CFE module and reloading it to flash. Unfortunately, this did not work.... Of course, I changed the node name through the web interface but that did not work since the ip addresses were still duplicated.

What is the best way to proceed and get a unique node on the air? I assume that I'll spend another 3 hours to reflash the whole image to get a working node and go from there...

73, Mark, N2MH

Please don't tell me you flashed the CFE as well. That's usually a major no-no when it comes to debricking routers as the CFE is 99.99% not the problem and can cause more headaches than normal. The problem is usually with a faulty "nvram" and/or the "kernel." With that said, my usual debricking method is to erase the nvram and kernel, and to keep the factory default CFE. Once I do this, I TFTP the firmware to the router (much faster than JTAG-ing it back), and only on rare occasions would I JTAG the kernel to the router.

So to fix your identical IP address problem...you do not change the IP address in the CFE module. This is used both by linksys and in TFTP-ing firmware back to the router. If you change the IP address, then you change the default TFTP server location and can create more headaches for yourself. What you need to do is open the CFE file in a hex editor, undo all your changes, and locate all instances of the macaddress and change them accordingly. That's how BBHN assigns its default IP addresses.

Yes, I did flash the CFE. But, please understand, this was one of the "finds" on eBay. And, it arrived already bricked. I tried all the less onerous debricking techniques before coming to the conclusion that the router needed the jtag treatment.

Doing a whole flash from another working node told me that the hardware is good, eliminating one major unknown. I did backup everything beforehand, though. And, before doing the whole flash, I did erase the nvram to no effect.

So, on to editing the mac address in the CFE. I see two mentions of the ascii word "mac" in the CFE (I'm using bvi as a hex editor): et0macaddr and il0macaddr and both of them point to some mac address that is completely different than the mac address on the housing. I've tried searching for the housing mac address in both ascii and hex but nothing was found. Is the unit's mac address truly somewhere in the flash or is it in some obscure place in hardware that is read by the node at install time?

73, Mark, N2MH

The unit's mac address is truly located in the CFE. What you are interested in changing is et0macaddr to be that of mac address located on the sticker on the bottom of the router housing. Leave il0macaddr=00:90:4c:5f:00:2a alone as this is default across all Linksys hardware.

I'm happy to report that the node is now up and running and with the correct addresses.                       

The short story is that the mac address was not in the CFE but rather in the WHOLEFLASH. I finally found it at offset 1d13 or something like that. I patched it to the new mac address with a byte editor and reloaded the WHOLEFLASH to the node. Upon booting up, the node still had the old addresses but inspection of sysinfo showed the new mac address. I then downgraded to 1.1.2 code which had the result of resetting everything in the node to new values. After configuring the node, it came up with the new address. Upgrading to the current load, 3.1.0, and configuring it one more time brought it up to current standards and it started to mesh with other nodes already on the air.

One thing that mislead me at first was when I originally scanned WHOLEFLASH for the old mac address. Nothing came up. At the end, I simply started to visually scan the file and there it was... the original mac address in an ascii string, in all upper case letters. I was scanning in lower case, and of course, never found it.

So, the moral here is when looking for this kind of thing, always try both cases!

73, Mark, N2MH