When you get message like this: "Receive file size=16949294. This is not a valid firmware image". You can follow this instruction.
Directions for rolling back to AC68 after AC1900 rollback:
- From AC1900 To AC68U After Revert .pdf
- https://www.bayareatechpros.com/ac1900-to-ac68u/#comment-1665
=> Using USB
If unable to create new_cfe.bin as detailed in the guide or your router already had the locked firmware when you bought it, use NO CFE USB Instructions or the more complicated instructions in Appendix 6.
NO CFE USB Instructions
The router must be connected to the internet for this to work
STEP 1: You need a USB stick
Set the disk label for the USB to be “USB”
STEP 2: Copy the firmware file to USB
The file you need can be found in the guide at http://www.bayareatechpros.com/ac1900-to-ac68u/:
●TM-AC1900_3.0.0.4_376_1703-g0ffdbba.trx
Just copy this file to your USB stick with the file name like firmware1703.trx. (You will want to shorten the namebecause the string length of commands is limited.)
Step 3: The exploit explained and test command
The basic premise is when you go to your router's Network Analysis page (log in to your router, Network Tools menu on the left) there is a drop down to select one of three commands (Ping, Traceroute, Nslookup). Rather than passing in the values you pick, Asus instead wrote the interface to pass in the shell command to run.
The exploit lies in the fact that you can simply pass in every shell command you wanted to run by entering strings in the Console section in your browser (in other words, open the Network Analysis page of your router in Google Chrome, right click anywhere in the page and select "inspect", and then click in the Console section.
To test if it works, enter the following string in the console and hit enter.
The restrictions they put in place though is you must have one of the commands at the start of the string (such as ping), and you cannot use special characters such as /. That makes it tricky to use the exploit but not impossible.
Step 4: Install the USB
Insert your USB stick into the router and check that it is loaded as “USB”.
Step 5: Run commands to download the script to your router
Your router should be connected to the internet for this step. Most of these commands are just to change the /www folder from read only to read write. Until you do that a wget command will fail. If you do not see the directories getting mounted correctly with tmpfs, you may have to repea tthe mount commands.
Go back to the Network Analysis page of your router and paste each of the following commands in the Console section of chrome:
Press enter, then click Diagnose button.
Press enter, then click Diagnose button.
Press enter, then click Diagnose button. If you see the message cp: recursion detected, omitting directory"./userRpm" you are on the right track.
Press enter, then click Diagnose button.
Press enter, then click Diagnose button.
Press enter, then click Diagnose button. You may need to wait up to two minutes before the next command will work.
Press enter, then click Diagnose button. If this command fails retry the previous command and then this one. Then index.html file downloaded will be automatically deleted, but you should see a u.txt file downloaded and not deleted
Press enter, then click Diagnose button. This should tell you where the file is mounted. The name is probably“/tmp/mnt/USB/firmware1703.trx”.
Press enter, then click Diagnose button. If this command fails, you can still use the miniCFE at this point as a result of the previous command.
Wait a few minutes, and reset NVRAM (turn off router, press and hold WPS button and turn on router while holdingthe WPS button for another 20 seconds. Once the white LED at the back starts flashing, release the WPS button andwait a few minutes for the router to reboot.
Connect the router to your PC using instructions provided in Step 9 of the bay area tech pros guide: http://www.bayareatechpros.com/ac1900-to-ac68u/ and continue the instructions from there.You may now proceed to Appendix 2 for optional instructions.
---------------------------------------------------
How to flash AC1900 to AC68U:
- Install WinSCP, Putty, and a file archiver (click this link for ez). Install the Asus Restore Utility, mirror.
- Create a folder on your desktop, name it “router”.
- Download this file and extract it to the newly made router folder. It contains a firmware to downgrade to, a firmware to upgrade to, and mtd-write.
- Set static IP for PC.
start > run > ncpa.cpl > double click Ethernet > properties > IPV4 >
IP: 192.168.29.5
Subnet: Default (255.255.255.0)
Gateway: 192.168.29.1 - Place router into Recovery/Restore mode
Start with powered off router.
Hold reset button and turn on router while holding reset for 10 seconds. - Go to 192.168.29.1 in a web browser
If Mini-CFE webpage won’t load use Asus Restore Utility
If having trouble with this step perform NVRam Reset and try #6 again (see step #18) - Flash TM-AC1900_3.0.0.4_376_1703-g0ffdbba.trx
- Wait for reboot <5 mins – WiFi lights on router will turn on when boot is complete
- Log in to router (admin:password)
- Go to Administration > System > Enable SSH > Yes > Apply
Ezlink: http://192.168.29.1/Advanced_System_Content.asp - Open Putty and WinSCP and connect them to 192.168.29.1 using a admin:admin or admin:password
Tip: In WinSCP select SCP as file protocol, in Putty SSH - In putty type:
cat /dev/mtd0 > original_cfe.bin - In WinSCP refresh the window on the right side and note that original_cfe.bin is present
- Copy original_cfe.bin to a local drive
- Upload original_cfe.bin to https://cfeditor.feng.si/ > Select 1.0.2.0 US AiMesh as Source CFE > Download the new .bin > rename it to new_cfe.bin
- Upload new_cfe.bin & mtd-write & FW_RT_AC68U_30043763626.trx to router through WinSCP
- In Putty type:
chmod u+x mtd-write./mtd-write new_cfe.bin bootmtd-write2 FW_RT_AC68U_30043763626.trx linux - Perform NVRAM Reset, wait for reboot <5 mins
a. Power off router
b. Wait 10 seconds
c. Press and hold WPS button
d. Power up the router and continue to hold WPS button for 15-20 seconds until power LED starts blinking very quickly. - Reset PC IP back to default
- Log in to router using 192.168.1.1 and the router is now an AC68U with 64MB jffs
username:/password is now: admin:admin - Enable SSH (see #10) and execute the code for fixing MTD5 partition that is listed below.
Ezlink: http://192.168.1.1/Advanced_System_Content.asp - You can now flash Asus, Merlin, Advanced Tomato, FreshTomato, Tomato, and DD-WRT firmwares.
Code for fixing MTD5 partition so you can update to latest firmware:
(this is entered in Putty after enabling SSH on the router)
cat /dev/mtd5 > /jffs/mtd5_backup.bin
mkdir /tmp/asus_jffs
mount -t jffs2 /dev/mtdblock5 /tmp/asus_jffs
rm -rf /tmp/asus_jffs/*
sync && umount /tmp/asus_jffs
rm -rf /jffs/.sys/RT-AC68U
nvram unset fw_check && nvram commit && reboot
Post a Comment