Monthly Archives: July 2009

Unbricking Netgear WGT634U via serial console

Purposes of this post:

  • Help people install OpenWRT on Netgear WGT634U without bricking it: DO NOT FLASH WGT634U with Kamikaze <8.09.2 or you’ll brick it!
  • Explain how to unbrick your Netgear WGT634U with a serial cable
  • Explain how to reset the NVRAM in case you mess up the environment variables

I recently bought some refurbished Netgear WGT634U off Ebay at a bargain price. And my odissey started. It looks like all kind of bugs hit this poor box.

When I received the units, they had an ancient version of Kamikaze with a bug that would cause eth0.1 to not see any packets. Everything would look good (link at the ethernet level would show a 100Mbit duplex connection) but no packets would come in and no packets would go out. Reassigning the eth0.1 port to another physical port would not solve the issue. Simply put: I could only have eth0.0 and the wifi device. Any other device (eth0.1, eth0.2) would simply be deaf, no matter to which physical port it was assigned to.

Time to upgrade to the latest Kamikaze release! So I go to and download the .trx image, scp it to the /tmp dir on the WGT634U and run:

That’s it. I thought! All is good, the unit automatically reboots after completing the flashing process and I get my brand new Kamikaze 8.09.1 welcome message. I configure the network interfaces, connect it to Internet through another gateway, install some additional packages and configure the WiFi:
opkg update;
opkg install hostapd-mini bwm kmod-usb-storage qos-scripts  \
mii-tool luci-app-ddns luci-app-ntpc luci-app-qos luci-app-samba \
macchanger kmod-usb-ohci kmod-usb2 fdisk \
kmod-fs-vfat kmod-nls-cp437 kmod-nls-iso8859-1 \
kmod-nls-iso8859-15 kmod-nls-utf8 \
/etc/init.d/samba enable
cat >/etc/config/wireless <<EOF
config wifi-device  wifi0
option type     atheros
option channel  auto
#option disabled 1
config wifi-iface
option device   wifi0
option network  lan
option mode     ap
option ssid     OpenWrt
option encryption psk
option key      "password"

Great, I think! Time for a reboot and… *poof* the WGT634U is bricked.

What happened? A few google searches later I found a post on the forum ( mentioning that there is a bug in recent versions of OpenWRT. The bug is going to be fixed in 8.09.2 and it has been described by the OpenWRT team as:

Prevent nvram corruption on the WGT634U (r16350, r16379) –

This means that immediately after installation, nvram settings are still loaded and the world is shiny. As soon as you unplug the power those very same settings are lost forever and the AP won’t boot again.

Fine, I have a corrupted nvram.

Time to connect to the router via serial console! But first let’s build a serial cable for Netgear WGT634U (see my other post).

Opening the unit is no challenge, and finding the serial connector is easy too: it’s identified as J6 and needless to say, it has four pins.

Assuming you are using a USB-to-serial adapter, the serial connection will show up on /dev/ttyUSB0.

Start minicom -s, set port to /dev/ttyUSB0, 115200 8n1 without hardware and software control, choose “Save as dfl” and “Exit”.

Power on the AP.

After a few messages you should get a CFE> prompt:

As you can see the et0phyaddr cannot be found. This is bad and prevents the unit from booting. Somehow during the upgrade of OpenWRT the nvram got corrupted and these values are lost. Time to set them again.

Now be extremely careful: you’ll find many guides around the net which tell you to run some commands like this:

WRONG! DO NOT DO THAT. If for some reason you do some typo (like I did) you are in trouble. In fact when using the -ro parameters, settings are stored permanently in nvram and there is no way to overwrite them. The only way to overwrite them is to reset the nvram.

The proper way to setup the environment variable is to use:

Unfortunately I just blindly followed one of such not-so-smart guides found on some forum and ended up with a broken environment that could only be fixed by resetting the nvram.

Recent versions of CFE has a special command to reset the nvram directly from the prompt, but guess what? The CFE installed on the Netgear WGT634U is old and doesn’t have anything like that (or maybe you can somehow flash the flash0.nvram partition, but I wasn’t able to do it and didn’t want to risk).

After a lot of googling I found a nice post by “jmh” at who went through the trouble of finding the datasheet for the TE28F6401 flash chip (the one used by our beloved WGT634U) and discovered that in order to reset the nvram in this chip you have to short out the 1st and 2nd pin. wgt634u pcb

The flash chip is located on the bottom right of the PCB (if you look at it while it’s hanging with the LAN ports up and the leds down).

The 1st and 2nd pin are in the bottom right corner of the chip (see page 15 of the datasheet).

Alright so I put a small piece of metal between them, connect the power adapter to the WGT634U et voilà, nvram is cleared.

This time I’m more careful. I setup all the missing environment variable using the -p option, so that I can correct any mistake:

The values for et0macaddr and et1macaddr should match the ones specified in the label on the bottom of the WGT634U.

When you are done you can verify that the environment is correct by using:

Happy? Now type reset at the CFE prompt and Netgear WGT634U will boot Kamikaze 8.09.1!

And don’t forget that you could have saved the time to go through all this procedure if only you would have chosen 8.09.2 ;-)