Netgear WNR834Bv2

Overview
"U12H081", "REV. 3 GP", and "800063" is silkscreened on one production model WN834Bv2.

Wikis

 * On OpenWrt Wiki

Forums

 * Part numbers noted the DD-WRT forums

Flashing dd-wrt
Supported by dd-wrt as of = v24 build 5966 20070222

(See Important Notes below before attempting to flash)


 * This router does not have VLAN support, similar to the WRT610N.**

The Netgear WNR834Bv2 is now fully supported as of 3rd July 2008. Thanks to Eko, Brainslayer, etc. for their superb work in getting this router supported.

These (slightly modified) instructions were first posted by sparkie here. Read that complete thread for the hairy details on getting this device fully supported, if you are so interested or suffer from insomnia.

Step 1: Download the mini version of DD-WRT version 24, build 12548, new driver in the dot CHK format here.

Step 2: Flash the firmware to your router using Netgear's factory firmware standard web interface. Note that to successfully flash this device, you may need to use IE or Firefox 3 or higher. sparkie has reported in the thread linked above that Firefox 2 will not work with the Netgear factory web upgrade page to flash this device.

Step 3: If the mini build is insufficient for your needs, you may download your preferred flash BIN file from here. Then flash up the new .BIN file using the DD-WRT web interface from the Administration tab, then the Firmware Upgrades tab.

Important Notes (Please read these in full before attempting to flash):


 * DO NOT ATTEMPT TO FLASH ANY BUILDS EARLIER THAN 9856 DATED 3RD JULY 2008, or you risk bricking your router. Some of the v24 release candidate 7s worked with minor bugs. But the first final v24 bricked the router for some users as a result of a problem with JFFS.


 * TFTP flashing only works when the router detects a bad flash and puts itself in diagnostic mode. This can be seen by a flashing green power light, and also a ping trace will show response immediately after powerup with TTL=100. Proper flashes will stop replying to pings after about 15 seconds, then will reply with TTL=64. Diag mode will stay at TTL=100. Diag mode can be forced by opening the router and shorting pins 16 and 17 on the MX flash chip during powerup. Some suggest you try the pin short first, other suggest JTAG. Both have their pros and cons.


 * TTL=100 3~6 times means your router is bricked. No amount of uploading an image via tftp at the proper time will work. It will require a pin short, or jtag to fix. It is futile to try and achieve perfect timing to upload an image in this mode.


 * NEWD = New Drivers; VINT = Vintage Drivers. Use only NEWD firmwares with this router. VINT builds are for much older routers.


 * DO NOT INSTALL the generic broadcom dd-wrt.v24_std_generic.bin file (2.4 SP1). It will likely brick your router.


 * If your router is stuck in 'tftp only' mode (characterized by a constant TTL=100 ping response), you can rescue it by TFTPing the original Netgear firmware less the header file located here, which will flash your router back to Netgear's stock 1.0.22 North America firmware. This file is called wnr834bv2_1_0_22_na.bin


 * For routers will a more recent flash, you will need the 2.1.13 version of the flashes 2.1.13_NA / 2.1.13_WW


 * Your router has only 4 MB of Flash RAM. Do not attempt to flash the MEGA version of DD-WRT to this device.

DOUBLE SUPER DUPER Extremely Important Note:

According to Eko, the NVRAM of this router has an additional partition on it which contains your router's serial number, MAC address, and board code. DD-WRT builds prior to 9856 would overwrite this section of NVRAM, if the user enabled JFFS. Builds 9856 and higher include support for turning JFFS on with this model router. In the event that you accidentally erase this part of the NVRAM, you can only recover your router by flashing it via JTAG.

This also implies that if you want to use the OpenVPN version, you'll want one with an openvpn_jffs_small suffix like THIS one (current as of 15/5/2009).

JTAG Pinouts
J12 Pin 1 connected to JP1 pin 1 via 100 ohm resistor. J12 Pin 3 --100r--> TDI (Pin 2 of parallel port) J12 Pin 5 --100r--> to TD0 (Pin 13 of parallel port) J12 Pin 7 --100r--> to TMS (Pin 4 of parallel port) J12 Pin 9 --100r--> to TCK (Pin 3 of parallel port) J12 Pin 10 ---> to GND (Pin 20&25 of parallel port)
 * Functional NVRAM backup is here.
 * Functional CFE backup is here.
 * Functional Custom backup is here. (REQUIRES MODIFICATION OF MAC ADDRESS)
 * Tornado's JTAG v2.1.4 is here.

JTAG Recovery
One of the best threads that has been found for debricking the WNR834Bv2.

The fastest way to recover a bricked WNR834Bv2 is to wipe the kernel portion of the flash, and reflash the custom section.


 * 1. Download one of the binpacks WNR834Bv2 World Wide. WNR834Bv2 North America, and the custom.bin
 * 2. JTAG the router
 * 3. Erase the kernel portion of the flash
 * 4. Reflash the 'custom' section of the flash (hex edit the custom.bin and put your own MAC address in at offset 40~45!)
 * 4a. flash parameters: -flash:custom /window:1fc00000 /start:1ffe0000 /length:10000
 * 5. Power cycle the router and the router will respond with a constant ttl=100 ping response
 * 6. TFTP a dot CHK file appropriate to your router (NA or WW)
 * 6a. You will know that the transfer was completed and the flash process is working when router power light blinks amber on and off once per second. After a few minutes, the router will begin to respond with a ttl=64 ping and will be functional again.

RECOVERY PROCESS VIA PIN SHORT
 * Pin Locations.
 * Short pins 16 & 17
 * Power up router
 * Open two command prompt/console windows
 * Start a ping of the router, it should respond with TTL=100
 * Initiate TFTP upload of a .chk file (DD-WRT or one of the stock Netgear ones)
 * Immediately remove the short
 * You will know that the transfer was completed and the flash process is working when router power light blinks amber on and off once per second. After a few minutes, the router will begin to respond with a ttl=64 ping and will be functional again. (Yes, it actually does take 2~3 minutes)

Serial Pinouts
This is a common Netgear / Foxconn pinout.. 1        JP1 (3.3v) (RxD) (NC) (NC)  (TxD)  (GND)