I have managed to unbrick a D-Link DIR-615 Rev A1 back to D-Link firmware (1.00) from firmware 1.10. Allow me to describe the situation:
- Given a direct connection to my laptop, the router does not respond to HTTP requests on either WAN or LAN, does not assign DHCP IP addresses, cannot ping or respond to pings, but does show up on the laptop in the ARP tables (arp -an). (This same setup has worked for numerous non-bricked routers, so it seems that some busybox functionality is corrupt.)
- Over serial, the uBoot bootloader cannot connect to a TFTP server (and does not have the ability to flash over serial).
Attached to this article is a log of one of these so-called “failboots”. It can be easily identified as it only one block of text following the BusyBox ash shell:
BusyBox v1.1.0 (2007.07.26-06:29+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
/ # pc : [<40146968>] lr : [<400ca0b8>] Not tainted
sp : befaf8a0 ip : 00000002 fp : 40079bf8
r10: 00000003 r9 : 40079bb8 r8 : 00050500
r7 : befb5c75 r6 : 00026740 r5 : befb5c74 r4 : 0002674a
r3 : 00000065 r2 : 0000000a r1 : 00026741 r0 : 400ca0b7
Flags: nzCv IRQs on FIQs on Mode USER_32 Segment user
Control: A005317F Table: 01DF0000 DAC: 00000015
A successful bootup (log also attached) is followed by much more serial chatter, such as bringing up interfaces, mounting flash, etc.
BusyBox v1.1.0 (2007.01.24-07:26+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
/ # cp -f /etc/nvram.default /var/etc
mount -t jffs2 /dev/mtdblock2 /flash
cp -f /flash/nvram.conf /var/etc
brctl addbr br0
brctl stp br0 off
brctl setfd br0 0
brctl addif br0 eth1
device eth1 entered promiscuous mode
[... etc ...]
To recover your device:
(Warning: This might damage your device; however, if you are in need of these instructions, I don’t think it’s possible to damage it any more.)
1) Solder on serial headers to CON5 (on the side opposite of the mini-PCI slot)
2) With an Ethernet cable, connect the DIR-615’s WAN port to one of the LAN ports of another router, as it doesn’t play well otherwise. (It seems to need an intermediary to handle ARP tables for it while bricked like this)
3) Power it on, let it boot up, and over the serial connection to the router, run “ipconfig eth0 192.168.1.25” or some other memorable IP address that’s in the same subnet as your computer
4) Again, over serial connection to the router, run “tftpd”
5) On your computer, download the firmware from DLink: ftp://ftp.dlink.com/Gateway/dir615/Firmware/dir615_firmware_100.bin
6) And with a tftp client (See Installing OpenWRT via TFTP (Bootloader contains TFTP Server)), upload the .bin file to the router.
The router will flash itself, then reboot, and erase the (dirty) NVRAM. It will set itself to the default 192.168.0.1.
The key, I believe, lies in installing a version of firmware that is not currently installed, so as to erase all NVRAM settings. If you try to reinstall the same firmware, it will not clear the device’s (faulty) settings. In other words, there may be a much easier way to debrick the device, however with the limited (and possibly corrupt) BusyBox commands, I took the first viable option I could get.
I hope this works for you as it did for me, but as usual, ‘no promises’.
Views: 149,864
![[Image Source]](http://www.andrewmallett.net/tech/networks/d-link_dwl-120.gif){kind=link}