Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Jtag programming flash memory

  • Please log in to reply
No replies to this topic

#1 duffsparky


  • Members
  • 267 posts
  • Gender:Male
  • Local time:02:08 PM

Posted 27 February 2013 - 10:52 AM

Hi from a novice,


I am definitely a novice at programming related activities and I am trying to learn on the fly, so please bear with me if I make mistakes in what I write.


I have been trying to reflash the boot loader (CFE) file to the flash (firmware) chip (M 29W320DT) of a Buffalo WBR-G54 router. The flash chip is connected to a JTAG port through a Broadcom BCM4712KPB CPU. 


I managed to brick the router trying to downgrade from version v24 to v23 of dd_WRT. I may also have killed the flash chip by inadequate anti-static precautions.


I am using a homemade non-buffered JTAG cable and have tried several different versions of JTAG freeware to communicate with the flash chip. I can connect to, and read data from it but the flashing process always goes wrong and I end up with a corrupt boot loader (CFE) file.

In my attempts to over come the problem, I have:

  • Rebuilt my JTAG cable
  • Shortened the JTAG cable to the absolute minimum
    (approx 120mm end to end)
  • Covered the router and JTAG cable in grounded
    tin foil
  • Checked the power supply for volts, current
    level and ac waveforms. (The unit has an AC/DC power supply block)
  • Moved the setup away from sources of interference,
    even to the point of disconnecting everything else in the house except that
    which is needed for the flashing process. This includes removing batteries from
    devices such as mobile and cordless phones etc.

The flashing will work fine up to a certain address, about 5% through the process. I can confirm and repeat this by stopping the flashing before the point at which it goes wrong, backing up what has been written on the chip, then comparing the backup with the original file using either xvi32 or HxDen hex editor; the two files are always the same up to the point at which I stopped it.


If I let the flashing process go past the point at which it corrupts, the process will pause for several seconds and then carry on. It will then repeat this pausing and carrying on at several other points, until it reaches the end of the process. As far as I can tell the file length is correct and unchanged. A backup of the corrupted file shows it to be full of gobbledegook, even where I know it should have legible words.


I have been advised that if the chip is faulty it will stop being flashed at the point at which the first fault occurs, however, as can be seen above my chip will flash to the end of the file but not correctly.


I have searched and searched the Internet for an answer but so far I have not found one, least ways not one that I understand.

Therefore, can someone advise if the chip is likely to be dead or is if there could be something else causing the problem? I have a replacement chip on order so I can replace or get it replaced if need be, but that won't really tell me if the existing one is at faulty, especially if I get the same results with the new


Thanks in advance






Edited by duffsparky, 27 February 2013 - 10:55 AM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users