Cisco-Linksys decided to release new routers for their home routers: the “Valet” series and the “E” series. After doing some research, they’re actually just a re-branding of the older models. The only difference is that the “E” series now have double the amount of NVRAM available. In this article, we’ll be looking at the new E2000 and E3000 routers.
The E2000 is actually the WRT320N with a working reset button and E3000 is the new WRT610N v2. But that doesn’t that mean you have to ditch your current router if you own one of these already, especially just to get the extra 32k of NVRAM. You can actually update the CFE of the older model and transform your WRT320N or WRT610N v2 into the E2000 or E3000 respectively. The CFE is basically the BIOS of the router.
I actually found out how after a lot of searching on the DD-WRT forums. Thanks to users barryware and LOM, we have a way to upgrade the CFE. The procedure for both routers are the same, but at the DD-WRT forums, they are on 2 separate threads and buried in the “Broadcom Based Routers” section. So here’s my single article on it to make it easier to find for those of you who want to follow in my footsteps & convert your routers. I did this for 2 WRT610Ns and 5 WRT320Ns and so far, everything works well.
Advantages of converting:
- – You get double NVRAM
- – Future proofing
- – Newer “BIOS” for the same hardware (probably fixes some quirks & enables new features)
- – Fixes the broken reset button for the WRT320N
DISADVANTAGES of converting:
- – Flashing CFE is not like flashing firmware. You fail & your router = brick
- – Advantages not worth the risk for some people
- – Using a Hex editor. NOTEPAD, WORDPAD, ETC IS NOT A HEX EDITOR!
- – Use SSH and SCP
- – Flash and use DD-WRT firmware
- – Know how to do a serial port & JTAG recovery on your router
You MUST know how to do the first 3 or YOU WILL FAIL. The last one is extremely helpful if something goes wrong, but you’re taking a big risk if you don’t know how do it.
DISCLAIMER: NOBODY will take responsibility or be liable for anything you do to your router. If you brick it trying these procedures, YOU are solely responsible for your actions. YOU HAVE BEEN WARNED.
- – The WRT320N has a working JTAG, the WRT610N doesn’t. If you fail with the CFE flash, you may be able to recover your WRT320N, but your WRT610N will be dead.
- – Both routers have a working serial console. If you fail to flash the modified firmware before rebooting, you may be able to recover by using the serial console to clear NVRAM and re-flash the firmware.
- – E3000 conversion only works on a WRT610N v2. It will not work, and will brick your v1.
- – Do NOT power cycle your router at any time until you have completely finished and can confirm that the router has booted up into an operational state.
- – READ these instructions completely, a few times, before you proceed. Save them to a safe place. I also suggest you download the files needed in advanced.
1.) Flash you router with DD-WRT (an ordinary K26 big build), reset to defaults, set an admin password, and enable SSH.
2.) Open http://[your router’s ip]/backup/cfe.bin and save your current CFE to a safe place.
3.) Download the appropriate CFE for your router below:
– WRT320N (SHA1 Sum: db2d4cd117faac4c0a330afa4cdcdb5ad133d82a)
– WRT610N v2 (SHA1 Sum: b3cbe0d0ba8088ed3ff0a206b8866a02e8ec5ba4)
4.) Using a Hex editor, modify your CFE so that it has your router’s MAC address, serial number, and 8-digit easy access PIN. All of these numbers are on the sticker under your router. The easy access PIN is the number that is in the white space next to the “synchronize” arrows and looks like XXXX-XXXX. In the CFE, it is a single string XXXXXXXX.
Here are the offsets…
- MAC @ 0x3E098
- SN @ 0x3E0AD
- PIN @ 0x3E0C2
- MAC @ 0x1E00
- SN @ 0x3FE30
- PIN @ 0x3FCDC
4.) Connect your router to a reliable power source. REMEMBER: Do NOT power cycle your router at any time until you have completely finished and can confirm that the router has booted up into an operational state.
5.) SCP the modified CFE into /tmp on the router.
6.) SSH into your router using “root”. The password is your web interface password.
7.) Run the following commands:
mtd unlock cfe
mtd write -f [cfe's file name] cfe
8.) It will only take a few seconds to flash the CFE. But you are not done yet – DO NOT REBOOT. Go back to the router’s web interface and upload the modified firmware, making sure your set the “Reset to defaults” option. This modified firmware tricks your router in thinking its the proper build, but is indeed the build for the converted model so that after a reset, it can boot the proper image. The downloads are here:
E2000 Modified DD-WRT (SHA1 Sum: f6d8b2f8b0f4a6f0d72885f48608046619186aab)
E3000 Modified DD-WRT (SHA1 Sum: efab4812ca602466942d7d0eb81fbfd014ca5789)
9.) The router will reset itself upon flashing this modified firmware. Be patient – it can take up to 10 minutes and a few reboot cycles to complete. If your are successful, you should be able to access the DD-WRT admin page at http://192.168.1.1.
10.) One last thing: set a password, and flash a proper DD-WRT E2000 or E3000 build, making sure you reset to defaults again. You can find them in the “Other Downloads” section on the DD-WRT website.
Done! You should now have a converted E2000 or E3000! You can even flash the stock firmware for the E2000 or E3000 and use it if you’d like.
What I found was that DD-WRT actually likes the extra NVRAM better. YMMV. Cheers!