D-Link DIR-300 Original Firmware Flash Recovery

Finally found a way to flash back a DIR-300 (running DD-WRT) back to D-Link firmware. It is a great thing that they have included the emergency web server in the RedBoot. DD-WRT version of RedBoot had stripped it out though. So the first step is actually restoring the RedBoot to the one DIR-300 originally had.

Note: It seems like x will not be represented as alphabet “x” after copy and pasting. Do take note of this.

Files that you need
RedBoot file: Download file
board config: shadowandy_board_config.bin (refer to section Generating board config)

Mirrors for RedBoot file

Noticed that D-Link Czech Republic and Poland has hosted the copy of my RedBoot. If you are having trouble downloading from my site. You can get them from these mirrors

D-Link (Czech Republic)
D-Link (Poland)

Generating board config

Refer to this guide (Generating DIR-300′s board config) on how to generate the board config file shadowandy_board_config.bin. This step is necessary to restore wireless lan security functionality in the D-Link original firmware.

Getting into Redboot

1. Connect the network cable to your ethernet port and the WAN port of DIR-300.
2. Configure your System IP address (static) to be 192.168.1.2/255.255.255.0.
3. Prepare your telnet client to connect to 192.168.1.1, port 9000.
4. Power on the DIR-300 and telnet in the instance your ethernet link is up. Hit Ctrl+C the moment you see Executing boot script in …
5. You should be greeted by the DD-WRT prompt. DD-WRT>

Changing back to the original RedBoot

Ensure that you have extracted the file dir300redboot.rom into your TFTP server directory. Follow the following command to flash back to original RedBoot.

DD-WRT> ip_address -h 192.168.1.2
Default server: 192.168.1.2
DD-WRT> fis init
About to initialize [format] FLASH image system – continue (y/n)? y
*** Initialize FLASH Image System
… Erase from 0xbffe0000-0xbfff0000: .
… Program from 0x80ff0000-0×81000000 at 0xbffe0000: .
DD-WRT> load -r -b %{FREEMEMLO} dir300redboot.rom
Using default protocol (TFTP)
Raw file loaded 0×80040800-0x800607ff, assumed entry at 0×80040800
DD-WRT> fis create -l 0×30000 -e 0xbfc00000 RedBoot
An image named ‘RedBoot’ exists – continue (y/n)? y
… Erase from 0xbfc00000-0xbfc30000: …
… Program from 0×80040800-0×80060800 at 0xbfc00000: ..
… Erase from 0xbffe0000-0xbfff0000: .
… Program from 0x80ff0000-0×81000000 at 0xbffe0000: .
DD-WRT> reset

The router should reboot at this point of time. Wait for a while (30 seconds) before proceeding to the next section.

Preparing your system for board config recovery

1. Connect the network cable to your ethernet port and the WAN port of DIR-300.
2. Configure your System IP address (static) to be 192.168.20.80/255.255.255.0.
3. Remove the power from DIR-300

Flashing back the board config

Ensure that you have placed the file shadowandy_board_config.bin into the TFTP server directory. Follow the following instructions to flash back the board config partition.

1. Ensure that the DIR-300 is not powered on
2. Hold on to the reset button and power DIR-300 on
3. Hold on to the reset button for about 30 seconds while DIR-300 is booting
4. Telnet to 192.168.20.81 on port 9000 You should be greeted by RedBoot>
5. Follow the following commands

RedBoot> load -r -b %{FREEMEMLO} shadowandy_board_config.bin
Using default protocol (TFTP)
Raw file loaded 0×80036400-0x800463ff, assumed entry at 0×80036400
RedBoot> fwrite -f 0xbfff0000 -b 0×80036400 -l 0×10000 -e 0×80036400
About to write image into flash – continue (y/n)? y
… Erase from 0xbfff0000-0xc0000000: .
… Program from 0×80036400-0×80046400 at 0xbfff0000: .
update image info..
Update RedBoot non-volatile configuration – continue (y/n)? y
RedBoot> reset

Note: For those who are interested. You can issue the command “x -b 0xbfff0000 -l 0×100″ and ensure that memory location content starts with “5311.}..Atheros”

Your router would reboot after the reset command.

Preparing your system router recovery

1. Download the D-Link firmware for DIR-300 from your respective region support page. For me, I would be downloading from DIR-300 firmware page at D-Link Singapore.
2. Connect the network cable to your ethernet port and the WAN port of DIR-300.
3. Remove the power from DIR-300

Getting into Emergency Recovery Page

1. Ensure that the DIR-300 is not powered on
2. Hold on to the reset button and power DIR-300 on
3. Hold on to the reset button for about 30 seconds while DIR-300 is booting
4. Open up your web browser and go to http://192.168.20.81. You should be able to see the emergency recovery page as seen below.

Emergency Firmware recovery page

Uploading the original D-Link firmware

1. Click on the browse button and locate the firmware you have downloaded from D-Link firmware page earlier
2. Click on the upload button to start flashing the device. Follow the instruction on screen as seen in the image below. When it is done, reset the device by power cycling it. It will be running the D-Link firmware after rebooting

Flashing process

After the flashing process. Remove the power from the DIR-300. Wait for 30 seconds before proceeding to the next section.

Doing the final touching up

1. Ensure that the DIR-300 is not powered on
2. Hold on to the reset button and power DIR-300 on
3. Hold on to the reset button for about 30 seconds while DIR-300 is booting
4. Telnet to 192.168.20.81 on port 9000
5. You should be greeted by RedBoot>
6. Follow the following commands

RedBoot> fconfig img_entry_addr 0×80040000
img_entry_addr: Setting to 0×80040000
Update RedBoot non-volatile configuration – continue (y/n)? y
… Erase from 0xbfff0000-0xbfffffff: .
… Program from 0×80036400-0×80046400 at 0xbfff0000: .
RedBoot> fconfig img_flash_addr 0xbfc20000
img_flash_addr: Setting to 0xbfc20000
Update RedBoot non-volatile configuration – continue (y/n)? y
… Erase from 0xbfff0000-0xbfffffff: .
… Program from 0×80036400-0×80046400 at 0xbfff0000: .
RedBoot> fconfig img_length 0x003c0000
img_length: Setting to 0x003c0000
Update RedBoot non-volatile configuration – continue (y/n)? y
… Erase from 0xbfff0000-0xbfffffff: .
… Program from 0×80036400-0×80046400 at 0xbfff0000: .

Power cycle the DIR-300 by powering off and on the DIR-300. Wait for the DIR-300 to power up. Set your system to DHCP and connect to the LAN port of DIR-300. Surf to http://192.168.0.1 and you should be greeted by the admin page.

DIR-300 with restored firmware

Enjoy your restored DIR-300.

Credits to vcn and fluffy@prog.ru for discovering the address for board config partition [forum thread] - source

Posted in: