We need information for debrick this device with JTAG pinout, if you know how to repair full-brick, help us !

→generic.flashing

Only suitably encrypted images may be flashed from the web interface in the stock Buffalo firmware. It is therefore not possible to install OpenWRT in this way. There are two alternatives:

DD-WRT have a licensing agreement with Buffalo, and can therefore provide encrypted firmware images. So it is possible to proceed as follows:

• Flash the DD-WRT image from the web interface of the stock Buffalo firmware. (Be careful to choose the right image file, ie the one for an initial install, not the one for upgrading from a previous version of DD-WRT.)

• Get on-line. See DD-WRT documentation for this.

• telnet into DD-WRT, then download and flash the OpenWRT image file:

cd /tmp
wget http://downloads.openwrt.org/attitude_adjustment/12.09/lantiq/ar9/openwrt-lantiq-ar9-WBMR-squashfs.image
mtd -r write openwrt-lantiq-ar9-WBMR-squashfs.image linux

Can someone confirm that this works?

I found this to work but do not try to revert to DD-WRT using mtd or you may have to debrick (see https://forum.openwrt.org/viewtopic.php?id=43954). Note that getting back to DD-WRT may not be possible so be sure you want OpenWrt.

It does not appear to be possible to flash OpenWRT from the DD-WRT web interface.

• Use TFTP to boot a ramdisk image of OpenWRT. See below for a detailed description of how to do this: how to recover from bricking .

• Set password to enable ssh.

• Download the OpenWRT image you wish to flash and copy it to the /tmp directory on the router using scp.

• Use sysupgrade to flash the image.

Although the WBMR-HP-G300H is supported in Attitude Adjustment 12.9 (the current stable release), the pre-compiled image is fairly basic (ADSL annex B only, no wifi, no LUCI, no LEDs etc.).

Precompiled image contains ADSL annex B only (for ISDN lines). For POTS (old-fashioned telephone line), you need annex A. Remove kmod-ltq-dsl-firmware-b-ar9 and install kmod-ltq-dsl-firmware-a-ar9 instead.

Add suitable configuration in /etc/network/config :

• PPPoA example: PPPoA ADSL internet connection

• PPPoE example:

config adsl-device 'adsl'
	option fwannex 'a'
	option annex 'a2p'

config atm-bridge 'atm'
	option vpi '8'
	option vci '35'
	option encaps 'llc'
	option payload 'bridged'
	option unit '0'

config interface 'wan'
	option ifname 'nas0'
	option proto 'pppoe'
	option username 'user@isp.net'
	option password 'XXXXXXXXX'

For wifi install kmod-ath9k.

opkg install kmod-ath9k

Install the package luci. Then you need to enable and start uhttpd

opkg install luci
/etc/init.d/uhttpd enable
/etc/init.d/uhttpd start

See below: Wired stations cannot ping each other .

LED configuration must be placed in /etc/config/system. Here is an example:

config led
    option default '0'
    option name 'power'
    option sysfs 'soc:green:power'
    option trigger 'default-on'

config led
    option default '0'
    option name 'power2'
    option sysfs 'soc:red:power'
    option trigger 'none'

config led
    option default '0'
    option name 'wifi'
    option sysfs 'soc:green:wlan'
    option trigger 'phy0tpt'

config led
    option default '0'
    option name 'security'
    option sysfs 'soc:red:security'
    option trigger 'phy0tpt'

config led
    option default '0'
    option name 'dsl'
    option sysfs 'soc:green:adsl'
    option trigger 'netdev'
    option dev 'nas0'
    option mode 'link tx rx'

config led
    option default '0'
    option name 'online'
    option sysfs 'soc:green:internet'
    option trigger 'none'

config led
    option default '0'
    option name 'online2'
    option sysfs 'soc:red:internet'
    option trigger 'netdev'
    option dev 'nas0'
    option mode 'tx rx'

config led
    option default '0'
    option name 'usb'
    option sysfs 'soc:green:usb'
    option trigger 'default-on'

config led
    option default '0'
    option name 'movie'
    option sysfs 'soc:blue:movie'
    option trigger 'timer'
    option delayon '1000'
    option delayoff '1000'

There are some better defaults for the LED's in Barrier Breaker (experimental!) trunk.

Click to zoom

For disassembling the device you need a Torx T8 screwdriver WITH HOLE that is AT LEAST 16mm long (with some preasure Torx T9 works too). A normal torx bit won't fit because the screws are sunk very deep so you won't reach them.

A male-strip is on board to connect your TTL capable serial converter. PIN 1 is marked with a arrow.
Serial port pinout:
PIN 1: VCC +3.3V
PIN 2: GND
PIN 3: TX
PIN 4: RX
Use the following settings: 115200 8N1.

Caution: Be very careful with the serial interface! It is very fragile! Therefore never use the Vcc Pin. I destroyed my Buffalo by applying all four cables (works fine) and then unplug the main power supply. This will destroy the router electrically! So never ever use Vcc aka Pin1!!!

# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00040000 00020000 "uboot"
mtd1: 00020000 00020000 "uboot_environ"
mtd2: 00140000 00020000 "kernel"
mtd3: 01da0000 00020000 "rootfs"
mtd4: 00040000 00020000 "firmware"
mtd5: 00020000 00020000 "user_property"
mtd6: 00020000 00020000 "fwdiag"
mtd7: 00020000 00020000 "boardcfg"
mtd8: 00020000 00020000 "calibration"
mtd9: 01ee0000 00020000 "cmbfirmware"

There seems to be different layouts. My flash layout looks like this (revision dependent?):

# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00040000 00020000 "uboot"
mtd1: 00020000 00020000 "uboot-env"
mtd2: 01f20000 00020000 "linux"
mtd3: 00100000 00020000 "kernel"
mtd4: 01e20000 00020000 "rootfs"
mtd5: 00020000 00020000 "calibration"

JFFS2 builds won't work because of kernel panic at start up (no init found) as of r34578. See bug report #12596 and #12373.

Some models of the WBMR-HP-G300H need the jffs2 builds with 128K blocks. Specially those with erase size "0x0020000". Release >= r34578 works fine. <html><font color=red>Warning: Since at least r34699 there is no support for this router anymore at all.</font></html> See Ticket 12622 The last one that worked for me was r34655. Maybe someone could figure it out what the highest working svn reslease version is.

It is now possible to compile a new trunk version with the following profile:

Target System (Lantiq GPON/XWAY/SVIP) —> Subtarget (XWAY) —> Target Profile (Buffalo WBMR-HP-G300H (A or B) - WBMR)

/etc/init.d/br2684ctl enable

This is a known bug: switch eth0(Atheros AR8316) no traffic between ports possible
Based on the comments from the bug you can try these commands:

swconfig dev eth0 vlan 1 set ports "0 1 2 3 4 5"
swconfig dev eth0 set apply

config switch
	option name	'eth0'
	option reset	'1'

config switch_vlan
	option vlan	'1'
	option device	'eth0'
	option ports	'0 1 2 3 4 5'

From r34871 (more or less) this bug is fixed (VLAN is even possible!)Right know I'm using a r35047 build and it works fine.

The following post https://forum.openwrt.org/viewtopic.php?pid=184969#p184969 reports that in Attitude Adjustment 12.9-rc1 the swconfig commands described above work, but the modification to /etc/config/network does not. The router starts fine, but the wired ports won't respond. Wifi still works if it is enabled. This is still the case in 12.9 final release. The solution to make the configuration permanent is not to change /etc/config/network but instead to add the swconfig commands to /etc/rc.local .

I found in Barrier Breaker r36655 (experimental) the switch and VLAN appears setup by default in LUCI. But I believe it not to be working as attempts to setup a VLAN fail (you may have to debrick) and when issuing '/etc/init.d/network restart' from ssh/telnet the error 'Could not connect to switch' can be observed.

The router bootloader has a tftp client, which will try to connect to 192.168.11.2 and load a file called firmware.ram.

1. Build ramdisk image. These images have uImage in their name, but you can't take the one which you get a during normal build or download. You have to setup a buildroot environment and configure it to build a ramdisk image (make menuconfig –> Target Images –> ramdisk). The uImage file which worked for me was about the same size of a squashfs image (~3.5MB).
TODO It would be helpfull to provide a uImage, but I don't know where to upload one.

Note: If you don't want to build you own ramdisc image here is mine: http://wiki.openwrt.org/_media/toh/buffalo/openwrt-lantiq-ar9-wbmr-uimage.tar00.zip and http://wiki.openwrt.org/_media/toh/buffalo/openwrt-lantiq-ar9-wbmr-uimage.tar01.zip. It is a tar split archive. The .zip extension has no meaning but was nessesarry to get it uploaded to openwrt.orgs wiki archive. To extract the image you have to use the following command:

cat openwrt-lantiq-ar9-wbmr-uimage.tar* | tar xzpvf -

The OpenWRT version of the image is "Attitude Adjustment, r33838". No further packages have been added.

2. Install and start a tftp server. For linux there is a package called tftpd-hpa and on MacOS X TftpServer Version 3.4.1 was used.

2a. For Linux you must not use tftpd-hpa as it does not seem possible to debrick this way. Wireshark shows the server complaining 'must use absolute filename' and the transfer does not start. I found tftpd with the default configuration works fine.

3. Copy openwrt-lantig-ar9-WBMR-uImage as firmware.ram into the root directory of your tftp server (e.g. /srv/tftp or /var/lib/tftp or your current directory depending on your software)

4. Setup your interface. It doesn't matter which port of the router you use. Set your IP to 192.168.11.2/24. It may be nessecary to set your gateway ip to 192.168.11.1 (confirmation needed)

4a. Optional for Linux using tftpd. Confirm the server is available with:

nmap -p 69 192.168.11.2

If running correctly you will see something like:

PORT   STATE  SERVICE
69/tcp closed tftp

Otherwise try restarting inetd:

For Debian Wheezy

root@Hostname:~# /etc/init.d/openbsd-inetd restart

5. Push the AOSS button and power on the router. Keep the AOSS button for about 5 seconds pushed. When the AOSS button is pushed the LED below power will also light up on start. You can verify with wireshark, if everything works as expected. There should be a tftp request from 192.168.11.1 to 192.168.11.2 for a file firmware.ram. Then This file will be transmitted and after that the ip 192.168.11.1 vanishs, because you see your computer asking to whom this ip belongs.

6. Wait. If you have wifi configured in your image you see wifi come up after a while. Another way is to ping 192.168.1.1 or the ip you have configured in your image. You may also do a DHCP request, which will be answered if your router booted fine. My router did not give any signal via LED if it is ready or not. Also during normal operation no LED is on, except for the one in the LAN ports.

7. Flash a working image. Now you have access again, but keep in mind, that this image is not flashed and only runs in ram. Flash a clean image via your preferred way. You can do this with the webinterface or ssh/telnet and sysupgrade.

If PPP discovery is failing:

Sep  8 15:50:01 OpenWrt daemon.warn pppd[2172]: Timeout waiting for PADO packets
Sep  8 15:50:01 OpenWrt daemon.err pppd[2172]: Unable to complete PPPoE Discovery
Sep  8 15:50:01 OpenWrt daemon.info pppd[2172]: Exit.
Sep  8 15:50:01 OpenWrt daemon.notice netifd: Interface 'wan' is now down

To check this execute

opkg list-installed | grep kmod-ltq-dsl-firmware

If the incorrect firmware is loaded, remove it and install the other before trying again.

• OpenWrt Forum Thread on Buffalo WBMR-HP-G300H
• Which image file for WBMR-HP-G300H