GitHub



Netgear R6400v2 (R6700v3) Guide

Introduction

This is a work in progress so your remarks, contributions and amendments are more than welcome.

The Netgear R6400v2 is the successor of the R6400v1, software is however not compatible, although the routers share a lot of components.

So take note of the version.:

The v1 has simply "Model: R6400" on its label on the underside of the router and the v2 has: "Model: R6400v2" . It should also be noted on the outside of the box.

The v2 started appearing at the beginning of 2017.

The v2 has an updated CPU it now has a Broadcom BCM4708C0 (1 GHz, 2 ARM A9 cores) a step up from the 800 Mhz of the v1. Others specs are the same as the v1, 128 MB flash, 256 MB Ram and same radio's.

For details see:

The Netgear R6700v3 is almost identical, the FCC id is identical as is the Netgear stock firmware, BUT the boardid is different and it has detachable antennas. So you could use this guide for the R6700v3 too.

Open the package install the router and attach a wired client to the router, internet access is not necessary. Follow initial installation instructions: set username and password.

Do not update the Netgear firmware, newer firmwares have a habit of restricting access or block third party software installation.

Backup stock firmware

Backing up stock firmware and board data is a precautionary measure, and under normal circumstances and with mature DDWRT software it should not be necessary, So if you plan to keep using DDWRT and do not tinker with other firmwares (Shibby/tomato, Tahagata Das etc.) then you might consider skipping this step.

Users of the R6400v2 should get their boardid (see 3a), as at this moment the boardid is necessary for the first flash (Kong is working on a unified first flash file for the R6400v2).

Backup by using built in backup is only somewhat useful as it actually only backups your settings, but can be done anyhow, (Netgear GUI: ADVANCED/Administration/Backup Settings).

Further backup methods can only be done through the Command Line Interface (CLI).

So you need a program like telnet which is standard on most Windows clients or download a more versatile program like putty (recommended).

1. If you intend to go back to stock and have the router in a difficult to access place, write down the serial number on the bottom of the router, you might need it.

2. Download and install:

3. Unfortunately the CLI is not enabled by default on Netgear routers so the next step is to Enable the CLI:

a. Easy method on older firmware 1.0.2.52 and below is to go to the debug page: (change ip address according to IP address of router)

There is a check box with "enable telnet", just tick it and you are good to go. This has to be repeated before every session.

b. On firmware 1.0.2.60 and above the enable telnet option is no longer available so you have to use a little utility called telnetenable.exe

There are several, for some reading see:



I use tne, see:

Documentation is there, basically open a Dos command prompt, change directory to where the nte.exe is located and execute with:

nte m=50:6b:03:e9:ad:86 n=192.168.1.1 u=admin p=password

m= MAC address of the router which is on the box or on the underside of the router or when you go the the GUI of the router in Advanced/Router information.

n= IP address of the router

u= username you entered when configuring the router

p= password you entered when setting up the router.

(After reboot you have to do this again, you can make a batch file so that you do not have to type it in every time)

When you executed nte with the right parameters, you should see :

nte: Received ACK message.

Telnet access should be enabled, So telnet to your router and login with the username (contrary to DDWRT where the username is always root, you have to use the real username) and password, and you should see the prompt: #

4. Back up NVRAM parameters and Netgear burn* parameters and save output by copy/paste:

a. nvram show | grep board, this will also get you the boardid, at this moment there are two boardid’s known for the R6400v2: U12H332T20_NETGEAR and U12H332T30_NETGEAR.

The R6700v3 always has a boardid of U12H332T77_NETGEAR as far as we know now.

The boardid is important for the first flash (R6400v2 only), you should get it and write it down.

b. nvram show | grep phy

c. Netgear stock has built in commands to view and change important board parameters, by only typing the commands without anything you can view them but be careful if you type the commands with something behind you are changing the parameters (can be useful to restore). The commands can be found in /sbin:

cd /sbin

ls burn*

The number of available commands differ by version, the most important are burnboardid to view or check the burnboardid and burnethermac. Commands are self-explanatory, execute commands without anything and copy and paste output

d. Sometimes useful can be to copy and paste the output of dmesg

e. If you are planning to tinker with different firmwares like DDWRT, Shibby Tomato, stock etc. then it is useful to backup your partitions, start with the following command to view all your partitions: cat /proc/mtd and copy and paste the output

f. To copy the partitions, you need to enable USB on the Netgear Stock firmware.

Netgear does not have the dd command which is available in DDWRT, instead you can use: cat /dev/mtd4 > /tmp/shares/S_Drive/mtd4_boarddata.bin , which copies the fifth partition with boarddata. The most important to backup are the boot and boarddata partition, but while you are at it copy them all (

When you want to backup a partition from DDWRT, you can use the built in command for copying partitions: dd if=/dev/mtd0 of=/opt/mtd0_boot.bin , this copies the first boot partition to a file called mtd0_boot.bin in the /opt directory (which must be on a USB stick).

Installing DDWRT

Netgear has made a mess of the boardid’s, The R6400v2 can be misidentified as R7000P and that will ruin your 5GHz radio:

So we are interested in the boardid of your R6400v2 (and when and where you bought it and where it is manufactured).

See the BACKUP section of this guide to get your boardid, please post your boardid’s in the accompanying thread or PM me (send a Personal Mail).

There are firmware builds available for the R6400v2 and R6700v3 from two different developers: Kong and Brainslayer (BS).

Builds from both developers do however share the same code base (repository): , and both developers contribute to the code base although Brainslayer (BS) does the general maintenance and update of the code base.

So the differences are minor. Most important is that Kong only supports a fraction of available routers, see: (for supported ARM models see: ) and that gives him the ability to test his builds on his supported routers, Kong also has a regular and a test build, and he has an update utility for easy update with telnet. For more details see:

Kong’s firmware for the R6400v2 and R6700v3 can be found at: for his regular build, the TEST build is in the TEST directory.

Important use only builds with build number 36840 dated 3 sept 2018 or later (currently only found in the TEST directory).

BS’s builds can be found at: or if FTP is not available at look under BETAS).

Files are under Netgear R6400v2 directory, and for R6700v3 under Netgear R6700v3

Important use only builds with build number 36995 dated 19 sept 2018 or later

Recent reports indicate that Netgear is checking the actual build number and does not let you downgrade.

As DDWRT has no build numbers set into the files, it is possible that you can not upgrade to DDWRT.

If you run into this situation you can contact me for a possible solution or modify the header of the .chk file to include a higher build number.

see:

.





First Flash

1. Some browser have problems with DDWRT GUI, I use good old Internet Explorer, clear browser cache as a first step.

2. Get Stock Netgear file your router (in case you have to go back): ( )

3. Get DDWRT file. For a first flash coming from stock you need a file ending with .chk. Subsequent flashing can be done with files ending on .bin.

For Kong files these can be found at:

For the R6400 v2 with boardid of U12H332T20_NETGEAR use the dd-wrt.K3_R6400V2.chk

For the R6400 v2 with boardid of U12H332T30_NETGEAR use the dd-wrt.K3_R6400V2OTP.chk.

For the R6700v3 with boardid of U12H332T77_NETGEAR use dd-wrt.K3_R6700V3.chk

For BS files go to the respective directories and load the .chk files

4. Use a wired client attached to your router, set this client to 192.168.1.10 net mask 255.255.255.0.

Depending on your setup you have to leave your client at DHCP (see step 5)

5. Login to your router at 192.168.1.1. If you can not login go back to step 4 and leave your client to Automatically obtain IP address (DHCP).

6. reset to defaults via the Netgear stock GUI (ADVANCED/Administration/Backup Settings/Revert to factory default settings), click Erase, the router will reboot.

7. Login to the Netgear GUI at 192.168.1.1 and step through the first setup (it can take a while), choose manual configuration.

8. Upload DDWRT .chk file via the GUI (ADVANCED/Administration/Router update), browse to where you downloaded the DDWRT file and click Upload.

The router will reboot

9. After the reboot, point your browser to 192.168.1.1. and you should be greeted by a DDWRT login page asking to change username and password, set according to your wishes and click Change Password

10. Reboot router (it appears that you will not get access to the CLI without reboot)

11. Do a thorough cleaning of all remnants of the stock by using the CLI (telnet, putty) (remember username for CLI is always root) and do :

nvram erase

reboot

Instead you can choose to reset to defaults but that does not do the same, the MAC addresses of the wireless are slightly different (could be advantageous when using a VAP, something to research in the future)

12. The router will reboot, login in with your web browser at 192.168.1.1 and you will be asked for username and password. Fill this in and click change password

13. Set up the router according to your wishes and reboot

14. Do not forget to set your client back to automatic DHCP

15. Post your findings in the appropriate build thread (e.g.: )

Second/Subsequent Flashes

Once dd-wrt is installed, you can flash the appropriate .bin files

For Kong’s builds use the build in ddup command from the CLI (command line interface with putty or telnet), do ddup –h to see all possibilities. To get the latest test build: ddup --flash-latest.

Check that the file dd-wrt.v24-K3_AC_ARM_STD_128K.bin is uploaded.

If you want to use the GUI to update use the dd-wrt.v24-K3_AC_ARM_STD_128K.bin. This file is for R6400(v1), R6400v2, R6400v2OTP and R6700v3.

For Brainslayer builds use the .bin files from the respective directories.

Going back from DDWRT to Stock Firmware

1. Use Internet Explorer, clear browser cache

2. Reset router to defaults using the GUI (Administration/Factory defaults)

3. As DDWRT checks the boardid and stock Netgear Firmware does not have the right boardid you have to modify the header of the stock Netgear firmware.

I have attached stock Netgear firmwares for the R6400v2 with a boardid of U12H332T30_NETGEAR and U12H332T20_NETGEAR and for a R6700v3 with boardid of U12H332T77_NETGEAR to be used for flashing back to stock and also with TFTP.

I have successfully flashed back with this file but use at your own risk !.

Starting with build 36840, you can use a regular stock file to go back, because a file with boardid of U12H332T00_NETGEAR is also accepted (that is the header of stock files).

But When using TFTP you still need to use the modified files with the right boardid as Netgears’s CFE seems to check the boardid.

4. Upload the modified Netgear stock firmware appropriate for your Router with the appropriate boardid via the GUI (Administration/Firmware Upgrade) do not reset to defaults (do that later).

This will take some time because Netgear genie tries to perform its magic so be patient get a drink.

My username was garbled to : $1$0G1pNEzx$4gCPCpGm1.td4C6bmyqADO.

After 3 times wrong user/password the Netgear password recovery procedure kicks in, It will ask for the Serial number on the bottom of the router and you have to answer the two security question.

Then the garbled username becomes visible, copy that and use that username and the password to login.

Sometimes Netgear Stock firmware has a problem with static IP on the client, so if you can not reach your router at 192.168.1.1 you might try to set the client to Automatically obtain IP address (DHCP) and/or power cycle the router

5. Reset to defaults (ADVANCED/Administration/Backup Settings/Revert to factory default settings), click Erase, the router will reboot, the username will now be admin again.

6. When on Netgear firmware, login and reset to defaults via the GUI (be patient it can take a while)

Recovery

Recovery including serial debricking is discussed in @m0eb@’s Guide to unbricking the Netgear R 6400 which can be found in the second post of this thread: Netgear R6400 v2 Install Guide.

For TFTP you need a stock firmware with an adapted header, adapted to your boardid (see paragraph about Going back from DDWRT to Stock Firmware). This is necessary because TFTP and CFE checks the boardid.

If you want to TFTP DDWRT use the .chk files from Kong:

For the R6400 v2 with boardid of U12H332T20_NETGEAR use the dd-wrt.K3_R6400V2.chk

For the R6400 v2 with boardid of U12H332T30_NETGEAR use the dd-wrt.K3_R6400V2OTP.chk.

For the R6700v3 with boardid of U12H332T77_NETGEAR use dd-wrt.K3_R6700V3.chk

Recovery by TFTP

See: and

To TFTP when not bricked, power-up holding the reset button to TFTP:

1. Set a static IP (e.g. IP address 192.168.1.9, subnet mask 255.255,255.0, default gateway 192.168.1.1)

2. In a TFTP client, use 192.168.1.1 as server, password blank, select above DD or OEM Netgear firmware

3. Don't start TFTP yet...open a cmd window, run `ping -t 192.168.1.1` (for Windows; no '-t' for linux)

4. Press and hold the reset button and power up the router. Start the TFTP when ping replies with TTL

o The thread says to look for TTL=100, but this has also worked when TTL=64 is seen

5. It should push the firmware, then wait and watch the lights and the pings, ne patient it can take a while

6. After a reboots, access the router on 192.168.1.1, be sure to detach the router from the network otherwise the router will search for another IP address, if you can not login then set your client to Automatically obtain IP address (DHCP) instead of the static IP in step 1.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download