How to unbrick / restore factory firmware on Buffalo WHR-600D using the TTL serial port.
***On next posts you can find also the procedure WITHOUT THE TTL serial connection (17dec2014)***
(WHR-600D factory firmware looks that isn't encrypted)

Procedure rev.1 27nov2014

- Download original factory firmware (for example "whr600d-160").
- Open it with hex editor (I used frhed 1.6.0).
- Delete the first 52 bytes (is the header). After that you'll see that the file will start with this bytes sequence "27 05 19 56".
- Save the edited firmware in the TFTP server folder with a new name (for example "firmware_WHR-600D.ram").
- Set static IP on PC side (like 192.168.11.168) and run TFTP server on that IP.
- Now we are ready to flash the router using the TFTP server and serial terminal.
- Check that the router is off with the mode switch set to "Auto" position, the serial port connected with baud rate 57600, network cable connected.
- From serial terminal, immediately after power on the router, press "2" (is the U-boot option "Load system code then write to Flash via TFTP").
- Then you can read the output text to interact with the upload procedure.
- When the flashing will be completed the router will reboot itself, all leds will come on.
- Set automatic IP on PC side.
- When the power led will stop to blink it's possible to access to the router web interface (192.168.11.1).
- User=admin - password=password
- If everything gone right you should see the factory firmware running.

DONE!

- Now from the web interface is possible also to flash the original "WHR-600D professional firmware (dd-wrt based)"

- If someone want to directly restore the DD-WRT (not pro) using the U-boot (option "2") must use "firmware.uimage" rev.24461 (DD-WRT Path: Downloads›betas›2014›06-23-2014-r24461›buffalo_whr_600d). In this case DO NOT need to edit the firmware file with hex editor.

I hope that this procedure will help you to unbrick and/or restore the desired firmware.


Last edited by jspace on Wed Dec 17, 2014 15:33; edited 2 times in total