Never Ending Security

It starts all here

Fixing bricked router after flashing from DD-WRT to Tomato firmware

If you where running DD-WRT on your router, and you uploaded a Tomato firmware from the firmware upgrade tab from the router login page in your webbrowser.

If the NVRAM not complete erased before flashing your device can get bricked.
The firmware update process will finish without a problem, but after rebooting the router you can’t login to it, Not from the login page in your browser and also not with telnet.

This is because the DD-WRT password is still in the NVRAM, and DD-WRT uses encrypted passwords to store them in the NVRAM and Tomato doesn’t. So tomato can decrypt the passwords.

We will activate a hidden backdoor in tomato, so we can telnet into the router without any verification. When we are connected with telnet, we have to erase the NVRAM so that the password will be reset to the standard Tomato setting (login: admin, password: admin)

To do this process, follow the next steps:
1) run router and wait 2-3 minutes so it’s started completely
2) push and hold wifi on/off button for 25 secs – this will enable a “backdoor” access to the router.
3) use putty and connect via telnet on port 233 and log in to router without password, by using the command: telnet 233
4) run command: mtd-erase -d nvram
5) wait for the output: “nvram successfully erased.” and type: “reboot”
6) After rebooting the router, point your browser to
7) And log in with username: “admin”, and use the password: “admin” (without the ” ” signs)

That’s it, and now you should be good to and being able to log in to router again.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s