I second this. I have my serial voltage converter at the ready. I just need the pinout of the serial connector, and the commands needed to upload and flash the new firmware file. I have an rtp300 with v5.01.04, which does NOT revert to an earlier firmware when reset, and NONE of the previously posted un/pw combinations work in the web interface.

Another question i've got is about the CRYPT_KEY and ADMIN_PWD contained in the output from cat /proc/ticfg/env. The key displayed does not seem to allow me to decrypt either version of my ti001310xxxxxx.xml file (the router tftps two slightly different copies from two different directories), and the password doesn't work for anything in the web interface.

However I could not get my serial console to post anything. If you get this working let me know which jumper is the serial console on the board (J1 with pins or J3 needs soldering?)

said by herrdude :

I followed Velund's instructions on the first page using the ping hack. I had to substitute 0.0.0.0 with 127.0.0.1. I managed to get the message: control state unlocked.

I had read in another post that a quick way to get rid of the vonage provisioning was to use the following command through the ping hack with the following command: dd if=/dev/zero of=/dev/mtd/9. Would this work?

said by boredwild :

Dogface05, can you tell us what you charge to unlock the ACN SPA-2102?

said by jetzhu :

The following method is untested, just an idea:
Possible to change the firmware from 5.01.04 directly to modified 3.1.24 NA which is created by the following steps
»Re: New WRTP54G-NA firmware 3.1.24 released 3-27-07
For RTP300
1. Download the RTP300 3.1.24 firmware from the linksys site (»www.linksys.com/servlet/Satellit···ondetail)
2. use HexEditor change offset 0x17 from 4D to 4C.
3. At offset 0x3B0004, change 85 DA 20 BB to 3B A5 4D DA
For WRTP54G, WRTP54G have different pattern
2. Change HEX offset 0x17 from 4D to 4C
3. Change HEX offset 0x3B0004 from 71 FB 16 5F to CF 84 7B 3E

said by a94cobra :

I tried this on a WRTP54G with the 5.01.04 and was successfull. At first upon reboot the router seems bricked. Computer would not get an IP. Even after power cycle. But after the 10sec reset, it came up and I logged in to see 3.1.24 Voice section is there and reports 3.1.22

said by a94cobra :

I went from 5.01.04 to 3.1.24

Successful.

said by Phoenix2088 :

I have followed jetzhu's instructions and I think I almost got it. However at the last ping hack step
(127.0.0.1 &&sh /var/tmp/rf) I get the following.

wget: number of URLs: 1Trying URL 'tftp://192.168.15.100/von10062.bin'TFTP: opt.output_document is NULL!Retrieve - Success
The router's (WRTP54G) power light does not blink and is still running firmware 5.01.04. If anyone can help me and point out what I might have done wrong it would be greatly appreciated.

Background Info:
Running TFTPD32, AV and Firewall off during ping hack. Firmware is in Program Files/tftp32 directory as well as the rf file. TFTP32 is set to use the previously mentioned directory as root. I have already successfully ping hacked to unlock the console.

said by Phoenix2088 :

It blinks for about 2-3 minutes. If the power continues to blink, try doing a hard reset (paper clip for 10-15 seconds).

said by ogdensburg :

Tried to upgrade the firmware. For some reason,the upgrade failed and now my WRTP54G power light keeps blinking. Anyway to recover it?

said by mazilo :

Otherwise, you will probably need to ask someone to dump the whole Flash using a JTAG cable, modify the S/N and MAC Addresses, then upload to your WRTP54G using aJTAG cable. This may take more than 40 hours using an unbuffered JTAG cable.