Upgrading router firmware using tftp protocol

If you ever wanted to upgrade your router firmware, you could either upload an updated version of the same firmware using the web interface, or you will have to use TFTP in order to switch to a different firmware distribution. Most of the tutorials explaining the process of upgrading your router to OpenWRT or DD-Wrt already assume that you have a working and fully functional tftp client. When I had to upgrade my Buffalo router to OpenWRT, I found out that finding a working tftp client is much more difficult than actually pushing the firmware upgrade.

After trying four different tftp clients, I was able to flash my router using only three of those tools.

  • tftp client - This is a basic tftp package included with most Linux distributions. It worked only on a Debian/Ubuntu system. On Fedora/RPM all of the transfers kept timing out. Here is the sequence of commands
    tftp 192.168.11.1
    binary
    rexmt 1
    timeout 60
    trace
    put openwrt.bin
  • atftp - OpenWRT hosts the unpatched source for this package. Once patches are applied it can be compiled, but the program would fail to connect. When I tried the same package from Ubuntu repos it worked. I told it to retry every second like this: atftp --trace --option "timeout 1" --option "mode octet" --put --local-file openwrt.bin 192.168.11.1, and the transfer started few seconds after connecting the router.
  • curl - This is a very capable suite of tools. I have tied it under both Ubuntu/DEB and Fedora/RPM system. When I started the transfer with curl -v -T openwrt.bin 192.168.11.1 it would not connect. It did not seem to probe the connection beyond the first few seconds. Curl did not turn out to be useful for tftp transfers.
  • tftp-hpa - I succeeded flashing my router using this tool under Ubuntu. The sequence of commands is exactly the same as for regular tftp. I was able to compile the same package on Fedora, but the tool failed to connect to my router.

    • In order to get the file transfer to go through, I had to try three different network configurations. Only two were successful.

  • Direct connection - Having one lan cable connected directly between router and my PC. This configuration never worked. The lan interface has to be up and the tftp app has to be continually probing for connection before the router boots.
  • Router connection - Attaching another spare lan router between PC and the router we are flashing. This configuration worked perfectly fine if you have the right tftp client.
  • VirtualBox connection - In this configuration we start a VirtualBox client with a bridged lan connection. We connect our router directly to a PC via a lan cable. For a VirtualBox client the lan interface is always up, so we proceed to flash the router from within VB client. This configuration worked well for me.

    • In order to push firmware using tftp method I had to follow a few simple principles. First, I had to assign a fixed IP to my main PC, that has the same netmask as the router IP. This is most commonly achieved with the following command: ifconfig eth0 192.168.11.10 netmask 255.255.255.0. Then I needed to set an ARP cache entry for my routers MAC like this: arp -s 192.168.11.1 02:AA:BB:CC:DD:1A. At this point I would start the transfer. Once you see tftp client probing for connection, plug-in your router into a power source. Transfer should start in a few seconds. A successful transfer will terminate with a block that is less than 512 bytes.

    Back to main index