CG814WG v2 XML

This forum discuss about how to JTAG different devices.
Post Reply
geoneo111
Junior Member
Posts: 17
Joined: Thu Sep 25, 2014 12:44 pm

CG814WG v2 XML

Post by geoneo111 »

Can someone be kind enough to post the correct XML file for the Netgear CG814WG v2 for USB JTAG NT?
Carlito's way
Junior Member
Posts: 34
Joined: Mon Sep 21, 2015 10:11 am

Post by Carlito's way »

<Test>
<Name>CG814WGV28M</Name>
<Cat>Modem</Cat>
<Protocol>EJTAG</Protocol>
<Endian>Big</Endian>
<IRLength>5</IRLength>
<DMA>Yes</DMA>
<ProbTrap>1</ProbTrap>
<Programram>0x80400000</Programram>
<Memorys>
<Memory>
<Name>RAM</Name>
<Type>0</Type>
<Address>0x80000000</Address>
<Size>0x1000000</Size>
</Memory>
<Memory>
<Name>BOOT</Name>
<Type>1</Type>
<Address>0x9F400000</Address>
<Size>0x20000</Size>
</Memory>
<Memory>
<Name>FIRM0</Name>
<Type>1</Type>
<Address>0x9F420000</Address>
<Size>0x3C0000</Size>
</Memory>
<Memory>
<Name>CFG</Name>
<Type>1</Type>
<Address>0x9F7E0000</Address>
<Size>0x20000</Size>
</Memory>
<Memory>
<Name>FIRM1</Name>
<Type>1</Type>
<Address>0x9F800000</Address>
<Size>0x3E0000</Size>
</Memory>
<Memory>
<Name>LOG</Name>
<Type>1</Type>
<Address>0x9FBE0000</Address>
<Size>0x20000</Size>
</Memory>
</Memorys>
<Inits>
<Init>
<Address>0xFFFE0224</Address>
<Value>0x0</Value>
</Init>
<Init>
<Address>0xFFFE2300</Address>
<Value>0x1A</Value>
</Init>
<Init>
<Address>0xFFFE2304</Address>
<Value>0x0</Value>
</Init>
<Init>
<Address>0xFFFE2308</Address>
<Value>0x8040</Value>
</Init>
<Init>
<Address>0xFFFE230C</Address>
<Value>0x3</Value>
</Init>
<Init>
<Address>0xFFFE2310</Address>
<Value>0x4824</Value>
</Init>
</Inits>
</Test>
Carlito's way
Junior Member
Posts: 34
Joined: Mon Sep 21, 2015 10:11 am

Post by Carlito's way »

This one is a bit old but should work
geoneo111
Junior Member
Posts: 17
Joined: Thu Sep 25, 2014 12:44 pm

Post by geoneo111 »

Thanks Carlito. This is the same one I used. For some reason it doesn't work for me.
usbbdm
Junior Member
Posts: 8962
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm »

When you said "Does not work", you need to be more specific. Better description can get better help.
A screen capture or even video might be better explain what is "not working".
geoneo111
Junior Member
Posts: 17
Joined: Thu Sep 25, 2014 12:44 pm

Post by geoneo111 »

I tried to flash my stock file back to it but it didn't take it. I've used USB JTAG NT before with SB6121 & SB5101, etc. so I'm familiar with flashing back to stock. It tries to erase first and gets stuck. Then I tried just writing it with the sprogram command. It then writes but verifies fail and I wind up with a bricked CG814WGv2.

Usbbdm, do you verify that this is the correct XML file for this modem?
usbbdm
Junior Member
Posts: 8962
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm »

geoneo111 wrote:I tried to flash my stock file back to it but it didn't take it. I've used USB JTAG NT before with SB6121 & SB5101, etc. so I'm familiar with flashing back to stock. It tries to erase first and gets stuck. Then I tried just writing it with the sprogram command. It then writes but verifies fail and I wind up with a bricked CG814WGv2.

Usbbdm, do you verify that this is the correct XML file for this modem?
I can not verify the xml. The difference could be the init sequence.
geoneo111
Junior Member
Posts: 17
Joined: Thu Sep 25, 2014 12:44 pm

Back Up

Post by geoneo111 »

I originally got the back up from 9fc00000 800000 using JTAG utility but the XML file in USB Jtag NT gets it from 9f400000 800000.
Question: What is the correct way to get the stock from this device?
usbbdm
Junior Member
Posts: 8962
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm »

When boot, the CPU jumps to BFC00000 (9fc00000), however there is only 4MB left, thus it needs to remap to another address. If your device is bricked then BFC00000 is the one you need to read to get the boot, after that you need to find out where the boot is mapped to.

So it is hard to tell where it is mapped to unless we read and do some analyze and then a better XML can be made. Also the init sequence could be wrong (someone copied sb51xx's init sequence, unless it uses the same CPU).
geoneo111
Junior Member
Posts: 17
Joined: Thu Sep 25, 2014 12:44 pm

Post by geoneo111 »

So, I'm, trying to do an XML from scratch. I located the device information from the flash and only see 0 as the starting point (Device Offset). Question: Is it necessary to have the start address as 9FC00000? Where does that even come from?
usbbdm
Junior Member
Posts: 8962
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm »

geoneo111 wrote:So, I'm, trying to do an XML from scratch. I located the device information from the flash and only see 0 as the starting point (Device Offset). Question: Is it necessary to have the start address as 9FC00000? Where does that even come from?
It depends, if the data is boot block, then it is at 9fc00000.
geoneo111
Junior Member
Posts: 17
Joined: Thu Sep 25, 2014 12:44 pm

Post by geoneo111 »

usbbdm wrote:It depends, if the data is boot block, then it is at 9fc00000.
The data begins with Image2 not the boot block. Boot loader is in the middle. I saw the revised XML file start with 94C00000. (This is the 8MB xml file that doesn't work.) Why would it start at 94C00000? Should I use this as well for the one I'm creating.
usbbdm
Junior Member
Posts: 8962
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm »

geoneo111 wrote:The data begins with Image2 not the boot block. Boot loader is in the middle. I saw the revised XML file start with 94C00000. (This is the 8MB xml file that doesn't work.) Why would it start at 94C00000? Should I use this as well for the one I'm creating.
Then it is OK not to start from 9fc00000.
If the device is bricked then you might need an XML to be able to access 9fc00000 and program the boot only. That is another topic.
geoneo111
Junior Member
Posts: 17
Joined: Thu Sep 25, 2014 12:44 pm

Post by geoneo111 »

My device is not bricked right now. I just want to be able to flash stock and flash firmware to it with USB JTAG NT.
So what I'm gathering from this conversation is that all boot blocks should start at 9FC00000? Is that correct? So this is a must in creating an XML? Have the boot block address start with 9FC00000?
usbbdm
Junior Member
Posts: 8962
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm »

geoneo111 wrote:My device is not bricked right now. I just want to be able to flash stock and flash firmware to it with USB JTAG NT.
So what I'm gathering from this conversation is that all boot blocks should start at 9FC00000? Is that correct? So this is a must in creating an XML? Have the boot block address start with 9FC00000?
Not really, sometime it remaps.
Just read entire 8M flash and send me your file and XML so I can take a look if it is right.
For some routers, the XML I created had no overlap on 9fc00000 and it still works.
However for your firmware to be able to program properly, make sure it puts to the right location of the flash.
Post Reply

Who is online

Users browsing this forum: No registered users and 10 guests