What's “flashing firmware” Anyway?

In short, flashing is installing new firmware. On a device like a router, firmware is most of the basic programming code which runs most of the major functions on the device. This is similar to the installed operating system and programs on a PC. Similar to a PC, firmware updates are released to fix bugs, add new features, and increase security. The device can usually run without updates in a fairly stable way. However, you should understand the risks this may involve for your network.

Firmware is “firm” because we don't apply changes or updates nearly so often. It's a bigger event to flash firmware than it is to to update software. This is because the Flash RAM memory which stores router firmware isn't designed to be written to frequently. As well, more things can go wrong during firmware flashing.

Flashing firmware is usually done to fix bugs, improve stability or add new features to the device. In the case of FreshTomato, the firmware often adds all of the above when compared with the vendor's “stock” (original) firmware.

On routers, firmware is stored in a type of non-volatile memory called Flash RAM. The contents of non-volatile memory such as Flash RAM remain after reboots or when the device is turned off. If they were erased, the device would not function. On routers, firmware is replaced or updated by uploading the entire image of the operating system installation and its programs to an EEPROM (electrically erasable and writable) chip.

Again, this is vaguely similar to reformatting and reinstalling the entire operating system on a PC. However, during the firmware flashing process, files are not copied one at a time onto a filesystem. Instead, one single image file of the entire installation is copied to Flash RAM, a small portion at a time. This is similar to using a drive imaging program such as Acronis TrueImage for Windows, or Time Machine for the Macintosh.

What's an Image?

We refer to the files used to flash FreshTomato as “image” files, because they are mirror images of the entire installation of the operating system programs. The flashing simply copies the entire image file to the router's Flash RAM.

A build is one compilation of firmware.

Each build is:

• Based on a certain FreshTomato release (e.g. 2021.7)
• Intended for a certain hardware (e.g. Asus RT-AC68P)
• Includes a certain set of features (e.g. “AIO” or “All-In-One” build or a MiniIPV6 build)

The features included depend on the router's hardware and on which build/version is flashed. See the Feature matrix page for details on which features are included in each build).

Make sure to carefully choose a FreshTomato build appropriate for your hardware model. Choosing the wrong build/version could brick your router if it's not appropriate for your hardware. (See bricking section below).

When choosing a build, you need to make note of:

• The router/AP model
• The hardware's revision/version number
• The amount of Flash RAM in your hardware
• The feature set you want, that will fit in that amount of Flash RAM.

Some hardware models have two or more hardware versions/revisions. Some of these may contain different chipsets than others. Flashing the firmware to the “same” model hardware, but wrong version or revision could brick your hardware.

For some models, Flash RAM is limited, so it’s also important you choose a build that takes up less storage space than is available. Otherwise, you could run out of Flash RAM and your hardware could be bricked. For help choosing a build that's appropriate for your hardware, see the Hardware compatibility wiki page. For more guidance on how to choose a build, see the How Do I Choose a Build? section on the FAQ page. If you're still unsure after you've read both those pages, we recommend you ask for advice on the Tomato forum.

“Bricking” mean making your router completely non-functional after a failed flash. It's called bricking because the hardware would then only be useful as a brick, but not as a router. In this condition, It sometimes can't be fixed without electronics or soldering knowledge.

Here are some rules for successful firmware flashing:

• Never interrupt a firmware flash until it's completely finished. Be patient.
• Never turn off the router/device while the update is being flashed.
• Never reboot your PC until a flash has completed.
• Never disconnect the network connection with the router until
  the flash is completed.
• Never cancel/pause/stop the software on the PC you're using
  to do the firmware update.

Doing any of the these can result in a partial update. This may leave the firmware corrupted, which can damage how the device works or even “brick it”, making it useless. See the “Can I Recover from a Bad Flash?” section below to learn more about unbricking your router.

Can I Recover from a Bad Firmware Flash?

Yes, quite often, but not always. This depends on factors, including:

1. What went wrong
2. At what stage in the flashing process it went wrong, and sometimes even;
3. Which brand of hardware you tried to flash.

Once you're sure the router won't boot/work properly, follow these steps, in order:

1. At least twice, follow the steps to hardware reset your router to factory defaults.
   This usually involves a physical reset button on the case.
   Sometimes, incorrect settings can be “sticky” in NVRAM
   from previous firmware and need resetting for the router to work properly.
2. On Netgear hardware, try using the third-party nmrpflash utility program.
   This unbrick program has saved many Netgear routers from the garbage.
   https://github.com/jclehner/nmrpflash
3. Use the Tomato forum's Search box to get advice on unbricking your model.
   Often, other users know other tricks to get your model working.
4. If all else fails, you may want to try opening your router and checking for a
   serial interface. This is usually a small group of 3-8 pins or pads on the
   main circuit board to which you connect a USB–>serial interface converter.
   If your router has one, check in the forum or Google for instructions.

NVRAM is the part of non-volatile memory where settings and parameters are stored.

FreshTomato can sometimes retain some NVRAM variables (settings) even after you flash a new firmware image. Therefore, it's very important to erase NVRAM before flashing. Doing so ensures all variables from existing firmware are erased before flashing begins. Erasing NVRAM before flashing is an important step that should NEVER be skipped.

A “dirty flash” is one performed without thoroughly wiping NVRAM before/after flashing. It often leads to strange, unexplained symptoms, like web interface pages that don't display properly, “missing” menu items, and just generally buggy or unstable operation. No matter how tempted you are to “save time”, please don't do a dirty flash. You'll likely waste time with strange symptoms and regret it.

There are several methods used to flash firmware on modern routers.

The method you use depends on several things:

• The brand/model/revision of your hardware.
• The age of your hardware.
• Whether the vendor allows that hardware to be flashed from the
  firmware it came with.
• Which firmware you're trying to flash: stock (vendor), or FreshTomato.

For Asus hardware, several methods/tools are available for firmware flashing.

In general, if your (FreshTomato-supported) Asus hardware has FreshTomato or another Tomato fork installed, such as Shibby or Toastman, you can upgrade straight to FreshTomato using the Upgrade menu.

This flashing method is only possible for builds of release 2022.3 and later. In this example, we will flash an RT-AC68U model.

Here are the steps to follow:

1. Login to the router's Web interface
   
   
2. Under Advanced Settings, go to LAN.
   
   
3. Click on the “DHCP Server” tab.
   
   
4. Disable DHCP. Beside “Enable the DHCP Server” select No, and click Apply.
   
   Performing this step may make your client device disconnect from the router interface
   
   and require you to set a manual address to reconnect. Disabling DHCP server may be unnecessary.
   
   
   
   
   
   
5. Under Advanced Settings, go to Administration.
   
   
   
   
   
   
6. Click on the Firmware Upgrade tab.
   
   
7. Click Browse… and go select the appropriate FreshTomato image file for your router.
   
   
   
   
   
   
8. After selecting the appropriate image file to flash, click Upload.
   
   
9. You should now see a white progress indicator, with text: “Firmware is upgrading…”
   
   
   
   Wait until the upgrade process is 100% complete. Do NOT interrupt the process.
   
   
   
   
10. When the upgrade completes, reboot the router by turning it off and on again.
    
    
11. Reset the router to defaults by pressing the Reset button on the rear for at least 3 seconds.
    
    
    
    
12. The router erases NVRAM and reboots again. It should now be ready configuration/use.

• SDK6 MIPS & ARM Models (like the Asus RT-N18U or RT-AC68U):
  Since release 2022.3, you can upgrade from AsusWRT to FreshTomato
  or vice versa via the web interface.
• SDK7 routers (like RT-AC3200) and SDK714 routers such as
  the Asus RT-AC5300, RT-AC3100: Since release 2022.6, these models
  support upgrades via the web interface.
• Asus RT-AC1900U upgrades may require FreshTomato firmware for
  the Asus RT-AC68U.

Asus provides a Windows program called Firmware Restoration. This tool is used to flash firmware or recover from a failed firmware flash. After you put the router in Rescue Mode, the Restoration tool finds the router's IP address and lets you flash firmware to it. Rescue Mode is a mode in which the router won't do anything except receive a firmware update.

For Asus models built in 2014 and earlier, the Firmware Restoration tool works fine. However, on most Asus models after 2014, Firmware Restoration won't let you flash third-party firmware like FreshTomato. If you try this on newer hardware, the program will simply throw an error saying it's not possible. The reasons indirectly relate to a 2015 decision made by the US FCC (Federal Communications Commission) about changes to wireless features in third-party firmware.

For details, see the section below titled: FCC Regulation Change Affecting Wireless Routers.

To flash using the Firmware Restoration utility:

1. Ensure you have only an Ethernet connection between your PC and router.
   Disconnect all other Ethernet cables from the router-they can cause problems.
   Some people have flashed via WiFi, but for maximum stability, flash only via Ethernet.
   Never attempt to flash via a WAN connection. It's risky.
   
   
2. Download and install Asus Firmware Restoration from the website:
   1. In the Support section of Asus' website, find your router/hardware model.
   2. Click “Software and Utility” and specify your Windows version.
      (Windows 11 users may have to choose Windows 10 for the program).
   3. Find/download the latest version of the utility.
   4. Install the Firmware Restoration program.
      
      
3. Download the appropriate FreshTomato image file:
   1. Download an appropriate FreshTomato image file for your router.
      If you've read the Basic Concepts above, see the FAQ for the file name
      convention for builds.
      See the Hardware Compatibility wiki page for help choosing
      an appropriate image file for your hardware.
      If you're still not sure after reading those, ask for help on
      the Tomato forum: Tomato Forum
   2. Download the latest Asus firmware for your router so that if the
      FreshTomato flash fails, you can flash back to Asus firmware.
      
      Remember, with no working router, you might be unable to download
      firmware on your network until it's working again.
      
      
4. Clear the NVRAM:
   1. Clear NVRAM by restoring factory defaults in the Asus interface.
      This resets settings to defaults and ensures
      there's enough memory to perform a flash. The process of clearing NVRAM
      varies, depending on your model.
      To wipe NVRAM settings within stock Asus firmware:
      1. Click on the “Administration” menu.
      2. Click on the “Restore/Save/Upload” Setting tab.
      3. Beside “Factory Default”, click the Restore button.
         
         
         
         
         This method may not work perfectly. If it fails, try the hardware button method below.
         
   2. Wipe NVRAM on most current Asus models using the hardware button method:
      1. Unplug the AC adapter from the back of the router.
      2. Hold down the WPS button and reinsert the power connector.
         Continue to hold the WPS button for 30 seconds.
      3. Release the WPS button. All front LEDs should blink once
         to signal NVRAM was cleared.
         If you have trouble, check the
         user manual or the manufacturer's FAQ for your model.
         
         
5. Configure your PC with a static address and disable all WiFi
   interfaces on your PC.
   In Rescue Mode, the DHCP server is not available, so your client
   will need a static IP address.
   In some cases, DHCP might prevent Firmware Restoration from
   completing the flash.
   In some cases, DHCP prevents connection to the router after flashing,
   when the DHCP server isn't yet available.
   
   
6. Enable Rescue Mode on the router. Typically, for Asus routers,
   this is done as follows:
   1. Remove the AC adapter plug from the back of the router.
   2. Hold down the Reset button while plugging in the power cable
      again so the power turns on.
   3. Continue to hold Reset until the Power LED starts to slowly flash
      on and off.
   4. Release the Reset button.
   5. Move quickly to step 7. Firmware Restoration has a timeout period.
      If flashing doesn't occur,
      you'll have to enable Rescue mode again.
      
      
7. Flash FreshTomato
   1. Run Firmware Restoration. Click “Browse…”
   2. Select the correct .trx firmware file for your router. Click “Open”.
      
      
      
      
   3. Click “Upload”. Ignore any warnings that the firmware is incompatible.
      Click “OK” at the prompt.
   4. The utility should begin scanning for your router device, then slowly
      uploading the firmware.
      
      
8. Wait until flashing is complete. The completion progress bar isn't accurate.
   Flashing is complete only when the power LED comes back on.
   Be patient. This portion can take up to 45 minutes.
   DO NOT PANIC if the program says the upload isn't complete, or if it hangs.
   Wait another 10 to 15 minutes.
   When the process is complete, the router should automatically turn on and off.
   1. The router should now let clients connect. Open a web browser to:
      “192.168.1.1” and net mask: “255.255.255.0”.
      You should see a login screen. Enter username: “root”, and password:
      “admin” to log on.
      
      
9. From within FreshTomato, clear NVRAM contents again:
   1. Under Administration, click Configuration.
   2. In Restore Default Configuration, choose Erase all data in NVRAM memory. Click “OK”.
      
      

At this point, the router should function properly.

Sometimes on the first boot after a flash, FreshTomato may seem buggy or weird things might happen.

In such cases:

1. Reboot the router once or twice more.
2. Clear your browser cache before putting the router in operation.
   Web browsers may cache data that shouldn't be cached.
3. Refresh the page. Any problems caused by cached browser data
   should disappear.

If problems persist, try the following:

1. Clear your web browser cache again.
2. Erase NVRAM once more.
3. Reboot the router at least twice more.

If the router still acts strangely at that point, you should request help on the Tomato Web forum.

“Trivial File Transfer Protocol” is a small utility that transfers files between hosts on a TCP/IP network. It lets you upload firmware images to a router. There are command-line and graphical tftp client programs available. Windows includes a tftp program for the command line.

The TFTP method may work when the vendor's firmware blocks other upgrade methods from the original firmware.

To prepare to flash via tftp:

1. Reset the router NVRAM to defaults, as described above.
2. Put the router into Rescue Mode, as described above.
3. Put the FreshTomato firmware file in the same folder as your
   tftp program.
4. Open a command prompt, and change directories to the folder
   containing the firmware. Then type:
   “tftp –I PUT filename.trx <IP address of router>“
   but DO NOT press Enter.
5. (Replace “filename.trx” with an appropriate image file name for
   your model)
6. Unplug the AC adapter from the router. Hold down the Reset button
   while reconnecting the AC adapter.
7. When the power light starts slowly blinking, let go of the Reset button.
8. Press enter at the above command line to start the tftp upload process.
9. Wait at least 10 minutes for the upload to complete.
10. If successful, you'll be taken to the FreshTomato logon screen.
11. Log on to FreshTomato and reset NVRAM, as in the above screenshot.

Rescue Mode has a timeout period that limits how long you have to start firmware upload. If the timeout expires, you may need to put the hardware into Rescue Mode again and restart the flashing process.

Modern routers use CFE (Common Firmware Environment) for bootstrapping.

For some Broadcom devices, CFE is preset to run the convenient miniWeb server interface (shown above). CFE lets you install any compatible firmware on your device, making the router largely “unbrickable”.

When CFE loads, it sets the router's address to: 192.168.1.1. You can connect to it by setting your client Ethernet interface with an address in the same subnet (192.168.1.2) and entering the above address in a browser. CFE has a timeout period, so you need to reset the router and access it before it decides to load any custom/stock firmware on the device.

If Freshtomato is already installed, you can change the CFE timeout by changing the Boot Wait Time parameter in the Miscellaneous menu.

CFE can also be accessed by using a console/command prompt and connecting via a USB-to-serial interface. However, that is appropriate only for advanced users with special (but cheap) equipment.

If your router has a Tomato fork already installed, you can use the Administration/Upgrade menu in the web interface to upgrade to FreshTomato.

In some cases, flashing Linksys gear is a bit more complicated than flashing other brands. Before flashing, you're advised to read the Notes section in the Hardware compatibility list for important details. This includes important warnings about NVRAM size/limitations, CFE modifications that might be required, hardware revisions and more.

Some models might need to be flashed with a special “initial” firmware build first before you can install a regular FreshTomato build. Please read about this (above) before flashing.

There is no official HOWTO for flashing Linksys hardware. However, these unofficial HOWTOs on the forum have been worked many times:

• ea6200
• ea6350v1

Linksys-EA6200/EA6350v1 Freshtomato-ARM & Discussion.

• ea6300v1
• ea6400
• ea6500v2
• ea6700
• ea6900v1

How to flash Linksys EA6300v1, EA6400, EA6500v2, EA6700, EA6900v1.0/1.1 with Tomato

If you're still not sure what to do, post an question on the Tomato forum to avoid problems.

You should also read the Notes section at the bottom of this page for details on general flashing basics.

If you have a R-series router with stock firmware installed, you must first flash with a “Netgear R-series initial” file. Once you have an initial FreshTomato build installed, you can then upgrade to new versions using normal build files. The initial .zip file contains a file with ”.chk“ file extension. You can install that initial file via the original Netgear firmware.

For example: the following steps list the process for flashing an R7000 with an initial build, and then a normal build.

First, download the 2 files you'll need to flash the R7000:

The “R-series initial file” for R7000:

/downloads/freshtomato-arm/2023/2023.2/Netgear%20initial%20files/freshtomato-R7000-2023.2-initial-64K.zip

This .zip file has MD5SUM value: e3ef483d088215e9abe4888e0dd36d37

The normal R7000 AIO build file:

/downloads/freshtomato-arm/2023/2023.2/K26ARM/freshtomato-R7000-ARM-2023.2-AIO-64K.zip

This .zip file has MD5SUM value: ec63c869fe14f5b46cbb13813c1699bf

Run a hash check program against both files to check their integrity. On Windows, HashMyFiles works.

If the hash check program finds an MD5 matching the number above, the file is good. If it does not match, the file was corrupted during download and should be downloaded again.

Do not flash using the contents of .zip files that fail a hash check.

Now, unzip the .zip files. The contents should look like this (for this specific router/FreshTomato release):

freshtomato-R7000-2023.2-initial-64K.chk

freshtomato-R7000-ARM-2023.2-AIO-64K.trx

If you're not sure which build file to download,

• Check the Hardware compatibility list for your model
• Read the ”How Do I Choose a Firmware Build“ section in the FAQ
  • A table there illustrates the naming scheme of FreshTomato builds.

In the case of the R7000, the data in the table describe these specifications:

• CPU: The R7000 contains an ARM chipset
• NVRAM: The R7000 contains 64KB
• AIO = All in One build (contains all feature available).
• Thus, we choose firmware with filename:
  freshtomato-R7000-ARM-[version]-AIO-64K.trx (only after we've flashed an initial build).

Now, perform the flash procedure:

1. Connect your PC and your router via an Ethernet cable.
   Do NOT use WiFi.
   
   
2. Disconnect all other Ethernet cables.
   
   
3. Power on the router. Wait 2-5 minutes until it finishes booting.
   
   
4. Reset the router to factory defaults by holding down Reset with a paperclip
   for 30 seconds. Follow the user guide for specifics.
   
   
   
   
5. Wait again 2-5 minutes until the router finishes rebooting.
   
   
   
   
6. Open a browser and type: 192.168.1.1. Log on with your Username/Password.
   
   
   
   
   
   
7. Disable DHCP. Go to Advanced–> LAN Setup and uncheck “Use Router as DHCP Server”.
   Click Save.
   
   
   
   
   
   
8. Go to the Advanced TAB > Administration > Router update.
   
   
   
   1. Browse to the .CHK file above (freshtomato-R7000-20xx.x-initial-64K.chk) then click UPLOAD.
      
      
      
      
9. When prompted to continue, click OK.
   
   
   
   
10. At the Router Update screen, click YES. The screen shows: “The Router is updating its firmware”.
    
    
    
    
    
    
11. The Router Update screen then shows: “Rebooting the router now, please wait”.
    
    
    
    
12. Wait 2-5 minutes until you're presented with a login. Do NOT log on.
    1. If the PC address changes to: “169.254.x.x”, Windows set that
       because it couldn't find a DHCP server.
    2. Wait 5 minutes, then go to the next step.
       
       
       
       
13. Press the Reset button once briefly with a paper clip.
    
    
    
    
    
    
14. As the router reboots, configure your PC with a static address: “192.168.1.9”
    and gateway: “192.168.1.1”.
    1. This step may not be needed, as the router should be running DHCP,
       and should assign your PC an IP address.
       
       
       
       
15. Ping the router's IP address to verify that it finished rebooting: “ping -t 192.168.1.1” .
    
    
    
    
    1. Wait until the ping results show that it rebooted (“Destination Host Unreachable”)
       and reconnected (“64 bytes from…”) twice.
       
       
       
       
    2. Flashing is finished. With the router rebooted, you can connect to its Web interface.
       
       
       
       
16. In a web browser, enter: “192.168.1.1”. Enter Username: “root”, Password: “admin”.
    
    
    
    
17. If this fails:
    1. In some initial firmware releases, the username is “admin” and
       the password is ”@newdig“
    2. Use a private browser (incognito) window.
    3. Clear the browser cache.
    4. You probably didn't reset the device, or you wait long enough.
       Please repeat Step 13.
       
       
       
       
18. You should now be logged in. You should see “System” on the Overview menu.
    
    
    
    
    
    
19. Under Configuration > Restore Default Configuration > choose “Erase all data in NVRAM memory”.
    Click OK.
    
    
    
    
    
    
20. Now, you should see: “Please wait while the defaults are restored…”
    
    
    
    
21. Eventually, the initial build is installed and NVRAM cleared. Now, upgrade to a normal build.
    
    
22. Continue in (or open) “192.168.1.1” in a browser window.
    
    
    
    
23. Under Administration > Firmware Upgrade, click Browse… and find the .TRX file above.
    
    
    
24. This was the .trx file at the time this was written. Select it, then click Upgrade.
    
    
    
    
25. Wait. You'll see a timer, and: “Please wait while the firmware is uploaded and flashed.”
    
    
    
    
    
26. Wait. You'll see “Image successfully flashed. Then you'll see: “Please wait
    while the router reboots…” and a countdown.
    
    
    
    
27. Eventually, you'll be asked to Click “continue”. Do so, and you return to
    FreshTomato's main menu.
    
    
    
    
28. Under Administration > Configuration > select “Erase all data in NVRAM memory”,
    and click OK.
    
    
    
    
29. You should see: “Please wait while the defaults are restored..” and a countdown timer.
    
    
    
    
30. Eventually, you should be be prompted to click “Continue”. Click “Continue”.
    
    
    
    
    
31. You should now be back at the Upgrade Firmware menu. The flashing
    process is complete.
    
    

If you have FreshTomato installed on your Netgear, you can upgrade to new releases using regular build files. These .zip archives contain firmware files ending with the .trx file extension.

A Netgear router with FreshTomato installed can't be directly flashed back to original Netgear firmware from within normal builds. Some Netgear models can be flashed back to Netgear firmware using special “Netgear back to OFW” builds. Check if your Netgear model is supported in the “Netgear Back to OFW” folder in the appropriate FreshTomato downloads folder:
"Netgear back to OFW" firmware

In 2015, The US FCC (Federal Communications Commission) passed legislation designed to block people from changing certain WiFi settings, to avoid radio interference with other devices. WiFi radio power had to be implemented in hardware so that end users couldn't modify it. For example, the FCC wanted to make sure end users didn't override country settings or power limits which might affect radio power.

Some hardware vendors reacted to the legislation in an extreme way, blocking third-party firmware from being flashed at all. (The FCC did not actually require anything like this). As a result, some companies' hardware could not be flashed with third-party firmware from within the factory firmware interface. If you tried to do so, you'd simply receive an error stating it wasn't possible. This resulted in a lot of controversy.

ArsTechnica.com: FCC: Open source router software is still legal under certain conditions:
https://arstechnica.com/information-technology/2015/09/fcc-open-source-router-software-is-still-legal-under-certain-conditions/

SLATE: FCC Support for hackable routers is a win for all of us:
https://slate.com/technology/2016/08/fcc-support-for-hackable-wireless-routers-is-a-win-for-all-of-us.html

• Some devices might need to be flashed with a special “initial” firmware build first before you can install a regular FreshTomato build. Please read about this above before installing FreshTomato.
• On some models, like the Asus-AC3200, you should first install a specific version of stock firmware to get the full 128K of NVRAM formatted before attempting FreshTomato installation. Failing to do so will limit NVRAM to 64KB. The same applies to other models, to obtain their full 64K instead of only 32K.
• On some models, flashing may take a long time, as much as 10-15 minutes before FreshTomato is ready. Occasionally, you may need to power cycle and even press the physical factory reset button to make FreshTomato boot properly after flashing. This generally only happens once.
• If other methods fail, flashing via TFTP is almost always possible. This requires an Ethernet connection, TFTP server software running on router and a TFTP client program on the client device. Generally, this should be attempted only as a last resort, when all other methods have failed.