What's “flashing firmware” anyway?

In short, flashing is installing new firmware. On a device like a router, firmware is most of the basic programming code which runs most of the major functions on the device. This is similar to the installed operating system and programs on a PC. Similar to a PC, firmware updates are released to fix bugs, add new features, and increase security. The device can usually run without updates in a fairly stable way. However, you should understand the risks this may involve for your network.

Firmware is “firm” because we don't apply changes or updates nearly so often. It's a bigger event to flash firmware than it is to to update software. This is because the Flash RAM memory which stores router firmware isn't designed to be written to frequently. As well, more things can go wrong during firmware flashing.

Flashing firmware is usually done to fix bugs, improve stability or add new features to the device. In the case of FreshTomato, the firmware often adds all of the above when compared with the vendor's “stock” (original) firmware.

On routers, firmware is stored in a type of non-volatile memory called Flash RAM. The contents of non-volatile memory such as Flash RAM remain after reboots or when the device is turned off. If they were erased, the device would not function. On routers, firmware is replaced or updated by uploading the entire image of the operating system installation and its programs to an EEPROM (electrically erasable and writable) chip.

Again, this is vaguely similar to reformatting and reinstalling the entire operating system on a PC. However, during the firmware flashing process, files are not copied one at a time onto a filesystem. Instead, one single image file of the entire installation is copied to Flash RAM, a small portion at a time. This is similar to using a drive imaging program such as Acronis TrueImage for Windows, or Time Machine for the Macintosh.

We refer to the files used to flash FreshTomato as “image” files, because they are mirror images of the entire installation of the operating system programs. The flashing simply copies the entire image file to the router's Flash RAM.

A build is one compilation of firmware.

Each build is:

• Based on a certain FreshTomato release (e.g. 2021.7)
• Intended for a certain hardware (e.g. Asus RT-AC68P)
• Includes a certain set of features (e.g. “AIO” or “All-In-One” build or a MiniIPV6 build)

The features included depend on the router's hardware and on which build/version is flashed. See the Feature matrix page for details on which features are included in each build).

Make sure to carefully choose a FreshTomato build appropriate for your hardware model. Choosing the wrong build/version could brick your router if it's not appropriate for your hardware. (See bricking section below).

When choosing a build, you need to make note of:

• The router/AP model
• The hardware's revision/version number
• The amount of Flash RAM in your hardware
• The feature set you want, that will fit in that amount of Flash RAM.

Some hardware models have two or more hardware versions/revisions. Some of these may contain different chipsets than others. Flashing the firmware to the “same” model hardware, but wrong version or revision could brick your hardware.

For some models, Flash RAM is limited, so it’s also important you choose a build that takes up less storage space than is available. Otherwise, you could run out of Flash RAM and your hardware could be bricked. For help choosing a build that's appropriate for your hardware, see the Hardware compatibility wiki page. For more guidance on how to choose a build, see the How Do I Choose a Build? section on the FAQ page. If you're still unsure after you've read both those pages, we recommend you ask for advice on the Tomato forum.

“Bricking” mean making your router completely non-functional after a failed flash. It's called bricking because the hardware would then only be useful as a brick, but not as a router. In this condition, It often can't be fixed without electronics or soldering knowledge.

Here are some rules for successful firmware flashing:

• Never interrupt a firmware flash until it's completely finished. Be patient.
• Never turn off the router/device while the update is being flashed.
• Never reboot your PC until a flash has completed.
• Never disconnect the network connection with the router until the flash is completed.
• Never cancel/pause/stop the software on your PC that you're using to perform the firmware update.

Doing any of the above can result in a partial update. This may leave the firmware corrupted, which can damage how the device works or even “brick it”, making it useless.

NVRAM is the part of non-volatile memory in routers where settings and parameters are stored.

FreshTomato can sometimes retain some NVRAM variables (settings) even after you flash a new firmware image to your router. Therefore, it's very important to erase NVRAM before flashing. Doing so ensures that all variables from the existing firmware are erased before flashing begins. Erasing NVRAM before flashing is an important step that should NEVER be skipped.

A “dirty flash” is a flash which was performed without thoroughly wiping NVRAM before and after flashing. A dirty flash often leads to strange, unexplained symptoms, like web interface pages that don't display properly, “missing” menu items, and just generally buggy or unstable functioning. No matter how tempted you are to “save time”, please don't do a dirty flash. You will likely waste time with strange symptoms and regret your choice.

There are several methods used to flash firmware on modern routers. The method you use depends on several things.

• The brand/model/revision of your hardware.
• The age of your hardware.
• Whether the vendor allows that hardware to be flashed from the firmware it came with.
• Which firmware you're trying to flash: stock (vendor's), or FreshTomato firmware.

For Asus hardware, several methods/tools are available for firmware flashing.

In general, if your (FreshTomato supported) Asus hardware has a version of FreshTomato installed, or another Tomato fork, such as Shibby or Toastman, you can upgrade straight to FreshTomato using the Upgrade menu.

This flashing method is only possible for builds of release 2022.3 and later. In this example, we will flash an RT-AC68U model.

Here are the steps to follow:

1. Login to the router's Web interface
   
   
2. Under Advanced Settings, go to LAN.
   
   
3. Click on the “DHCP Server” tab.
   
   
4. Disable DHCP. Beside “Enable the DHCP Server” select No, and click Apply.
   
   
   
   
5. Under Advanced Settings, go to Administration.
   
   
   
   
6. Click on the Firmware Upgrade tab.
   
   
7. Click Browse… and go select the FreshTomato image file appropriate for your router.
   
   
   
   
8. After selecting the appropriate image file to flash, click Upload.
   
   
9. You should now see a white progress indicator, with text below saying “Firmware is upgrading…”
   
   
   
   
10. Wait until the upgrade process is 100% complete. Do NOT interrupt the process.
    
    
11. When the upgrade process completes, reboot the router (by turning it off and on again).
    
    
12. Now, reset the router to factory defaults. Press the Reset button on the back of the router for at least 3 seconds.
    
    
    
    
13. The router will erase NVRAM and reboot again. It should now be ready for you to configure it for use.

• SDK6 MIPS & ARM Models (like the Asus RT-N18U or RT-AC68U)
  • Since release 2022.3, you can upgrade from AsusWRT to FreshTomato or vice versa via Web interface.
• SDK7 routers (like RT-AC3200) and SDK714 routers (like the RT-AC5300, RT-AC3100)
  • Since release 2022.6, these models support upgrades via the web interface.
• Asus RT-AC19000U upgrades may require FreshTomato firmware for the Asus RT-AC68U.

Asus provides a Windows program called Firmware Restoration. This utility is used to flash firmware or recover from a failed firmware flash. It finds the router's IP address and lets you flash firmware to the router, after you've put the router into Rescue Mode. Rescue Mode is a mode in which the router won't do anything except receive a firmware update.

For Asus models built in or before 2014, the Firmware Restoration utility will work fine. However, on most Asus models after 2014, Firmware Restoration will not let you flash third-party firmware like FreshTomato. If you try this on newer hardware, the program will simply throw an error saying it's not possible.The reasons indirectly relate to a 2015 decision made by the US FCC (Federal Communications Commission) about changes to wireless features in third-party firmware. For details, see the section below titled: FCC Regulation Change Affecting Wireless Routers.

To flash using the Firmware Restoration utility:

1. Ensure an Ethernet cable is the only connection between your PC and the router.
   Disconnect all other Ethernet cables from the router. Other connections can cause problems.
   Some people have flashed firmware via a Wi-Fi connection. However, for maximum stability, you should flash only via Ethernet.
   Never attempt to flash firmware via a WAN connection. It involves much higher risk and advanced skill.
   
   
2. Download and install Asus Firmware Restoration from the Asus website
   1. In the Support section of the Asus website, find your router/hardware model.
   2. Click “Software and Utility” and specify your Windows version.
   3. Find and download the latest version of the Firmware Restoration utility.
   4. Install the Firmware Restoration utility.
      
      
3. Download the appropriate FreshTomato image file
   1. Download an appropriate FreshTomato image file for your router.
      If you've read the Basic Concepts above, see the FAQ for the file naming convention for builds.
      See the Hardware Compatibility wiki page for help choosing an appropriate image file for your hardware.
      If you're still not sure after reading those, ask for help on the Tomato forum: Tomato Forum
   2. Download the latest Asus firmware for your router. That way, if the FreshTomato flash fails, you can still flash back to Asus firmware.
      Remember, without a working router, you might not be able to download firmware on your network until it's working again.
      
      
4. Clear the NVRAM
   1. Clear NVRAM by restoring factory defaults in the Asus interface. This resets all settings to defaults and ensures the device has enough memory to perform a flash. The process of clearing NVRAM varies, depending on your model. To wipe NVRAM settings within stock Asus firmware:
      1. Click on the “Administration” menu.
      2. Click on the “Restore/Save/Upload” Setting tab.
      3. Beside “Factory Default”, click the Restore button.
         
         
         
         
         This method may not always work perfectly. If it fails, try the hardware button method described next.
         
   2. To wipe NVRAM on most current Asus models using the hardware button method:
      1. Unplug the AC adapter from the back of the router.
      2. Hold down the WPS button and reinsert the power connector. Continue to hold the WPS button for 30 seconds.
      3. Release the WPS button. All front LEDs should blink once to signal that NVRAM was cleared.
         If you have trouble, check the user manual or the manufacturer's FAQ for your model.
         
         
5. Configure your PC with a static IP address and disable all WiFi interfaces on your PC.
   In Rescue Mode, the DHCP server is not available, so your client will need a static IP address.
   In some cases, DHCP might prevent Firmware Restoration from completing the flash.
   In some cases, DHCP prevented connection to the router after flashing, when the DHCP server was not yet available.
   
   
6. Enable Rescue Mode on the router. Typically, for Asus routers, this is done as follows:
   1. Remove the AC adapter plug from the back of the router.
   2. Hold down the Reset button while plugging in the power cable again so the power turns on.
   3. Continue to hold Reset until the Power LED starts to slowly flash on and off.
   4. Release the Reset button.
   5. Move quickly to step 7. Firmware Restoration has a timeout period. If flashing doesn't occur,
      you'll have to enable Rescue mode again.
      
      
7. Flash FreshTomato
   1. Run Firmware Restoration. Click “Browse…”
   2. Select the correct .trx firmware file for your router. Click “Open”.
      
      
      
      
   3. Click “Upload”. Ignore any warnings that the firmware is incompatible. Click “OK” to the prompt.
   4. The utility should begin scanning for your router device, then slowly uploading the firmware.
      
      
8. Wait until flashing is complete. The progress bar is not accurate regarding completion.
   Flashing is complete only when the power LED comes back on.
   Be patient. This portion can take up to 45 minutes.
   DO NOT PANIC if the program says the upload isn't complete, or if it hangs. Wait another 10 to 15 minutes.
   When the process is complete, the router should automatically turn on and off.
   1. The router should now respond to communications. Open a web browser to 192.168.1.1 and net mask: 255.255.255.0 .
      You should see a login screen. Enter username: “root”, and password “admin” to log on.
      
      
9. From within FreshTomato, clear NVRAM contents again:
   1. Under Administration, click Configuration.
   2. Under Restore Default Configuration, select Erase all data in NVRAM memory(thorough). Click “OK”.
      
      

At this point, the router should function properly.

Sometimes on the first boot after flashing, FreshTomato may seem buggy or strange things may happen.

In such cases:

1. Reboot the router once or twice more.
2. Clear your browser cache before putting the router into operation. Web browsers may cache data that shouldn't be cached.
3. Refresh the page. Any problems caused by cached browser data should be gone.

If problems persist, try the following:

1. Clear your web browser cache again.
2. Erase NVRAM once more.
3. Reboot the router at least twice more.

If the router is still acting strangely at that point, it is advised that you request help on the Tomato Web forum.

“Trivial File Transfer Protocol” is a small utility for transferring files between hosts on a TCP/IP network. It lets you upload firmware images to a router. There are command-line and graphical tftp client programs available. Windows includes a tftp program for the command line.

The TFTP method is useful when the manufacturer's firmware blocks other methods of upgrade from the stock (original) firmware.

To prepare to flash via tftp:

• Reset the router's NVRAM to defaults, as described above.
• Put the router into Rescue Mode, as described above.
• Put the FreshTomato firmware file in the same folder as your tftp program.
• Open a command prompt, and change directories to the folder containing the firmware.
• Type “tftp –I PUT filename.trx <IP address of router>“ but DO NOT press Enter.
  • (Replace “filename.trx” with the name of an appropriate image file for your model)
• Unplug the AC adapter from the router.
• Hold down the Reset button while reconnecting the AC adapter.
• When the power light starts slowly blinking, let go of the Reset button.
• Press enter at the command line above to start the tftp upload process.
• Wait at least 10 minutes for the upload to complete.
• If flashing is successful, you will be taken to the FreshTomato logon screen
• Log on to the FreshTomato web interface and reset NVRAM, as in the screenshot above.

Note that Rescue Mode has a timeout period, so there is a limit as to how long you have to upload the firmware. If the timeout period expires, you may need to put the hardware into Rescue Mode again and restart the flashing process.

TBD.

If your hardware has a fork of Tomato already installed, you can simply use the Administration/Upgrade menu in Tomato's web interface to upgrade to FreshTomato.

Flashing Linksys hardware can, in some cases, be a little more complicated than flashing other brands of hardware. It is recommended that you first check the Notes section of the Hardware compatibility list for important details before flashing. This section includes warnings about important issues such as NVRAM sizes/limitations, CFE modifications which might be required, hardware revisions and more.

Some models might need to be flashed with a special “initial” firmware build first before you can install a regular FreshTomato build. Please read about this above before installing FreshTomato.

There are no official wiki HOWTOs for flashing Linksys hardware. However, there are several unofficial HOWTOs on the Tomato forum which have been used successfully many times:

• ea6200
• ea6350v1

Linksys-EA6200/EA6350v1 Freshtomato-ARM & Discussion.

• ea6300v1
• ea6400
• ea6500v2
• ea6700
• ea6900v1

How to flash Linksys EA6300v1, EA6400, EA6500v2, EA6700, EA6900v1.0/1.1 with Tomato

If you you are still not sure how to proceed, it is recommended that you post an inquiry on the Tomato forum to avoid problems.

You are also advised to read the Notes section at the bottom of this page for more details on general flashing basics.

If you have a Netgear R-series router with Netgear firmware installed, you must first flash with one of the “Netgear R-series initial” files. Once you have an R-series initial FreshTomato build installed, you can then upgrade FreshTomato to newer versions using regular build files. The initial .zip file contains a firmware file with a .chk file extension. The original Netgear firmware can use that file to install FreshTomato.

As an example, the following steps review the process for flashing an R7000 with an initial build, and then a normal build.

First, download the two files you'll need to flash the R7000:

The “R-series initial file” for R7000:

https://freshtomato.org/downloads/freshtomato-arm/2023/2023.2/Netgear%20initial%20files/freshtomato-R7000-2023.2-initial-64K.zip

This .zip file has the following MD5SUM value: ec63c869fe14f5b46cbb13813c1699bf

The normal R7000 AIO build file:

https://freshtomato.org/downloads/freshtomato-arm/2023/2023.2/K26ARM/freshtomato-R7000-ARM-2023.2-AIO-64K.zip

This .zip file has the following MD5SUM value: ec63c869fe14f5b46cbb13813c1699bf

Verify integrity of both .zip files by running a hash check program against them. On Windows, HashMyFiles works well.

If the MD5 has found in the hash check program matches the number listed above, the file is good. If it does not match the value above, the file has been corrupted during download and should be downloaded again. Do not flash using the contents of .zip files that fail a hash check.

Now, unzip the .zip files. The two files inside should look like this (for this particular router model/release of FreshTomato).

freshtomato-R7000-2023.2-initial-64K.chk

freshtomato-R7000-ARM-2023.2-AIO-64K.trx

If you're not sure which build file to download,

• Check the Hardware compatibility list for your model
• Read the ”How Do I Choose a Firmware Build“ section in the FAQ
  • A table there illustrates the naming scheme of FreshTomato builds.

In the case of the R7000, the data in the table describe these specifications:

• CPU: The R7000 contains an ARM chipset
• NVRAM: The R7000 contains 64KB
• AIO = All in One build (contains all feature available).
• Thus, we choose firmware with filename freshtomato-R7000-ARM-[version]-AIO-64K.trx (only after we flash an initial build).

Now, let's perform the flash procedure:

1. Connect an Ethernet cable to a LAN port on your router and your computer's Ethernet port. Do NOT use WiFi.
   
   
2. Disconnect all other Ethernet connections.
   
   
3. Power on the router. Wait 2-5 minutes for it to finish booting.
   
   
4. Reset the router to defaults by holding down Reset with a paperclip for 30 seconds. Follow the user guide for specifics.
   
   
   
   
5. Wait again 2-5 minutes until the router finishes rebooting.
   
   
6. Open a Web browser and enter: 192.168.1.1 . Log on with your current Username/Password.
   
   
   
   
7. Now disable DHCP. Go to Advanced–> LAN Setup and uncheck “Use Router as DHCP Server” and Save.
   
   
   
   
8. Go to the Advanced TAB > Administration > Router update.
   
   
   1. Browse to the .CHK file above (freshtomato-R7000-20xx.x-initial-64K.chk) then click UPLOAD.
      
      
9. When prompted to continue, click OK.
   
   
   
   
10. At the Router Update Warning screen, click YES. Then, the screen shows: “The Router is updating its firmware”.
    
    
    
    
11. The Router Update screen then shows: “Rebooting the router now, please wait”
    
    
    
    
12. Wait 2-5 minutes until presented with a login. Do NOT log on.
    1. If your PC's IP address changes to 169.254.x.x, Windows configured that address, as it can't find a DHCP server.
    2. Wait 5 minutes, and proceed with the next step.
       
       
13. Press the Reset button once briefly with a paper clip.
    
    
    
    
14. While the router reboots, configure your PC with a static IP address of 192.168.1.9 and a gateway of 192.168.1.1 .
    1. This step may not be necessary, as the router should be running DHCP, and should assign your PC an IP address.
       
       
15. Ping the router's IP address to verify that it finished rebooting: “ping -t 192.168.1.1” .
    
    
    
    
    1. Wait until the ping results show that it rebooted (“Destination Host Unreachable”) and reconnected (“64 bytes from…”) twice.
       
       
       
       
    2. Flashing is finished, and with the router rebooted, you can connect to its Web interface.
       
       
16. In a web browser, enter: 192.168.1.1 . Enter Username: “root”, Password: “admin”.
    
    
    
    
17. If this fails:
    1. Use a private browser (incognito) window.
    2. Clear the browser cache.
    3. You probably didn't reset the device, or you didn't wait long enough. Please repeat Step 13.
       
       
18. You should now be logged in. You should see “System” on the Overview menu.
    
    
    
    
19. Under Configuration > Restore Default Configuration > select “Erase all data in NVRAM memory”.
    
    
    
    
20. You should see: “Please wait while the defaults are restored…”
    
    
    
    
21. Eventually, the initial build is installed and NVRAM cleared. Now, upgrade to a normal build.
    
    
22. Continue (or open) 192.168.1.1 in a browser window.
    
    
23. Under Administration > Firmware Upgrade, click Browse… and find the .TRX firmware file above.
    
    
    
24. This was the .trx file at the time this was written. Select it. Now, click Upgrade.
    
    
25. Wait..You will see a timer, and: “Please wait while the firmware is uploaded and flashed.”
    
    
    
    
    
26. Wait…You'll see “Image successfully flashed. Then you'll see: “Please wait while the router reboots…” and a countdown.
    
    
    
    
    
27. Eventually, you'll be asked to Click “continue”. Do so, and you'll be returned to FreshTomato's main menu.
    
    
28. Under Administration > Configuration > select “Erase all data in NVRAM memory”, click OK.
    
    
    
    
    
29. You should see: “Please wait while the defaults are restored…” and a countdown timer.
    
    
30. Eventually, you should be be prompted to click “Continue”. Click “Continue”.
    
    
    
    
    
31. You should now be back at the Upgrade Firmware menu. The flashing process is complete.
    
    

If you already have FreshTomato installed on your Netgear, you can upgrade to newer releases using regular build files. These .zip files contain firmware files ending with the .trx file extension.

A Netgear router with FreshTomato installed cannot be directly flashed back to original Netgear firmware with normal builds. Some Netgear models can be flashed back to Netgear firmware using special builds called “Netgear back to OFW” builds. You can check if your Netgear model is supported in the “Netgear Back to OFW” folder in the appropriate FreshTomato downloads folder:

"Netgear back to OFW" firmware

Starting in 2015, The US FCC (Federal Communications Commission) passed legislation designed to block people from changing certain Wi-Fi settings, to avoid creating radio interference with other devices. Wi-Fi radio power had to be implemented in hardware so end users could not modify it. For example, the FCC wanted to make sure end users didn't override country settings or power limits.

Some hardware vendors reacted to the legislation in an extreme way, blocking third-party firmware from being flashed entirely. It's important to note that FCC did not require anything like this. Some companies' hardware could not be flashed with third-party firmware from within the interface of the stock firmware. If you tried to do so, you'd simply receive an error stating it wasn't possible. This resulted in a lot of controversy.

ArsTechnica.com: FCC: Open source router software is still legal under certain conditions:
https://arstechnica.com/information-technology/2015/09/fcc-open-source-router-software-is-still-legal-under-certain-conditions/

SLATE: FCC Support for hackable routers is a win for all of us:
https://slate.com/technology/2016/08/fcc-support-for-hackable-wireless-routers-is-a-win-for-all-of-us.html

• Some devices might need to be flashed with a special “initial” firmware build first before you can install a regular FreshTomato build. Please read about this above before installing FreshTomato.
• On some models, like the Asus-AC3200, you should first install a specific version of stock firmware to get the full 128K of NVRAM formatted before attempting FreshTomato installation. Failing to do so will limit NVRAM to 64KB. The same applies to other models, to obtain their full 64K instead of only 32K.
• On some models, flashing may take a long time, as much as 10-15 minutes before FreshTomato is ready. Occasionally, you may need to power cycle and even press the physical factory reset button to make FreshTomato boot properly after flashing. This generally only happens once.
• If other methods fail, flashing via TFTP is almost always possible. This requires an Ethernet connection, TFTP server software running on router and a TFTP client program on the client device. Generally, this should be attempted only as a last resort, when all other methods have failed.