Site Tools


Flashing Firmware

Basic Concepts

What is Firmware and what do all those Terms Mean?

What is "flashing firmware" anyway?

In short, flashing is installing new firmware. On a device like a router, firmware is most of the basic programming code which runs most of the major functions on the device. This is similar to the installed operating system and programs on a PC. However, with firmware, updates are usually less frequent, and the device can usually run in a reasonably stable way even without them.

Firmware is “firm” because we don't apply changes or updates nearly so often and it's a bigger event to flash firmware than it is to to update software. This is because the Flash RAM memory which stores router firmware isn't designed to be written to frequently. It's also because more things can go wrong during firmware flashing.

Why flash firmware? What's "stock" firmware?

Flashing firmware is usually done to fix bugs, improve stability or add new features to the device. In the case of FreshTomato, the firmware often adds all of the above when compared with the vendor's “stock” (original) firmware.

What's Non-volatile Memory?

On routers, firmware is stored in a type of non-volatile memory called Flash RAM. The contents of non-volatile memory such as Flash RAM remain after reboots or when the device is turned off. If they were erased, the device would not function. On routers, firmware is replaced or updated by uploading the entire image of the operating system installation and its programs to an EEPROM (electrically erasable and writable) chip.

Again, this is vaguely similar to reformatting and reinstalling the entire operating system on a PC. However, during the firmware flashing process, files are not copied one at a time onto a filesystem. Instead, one single image file that contains the entire installation is copied to the router's Flash RAM, a small portion at a time. You might consider this similar to using the restore process in a drive imaging program such as Macrium Reflect or Acronis TrueImage for Windows, or Time Machine for the Macintosh.

What's an Image?

We refer to the files used to flash Tomato as “image” files, because they are mirror images of an entire installation of an operating system (Linux) and programs. The flashing simply copies the entire image file to the router's Flash RAM.

What's a Build?

A build is one compilation of the firmware.

Each build is:

  • Based on a certain FreshTomato release (e.g. 2021.7)
  • Intended for a certain piece or pieces of hardware (e.g. Asus RT-AC68P) and;
  • Includes a certain set of features (e.g. an “AIO” or “All-In-One” build or a MiniIPV6 build)

The features included depend on both the router's hardware and on which build/version is flashed. See the Feature matrix page for details on which features are included in each build).

How do I Choose which Firmware Build to Use?

Make sure to choose carefully a FreshTomato build appropriate for your hardware model. Choosing the wrong build/version could brick your router if it's not appropriate for your hardware. (See bricking section below). When choosing a build, you need to make careful note of both the router model, and its hardware revision/version number. For example, some hardware models have two, three or even four hardware versions/revisions. Some versions/revisions may contain different chipsets than others. Flashing the firmware to the right model hardware, but wrong hardware version/revision could brick your hardware. For some models, Flash RAM is limited, so it’s also important that you choose a build that takes up less storage space than is available so you don’t run out of Flash RAM. For help choosing a build that's appropriate for your hardware, see the Hardware compatibility wiki page. If you're still unsure after reading this page and the Hardware Compatibility page, it's a good idea to ask on the Tomato forum.

What's "bricking" the router? Why is that a bad thing?

“Bricking” mean making your router completely non-functional after a failed flash. It's called bricking because the hardware would then only be useful as a brick, but not as a router. In this condition, It often can't be fixed without electronics or soldering knowledge.

Never interrupt a firmware flash until it's completely finished. Never turn off the router/device while the update is being flashed. Never reboot your PC, disconnect the network connection with the router, or cancel/pause/stop the software on the PC you're using to perform the firmware update before the update is complete. Doing any of these can result in a partial update. This may leave the firmware corrupted, which can damage how the device works or even “brick it”, making it useless.

What's NVRAM and why should I erase it before and after flashing?

NVRAM is the form of non-volatile memory in routers where settings and parameters are stored.

Tomato can sometimes retain some NVRAM variables (settings) even after you flash a new firmware image to your router. Therefore, it's very important to erase NVRAM before flashing. Doing so ensures that all variables from the existing firmware are erased before flashing begins. Erasing NVRAM before flashing is an important step that should NEVER be skipped.

What's a "Dirty Flash" and why should I avoid doing one?

A “dirty flash” is a flash which was performed without thoroughly wiping NVRAM before and after flashing. A dirty flash often leads to strange, unexplained symptoms, such as web interface pages that don't display properly, “missing” menu items, and just generally buggy or unstable functioning. No matter how tempted you are to “save time”, please don't do a dirty flash. You will likely waste a time with strange symptoms and be sorry you did.

How do I flash FreshTomato to my router/hardware? Which method should I use?

There are several methods used to flash firmware on modern routers. The method you use depends on several things.

  • Which brand/model/revision of hardware you have
  • The age of your hardware
  • Whether or not the vendor allows their hardware to be flashed
    through the firmware that came with the hardware
  • Which firmware you're trying to flash stock, or FreshTomato firmware

Let's start by examining some methods for flashing firmware on Asus routers.

Flashing Asus Hardware

For Asus hardware, several methods/tools are available for firmware flashing.

Asus Firmware Restoration Utility Method

Asus provides a Windows program called the Firmware Restoration utility.

This program is used to flash firmware, and to recover from failed firmware flashes. The program finds the router's IP address and allows you to flash firmware to the router, after you've put the router into Rescue Mode. Rescue Mode is a mode of operation into which a router is put, that allows it to do nothing but receive a firmware update.

For Asus models built in 2014 and older, the Asus Firmware Restoration utility will work fine. However, Firmware Restoration will not allow you to flash third-party firmware like FreshTomato on most Asus models built in 2015 and later. The reasons for this are indirectly related to a 2015 decision made by the US FCC (Federal Communications Commission) about changes to wireless features in third-party firmware. See the section below titled: FCC Regulation Change Affecting Wireless Routers for details. If you try to flash using this method on newer hardware, the program will simply give you an error message saying it's not possible.

Asus Firmware Restoration Utility method

Step 1. Download and install Asus Firmware Restoration from the Asus website

  • In the Support section of the website, find your router/hardware model
  • Click “Software and Utility” and specify your Windows version
  • Find and download the latest version of the Firmware Restoration utility
  • Install the Firmware Restoration utility on your PC

Step 2. Download the appropriate FreshTomato image file

Download the correct image file for your router. Assuming you've read all the above, see the FAQ wiki page for information on the file naming convention for builds. Also see the Hardware Compatibility page on the wiki for help choosing the most appropriate build image for your hardware. If you're still not sure after reading those, it’s recommended that you ask for help on the Tomato forum:

It's strongly recommended that you also download the latest version of stock firmware for your hardware. That way, in case flashing FreshTomato fails, you can always re-flash the stock firmware. Remember, after a failed flash, you might not have a working router. If that happens, you might be unable to download stock firmware on your normal network.

Step 3. Clear the NVRAM

The next step is to clear the router's NVRAM (non-volatile RAM) where settings and other parameters are stored. This will reset all settings to defaults and will ensure the device has enough memory available to properly perform the flashing process.

The process of clearing NVRAM will vary, depending on the model of your hardware. The simplest way to wipe NVRAM settings from within stock Asus firmware is:

  • Connect to the router's web interface
  • Click on the “Administration” menu
  • Click on the “Restore/Save/Upload” Setting tab
  • Beside “Factory Defaults”, check “initialize all the settings, and clear
    all the data log for AIProtection, Traffic Analyzer and Web History
  • Click “Restore”

Clearing NVRAM settings in Asus stock firmware

This method doesn't always work perfectly. If you have trouble, you can try the hardware-only method. For many current Asus model routers, there are two buttons in addition to the power button you'll need to get familiar with. One is the Reset button and the other is the WPS button.

To wipe the NVRAM on current Asus models:

  • Unplug the router's AC adapter from the back of the router
  • Hold down the WPS button and reinsert the power connector.
    Continue to hold the WPS button for about 30 seconds
  • After you release the WPS button, all LEDs on the front of the router
    should blink once to signal that NVRAM memory was cleared

To be sure of the correct procedure for your model, check the user manual, or the instructions on the manufacturer's website.

Step 4. Assign a static IP address to your PC and completely disable Wi-Fi on the router

In Rescue Mode, the DHCP server is not available. For this reason, assigning your PC a static IP is recommended. Also, there have been cases in which a DHCP appeared to cause the Firmware Restoration utility to stop before a flash was complete. It also may make it more difficult to connect to the router after flashing, if the DHCP server isn't available yet.

Disconnect any WAN cable from your hardware. This has been known to occasionally cause problems.

Many people have had success flashing firmware via a Wi-Fi connection. However, for maximum stability, it's recommended you disable all Wi-Fi on the router and then flash via an Ethernet connection. Never attempt to flash firmware using over a WAN connection. That involves much more risk. The flashing process could be incomplete or corrupt. The potential result is either having to attempt the flash again, or bricking the hardware. Finally, before flashing, make sure the hardware you want to flash is the only router/AP hardware on the network to avoid IP address conflicts.

Step 5. Enable Rescue Mode on the router

For Asus routers, this usually means:

  • Remove the AC adapter plug from the back of the router
  • Press and hold the Reset button while plugging in the power cable again so the power turns on
  • Continue to hold Reset until the Power LED starts to flash on and off. Then, release the Reset button
  • Move quickly to step 6. Firmware Restoration has a timeout period and if the flash doesn't take place, you'll need to put the router into rescue mode again.

Step 6. Flash FreshTomato

Now, run Firmware Restoration. Select the correct firmware .trx file. You can safely ignore any message warning you that the firmware is incompatible. Click OK to agree to the prompt. The utility should begin scanning for your router/hardware device, and then slowly uploading the firmware.


Wait until the flashing is complete. The flashing is complete only when the power LED comes back on, not necessarily when the progress bar on the update tool indicates it has finished. BE PATIENT! This can take as long as 45 minutes to complete. Even if the utility says the upload is not completed, or it hangs at a certain point, DO NOT PANIC. Wait for another 10 to 15 minutes before you do anything else. When the process is complete, the router should automatically power cycle. Your router should now be working on IP address with subnet mask. At that point, open a web browser and go to . You should now be able to login with user ““root” and password “admin”.

Now, from within FreshTomato, erase the NVRAM settings again:

  1. Under Administration, click Configuration.
  2. Under Restore Default Configuration, click Erase all data in NVRAM memory(thorough).


At this point, your hardware should function properly.

Sometimes, however, on the first boot after flashing, the hardware may seem buggy or unexpected things may happen. If this happens, reboot the hardware once or twice more, and clear your web browser cache before installing the router for operation on your network. Web browsers sometimes cache data that shouldn't be cached. Now, refresh the page, and the problems problems should go away.

If problems continue after you've:

  1. Cleared your web browser cache at least twice
  2. Erased NVRAM at least twice, and
  3. Rebooted the router at least three times

then at that point, it's recommended that you request help on the Tomato forum.

TFTP Method

“Trivial File Transfer Protocol” is a small utility for transferring files between hosts on a TCP/IP network. It lets you upload firmware images to a router. There are command-line and graphical tftp client programs available. Windows includes a tftp program for the command line.

To prepare to flash via tftp:

  • Reset the router's NVRAM to defaults, as described above.
  • Put the router into Rescue Mode, as described above
  • Put the FreshTomato firmware file in the same folder as your tftp program
  • Open a command prompt, and change directories to the folder which contains the firmware
  • Type “tftp –I PUT filename.trx IP address of router” but DO NOT press Enter
  • Unplug the AC adapter plug from the router
  • Hold down the Reset button while reconnecting the AC adapter
  • When the power light starts blinking, let go of the Reset button
  • Press enter to start the tftp upload process
  • Wait at least 10 minutes for the upload to complete
  • Log on to Tomato's web interface and reset NVRAM, as shown in the screenshot above.

Note that there is a time limit on how long you have to upload the firmware file. If the timeout period expires, you may need to put the hardware into Rescue Mode again and restart the flashing process. There is no need to reset the hardware to defaults again.

Broadcom CFE miniWebserver Method



FCC Regulation Change Affecting Wireless Routers

Starting in 2015, The US FCC (Federal Communications Commission) passed legislation designed to block people from changing certain Wi-Fi settings, to avoid creating radio interference with other devices. Wi-Fi radio power had to be implemented in hardware so end users could not modify it. For example, the FCC wanted to make sure end users didn't override country settings or power limits.

Some hardware vendors reacted to the legislation in an extreme way, blocking third-party firmware from being flashed entirely. It's important to note that FCC did not require anything like this. Some companies' hardware could not be flashed with third-party firmware from within the interface of the stock firmware. If you tried to do so, you'd simply receive an error stating it wasn't possible. This resulted in a lot of controversy. FCC: Open source router software is still legal under certain conditions:

SLATE: FCC Support for hackable routers is a win for all of us:

firmware_basics_procedures.txt · Last modified: 2021/11/03 22:35 by hogwild