This is an old revision of the document!
What's “flashing firmware” anyway?
In short, flashing is installing new firmware. On a device like a router, firmware is most of the basic programming code which runs most of the major functions on the device. This is similar to the installed operating system and programs on a PC. Similar to a PC, firmware updates are released to fix bugs, add new features, and increase security. The device can usually run without updates in a fairly stable way. However, you should understand the risks this may involve for your network.
Firmware is “firm” because we don't apply changes or updates nearly so often. It's a bigger event to flash firmware than it is to to update software. This is because the Flash RAM memory which stores router firmware isn't designed to be written to frequently. As well, more things can go wrong during firmware flashing.
Flashing firmware is usually done to fix bugs, improve stability or add new features to the device. In the case of FreshTomato, the firmware often adds all of the above when compared with the vendor's “stock” (original) firmware.
On routers, firmware is stored in a type of non-volatile memory called Flash RAM. The contents of non-volatile memory such as Flash RAM remain after reboots or when the device is turned off. If they were erased, the device would not function. On routers, firmware is replaced or updated by uploading the entire image of the operating system installation and its programs to an EEPROM (electrically erasable and writable) chip.
Again, this is vaguely similar to reformatting and reinstalling the entire operating system on a PC. However, during the firmware flashing process, files are not copied one at a time onto a filesystem. Instead, one single image file of the entire installation is copied to Flash RAM, a small portion at a time. This is similar to using a drive imaging program such as Acronis TrueImage for Windows, or Time Machine for the Macintosh.
We refer to the files used to flash FreshTomato as “image” files, because they are mirror images of the entire installation of the operating system programs. The flashing simply copies the entire image file to the router's Flash RAM.
A build is one compilation of firmware.
Each build is:
The features included depend on the router's hardware and on which build/version is flashed. See the Feature matrix page for details on which features are included in each build).
Make sure to carefully choose a FreshTomato build appropriate for your hardware model. Choosing the wrong build/version could brick your router if it's not appropriate for your hardware. (See bricking section below).
When choosing a build, you need to make note of:
Some hardware models have two or more hardware versions/revisions. Some of these may contain different chipsets than others. Flashing the firmware to the “same” model hardware, but wrong version or revision could brick your hardware.
For some models, Flash RAM is limited, so it’s also important you choose a build that takes up less storage space than is available. Otherwise, you could run out of Flash RAM and your hardware could be bricked. For help choosing a build that's appropriate for your hardware, see the Hardware compatibility wiki page. For more guidance on how to choose a build, see the How Do I Choose a Build? section on the FAQ page. If you're still unsure after you've read both those pages, we recommend you ask for advice on the Tomato forum.
“Bricking” mean making your router completely non-functional after a failed flash. It's called bricking because the hardware would then only be useful as a brick, but not as a router. In this condition, It often can't be fixed without electronics or soldering knowledge.
Here are some rules for successful firmware flashing:
Doing any of the above can result in a partial update. This may leave the firmware corrupted, which can damage how the device works or even “brick it”, making it useless.
NVRAM is the part of non-volatile memory in routers where settings and parameters are stored.
FreshTomato can sometimes retain some NVRAM variables (settings) even after you flash a new firmware image to your router. Therefore, it's very important to erase NVRAM before flashing. Doing so ensures that all variables from the existing firmware are erased before flashing begins. Erasing NVRAM before flashing is an important step that should NEVER be skipped.
A “dirty flash” is a flash which was performed without thoroughly wiping NVRAM before and after flashing. A dirty flash often leads to strange, unexplained symptoms, like web interface pages that don't display properly, “missing” menu items, and just generally buggy or unstable functioning. No matter how tempted you are to “save time”, please don't do a dirty flash. You will likely waste time with strange symptoms and regret your choice.
There are several methods used to flash firmware on modern routers. The method you use depends on several things.
For Asus hardware, several methods/tools are available for firmware flashing.
This flashing method is only possible for builds from release 2022.3 and later.
In this example, we will flash an RT-AC68U model.
Next, clear NVRAM from within FreshTomato:
Asus provides a Windows program called Firmware Restoration.
https://www.asus.com/support/faq/1000814/
This program is used to flash firmware or recover from a failed firmware flash. It finds the router's IP address and allows you to flash firmware to the router, after you've put the router into Rescue Mode. Rescue Mode is a mode of in which the router won't allow anything to do be done except receive a firmware update.
For Asus models built in 2014 and older, the Asus Firmware Restoration utility will work fine. However, on most Asus models built after 2014, Firmware Restoration will not let you flash third-party firmware like FreshTomato. The reasons for this are indirectly related to a 2015 decision made by the US FCC (Federal Communications Commission) about changes to wireless features in third-party firmware. For details, see the section below titled: FCC Regulation Change Affecting Wireless Routers. If you try to flash using this method on newer hardware, the program will simply throw an error message saying it's not possible.
Step 1. Download and install Asus Firmware Restoration from the Asus website
Step 2. Download the appropriate FreshTomato image file
Download an appropriate FreshTomato image file for your router. Assuming you've read all the above, see the FAQ wiki page for information on the file naming convention for builds. Also see the Hardware Compatibility wiki page for help choosing the most appropriate image file for your hardware. If you're still not sure after reading those, it’s recommended that you ask for help on the Tomato forum:
Tomato Forum on Linksysinfo.org
It's recommended that you also download the latest version of Asus firmware for your hardware. That way, if your FreshTomato flash fails, you can still re-flash the Asus firmware. Remember, if a flash fails, you might not have a working router. You might not be able to download Asus firmware on your normal network until it's working again.
Step 3. Clear the NVRAM
Next, clear the NVRAM by restoring factory defaults in the Asus firmware, where settings and other parameters are stored. This will reset all settings to defaults and ensure the device has enough memory available to properly perform the flashing process. The process of clearing NVRAM will vary, depending on your hardware model.
The simplest way to wipe NVRAM settings from within stock Asus firmware is:
This method may not work perfectly. If you have trouble, you can try the hardware-only method. For many current Asus models, there are two buttons other than the power button to know about. One is the Reset button, and the other is the WPS button.
To wipe the NVRAM on current Asus models:
If you have trouble, check the user manual or the manufacturer's FAQ for your model.
Step 4. Assign a static IP address to your PC and disable all Wi-Fi on the router
In Rescue Mode, the DHCP server is not available. For this reason, it is recommended you assign a static IP your PC. Also, there appeared to be cases where a DHCP server caused the Firmware Restoration utility to stop before flashing was complete. It also may make it difficult to connect to the router after flashing, if the DHCP server isn't available yet.
Disconnect any WAN cable from your hardware. This too has been known to cause problems.
Many people have succeeded flashing firmware via a Wi-Fi connection. However, for maximum stability, it's recommended you disable Wi-Fi on the router and flash via an Ethernet connection. Never attempt to flash firmware over a WAN connection. That involves more risk. The flashing process could be incomplete or corrupt. You could end up having to attempt flashing again, or bricking the hardware. Before flashing, ensure the hardware you want to flash is the only router/AP hardware on the network, to avoid IP address conflicts.
Step 5. Enable Rescue Mode on the router
For Asus routers, this usually means:
Step 6. Flash FreshTomato
Wait until flashing is complete. The flashing is complete only when the power LED comes back on, not when the progress bar indicates it has finished. BE PATIENT! This can take as long as 45 minutes to complete. Even if the Firmware Restoration says the upload isn't complete, or it hangs, DO NOT PANIC. Wait another 10 to 15 minutes before doing anything else. When the process is complete, the router should automatically power cycle. Your router should now be working on IP address 192.168.1.1 with 255.255.255.0 subnet mask. At this point, open a web browser to 192.168.1.1 . You should now see a login screen with user “root”. The password is “admin”.
Step 7: From within FreshTomato, clear NVRAM contents again:
At this point, your router should function properly.
Sometimes on the first boot after flashing, FreshTomato may seem buggy or strange things may happen.
In such cases:
If problems persist, try the following:
If the router is still acting strangely at that point, we recommend you request help on the Tomato Web forum.
“Trivial File Transfer Protocol” is a small utility for transferring files between hosts on a TCP/IP network. It lets you upload firmware images to a router. There are command-line and graphical tftp client programs available. Windows includes a tftp program for the command line.
The TFTP method is useful when the manufacturer's firmware blocks other methods of upgrade from the stock (original) firmware.
To prepare to flash via tftp:
Note that Rescue Mode has a timeout period, so there is a limit on how long you have to upload the firmware. If the timeout period expires, you may need to put the hardware into Rescue Mode again and restart the flashing process.
If you have a Netgear R-series router with Netgear firmware installed, you must first flash with one of the “Netgear R-series initial” files. Once you have an R-series initial FreshTomato build installed, you can then upgrade FreshTomato to newer versions using regular build files. The initial .zip file contains a firmware file with a .chk file extension. The original Netgear firmware can use that file to install FreshTomato.
As an example, the following steps review the process for flashing an R7000 with an initial build, and then a normal build.
First, download the two files you'll need to flash the R7000:
The “R-series initial file” for R7000:
This .zip file has the following MD5SUM value: ec63c869fe14f5b46cbb13813c1699bf
The normal R7000 AIO build file:
This .zip file has the following MD5SUM value: ec63c869fe14f5b46cbb13813c1699bf
Verify integrity of both .zip files by running a hash check program against them. On Windows, HashMyFiles works well.
If the MD5 has found in the hash check program matches the number listed above, the file is good. If it does not match the value above, the file has been corrupted during download and should be downloaded again. Do not flash using the contents of .zip files that fail a hash check.
Now, unzip the .zip files. The two files inside should look like this (for this particular router model/release of FreshTomato).
freshtomato-R7000-2023.2-initial-64K.chk
freshtomato-R7000-ARM-2023.2-AIO-64K.trx
If you're not sure which build file to download,
In the case of the R7000, the data in the table describe these specifications:
Initial preparation:
Connect an Ethernet cable to a LAN port of your router and your computer's Ethernet port. Do NOT use WiFi.
Unplug all other Ethernet connections.
If you already have FreshTomato installed on your Netgear, you can upgrade to newer releases using regular build files. These .zip files contain firmware files ending with the .trx file extension.
A Netgear router with FreshTomato installed cannot be directly flashed back to original Netgear firmware with normal builds. Some Netgear models can be flashed back to Netgear firmware using special builds called “Netgear back to OFW” builds. You can check if your Netgear model is supported in the “Netgear Back to OFW” folder in the appropriate FreshTomato downloads folder:
Starting in 2015, The US FCC (Federal Communications Commission) passed legislation designed to block people from changing certain Wi-Fi settings, to avoid creating radio interference with other devices. Wi-Fi radio power had to be implemented in hardware so end users could not modify it. For example, the FCC wanted to make sure end users didn't override country settings or power limits.
Some hardware vendors reacted to the legislation in an extreme way, blocking third-party firmware from being flashed entirely. It's important to note that FCC did not require anything like this. Some companies' hardware could not be flashed with third-party firmware from within the interface of the stock firmware. If you tried to do so, you'd simply receive an error stating it wasn't possible. This resulted in a lot of controversy.
ArsTechnica.com: FCC: Open source router software is still legal under certain conditions:
https://arstechnica.com/information-technology/2015/09/fcc-open-source-router-software-is-still-legal-under-certain-conditions/
SLATE: FCC Support for hackable routers is a win for all of us:
https://slate.com/technology/2016/08/fcc-support-for-hackable-wireless-routers-is-a-win-for-all-of-us.html