What's “flashing firmware” anyway?

In short, flashing is installing new firmware. On a device like a router, firmware is most of the basic programming code which runs most of the major functions on the device. This is similar to the installed operating system and programs on a PC. Similar to a PC, firmware updates are released to fix bugs, add new features, and increase security. The device can usually run without updates in a fairly stable way. However, you should understand the risks this may involve for your network.

Firmware is “firm” because we don't apply changes or updates nearly so often. It's a bigger event to flash firmware than it is to to update software. This is because the Flash RAM memory which stores router firmware isn't designed to be written to frequently. As well, more things can go wrong during firmware flashing.

Flashing firmware is usually done to fix bugs, improve stability or add new features to the device. In the case of FreshTomato, the firmware often adds all of the above when compared with the vendor's “stock” (original) firmware.

On routers, firmware is stored in a type of non-volatile memory called Flash RAM. The contents of non-volatile memory such as Flash RAM remain after reboots or when the device is turned off. If they were erased, the device would not function. On routers, firmware is replaced or updated by uploading the entire image of the operating system installation and its programs to an EEPROM (electrically erasable and writable) chip.

Again, this is vaguely similar to reformatting and reinstalling the entire operating system on a PC. However, during the firmware flashing process, files are not copied one at a time onto a filesystem. Instead, one single image file of the entire installation is copied to Flash RAM, a small portion at a time. This is similar to using a drive imaging program such as Acronis TrueImage for Windows, or Time Machine for the Macintosh.

We refer to the files used to flash FreshTomato as “image” files, because they are mirror images of the entire installation of the operating system programs. The flashing simply copies the entire image file to the router's Flash RAM.

A build is one compilation of firmware.

Each build is:

• Based on a certain FreshTomato release (e.g. 2021.7)
• Intended for a certain hardware (e.g. Asus RT-AC68P)
• Includes a certain set of features (e.g. “AIO” or “All-In-One” build or a MiniIPV6 build)

The features included depend on the router's hardware and on which build/version is flashed. See the Feature matrix page for details on which features are included in each build).

Make sure to carefully choose a FreshTomato build appropriate for your hardware model. Choosing the wrong build/version could brick your router if it's not appropriate for your hardware. (See bricking section below).

When choosing a build, you need to make note of:

• The router/AP model
• The hardware's revision/version number
• The amount of Flash RAM in your hardware
• The feature set you want, that will fit in that amount of Flash RAM.

Some hardware models have two or more hardware versions/revisions. Some of these may contain different chipsets than others. Flashing the firmware to the “same” model hardware, but wrong version or revision could brick your hardware.

For some models, Flash RAM is limited, so it’s also important you choose a build that takes up less storage space than is available. Otherwise, you could run out of Flash RAM and your hardware could be bricked. For help choosing a build that's appropriate for your hardware, see the Hardware compatibility wiki page. For more guidance on how to choose a build, see the How Do I Choose a Build? section on the FAQ page. If you're still unsure after you've read both those pages, we recommend you ask for advice on the Tomato forum.

“Bricking” mean making your router completely non-functional after a failed flash. It's called bricking because the hardware would then only be useful as a brick, but not as a router. In this condition, It often can't be fixed without electronics or soldering knowledge.

Here are some rules for successful firmware flashing:

• Never interrupt a firmware flash until it's completely finished. Be patient.
• Never turn off the router/device while the update is being flashed.
• Never reboot your PC until a flash has completed.
• Never disconnect the network connection with the router until the flash is completed.
• Never cancel/pause/stop the software on your PC that you're using to perform the firmware update.

Doing any of the above can result in a partial update. This may leave the firmware corrupted, which can damage how the device works or even “brick it”, making it useless.

NVRAM is the part of non-volatile memory in routers where settings and parameters are stored.

FreshTomato can sometimes retain some NVRAM variables (settings) even after you flash a new firmware image to your router. Therefore, it's very important to erase NVRAM before flashing. Doing so ensures that all variables from the existing firmware are erased before flashing begins. Erasing NVRAM before flashing is an important step that should NEVER be skipped.

A “dirty flash” is a flash which was performed without thoroughly wiping NVRAM before and after flashing. A dirty flash often leads to strange, unexplained symptoms, like web interface pages that don't display properly, “missing” menu items, and just generally buggy or unstable functioning. No matter how tempted you are to “save time”, please don't do a dirty flash. You will likely waste time with strange symptoms and regret your choice.

There are several methods used to flash firmware on modern routers. The method you use depends on several things.

• Which brand/model/revision of hardware you have
• The age of your hardware
• Whether or not the vendor allows their hardware to be flashed
  through the firmware that came with the hardware
• Which firmware you're trying to flash: stock, or FreshTomato firmware

For Asus hardware, several methods/tools are available for firmware flashing.

This flashing method is only possible for builds from release 2022.3 and later.

In this example, we will flash an RT-AC68U model.

1. Login to the router's Web interface
2. Under Advanced Settings, go to LAN.
3. Click on the DHCP tab.
4. Beside “Enable the DHCP Server” select No. Click Apply.
5. 
6. Under Advanced Settings, go to Administration
7. Click on the Firmware Upgrade tab
8. Click Browse… and go select the FreshTomato image file appropriate for your router.
9. After selecting the appropriate image file to flash, click Upload.
10. You should now see a white progress indicator, with text below saying “Firmware is upgrading…”
11. Wait until the upgrade process is 100% completed. Do NOT interrupt the process.
12. When the upgrade process complete, reboot the router (by turning it off and on again).

Next, clear NVRAM from within FreshTomato:

• Wait until the router has fully restarted (2-3 mins)
• Press the physical reset button for at least 3 seconds.
  • The router will erase NVRAM and reboot again.
  • It should now be ready for you to configure it for use.

• SDK6 MIPS & ARM Models (like the Asus RT-N18U or RT-AC68U)
  • Since release 2022.3, you can upgrade from AsusWRT to FreshTomato or vice versa via Web interface.
• SDK7 routers (like RT-AC3200) and SDK714 routers (like the RT-AC5300, RT-AC3100)
  • Since release 2022.6, these models support upgrades via the Web interface.
• Asus RT-AC19000U upgrades may require FreshTomato firmware for the Asus RT-AC68U.

Asus provides a Windows program called Firmware Restoration.

https://www.asus.com/support/faq/1000814/

This program is used to flash firmware or recover from a failed firmware flash. It finds the router's IP address and allows you to flash firmware to the router, after you've put the router into Rescue Mode. Rescue Mode is a mode of in which the router won't allow anything to do be done except receive a firmware update.

For Asus models built in 2014 and older, the Asus Firmware Restoration utility will work fine. However, on most Asus models built after 2014, Firmware Restoration will not let you flash third-party firmware like FreshTomato. The reasons for this are indirectly related to a 2015 decision made by the US FCC (Federal Communications Commission) about changes to wireless features in third-party firmware. For details, see the section below titled: FCC Regulation Change Affecting Wireless Routers. If you try to flash using this method on newer hardware, the program will simply throw an error message saying it's not possible.

Step 1. Download and install Asus Firmware Restoration from the Asus website

1. In the Support section of the Asus website, find your router/hardware model.
2. Click “Software and Utility” and specify your Windows version.
3. Find and download the latest version of the Firmware Restoration utility.
4. Install the Firmware Restoration utility.

Step 2. Download the appropriate FreshTomato image file

Download an appropriate FreshTomato image file for your router. Assuming you've read all the above, see the FAQ wiki page for information on the file naming convention for builds. Also see the Hardware Compatibility wiki page for help choosing the most appropriate image file for your hardware. If you're still not sure after reading those, it’s recommended that you ask for help on the Tomato forum:
Tomato Forum on Linksysinfo.org

It's recommended that you also download the latest version of Asus firmware for your hardware. That way, if your FreshTomato flash fails, you can still re-flash the Asus firmware. Remember, if a flash fails, you might not have a working router. You might not be able to download Asus firmware on your normal network until it's working again.

Step 3. Clear the NVRAM

Next, clear the NVRAM by restoring factory defaults in the Asus firmware, where settings and other parameters are stored. This will reset all settings to defaults and ensure the device has enough memory available to properly perform the flashing process. The process of clearing NVRAM will vary, depending on your hardware model.

The simplest way to wipe NVRAM settings from within stock Asus firmware is:

• Log on to the router's web interface.
• Click on the “Administration” menu.
• Click on the “Restore/Save/Upload” Setting tab.
• Beside “Factory Default”, click the Restore button.

This method may not work perfectly. If you have trouble, you can try the hardware-only method. For many current Asus models, there are two buttons other than the power button to know about. One is the Reset button, and the other is the WPS button.

To wipe the NVRAM on current Asus models:

• Unplug the AC adapter from the back of the router.
• Hold down the WPS button and reinsert the power connector.
  Continue to hold the WPS button for 30 seconds.
• Release the WPS button. All LEDs on the front should blink once to signal that NVRAM was cleared.

If you have trouble, check the user manual or the manufacturer's FAQ for your model.

Step 4. Assign a static IP address to your PC and disable all Wi-Fi on the router

In Rescue Mode, the DHCP server is not available. For this reason, it is recommended you assign a static IP your PC. Also, there appeared to be cases where a DHCP server caused the Firmware Restoration utility to stop before flashing was complete. It also may make it difficult to connect to the router after flashing, if the DHCP server isn't available yet.

Disconnect any WAN cable from your hardware. This too has been known to cause problems.

Many people have succeeded flashing firmware via a Wi-Fi connection. However, for maximum stability, it's recommended you disable Wi-Fi on the router and flash via an Ethernet connection. Never attempt to flash firmware over a WAN connection. That involves more risk. The flashing process could be incomplete or corrupt. You could end up having to attempt flashing again, or bricking the hardware. Before flashing, ensure the hardware you want to flash is the only router/AP hardware on the network, to avoid IP address conflicts.

Step 5. Enable Rescue Mode on the router

For Asus routers, this usually means:

• Remove the AC adapter plug from the back of the router.
• Hold down the Reset button while plugging in the power cable again so the power turns on.
• Continue to hold Reset until the Power LED starts to flash on and off.
• Release the Reset button
• Move quickly to step 6. Firmware Restoration has a timeout period. If flashing doesn't happen, you'll need to put the router into rescue mode again.

Step 6. Flash FreshTomato

• Run Firmware Restoration. Select the correct .trx firmware file. Ignore any warnings that the firmware is incompatible.
• Click OK to agree to the prompt. The utility should begin scanning for your router device, and then slowly uploading the firmware.

Wait until flashing is complete. The flashing is complete only when the power LED comes back on, not when the progress bar indicates it has finished. BE PATIENT! This can take as long as 45 minutes to complete. Even if the Firmware Restoration says the upload isn't complete, or it hangs, DO NOT PANIC. Wait another 10 to 15 minutes before doing anything else. When the process is complete, the router should automatically power cycle. Your router should now be working on IP address 192.168.1.1 with 255.255.255.0 subnet mask. At this point, open a web browser to 192.168.1.1 . You should now see a login screen with user “root”. The password is “admin”.

Step 7: From within FreshTomato, clear NVRAM contents again:

1. Under Administration, click Configuration.
2. Under Restore Default Configuration, select Erase all data in NVRAM memory(thorough).
3. Click OK.

At this point, your router should function properly.

Sometimes on the first boot after flashing, FreshTomato may seem buggy or strange things may happen.

In such cases:

1. Reboot the router once or twice more.
2. Clear your browser cache before putting the router on your network. Web browsers can cache data that shouldn't be cached.
3. Now, refresh the page. Any problems caused by cached browser data should be gone.

If problems persist, try the following:

1. Clear your web browser cache again.
2. Erase NVRAM at least twice.
3. Reboot the router at least two more times.

If the router is still acting strangely at that point, we recommend you request help on the Tomato Web forum.

“Trivial File Transfer Protocol” is a small utility for transferring files between hosts on a TCP/IP network. It lets you upload firmware images to a router. There are command-line and graphical tftp client programs available. Windows includes a tftp program for the command line.

The TFTP method is useful when the manufacturer's firmware blocks other methods of upgrade from the stock (original) firmware.

To prepare to flash via tftp:

• Reset the router's NVRAM to defaults, as described above.
• Put the router into Rescue Mode, as described above.
• Put the FreshTomato firmware file in the same folder as your tftp program.
• Open a command prompt, and change directories to the folder containing the firmware.
• Type “tftp –I PUT filename.trx IP address of router“ but DO NOT press Enter.
  • (Replace “filename.trx” with the name of an appropriate image file for your model)
• Unplug the AC adapter from the router.
• Hold down the Reset button while reconnecting the AC adapter.
• When the power light starts blinking, let go of the Reset button.
• Press enter to start the tftp upload process.
• Wait at least 10 minutes for the upload to complete.
• Log on to the FreshTomato web interface and reset NVRAM, as in the screenshot above.

Note that Rescue Mode has a timeout period, so there is a limit on how long you have to upload the firmware. If the timeout period expires, you may need to put the hardware into Rescue Mode again and restart the flashing process.

TBD.

If you have a Netgear R-series router with Netgear firmware installed, you must first flash with one of the “Netgear R-series initial” files. Once you have an R-series initial FreshTomato build installed, you can then upgrade FreshTomato to newer versions using regular build files. The initial .zip file contains a firmware file with a .chk file extension. The original Netgear firmware can use that file to install FreshTomato.

As an example, the following steps review the process for flashing an R7000 with an initial build, and then a normal build.

First, download the two files you'll need to flash the R7000:

The “R-series initial file” for R7000:

https://freshtomato.org/downloads/freshtomato-arm/2023/2023.2/Netgear%20initial%20files/freshtomato-R7000-2023.2-initial-64K.zip

This .zip file has the following MD5SUM value: ec63c869fe14f5b46cbb13813c1699bf

The normal R7000 AIO build file:

https://freshtomato.org/downloads/freshtomato-arm/2023/2023.2/K26ARM/freshtomato-R7000-ARM-2023.2-AIO-64K.zip

This .zip file has the following MD5SUM value: ec63c869fe14f5b46cbb13813c1699bf

Verify integrity of both .zip files by running a hash check program against them. On Windows, HashMyFiles works well.

If the MD5 has found in the hash check program matches the number listed above, the file is good. If it does not match the value above, the file has been corrupted during download and should be downloaded again. Do not flash using the contents of .zip files that fail a hash check.

Now, unzip the .zip files. The two files inside should look like this (for this particular router model/release of FreshTomato).

freshtomato-R7000-2023.2-initial-64K.chk

freshtomato-R7000-ARM-2023.2-AIO-64K.trx

If you're not sure which build file to download,

• Check the Hardware compatibility list for your model
• Read the ”How Do I Choose a Firmware Build“ section in the FAQ
  • A table there illustrates the naming scheme of FreshTomato builds.

In the case of the R7000, the data in the table describe these specifications:

• CPU: The R7000 contains an ARM chipset
• NVRAM: The R7000 contains 64KB
• AIO = All in One build (contains all feature available).
• Thus, we choose firmware with filename freshtomato-R7000-ARM-[version]-AIO-64K.trx (only after we flash an initial build).

Initial preparation:

Connect an Ethernet cable to a LAN port of your router and your computer's Ethernet port. Do NOT use WiFi.

Unplug all other Ethernet connections.

1. Power on the router. Wait 2-5 minutes for it to finish booting.
2. Reset the router to defaults by holding down reset with a paperclip for 30 seconds. Follow the user guide for specifics.
   
   
3. Wait again 2-5 minutes until the router finishes rebooting.
4. Open a Web browser and enter: 192.168.1.1 . Log on.
5. 
6. Go to Advanced–>LAN Setup and uncheck “Use Router as DHCP Server” and Save.
7. 
8. Go to the Advanced TAB > Administration > Router update.
9. 
   1. Browse to the .CHK file above (freshtomato-R7000-20xx.x-initial-64K.chk) then click UPLOAD.
10. When prompted to continue, click OK.
11. At the Router Update Warning screen, click YES. The Router Update screen shows: “The Router is updating its firmware”.
12. 
13. Then, the Router Update screen shows: “Rebooting the router now, please wait”
14. 
15. Wait 2-5 minutes until presented with a login. Do NOT log on.
    1. If your PC's IP address changes to 169.254.x.x, Windows has configured that address, as it can't find a DHCP server.
    2. Wait 5 minutes, and proceed with the next step.
16. Press the reset switch once briefly with a paperclip.
17. While the router reboots, configure your PC with a static IP address of 192.168.1.9 and a gateway of 192.168.1.1 .
    1. This step may not be necessary, as the router should be running DHCP, and should assign your PC an IP address.
18. Ping the router's IP address to verify that it finished rebooting: “ping -t 192.168.1.1” .
19. 
    1. Wait until the ping results show that it rebooted (“Destination Host Unreachable”) and reconnected (“64 bytes from…”) twice.
    2. 
    3. Flashing is finished, and with the router rebooted, you can connect to its Web interface.
20. In a web browser, enter: 192.168.1.1 . Enter Username: “root”, Password: “admin”.
21. 
22. If this fails:
    1. Use a private browser (incognito) window
    2. Clear the browser cache
    3. You probably didn't reset the device, or you didn't wait long enough. Please repeat Step 9.
23. You should now be logged in. You should see “System” on the Overview menu.
24. 
25. Under Configuration > Restore Default Configuration > select “Erase all data in NVRAM memory”.
26. 
27. You should see: “Please wait while the defaults are restored…”
28. 
29. Eventually, the initial build is installed and NVRAM cleared. Now, upgrade to a normal build.
30. Continue (or open) 192.168.1.1 in a browser window.
31. Under Administration > Firmware Upgrade, click Browse… and find the .TRX firmware file above.
32. 
34. This was the .trx file at the time this was written. Select it.
35. Click Upgrade
36. Wait..You will see a timer, and: “Please wait while the firmware is uploaded and flashed.”
37. 
38. Wait…You will see “Image successfully flashed. Soon you'll see: “Please wait while the router reboots…” and a countdown timer.
39. 
40. Eventually, you'll be prompted to Click “continue”.
42. Do so, and FreshTomato will eventually go back to the main menu.
43. Under Administration > Configuration > select “Erase all data in NVRAM memory”, click OK.
44. 
45. You should see: “Please wait while the defaults are restored…” and a countdown timer.
46. 
47. Eventually, you should be be prompted to click “Continue”. Click “Continue”.
48. You should be left at the Upgrade Firmware menu. This means the process has finished.

If you already have FreshTomato installed on your Netgear, you can upgrade to newer releases using regular build files. These .zip files contain firmware files ending with the .trx file extension.

A Netgear router with FreshTomato installed cannot be directly flashed back to original Netgear firmware with normal builds. Some Netgear models can be flashed back to Netgear firmware using special builds called “Netgear back to OFW” builds. You can check if your Netgear model is supported in the “Netgear Back to OFW” folder in the appropriate FreshTomato downloads folder:

"Netgear back to OFW" firmware

Starting in 2015, The US FCC (Federal Communications Commission) passed legislation designed to block people from changing certain Wi-Fi settings, to avoid creating radio interference with other devices. Wi-Fi radio power had to be implemented in hardware so end users could not modify it. For example, the FCC wanted to make sure end users didn't override country settings or power limits.

Some hardware vendors reacted to the legislation in an extreme way, blocking third-party firmware from being flashed entirely. It's important to note that FCC did not require anything like this. Some companies' hardware could not be flashed with third-party firmware from within the interface of the stock firmware. If you tried to do so, you'd simply receive an error stating it wasn't possible. This resulted in a lot of controversy.

ArsTechnica.com: FCC: Open source router software is still legal under certain conditions:
https://arstechnica.com/information-technology/2015/09/fcc-open-source-router-software-is-still-legal-under-certain-conditions/

SLATE: FCC Support for hackable routers is a win for all of us:
https://slate.com/technology/2016/08/fcc-support-for-hackable-wireless-routers-is-a-win-for-all-of-us.html