Sometimes, you mess up when toying with the firmware of an embedded device and end up “bricking” what you were working on. [Chris Bellows] had done just that with a consumer router, corrupting the onboard NAND flash to the point where recovery via normal means was impossible. Armed with a working duplicate of the router, he wondered if the corrupted NAND flash could be substituted into the working router while it was running, and reflashed in place – and decided to find out.
Key to achieving the hack was finding a way to remove the existing NAND flash in the working router without crashing the system while doing so. This required careful disconnection of the chip’s power lines once the router had booted up, as well as tying the “Ready/Busy” and “Read Enable” pins to ground. With this done, the chip could carefully be removed with a hot air tool without disrupting the router’s operation. The new chip could then be soldered in place, and flashed with factory firmware via the router’s web interface. At this point, it could be powered down and the chips swapped normally back into their own respective routers, restoring both to full functionality.
It’s a neat hack, and one that shows that it’s sometimes worth taking a punt on your crazy ideas just to see what you can pull off. It also pays to know the deeper secrets of the hardware you run on your own home network.