I spent too much time today reading MIPS disassembly of the ADAM2 bootload, as used on the Netgear DG834G. The problem is that the version used on the Netgear performs a checksum over most of the flash device on every boot. This makes the use of JFFS2, as done by OpenWRT, somewhat problematic. In an ideal world I'd try to compile up a newer, less restrictive version of ADAM2 but there's no JTAG on the Netgear that I've found and the thought of frying the bootloader and bricking the device wasn't appealing.

So what I've ended up doing is finding where the checksum is done and changing the branch instruction that aborts the boot to a nop. It's still scary, but it appears to do the job.


First, obtain your ADAM2 image. This is 128K and is mtd2 from the bootloader view. It should have an md5sum of 0530bfdf00ec155f4182afd70da028c1. If it doesn't, stop. The version I'm talking about is 0.18.01 as distributed by Netgear.

Assuming you have the right md5sum you want to go to offset 0x3944 where the 4 bytes should be 44 09 00 0C (representing a jal 0x90002510 during execution). Replace these 4 bytes with 0 (representing nop) and you should end up with a new image with an md5sum of d8a2f4623bf6f64b7427812f0e849aa7. You'll then need to do something like dd if=adam2-fix.bin of=/dev/mtdblock/2 on the device (I don't believe you'll be able to rewrite the bootloader from the bootloader for some reason...).

After that ADAM2 will still checksum the flash, but will continue to boot it after printing a checksum error message. This means you can go off and build yourself an OpenWRT AR7 based image and install it on your Netgear. Rock.