Skip to content
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

This tool can, so far, given a serial port connected to a device with brnboot/amazonboot, dump its flash into a file.


It has been tested with

About brnboot:


The serial port in ARV4518PW SMC7904WBRA is hidden inside their case. If opened, there's a 5x2 header. Going horizontally from the marked pin, which is 1: 2.RX, 3.TX, 5.GND, 6.+3.3v. UART is at 115200bps.

Some devices might have a different pinout, but I have yet to encounter any such hardware.

To dump the whole flash of my AR4518PW into some file, I do: ./ --read=AR4518PW_whole.dump --addr=0xB0000000 --verbose --size=0x400000

If you specify - as the output filename in the --read option, the output will be sent to stdout. On a Windows platform you must call the script with the –u option in order to prevent the replacement of '\x0a' by '\x0d\x0a' in this case.

And then turn it on.

A successful flash block read will output the address and size of the block while a botched one (a byte or more gets lost in the serial port) will output '!' and retry. Even so, unless in a hurry, I'd recommend to at least dump twice and compare the dumps, just to be on the safe side.

See the "erase flash" menu on the menus brnboot provides through the serial port in order to figure out the flash layout in these devices. I cannot guarantee that none of the devices using brnboot will just start erasing the whole flash by just selecting the option, so act at your own risk.

Thanks to Jan-Philipp Litza for patches and confirming ARV7506PW11 works.

Thanks to einsiedlerkrebs for more testing and reminding me about Python 3.

Roc Vallès. <vallesroc>


python code to deal with talking to routers using the brnboot bootloader through a serial port and doing simple tasks like backing up the firmware.




No releases published


You can’t perform that action at this time.