Flashing a Netgear R7000 router with FreshTomato

Initial setup

Sadly, the R7000 model uses broadcom chips. Looks like OpenWRT cannot save us from OEM hellworld any longer.

This router is entirely new hardware for me. All of these instructions are from a fresh factory image. Factory reset your R7000. It makes things simpler.

Connect the router to a PC using an eth cable. Do not connect the PC to the WAN port, connect the PC to one of the switch ports.

The first step is to configure the router as if you were a clueless user who just uses OEM firmware cluelessly. Configurint the router just to flash it and reconfigure it

Wow, ads in the web UI. Technology was a mistake.

Ads in the web ui

The R7000 is a strange model that requires us to flash two separate files in a 2 stage flash process. You can use a wget commands if you trust me or just browse the FreshTomato website and download them manually.

[user@fedora nmrpflash]$ wget https://freshtomato.org/downloads/freshtomato-arm/2022/2022.5/Netgear%20initial%20files/freshtomato-R7000-2022.5-initial-64K.zip 
[user@fedora nmrpflash]$ wget https://freshtomato.org/downloads/freshtomato-arm/2022/2022.5/K26ARM/freshtomato-R7000-ARM_NG-2022.5-AIO-64K.zip
[user@fedora nmrpflash]$ for i in ./*.zip; do unzip $i; done
[user@fedora nmrpflash]$ ifconfig
[user@fedora nmrpflash]$ firefox 192.168.1.1

And the rest is webshit. I apologize for inaccessibility.

Stage 1 flash

In the web UI, navigate to Advanced > Administration > Router Update. Upload the .chk file.

Upload the .chk file

Verify that you know what you're doing.

confirmation dialog for nuking the firmware

Wait for the update to apply

progress bar for the firmware update

Wait for the router to reboot

message that the router is rebooting

Stage 2 flash

Wait for the router to reboot. Repeatedly refresh the page. When the login prompt appears, reset the router using the small reset button on the back. I use a sim card slot ejector key but a paperclip works also. Hold for 10ish seconds then release.

The login prompt looks like this:

Router login prompt.

After this, repeat the spamming refresh process until a login prompt appears. Now you can log in with:

user = root
pass = admin

After logging in, you might have to remove the /cgi-bin/luci path from the URL.

strange path

url path includes cgi-bin/luci so the interface isn't displaying properly

Your router is now freed from OEM advertisers

freshtomato web admin pannel

Now we need to clean out all of the OEM garbage from the NVRAM. Go to Administration > Configuration and reset the NVRAM.

wiping the NVRAM waiting for NVRAM to finish wiping Go back to the Router's web page. You might have to get a new DHCP release with
[user@fedora netgear]$ sudo killall dhclient && dhclient enp0s31f6

Go to Administration > Upgrade and upload the .trx file.

uploading the trx file waiting for firmware updates to finish

Wait for it reboot.

waiting for reboots again

You might have to kill and restart dhclient again to get back to the web interface.

updated freshtomato web ui

After all is said and done, we now have ssh access to our router like RMS intended.


[user@fedora netgear]$ ssh root@192.168.1.1

FreshTomato 2022.5 K26ARM USB AIO-64K
size: 40314 bytes (25222 left)
 ======================================================== 
 Welcome to the Netgear R7000 [FreshTomato]
 Date: Thu Jan 1 1970
 Time: 01:21:04 up 21 min
 Load average: 0.00, 0.01, 0.02
 Mem usage: 9.4% (used 23.53 of 249.59 MB)
 LAN1: 192.168.1.1/24 @ DHCP:  -
 WL0 : 2.4GHz @ FreshTomato24 @ channel: 6 @ XX:XX:XX:XX:XX:XX
 WL1 : 5GHz @ FreshTomato50 @ channel: 36 @  XX:XX:XX:XX:XX:XX
 ======================================================== 

root@unknown:/tmp/home/root# 

After installation, I do things like change the theme to something less ugly, disable telnet, set a better root password, set wireless encryption, etc.