The following article is a detailed how-to on flashing an Asus RT-AC68U router with the AdvancedTomato web interface using the Tomato by Shibby firmware.
When my venerable Linksys WRT54GL Wi-Fi Wireless-G Broadband Router
ASUSWRT was originally based on the open source Tomato router firmware project, which I also ran on my WRT54GL. Since ASUSWRT utilizes GPL source code, then under the GPL, Asus is required to release the source code for ASUSWRT. You can find the ASUSWRT source code on their support site. While I really liked all the features and the web interface that the ASUSWRT firmware provided I soon became disgruntled with how buggy the firmware was.
Being a hacker I downloaded the source code and began perusing it. One of the bugs I had run into was with the OpenVPN client functionality. It didn’t take me very long to find a typo in the code. Trying to report the bug to the Asus developers took a lot longer. Asus frontline support was reasonable, but trying to communicate with anyone above the tier one level proved virtually impossible. Being a software engineer, I can appreciate protecting your backline developers from the onslaught of silly questions that support gets everyday. However, when it is a legitimate issue that needs to be escalated, then the engineers should hear about it. This compounded with various versions of the Asus firmware crashing at least once a month, gave me the motivation to find another firmware for my router.
I considered the ASUSWRT-MERLIN firmware which is also released under the GPL. But when discussing this with a security consultant colleague, he suggested that I give the AdvancedTomato firmware a shot. And now six months later I am really glad that he did. So, what is AdvancedTomato? As the project describes on their website;
A router’s graphical user interface is the most important part of the system because most users are unable or unwilling to configure a router by any other means. Tomato comes with a dated web interface with the option to change the color scheme but for some of us that is not enough. The interface simply feels out of date, out of style and in need of an update. AdvancedTomato enables you to keep all of the features of Tomato by Shibby and also upgrade your router’s GUI to a clean and contemporary flat design. Users who demand a modern feature-filled firmware like Tomato deserve to explore those features using modern intuitive GUI like AdvancedTomato.
But what is Tomato by Shibby? Turns out that Tomato by Shibby is a project that is based upon the TomatoUSB project, which is a project based on the original Tomato project that I was running on my WRT54GL that I loved so much. You can still purchase a WRT54GL by the way and if you don’t need the newer wireless standards this is a great router. With AdvancedTomato I can have a modern web interface, with all the great features and more of Tomato and it is all free and open source. And I can have it all on a modern dual core ARMv7 processor! This is a great example of how open source projects evolve and fork!
When I originally flashed my new router with the AdvancedTomato firmware I followed this how-to but it didn’t quite work for me. Just today I tried to flash a brand new Asus RT-AC68U router for a client and once again it didn’t work out quite right for me. So, I thought I would write an up to date how-to on what I did to get AdvancedTomato flashed onto my new RT-AC68U. I haven’t tried this on other ASUSWRT routers but the process is probably very similar.
How-to Flash an Asus RT-AC68U with AdvancedTomato Firmware
Disclaimer: Flashing third party firmware on your router will void your warranty. It is possible to brick your router. You have been warned.
All of the how-tos that I have read instruct you to download the Asus Firmware Restoration Utility and install the AdvancedTomato firmware using it. As a Linux user this perturbs me as there is no Asus utility for Linux. But as a technical consultant I have many versions of Windows, Android, and OS X installed on different computers. So, I decided since all the how-tos used the Asus utility, I would try it as well, to lessen the odds of bricking my router.
It didn’t work. I was using a Windows 7 laptop with what was the latest Asus Firmware Restoration Utility at the time. I gave up and used the restoration utility to restore the latest ASUSWRT firmware and decided I would try again later. Interestingly, after I re-flashed my router with the ASUSWRT firmware all my settings were intact. Which was a clue to what went wrong in the first place.
A week later I made another attempt to flash the router with AdvancedTomato. Following the suggestion of a commenter on the how-to, after flashing the router with the Asus utility, I then telneted into the router and performed an NVRAM reset using the command;
mtd-erase2 nvram
Then I rebooted (power cycled) the router and everything worked as expected. Since then I have upgrade the AdvancedTomato firmware a few times via the AdvancedTomato web interface and I have been thrilled with the performance and stability of my router. It has never crashed once!
A client of mine has been having a lot of network and wireless issues. They have an older D-LINK router that is just plain flaky, so I purchased a RT-AC68U with the intentions of flashing it with AdvancedTomato.
I unboxed the client’s router, hooked it up to a Windows 10 box directly to LAN port 1, and installed the Asus Firmware Restoration Utility from the included factory support CD, and once again it didn’t work. I got the same issues I had before. The firmware upload would stall out during the upload and the router would reboot and put itself back into its’ new setup mode. I tried this 5 times and it failed at 13%, 74%, 72%, 79%, and 50% of the way through the upload respectively. I decided that was enough of that. The following is what I did instead, step by step, with explanations.
1. Download ASUSWRT firmware and Restoration Utility
The first thing you want to do is download a copy of the ASUSWRT firmware and restoration utility in case anything goes wrong so you can reinstall the factory firmware. The Asus Support CD that came with your router has a copy of the Firmware Restoration Utility or you can download one from the Asus support website.
You should also download the latest ASUSWRT firmware from the Asus support website. This is not included on the CD so you will have to download it.
If something goes terribly wrong, hopefully you can put the router into rescue mode and use the utility to restore a copy of the Asus firmware. Which is what I did the first time my AdvancedTomato installation failed. Please refer to the Asus router manual under the section Firmware Restoration for instructions on how to do this. If the Asus utility does not work for you, you can try following the method I describe further down for flashing the AdvancedTomato firmware.
2. Download and Verify AdvancedTomato Firmware
The next step is to download the AdvancedTomato firmware. You are probably going to want the latest version. You can download the firmware from the AdvancedTomato website, at the time of this writing you can find this for the RT-AC68U at this URL https://advancedtomato.com/downloads/router/rt-ac68u.
Transmission errors due sometimes occur, and you can’t have a single bit corrupted in your firmware installation. AdvancedTomato supplies MD5 checksums for their downloads, use them to verify your download. If you are using Linux simply run the command;
Compare the checksum result with that of the one listed on the AdvancedTomato website. If they do not match, download again and verify until they do. On Windows you can download the Microsoft Checksum Integrity Verifier tool and on OS X you can use the “openssl md5” command.
3. Prepare the Router for Flashing
- Make sure the router is switched off and then connect the router’s power supply.
- Disconnect all Ethernet cables, except for one, which should connect your computer to LAN port 1 on the router. If you have anything connected to the USB ports, it would be a good idea to disconnect those as well.
- Assign a static IP of 192.168.1.10 with a netmask of 255.255.255.0 to your computer.
4. Use the Broadcom CFE Web Server to Upload AdvancedTomato Firmware
Given the issues with Asus firmware utility, and as a Linux user I wanted an OS agnostic method of uploading the firmware, I used the Broadcom CFE to flash my router. To access the CFE we put the router into rescue mode. You will need something to press the recessed reset switch. I like to use the eraser on a regular old pencil.
- With the router powered off, depress and hold the reset switch on the back of the router with your pencil eraser.
- While continuing to depress the reset switch, power on the router.
- Continue to hold the reset switch until the power LED begins to blink slowly.
- Release reset switch, the router is now in rescue mode.
- Open a browser and go to http://192.168.1.1.
At this point you should see something like this in your browser;
Note: If you changed your router’s default IP, you will need to go to that address as opposed to the default IP of 192.68.1.1
Click the Browse… button and select your AdvancedTomato firmware .trx file then click the Upload button to begin transferring the firmware. This could take a while, just be patient. Wait at least 10 minutes before giving up.
Once the transfer is complete, you should see a screen like this;
Click the Continue link and the router will reboot. Go ahead and wait until the router completes its reboot. This might take a while, maybe as long as 5 minutes. When the wireless LEDs light up steadily the router should be booted up.
4. Clear the NVRAM
Clearing the NVRAM on the router appears to be a crucial step. As I noted before, the first time I installed the AdvancedTomato firmware I telneted to the router with the new AdvancedTomato firmware and issued the “mtd-erase2 nvram” command to clear the NVRAM. For some reason the HTTP interface did not work, but telnet did. I logged in with the default IP of 192.168.1.1 and the default credentials (user: root, password: admin). But as some OSes (Windows 10) does not have a built-in telnet client there is another way to do this on the router itself.
Although, the Asus manual states that reset button restores the system to its factory default settings, this has never worked for me. However, searching the Internet I have found a method that does work.
- Make sure the router has finished booting up, the wireless LEDs should be on and steady.
- Locate the WPS button the side of the router.
- Power off the router.
- Depress the WPS button. While continuing to hold the WPS button power up the router.
- Keep holding the WPS button until the power LED begins to blink rapidly. This could take as long as 30 seconds.
- Release the WPS button. The router should reboot when you do this.
This should clear the NVRAM and when the router boots up it should be ready to roll.
5. Configure and Enjoy your New AdvancedTomato Router
Wait for the router to finish booting up and then point your browser to http://192.168.1.1 and you should see something like this;
Woo hoo! You now have an Asus router running AdvancedTomato firmware!!! Take a look around, I think you will be really happy with all the cool features and the performance and stability of your ASUS (RT-AC68U) Wireless-AC1900 Dual-Band Gigabit Router running AdvancedTomato.
I realize that some users may want to refer to some documentation. Myself, I had never bothered to look for any as the UI seems mostly explanatory to me. There are notes and various tips embedded in the AdvancedTomato interface. However, you might want to check out the TomatoUSB documentation and the TomatoUSB tutorials. There is also the Tomato Firmware Wikibook. Who knows, if there is enough interest, perhaps I can be convinced to write up some comprehensive documentation. 🙂
I hope you enjoyed this installation how-to.
March 22nd, 2016 update:
So, my router informed me that there is a new update for AdvancedTomato and I thought this would be a good opportunity to test out some comments that readers have been submitting. Thanks for the feedback!
A couple of people noted that they couldn’t access the CFE via the http://192.168.1.1 URL. I have verified that if you changed your router’s IP from the default you will need to go the new address to access the CFE. e.g. if you changed the router’s IP to 10.1.1.1 then go to http://10.1.1.1 to access the CFE.
I also found that the CFE startup is behaving differently now. I assume this is because when I initially wrote this howto I started with Asus firmware and now I have AdvancedTomato firmware. Although, I am not sure why this would cause a change, as I thought the CFE was hardcoded into ROM.
So, as per step 4 in this howto, I held down the reset button and powered on the router. After 20-30 seconds the power light went off. I then released the reset button and the router continued blinking the LAN and WAN leds and after a minute or so the power LED came back on. A few seconds later I was able to access the CFE from my custom router IP.
Well, what the heck, why not try and upgrade to the new AdvancedTomato firmware from the CFE? Since this version of AdvancedTomato is using a new version of Tomato by Shibby, it is highly recommended that you clear the NVRAM. So, since I was here, I used the Restore default NVRAM values from the CFE. The CFE reported that the command was successful but I still was at my custom IP address. Just to be safe, I rebooted the router via the CFE.
Sure enough, the router was reset back to the default IP of 192.168.1.1 and still running the AdvancedTomato firmware but everything was back to default, including the login credentials. So, I rebooted back into the CFE, which still behaved as I noted a couple of paragraphs above. I then browsed to my new version of AdvancedTomato, whose md5sum I had already verified, and uploaded the new firmware via the CFE.
It took a little while to upload, but then I was notified the upload was complete, the router rebooted, and everything looks great!
Now, I just need to go back to reconfiguring my somewhat complicated router settings. It can be a little annoying to have to reconfigure all your settings, but I look at it as a good opportunity to see if there was anything that I might have wanted set differently. You might find screenshots, or printing to PDF files to be helpful to remember some settings, such as your port forwarding.
I also took this opportunity to try saving and restoring my router settings before and after I cleared my NVRAM. That seem to work fine. So, once you have reconfigured your router with the new firmware, it is probably worth making a backup of your configuration. I just wanted to jot all this down while it was fresh in my mind, now back to reconfiguring my router!
Ted Parvu
My hacking career began at age 12, when my father brought home a Sinclair ZX-81 computer kit and a lifelong fascination with computing was born. I became a privacy and security advocate after learning of the US Government's criminal investigation against Phil Zimmermann. Years later I found myself in Silicon Valley being paid to hack Phil's PGP code. I soon tired of the rat race and moved to the Northwoods of Minnesota where I have over 2 million acres of protected wilderness to roam. Here I indulge in my passions for wilderness and technology and as an advocate for computer security and privacy.
How to update advancedtomato to a newer Version (shibby is the same Version)
Now: RT-AC68U-AT-ARM-3.0-132-AIO-64K (means advancedtomato 3.0, shibby 1.32)
Update to RT-AC68U-AT-ARM-3.1-132-AIO-64K (advancedtomato 3.1, shibby same 1.32)
I think directly over the router (Administration->upgrade)?
No Need for erase NVRAM?
Thank you,
Patrick
Hi Patrick,
I upgraded my router yesterday. I did not clear my NVRAM and I used the “Administration->Upgrade” choice from the Advanced Tomato GUI. According to the Advanced Tomato website if you stay with the same Shibby version you should not need to clear the NVRAM. So, you should be OK to keep your NVRAM after the upgrade from 3.0 to 3.1 as Shibby is still version 132.
cheers,
–Ted
Hi Ted,
Thank you for the fast answer. I will try it tomorrow.
Cheers,
Patrick
How do I do the step – Assign a static IP of 192.168.1.10 with a netmask of 255.255.255.0 to your computer.
Hi Adam,
That depends on your operating system. I would try doing a search for “assign static ip“. It is a pretty common task and there should be plenty of info out there for whatever your operating system happens to be.
regards,
–Ted
Hi Ted,
Thanks for the guide.
Encountered in only one problematic situation.
My routers IP was 192.168.2.1 (because I set it prev.)
And couldn’t reach CFE at first.
I testet the wifi speed for a bit, and I measured a significant speed decreasing with AdvancedTomato. I was able download/upload from/to my NAS around 37 MB/s with the ASUS firmware, bit now with tomato it is only 29 MB/s. I’m pretty sure, that I’m the noob for the correct wifi settings. ^^
Do you have some advice for me?
Regards,
Mate
I’m pretty sure that when you go into the CFE mode, the router’s address will be 192.168.1.1 not any custom IP that you might have set. Did you reach the CFE through the 192.168.1.1 address?
You might see some decrease in the WiFi speed from the stock Asus firmware. I can’t recall where I read it, but I believe that the Tomato by Shibby WiFi drivers lag behind those of Asus. If I get a chance I will try and do some research and post back here.
Let us know if you find anything out.
For me, losing a bit of throughput is well worth the stability increase. The Asus firmware crashed for me on a regular basis. Whilst the Tomato firmware rarely has an issue. As of this comment my router has been up for 32 days without an issue and it gets very heavy use.
cheers,
–Ted
Is it possible to upgrade from ‘regular’ Tomato by Shibby to Advanced Tomato using “Administration->Upgrade”?
In case it is, will the configuration file from TbS work for Advanced Tomato?
Hi Erik,
That is a good question. It seems like it could be possible, as I understand it, Advanced Tomato is a GUI that sits on top of Tomato by Shibby. However, the Shibby release often lags a bit with Advanced Tomato. I would guess if Advanced Tomato isn’t using the same release of Shibby that you are, I would do a NVRAM reset after upgrading and reconfigure your router. If it is the same version of Shibby, give it a go and let us know how it turns out.
cheers,
–Ted
Hi Ted,
Thanks for the answer.
I tried 192.168.1.1 for an hour, and gave it up. Next day, It came to my mind to try the gateway address, which was 192.168.2.1, because I set it before, and used the router that way. (All IPs: 192.168.2.1-255) And it worked CFE that way.
Another issue: Sometimes my laptop find the wifi (5.0GHz) slower than with ASUS fw.
I am looking forward for the WIFI speed tune-up. 🙂
Best Regards
FWIW, I had to do an NVRAM clear before I could locate the router at 192.168.1.1 to get to the CFE server.
Ted,
Thanks very much for this guide! It was very useful and well written.
Cheers,
Steve
I’ve been trying flash advanced tomato and tomato and have the same issue with both.
I tried using the CFE method as well as the restoration utility with the same issue both times.
They both finish transferring and say completed.
The utility goes on to do the restoration and says it’s completed and will reboot.
– Then it never fully comes back. The power light stays on and the ethernet I’m plugged into will continue to show activity, but I can’t get to 192.18.1.1.
I’ve done this at least 8 times, waiting up to 60minutes on some of the flashes to see if it will finally boot up correctly. It seems to just be in a boot loop – resetting itself every 15-20seconds.
When I ping 192.168.1.1 I can’t reach the destination.
I tried clearing the NVRAM after waiting using the wps button. It blinks rapidly like mentioned then reboots.. but no change.
I tried newer and older versions of both AdvancedTomato, as well as Tomato by Shibby – same results every time.
Using the CFE method gives the exact same results as with the Restoration utility
Flashing back to Asus Stock or Merlin works fine – it boots up after flashing in about 1 or 2 mins and I can access the GUI with no issues.
I just received my RT-AC68U from Amazon.com . It shows Revision C1 on the back.
Could it be it’s a newer, unsupported revision?
I would really love to get AdvancedTomato running on here- Any help is appreciated!
Hi Parker,
Chris commented that this isn’t working on newer hardware versions. If you see Chris’s comment it looks like version C1 is not working. What hardware version do you have?
UPDATE: I downloaded and flashed the latest DD-WRT without a problem.
Seems to only be Tomato having an issue with this AC68U..
Hi Ted,
How to upgrade to VPN version ? same method as AIO ?
Best Regards
Paul.
Hi Paul,
I have always used the AIO version. If you try with the VPN version can you let us know how it goes?
Just a heads up, there is a new revision of the RT-AC68U router shipping now (version C1) that, as of 2016-06-15, does not have supported AdvancedTomato / Shibby Tomato versions available.
If you do attempt to flash one of these versions via the CPE, it will never finish the reboot cycle; the “wireless” light at the end of step 3 never will come on. I tried uploading various firmware revisions from AdvancedTomato/Shibby builds with no success, and resetting NVRAM via CPE does not allow the firmware to boot. The router can be flashed back to the original firmware – I was able to successfully go back to Asus firmware 3.0.0.4.380_3264 .
Hi Chris,
Thanks for the heads up. That is a real bummer. I wonder if Asus did that on purpose? Happy to hear that you didn’t brick your router and were able to go back to the original firmware. Have you tried any other third party firmware? If you or anyone has any further information on this, I would love to hear about it.
Hello Ted!
Many thanks for the instructions on how to install!
Wilson.
Thank you very much for this guide. I think it will be very helpful, but …
As standard with updating software / Firmware. Wouldn’t you make a back up of your config (assuming there is a backup button) before doing anything?
There is a backup option for your configuration. It would probably be a good idea to do so, in case something went wrong and you wanted to go back to your previous version of firmware. Great advice, thanks!
Unfortunately, after you upgrade Shibby versions, you will need to reset your NVRAM and reprogram your settings manually. But that is standard good practice for firmware upgrades on any system.
How important is it to clear NVRAM after an upgrade? What function does it serve?
I have an update available but with so many devices on my network I’d really hate to manually add it all again.
Yeah, I hear you. It really is a pain to have to reprogram everything again. I have a USB printer that requires a custom script to upload firmware to it. A number of port forwarding rules, DHCP rules, QoS, SSH keys, it goes on and on. I take screenshots to help me remember what everything was set to. If you have the same Tomato by Shibby version, you shouldn’t need to clear your NVRAM. The Tomato by Shibby version is after the “-“. So, if you upgrade from
3.1-136to3.2-136then just the GUI is being upgraded and you should be fine. But going from3.2-136to3.2-137will upgrade to Tomato by Shibby v137 and you would be wise reset the NVRAM. The reason is that some firmware settings may have been added or removed or just changed formats. This could cause unexpected results. You could always try but be prepared for the possibility of some flakiness. This isn’t just with Tomato but with any firmware on any device for the same reasons.Hello, this seems to be interesting piece of software, but I’d like to ask you, if all services are available in advanced tomato when compare to default firmware. I mean, NFS / SAMBA and DLNA because I use AC68U as multimedia server to watch movies from USB 3 external disk. But I am not happy about performance of wifi so I’ve started look for new firmware to fix wifi issues.
Hi Lukas,
I also have a USB 3 external disk on my router that is exported as an NFS share. It works great for me. There is a DLNA server that even supports Tivo. I had some issues with earlier versions of the DLNA server but that was quite a few versions back. I mostly use NFS shares for playing media as it seems to work better for me. There is SAMBA support but I haven’t used it in a while. But it worked when I did use it.
This is the most feature rich firmware I have used and the most stable. I would say give it a try and see what you think. If you follow the guide you will always be able to go back to the stock firmware if you don’t like it, assuming you don’t brick your router, but I haven’t heard of anyone yet that has.
Let us know if you do and what you think.
cheers,
–Ted