How to get XWrt-Vortex firmware running on a Netgear R6900 (AC1700) by making it spoof itself as an R7000

So I found one of these Netgear Nighthawk routers at a thrift store for $20 Canadian.  Looks nice, new in box even.  But I never stick to stock firmware.  I prefer to go with Tomato, OpenWRT, or AsusWRT-Merlin.  I have been running the excellent AsusWRT-Merlin on my Asus RT-AC66U, and it turns out the Netgear AC1700 R7000 has a port of that firmware available via the Xwrt-Vortex project.   And as it turns out that R7000 and R6900 are 99% similar internally, the latter mostly seems to be missing some USB 2.0 ports.  But it comes with a single USB 3.0 port so it's enough for me.  The R6900 appears to have been a Costco exclusive model with limited support.  So if anyone has one of these, they may as well modify the firmware.  At your own risk of course.  :)

Now, there are tutorials for getting DD-WRT firmware on the R6900 and R7000 routers.  But nothing about running the XWrt-Vortex firmware for the R7000 on the R6900.  So I figured I'd give it a try based on the available information.  And the following procedure worked for me:

Step 1:  Reset Netgear firmware to default.

Step 2: Acquire TelnetEnable specific to the Netgear router (R6900/R7000).  I use Linux so I did

>git clone https://github.com/insanid/NetgearTelnetEnable.git

>cd NetgearTelnetEnable/

>gcc -o telnetenable md5.c blowfish.c telnetenable.c 

>chmod a+x telnetenable

>./telnetenable

The mac address can be found at the bottom of the router.  user name is admin password is password.  IP is probably 192.168.1.1, so something like ./telnetenable 192.168.1.1 F541052345 admin password would be run.

For Windows you'd find the windows version specific to Netgear routers and do essentially the same thing.

Step 3: Once telnet is enabled through that exploit, run telnet to the same ip you just used.  Then once you're in, you can run the following commands:

>burnboardid U12H270T00_NETGEAR

which makes your router identify itself as an R7000

>nvram erase && reboot

which erases your nvram and reboots the router

Now wait for your router to reboot before proceeding with Step 4.

Step 4: Download and install the R7000 XWrt-Vortex firmware from the following website...

Unzip it and then log in to your netgear router  (again, probably 192.168.1.1)

Go to Advanced settings and update firmware.  select the firmware you just downloaded in my case at the time of writing it was  R7000_380.67_0.chk, then click on update.  Wait for the router to update and reboot.

Step 5: Enter in to your router and voila, XWrt-Vortex.    I had saved my settings from my old Asus-WRT Merlin router and I was able to update all those settings to the newly installed "R7000" router. Simply uploaded my Settings_RT-AC66U.CFG file and the new router was more or less configured the same as my old Asus router.

And voila, finished.  Seems to be running quite well.

You could probably Follow Steps 1-3 and then install Tomato or DD-Wrt for the R7000 instead. Maybe even OpenWRT although at the time I write this there doesn't appear to be support for the wireless broadcom chipset in OpenWRT.   But in any case I haven't tried any of those options as I'm quite happy with AsusWRT/XVortex

Also note, there is a version 2 of this router, this process will only work on the version 1.  Or as its labelled on my box barcode "R6900-100NAS"