After flashing a WGT634U router, which I wanted to convert to a 3g usb wifi router, a apparently used a wrong openwrt image, despite careful checking, the device was bricked. (I changed the header with 4 bytes, which I read …, which was not a good thing to do)
So a JTAG interface was needed to bring this device back to life. The first time in my life I would use this kind of interface.

Spending many hours on the internet what differences between JTAG interfaces are, how they are controlled, I found a very popular chip, the FT2232H from the company FTDI, which manifest itself into a myriad of circuits. This one is from Ebay: TIAO USB JTAG. Manual of this can be found here: http://www.tiaowiki.com

I am using an Apple mac since a long time, and considered to use it with that interface, but decided to do this on my Ubuntu based laptop (lubuntu 12.10). It would probably be easier. Drivers are already there, shell, network, what do I need more?
Once connected I checked via dmesg whether the device would be recognized:

marc@helium:~$ dmesg | grep usb
...
[13193.860094] usb 1-1: new high-speed USB device number 2 using ehci_hcd
[13193.997452] usb 1-1: New USB device found, idVendor=0403, idProduct=8a98
[13193.997461] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[13193.997468] usb 1-1: Product: TIAO USB Multi-Protocol Adapter
[13193.997475] usb 1-1: Manufacturer: TIAO
[13193.997481] usb 1-1: SerialNumber: TIVYLJQO
[13194.212925] usbcore: registered new interface driver usbserial
[13194.213269] usbcore: registered new interface driver usbserial_generic
[13194.213633] usbserial: USB Serial Driver core
[13194.242320] usbcore: registered new interface driver ftdi_sio
[13194.245494] usb 1-1: Ignoring serial port reserved for JTAG
[13194.247381] usb 1-1: Detected FT2232H
[13194.247390] usb 1-1: Number of endpoints 2
[13194.247396] usb 1-1: Endpoint 1 MaxPacketSize 512
[13194.247403] usb 1-1: Endpoint 2 MaxPacketSize 512
[13194.247409] usb 1-1: Setting MaxPacketSize 512
[13194.249496] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0

Following text is from this webpage.
Once upon a time, when the WGT634U wasn't yet EOL'd, OpenWrt had a bug that caused the flash partition containing the CFE to be erased. As the CFE is the boot loader, you then had a paperweight.
There were rumors one of the two headers on the PCB was a JTAG port, but nobody found out how to utilize it.

Some weeks ago I came across this forum post detailing how to populate the resistor pads to make JTAG work. That link also provides the image file which is to be flashed.

My WGT634U is now resurrected, so how to repeat this?

First, you need to populate the 2×7 header on the front side and the resistor pads on the backside. These resistor values worked for me:

R66 (pin 3) 10KΩ
R65 (pin 5) 33Ω
R67 (pin 7) 10KΩ
R68 (pin 9) 10KΩ
R73 (pin 11) 33Ω

Information about the pinout on the wgt634u can be found here. It is assumed that the pin layout is MIPS EJTAG 2.6 compatible:

A buffered cable such as the Wiggler requires an external Vcc voltage supply. The 14-pin header conveniently supplies this voltage on pin 14. The typical unbuffered cable, however, does not require an external voltage in order to function. Formally, the pin 14 is called VREF and used to indicate a JTAG signal levels: 5V, 3.3V or 2.5V. On the most devices this pin is tied to the device's Vcc and may be used to power a buffer IC chip (and to generate an appropriate levels as result). Note that the 12-pin JTAG header arrangement does not provide Vcc.

In the openmoko wiki they tell how to use openocd with the Debug Board to flash the openmoko Freerunner gsm phone; but there's no information regarding MIPS devices like the WGT. I finally managed to do it using urjtag revision 1855 (current HEAD) from their svn.

svn co -r 1855 http://urjtag.svn.sourceforge.net/svnroot/urjtag/trunk/urjtag
cd urjtag
sh autogen.sh --enable-cable=ft2232 --enable-lowlevel=ftdi
make
sudo make install

You need to enhance the data installed to /usr/local/share/urjtag/:

echo -e "0101001101100101\tbcm5365\tBCM5365" >> /usr/local/share/urjtag/broadcom/PARTS
mkdir /usr/local/share/urjtag/broadcom/bcm5365
echo -e "0001\tbcm5365\tVer 1" > /usr/local/share/urjtag/broadcom/bcm5365/STEPPINGS
cp /usr/local/share/urjtag/broadcom/bcm4712/bcm4712 /usr/local/share/urjtag/broadcom/bcm5365/bcm5365

Then, you can finally flash your WGT. Download the image wgt634uCFE.bin here.

cable ft2232 vid=0x1457 pid=0x5118
detect
initbus ejtag_dma 
detectflash 0x1fc00000
eraseflash 0x1fc00000 3
flashmem 0x1fc00000 wgt634uCFE.bin

• http://www.fccps.cz/download/adv/frr/spi/msi_spi.html Programming a flash chip in-circuit via the parallel port