Working Solution to Archer C9 V1 - software only, no serial

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
FCHNimda
DD-WRT Novice


Joined: 14 Jan 2021
Posts: 1

PostPosted: Fri Jan 15, 2021 6:39    Post subject: Working Solution to Archer C9 V1 - software only, no serial Reply with quote
I think I have a working software only solution for the Archer C9 V1 issue that people are reporting.

Let me start by saying I have 30 of these units, mostly upgraded to the latest 210107 tplink official firmware and several new in box never opened with the oldest factory firmware that was shipped in US.

As everyone has figured out, upgrading to latest firmware (well anything since Archer C9(US)_V1_180125) causes this device to kick error 5533 - and upon review of the ddwrt install instructions for this unit one of the very first things mentioned is "upgrade to the latest version". Avoid doing this if you can. Not only will it make it hard to move on to any alt firmware for this model but the latest official TPlink firmware no longer even states the error code or an error description (as older firmwares did). Note to any one reading this having an issue trying to webflash the factory to ddwrt image or tftp over any version of firmware where the router seems to accept the transfer but not flash - You are most likely experiencing error 5533 (if you were to connect to the device via JTAG and open a shell you will get a better understanding that what is going on here / 3 different firmwares display error 5533 in 3 different ways – This error is both simple and complex depending on what firmware you are having difficulty with. Firstly older tplink firmware used to say something like “error 5533 – there is a problem with your file or file name” - later builds referenced an issue with file composition that could perhaps make a user think that the bin file was incomplete or had bad file structure. Even later editions such as the official tplink software just state “error 5533” and the latest firmware I think just says there has been an error. Guess what, it’s all the same 5533 error if you are trying to flash over ddwrt the first time to the archer c9 v1 that has had recent official firmware on it (any of them in the last years from 2018 on) – The TP link firmware page states “After upgrading to this firmware (180125), the device cannot be downgraded back to the old version” - Obviously we know that is not the case since this fix seems to work so no worries.

I have seen several attempts online get a 180125 + flashed tplink archer c9 v1 onto ddwrt but everyone seems to have problems in the end getting ddwrt onto it if it has ever touched 180125+

1) I watched a great youtube guy who flashes via jtag but he was going back to stock - some one reported to get ddwrt running again but following the exact steps did not yield the same results for me (Many of my routers came to me with 210107) this could be the difference.

2) UN Binary builds people have been flashing to allow for downgrade (some info tp link forums but not very useful) again no ability to get to ddwrt after downgrade - 5533 error

3) Test Binary (split or multi part test bin) Likely pre factory test images that leaked, I found several non english forums that used these images get a software only downgrade but again no ddwrt after - same complaints

4) Treat it like a brick and give it the old TFTP try - tftp not working like it used to! This method is good if only you are indeed recovering a brick, the router knows exactly what file name it is looking for and will only respond under certain conditions. Trying to trick it will result in the router downloading the image but not flashing it.

These fixes sure to let you downgrade to any older TP link firmware but something remains, something sneaky, TPLink has pulled a fast one on us here.

I went the long way around to figure all this out (stupid me) and put a bunch of stuff together I sourced from the internet but ultimiatly I just tested everything, refined what I was doing and then got success on 30+ TPlink Archer C9 V1 units that were all flashed to the latest official tplink (as of now Archer C9(US)_V1_210107) moved over to DDWRT

Firstly posts on this forum and others suggesting that you need to write directly to flash via serial using putty do seem to work and you can surely take it that far if you want BUT NO NEED. ALSO and however, after doing all this I was still faced with the 5533 issue even after trying all methods (even the ones involving hardware). It was like something was left behind on any of the units that had ever been flashed with 180125 (official) or above, no matter what I did, web flashed or serial the result was always the same. If a unit had 180125 or above on it, I could never flash the factory to ddwrt bin. I did verify all of this several times around on sealed NIB units both flashing factory to ddwrt without problems on older firmware (that had never been upgraded) and also taking new units, intentionally upgrading them and flashing the same factory to ddwrt bin to see what the difference would be (in this case without success because once 180125 touches the router some permanent changes are made and bang 5533).

The firmware from 2016 that came on NIB routers and never updated flashed factory to ddwrt bin (older and newer builds) without issue right out of the box! So I think it is safe to say that 180125 adds some further protections against certain upgrades (even if you downgrade they remain) - However this is not a real problem it seems now. Also to double check the theory I took 2 routers that were NIB with early factory roms and upgraded them to the latest official firmware, then I loaded a downgrade image and guess what? The router balked at subsequent attempts to load the same factory to ddwrt image that was flashing fine on NIB units that came with early firmware and were never upgraded. So I tested it both ways, 180125 does add some permanent evil even after a successful downgrade, both forcibly via serial and with UN/Test downgrade roms (you can read about further below), either way 5533 error was NOT present on units that were never flashed to 180125 but became present on units that were upgraded to 180125 and also present on units downgraded from 180125 + and remind present regardless of the pathway used to downgrade. If 180125+ touched your c9 v1 you will get an error trying to flash the factory to ddwrt bin (even if you downgrade successfully - read on for fix.

As it turns out, breaking out the soldering iron and FTDI interface is one way to go to get downgrade, which you must as it is the first step you have to go through if you want ddwrt on your c9 v1 and have had 180125+ official firmware on it. Thats right no matter how you downgrade from 180125+, even if you get access to the unit via serial and issue commands to pull over your firmware file(s) via tftpd, or use any of the other known tricks to downgrade you will get an error going to ddwrt. I also read posts suggesting tftp no longer works the way we think it should in the latest stock firmwares, this is indeed correct, it does not work the same way it used to in earlier official builds by tplink. If you get in through a serial connection you can interrupt boot and request a tftp transfer of any firmware (that's how it seems to work now unless you're bricked but that's a different scenario - read on) but I couldn't get the unit to cooperate with tftp if it had 180125 + firmware installed unless I was connected via serial or intentionally bricked the device, furthermore and unless I am re-flashing a firmware 180125+ back over itself with tftp (either because the router is bricked or because I was in via serial) the result appears like the file transfers but router never programs. It doesn't matter if DDWRT bin or an official version lower than 180125 is used, the router takes the file and never flashes! This is the same result as I have read on many forums including some posts here as well with people stuck at or above 180125. So anyone trying to tftp a non stock or older official bin still wont work if you had upgraded to 180125+. - TFTP method is a no go unless you are initiating tftp transfer from serial and have some special bin files - Bricking and tftping factory test split bin files does not work either!

You have got 2 ways to go about getting ddwrt onto this device now if you have ever upgraded to 180125 stock firmware or above. I will describe.

The first 3 of my 30 units I opened and connected to via JTAG/Serial, the result was I could load old firmware again, older than 180125 – BUT ONLY Using a special divided firmware package, command in serial shell (via putty) allowed me tftp transfer and flash back to a very early firmware and this method indeed gave me a result allowing me to load up older firmware after I used the factory test bin files, this was my initial goal thinking that if I had older firmware the router would let me flash factory to ddwrt – Unfortunately that was still a problem, I used the factory test split bin files, no luck with ddwrt, I upgrade another version and tried other factory to ddwrt bins, no luck!. However the trick that got me to my goal was really simple and later on after getting in via the jtag port on the first 3 routers (which you kinda have to add) I started to have a suspicion that TPLink was really just playing a nasty trick on us (hosers). So I had reloaded this ancient leaked 2 part stock firmware package that caused me no grief after it was installed other than I still could not load factory to ddwrt bin. However I could upgraded and downgrade again but did not go beyond the firmware from 161008 official – so with no luck loading ddwrt I just simply changed the name of the factory to ddwrt firmware bin file itself to the name of on of the test firmwares that the unit won't reject. At this point I was playing the UN version of the firmware and realized I could do all this without having to connect via ftdi serial and tftp. It appears that somehow units that have been upgraded to 180125+ specifically know what file names they are not allowed to upgrading from, like the file name of the factory to ddwrt is black listed or some how a whitelist has been implemented only allowing certain file names after an upgrade to 180125+. Remember old stock non upgraded units take factory to ddwrt bin, once upgraded and downgraded these same units won't take factory to ddwrt bin any more.

Well all this trouble for a dirty trick! Worse yet it is one we have all seen before, the oldest one in the book especially if you have spent much time playing with non stock firmware and piles of junk routers. Ultimately I realized that I could flash the UN image (another firmware that routers running 180125 will flash lawfully and above board) and then re-flash via webgui the factory to ddwrt bin file BUT ONLY so as long as the binary had been renamed to the same name as the UN binary. From there I could upgrade to any of the more recent DDWRT builds for c9 v1. I also verified that it is not possible to skip loading the UN bin, just renaming the factory to ddwrt bin is not enough.

SO - thanks for reading my blathering:

Here is the refined and complete software only fix for the above that I tested on 30 + Tplink Archer c9 v1 units (most of which had been updated to 210107 official)

So to recap – this applies to you if you have a c9 v1 that has had 180125 + on it and want some wild ddwrt action instead (which I recommend)… here are the steps…

1) download c9v1_un-up-ver4-1-0-P12002[20180223-rel35954].bin (this is tp links firmware) and also download r29409 factory-to-ddwrt.bin (or probably any factory to ddwrt image for the c9 va), also download the version of DDWRT that you really want on your unit. (this is 3 files total).

2) Webflash c9v1_un-up-ver4-1-0-P12002[20180223-rel35954].bin wait for reboot

3) Rename the r29409 factory-to-ddwrt.bin to c9v1_un-up-ver4-1-0-P12002[20180223-rel35954].bin (name the same as the first file you flashed). Put the renamed file in another dir labeled “fake” or something so not to get confused, as you will have one real UN image and one impostor UN image that is really ddwrt in lambs clothing.

4) Flash your impostor c9v1_un-up-ver4-1-0-P12002[20180223-rel35954].bin on top of the real c9v1_un-up-ver4-1-0-P12002[20180223-rel35954].bin that you flashed in step 2. Wait for reboot.

5) Flash the actual version of DDWRT you want on the unit.

There you have it. A software only fix for the 5533 the error. Like I said I tested this on 30 + units, I know it works and I got to the ddwrt party 2 different ways successfully bricking 0 routers along the way!

I know other people are looking for answers as well on this, I searched the forum but did not find it, so here it is, if this helped you please post a link to it so others can have a working DDWRT router based on the C9 V1 - It is a decent router. Also I think I attached a zip file with pertinent files not sure. PM me if you think I can help I guess. Listen up, I take no responsibility, my goal was just to get desert working. You guys likely know much better than I do which final build you want on this device (can some on tell me actually) Right now I have running Firmware: DD-WRT v3.0-r44715 std (11/03/20) but I’m not sure this is best, perhaps someone can point out which version I should be running on these routers? I want to do all the things, VPN, Samba share, Firewalled Vlans and bridging vlans to individual switch ports in back, etc. with a standard build I was just playing around so that's what's in my upload but I think you can just put whatever version of ddwrt (as long as it’s a webflash for this router for step 5 ). I'm honestly not sure if my upgrade pathway leads to a reliable router perhaps some one can tell me or help to refine further what should happen after step 3 (like should I start with a newer factory to ddwrt bin, etc)



The Stuff.zip
 Description:

Download
 Filename:  The Stuff.zip
 Filesize:  40.04 MB
 Downloaded:  218 Time(s)

Sponsor
^thumbs^
DD-WRT Novice


Joined: 01 Jan 2021
Posts: 14

PostPosted: Mon Jan 18, 2021 22:49    Post subject: Reply with quote
Interesting. I wonder where this UN firmware came from. It has been used to successfully convert over to DD-WRT.

Last edited by ^thumbs^ on Tue Jan 19, 2021 8:03; edited 1 time in total
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 2778

PostPosted: Mon Jan 18, 2021 22:55    Post subject: Reply with quote
If you want to use images wider than 800 pixels, please link images from an external image hosting service.

Otherwise, they will not scale properly and ruin this thread until you reupload cropped and/or resized images.

Anyway, relevant information provided in those screenshots could have easily been represented in plaintext.

Guessing UN is unified or universal, similar to WW for worldwide or EU for Europe.
^thumbs^
DD-WRT Novice


Joined: 01 Jan 2021
Posts: 14

PostPosted: Tue Jan 19, 2021 8:09    Post subject: Reply with quote
blkt wrote:
If you want to use images wider than 800 pixels, please link images from an external image hosting service.

Otherwise, they will not scale properly and ruin this thread until you reupload cropped and/or resized images.

Anyway, relevant information provided in those screenshots could have easily been represented in plaintext.

Guessing UN is unified or universal, similar to WW for worldwide or EU for Europe.


I've removed the screenshots.
But what I mean by questioning the source, this fw does not exist on TP-Link's website containing the rest of the UN FWs for the Archer c9 v1. The wallpaper on the fw says "Confidential, only for test". Anyway, not important. My problem is solved.
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 2778

PostPosted: Tue Jan 19, 2021 12:54    Post subject: Reply with quote
https://community.tp-link.com/en/home/forum/topic/151501

https://www.clubedohardware.com.br/topic/1345263-resolvendo-problema-do-erro-5533-no-archer-c9-v1-ao-fazer-upgrade-de-firmware/

I approve of this guy's sombrero.
^thumbs^
DD-WRT Novice


Joined: 01 Jan 2021
Posts: 14

PostPosted: Tue Jan 19, 2021 21:54    Post subject: Reply with quote
Obrigado!
ppmm
DD-WRT Novice


Joined: 20 Jan 2021
Posts: 1

PostPosted: Wed Jan 20, 2021 5:12    Post subject: Reply with quote
I updated to the latest 210107 from the previous 2018 stock firmware and it turned my archer c9 v1 to brick.

I have to use the tftp to flash it back to the 2018 firmware.

So, do not upgrade to the latest 2020 firmware.
jcgghb
DD-WRT Novice


Joined: 17 Oct 2019
Posts: 5

PostPosted: Sun Jan 31, 2021 1:53    Post subject: Reply with quote
My archer-c9 v1 is not bricked. But I loaded the "fake" firmware upgrade on the C9. On reboot I received a blank opening screen from the C9. So I am not able to enter a user/password selection and up date to the latest dd-wrt software. But the C9 is still connected to the internet.

Any suggestions? Thank you.
kevintung5525
DD-WRT Novice


Joined: 17 Sep 2016
Posts: 7

PostPosted: Sun Jan 31, 2021 16:45    Post subject: Reply with quote
Thanks to FCHNimda, the solution works great.

My Archer C9 v1 firmware was stock 20080215.
I just download "The Stuff.zip", flash the 3 files one by one to the router, then ddwrt runs on my router Smile

ps:

While I already select 'reset to default' in firmware upgrade,
it seems the router becomes a little bit strange after I tweaks some of it settings, it would send tcp reset unexpectedly when I do tcp connect to it (either http or telnet).

My solution is power down/up the router,
telnet to the router and issue 'erase nvram && reboot' quickly,
then everything goes well
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 2778

PostPosted: Sun Jan 31, 2021 17:16    Post subject: Reply with quote
Always keep the dropdown option selected "Don't reset" during Web GUI firmware upgrade.

DD-WRT Wiki: Erasing NVRAM


Last edited by blkt on Sun Jan 31, 2021 17:17; edited 1 time in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 7427
Location: Netherlands

PostPosted: Sun Jan 31, 2021 17:16    Post subject: Reply with quote
It is indeed better NOT to use reset to defaults when upgrading firmware.
Do that afterwards after the router reboots (like you have done)

On builds, starting around about mid 2018, the command is slightly different:
Quote:
nvram erase && reboot


The old command "erase nvram" still works but on some routers you risk bricking as it literally erases the whole nvram partition and sometimes (although rarely) this contains information which should not be erased.

The safer command nvram erase gets all the nvram variables and unsets them (at least that is what I am told)

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
WireGuard Documents & Guides:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397
OpenVPN Documents & Guides: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
IPSET: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
kevintung5525
DD-WRT Novice


Joined: 17 Sep 2016
Posts: 7

PostPosted: Mon Feb 01, 2021 7:32    Post subject: Reply with quote
egc wrote:
It is indeed better NOT to use reset to defaults when upgrading firmware.
Do that afterwards after the router reboots (like you have done)

On builds, starting around about mid 2018, the command is slightly different:
Quote:
nvram erase && reboot


The old command "erase nvram" still works but on some routers you risk bricking as it literally erases the whole nvram partition and sometimes (although rarely) this contains information which should not be erased.

The safer command nvram erase gets all the nvram variables and unsets them (at least that is what I am told)


Thanks for the correction.

More info about the tcp reset:
Since I want to use the ddwrt nas as storage for the xiaomi camera, and it seems the xiaomi camera needs the netbios directory browsing support, so I downgrade my archer c9 v1 backto r41813 (12/29/19).
After 'nvram erase && reboot', I login into web ui, set username/passwd, then change lan ip from 192.168.1.1 to 192.168.0.1 and reboot the system.
Unfortunately the tcp reset issue happens again. I can not access the router either by telnet or web access unless I power down/up the router.
Finally, it seems to me the issue is related to the SPI firewall(it is default enabled on archer c9v1). If I disable the SPI firewall immediately after doing 'nvram erase && reboot', the TCP reset wont happen.
TecKnight
DD-WRT Novice


Joined: 27 Feb 2021
Posts: 1

PostPosted: Sat Feb 27, 2021 5:22    Post subject: Archer C9 V1 issues Reply with quote
Never mind. I figured it out.
My stupidity. I was trying to flash Archer C9 images to my Archer C1900.
Thanks for listening, anyway.


Hello everyone. I'm new to the forums here, but pretty experienced with routers and custom firmware.
I just picked up a:
TP-Link Archer C1900(US) ver 1.0
When I bought up the web interface it shows:
Firmware Version:
3.17.0 Build 20151009 Rel.61423n
Hardware Version:
ArcherC1900 v1
I thought I was in luck, as this shows a really old firmware version, so I should be able to flash factory-to-ddwrt.bin directly.
However, when I tried flashing factory-to-ddwrt.bin, I get:
Error code: -5533
Error occurred, please try again.
So I thought somehow the newer firmware that causes issues with non-tp-link images may have been flashed.
So I followed FCHNimda's instructions, and I am getting the same -5533 error with any image I try to flash, starting with:
c9v1_un-up-ver4-1-0-P12002[20180223-rel35954].bin.
I even tried flashing
TP-Links: archer_c9v1_us-up-ver3-17-0-P1[20161008-rel64225].bin, which should be a valid image for my router, dated after the installed firmware.
Anyone have some suggestions as to what I should try ?
xoltrix2000
DD-WRT Novice


Joined: 12 Apr 2016
Posts: 11

PostPosted: Mon Mar 22, 2021 0:16    Post subject: Re: Archer C9 V1 issues Reply with quote
TecKnight wrote:
Never mind. I figured it out.
My stupidity. I was trying to flash Archer C9 images to my Archer C1900.
Thanks for listening, anyway.


Hello everyone. I'm new to the forums here, but pretty experienced with routers and custom firmware.
I just picked up a:
TP-Link Archer C1900(US) ver 1.0
When I bought up the web interface it shows:
Firmware Version:
3.17.0 Build 20151009 Rel.61423n
Hardware Version:
ArcherC1900 v1
I thought I was in luck, as this shows a really old firmware version, so I should be able to flash factory-to-ddwrt.bin directly.
However, when I tried flashing factory-to-ddwrt.bin, I get:
Error code: -5533
Error occurred, please try again.
So I thought somehow the newer firmware that causes issues with non-tp-link images may have been flashed.
So I followed FCHNimda's instructions, and I am getting the same -5533 error with any image I try to flash, starting with:
c9v1_un-up-ver4-1-0-P12002[20180223-rel35954].bin.
I even tried flashing
TP-Links: archer_c9v1_us-up-ver3-17-0-P1[20161008-rel64225].bin, which should be a valid image for my router, dated after the installed firmware.
Anyone have some suggestions as to what I should try ?


I lot of people keep saying the C1900 is the same as the C9, but it's not. I'm getting the same results as you unfortunately. I have the C1900(CA) 1.0 and I think we're out of luck.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum