Posted: Sun Jun 26, 2022 22:32 Post subject: Saving a very bricked Archer C9 V1
Hello everyone,
First post here, but I believe I have done the required reading (and then made mistakes anyways...).
I have a TP-Link Archer C9 V1. A few months back, I flashed the newest build, of a number I have now forgotten. I made a mistake in setting it up which required a UART flash to fix. I got the router operational again using a CH341B in TTL mode. I left a DIY connector on the outside of the device to recover it if necessary.
It worked well until yesterday.
Recently, I had an 18 hour internet outage. That combined with three power cyclings or possibly something else of the router resulted in it becoming bricked again. I again used the UART method to successfully flash back to stock. This worked, so I tried to install the newest build (r49361). However, this resulted in a brick unlike what I have seen before. The WPS light is blue, the internet light is orange, and the Ethernet light is a faint blue. The power LED is on but barely visible. The device does not respond to TFTP or UART connections - UART recieves no data and my TFTP server does not get a request for a file. The only sign of life is that when I connect it to my PC through the LAN port it does result in an "unidentified network" status. However, attempting to set my IP to anything mentioned in the Peacock thread or other ideas results in mostly "Request timed out" or "Destination host unreachable." when the device is first turned on. I'm not 100% sure I am pinging the right IP.
What are my next steps? I'm considering trying to access the flash directly. The device was only $28 so it's not a huge loss but I'd like to save it if possible.
Hopefully, you didn't connect the Vcc lead from your CH341B to the serial header Vcc of your C9; this can not only fry the UART interface on the SoC board, it can fry the whole thing. Did you try removing the ground lead and power cycling the router then reconnecting after several minutes?
Usually, TFTP recovery is press the reset button for 5 seconds on power-up and the power light should be flashing blue. I'm sure you are familiar with the following information links:
It may be dead beyond recovery, but with any luck your worst case would be to contact TP-Link about RMA or replacement. The only problem is if they send you a v5, it is not supported. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Hopefully, you didn't connect the Vcc lead from your CH341B to the serial header Vcc of your C9; this can not only fry the UART interface on the SoC board, it can fry the whole thing. Did you try removing the ground lead and power cycling the router then reconnecting after several minutes?
I did not do that. I have tried that, I have a built in switch for the ground lead.
dale_gribble39 wrote:
Usually, TFTP recovery is press the reset button for 5 seconds on power-up and the power light should be flashing blue. I'm sure you are familiar with the following information links:
No flash, only the solid lights.
dale_gribble39 wrote:
It may be dead beyond recovery, but with any luck your worst case would be to contact TP-Link about RMA or replacement. The only problem is if they send you a v5, it is not supported.
I'll give them a call, but there's no way this thing has a warranty.
At this point I have the SOIC16 flash chip desoldered and I get the same symptoms, so I suspect a bad firmware flash that wiped or damaged the chip. I will attempt to reflash the CFE (no backup... bad idea) and see what happens.
I sort of expected that. Hopefully it's just that and no further damage caused it. Easiest bet is if you can get a fullflash dump from a good device to transfer. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
I sort of expected that. Hopefully it's just that and no further damage caused it. Easiest bet is if you can get a fullflash dump from a good device to transfer.
After desoldering the SOIC16 chip and flashing that image using a CH341B and resoldering the chip, I was back on a 2014 stock firmware. I then upgraded and flashed dd-wrt using this method: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1226430 and am now running build 49361. It seems like upgrading directly from some old firmwares can cause issues.
Side note: I did knock off and lose a resistor next to the SOIC16 chip labelled R14. If anyone wants to measure its value that'd be great. Seems to work fine without it though.
hi. i have a similar problem with my Buffalo WZR -1750DHP.
i desoldered the chip to flash the CFE, but im not sure i did it properly. do you have to select a particular starting address to flash CFE? i started at address 0x0 (very start of flash), sadly all i get is garbage on the serial.
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1266007#1266007