Just a quick heads up.
In previous posts I explained I was playing a dirty game with the fw and bricked the router. I have then purchased a IC programmer and investigated the issue further. Finally I managed to get the router working again.
My goal was to recreate the locked to ddwrt state so I can dig into things and I did just that then I’ve figured out where the problem lives with the firmware recovery and it is easily fixed through a serial connection and tftp.
There is no need to solder anything very easy to do.
The serial ttl uart USB adapter cost around £5-£6 or $7-$8.
My router now back at stock fw but I have not tested performance yet (transfer speed etc) but since It is the stock fw downloaded from tplink it should be working fine.
I don’t bother you with the entire story how and what and why, I could write a book about what I did over the past few days to get it working, instead I get straight to the point.
The CFE bootloader needs to be re-flashed.
The ddwrt firmware uses a different cfe than the stock. When the reset button is held down and the router powered on the bootloader itself will execute the firmware recovery and after downloading the bin file from tftp it rejects it saying it is not for this router.
I have then downloaded the stock fw from tplink website and stripped the CFE from that and saved it in the tftp server folder.
Then powered on the router with active serial connection and cancelled the boot by holding ctrl+c on the keyboard.
Flashed the stripped cfe:
Code:
flash -noheader 192.168.0.66:c8cfe.bin flash0
Then restarted the router and let it boot.
Ddwrt nicely loaded with the stock cfe no issues whatsoever.
After that I have repeated the firmware recovery procedure but this time it accepted the new firmware and successfully flashed it.
I could upload the stripped cfe.bin here but I’m afraid my ability to strip firmware is not very good and I’m sure I have not done an elegant work so instead I would ask someone else with more knowledge to do this.
This method works 100% I’ve repeated it multiple times with success every time.
Joined: 08 May 2018 Posts: 14223 Location: Texas, USA
Posted: Sun Jun 21, 2020 23:43 Post subject:
If the process worked for you, I don't see the issue with sharing the stripped cfe.bin file. Now, I am curious why a normal serial recovery wouldn't have worked to revert to stock save and except using a stripped stock firmware image with no bootloader. Anyhow, glad you got it sorted out. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Here is the CFE file I stripped from firmware.
And here is a video explaining how I did it.
Although I don't think this is the way to do it properly.
https://www.youtube.com/watch?v=AJN5ckZdgy8
But do this at your own risk. Is CFE is screwed your router will be bricked and the only way to recover is to program the flash memory on the board with external programmer.
However my router works after flashing this file and repeating the tftp recovery method.
EDIT: file removed please find another one in following posts.
Last edited by ptuMb on Sun Jul 12, 2020 11:25; edited 1 time in total
Watched your video, thanks for putting that together and explaining! Does this flashing procedure HAVE to occur over the preboot environment that you ctrl-c into during boot over serial?
Or is it possible that once dd-wrt is running it can be ran from a telnet or ssh session to the router and point similarly to a tftp source (or copy into memory from ftp/http/etc) and write to flash from dd-wrt operating system command line?
is it possible... ... write to flash from dd-wrt operating system command line?
Ok so if you haven't done anything than wait. I have successfully flashed cfe through DD-WRT webgui and TFTP.
This is just a quick shoutout but I don't have time now to exlapin so I'll detail it step by step at some point this week.
I have used dd to read existing cfe then tftp to push it to server and in a similar fashion tftp to pull new cfe from server and dd to write it to flash.
I also had another go with stripping the cfe from the firmware and now I understand better so I can confidently do save the bootloader nicely.
I'll try to do a video guide but I don't promise that it will be done this week.
Hey, I was running the version 15051 from tplink & for some reason wlan 2.4 ghz was controlling 5ghz wlan and 2.4ghz wlan was absent totally, I tried first reflahsing originally firmware but to no avail then,I tried to flash the firmware as suggested in the c8 device page, but first it sent the router into bootloop, I tried tftp recovery it would take the file but still fail and eventually now its bricked for good.
So basically I need the flash dump for C8 v1 to bring it back to life. Dump could be of ddwrt or original firmware.
EDIT: flash dump found and attached. It is for C8 v2, but I have loaded it to c8 v1 without any issue.
UPDATE: C8v1 flash dump attached.
I have played around with the C8 a lot to figure out a way of reverting it to stock without the need of taking the router apart and here is what I found working.
PLEASE NOTE! Flashing the bootloader can BRICK your router and the only 2 ways of recovering (JTAG or flashing chip with external programmer) they both involve taking it apart and a lot of headache. It is also not recommended to flash the CFE bootloader through SSH/telnet/webGUI and this is the very thing we are going to do here! Although this worked for me it may not going to work for you so DO IT AT YOUR OWN RISK!
1. Install and run a tftp server on your PC.
2. Download 2 files and put them in the tftp directory:
- the c8v1_cfe.bin file from this post
- the firmware from TP-LINK website and rename it to ArcherC8v1_tp_recovery.bin
3. You need to run some terminal commands and you have 3 ways of doing that:
- SSH connection
- Telnet connection
- through ddwrt webGUI ( Administration-> Commands )
The first command saves the current CFE from your router and the following 3 will flash the new one.
Be sure include the ; at the end of each line as the webGUI has a bug. Without the ; it will mess up the commands.
(192.168.?.??? is the tftp server IP address)
For me earlier tftp recovery wasn't working, but for past few days since last wholeflash dump writing, I have been able to install tplink & ddwrt at will using just tftp, nothing else.