Joined: 16 Nov 2015 Posts: 6414 Location: UK, London, just across the river..
Posted: Fri Oct 13, 2017 13:19 Post subject: PROBLEMS WITH UPGRADE/DOWNGRADE from build 33375 (SOLVED)
Hi, as you may noticed there are some problems with firmware build 33375 and many units cannot upgrade or downgrade...been locked to 33375
so far BS has reviled a quick guide unfortunately a bit incomplete for not advanced users (like me) ....
(my unit is Tplink-WR1043NDv2 with 8MB flash size chip and those
outputs are related to it, for your unit its advised to perform those commands and gain output because different units may have different bootloader size)
so far instructions are...
1. enable ssh on your device
2. copy factory-to-ddwrt.bin to /tmp
3 dd if=/dev/mtdblock6 of=/tmp/boot.bin bs=1 count=131072
4. cd /tmp cat factory-to-ddwrt.bin >> boot.bin
5 mtd -f write boot.bin fullflash
6. reboot
and you have to check the output for fullflash location:
Joined: 16 Nov 2015 Posts: 6414 Location: UK, London, just across the river..
Posted: Fri Oct 13, 2017 15:52 Post subject:
tried this, successfully moved factory-to-ddwrt.bin using pscp.exe via win command line...
than logged via putty at root@192.168.1.1
executed all commands and this is the outcome:
root@DD-WRT:~# dd if=/dev/mtdblock6 of=/tmp/boot.bin bs=1 count=131072
131072+0 records in
131072+0 records out
root@DD-WRT:~# cd /tmp cat factory-to-ddwrt.bin >> boot.bin
root@DD-WRT:/tmp# mtd -f write boot.bin fullflash
Unlocking fullflash ...
Could not unlock MTD device: fullflash
fullflash: Not supported
Writing from boot.bin to fullflash ... [w]
root@DD-WRT:/tmp#
not successful !! still on 33375 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I saw this too, with error msgs, but there were symbols w/e exchanged. After waiting for few minutes may be about 3-5 for my Archer C7, I got an end of the procedure. After command "reboot" I got the new version.
Joined: 16 Nov 2015 Posts: 6414 Location: UK, London, just across the river..
Posted: Fri Oct 13, 2017 17:16 Post subject:
B@R wrote:
I saw this too, with error msgs, but there were symbols w/e exchanged. After waiting for few minutes may be about 3-5 for my Archer C7, I got an end of the procedure. After command "reboot" I got the new version.
yep it did work at the end...but first 2-3 times i attempted it it was not flickering W/E it was just on W and i waited for long as i assumed W=wait but no success, luckily at 4 attempt it was flickering W/E and i waited until it stopped and reboot solved it now im on 33492 Thanks to all the help provided from BS, Vid0 , B@R ...
shortly how to for TL-Link WR1043NDv2 and all routers with 131072 bootloader size
1. Enable SSHd on your device
2.from Win CLI both files pscp.exe and factory in the same directory than issue this command:
... i waited for long as i assumed W=wait but no success, luckily at 4 attempt it was flickering W/E and i waited until it stopped and reboot solved it now im on 33492...
5) open mtdX.bin on your PC with ghex editor/viewer,
search some characteristic string
in my case it was "TP-LINK"
when I found that string
I moved cursor to the first number "01" before "TP-LINK"
(because firmware starts with "01")
and viewer showed the offset equals 20000 in HEX
after converting to DEC I got 131072
so my tplink_tl-wr841ndv8's bootloader size = 131072
Now that it's clear that many devices have 128KiB bootloader, it's easy to quickly verify if this is the case for a given device:
Code:
dd if=/dev/mtdblock6 | hexdump -C | less
Using the above code, scroll down the output to offset value "00020000" (indicated on left side). For a TP-Link device check that the ASCII contents (at right side) match starting with "....TP-LINK" (edit: OR "dd-wrt" as per BrainSlayer's post below)
Last edited by fizikz on Sun Oct 15, 2017 23:17; edited 1 time in total
Joined: 06 Jun 2006 Posts: 7463 Location: Dresden, Germany
Posted: Sun Oct 15, 2017 9:27 Post subject:
in older firmwares the string isnt tp-link but dd-wrt. i changed that string to tp-link in that firmware and this all caused the bug since my mtd partition code was looking for the wrong string to detect the bootloader size _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
tried this method.. now I bricked my device. it just blink power led then all led light forever.. any idea how to recover this one? tried tftp method. but it won't detect the device. (press reset button. power on (still holding the reset button for 3 seconds) but still loops in error. wr841n v8
Joined: 16 Nov 2015 Posts: 6414 Location: UK, London, just across the river..
Posted: Tue Oct 17, 2017 16:15 Post subject:
centdroid wrote:
tried this method.. now I bricked my device. it just blink power led then all led light forever.. any idea how to recover this one? tried tftp method. but it won't detect the device. (press reset button. power on (still holding the reset button for 3 seconds) but still loops in error. wr841n v8
Have you followed all the steps correctly? (if so you 'd not be writing here)
Did you identify your bootloader size before you start ??
If your bootloader size was 128K like most, did you type 131072 witch is the correct size of 128k ???
Did you tried TFTP recovery using a simple switch between router and PC ????
Now if its possible at all try serial recovery !!!
https://www.dd-wrt.com/wiki/index.php/Serial_Recovery http://www.dd-wrt.com/wiki/index.php/Recover_from_a_Bad_Flash
good luck... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
tried this method.. now I bricked my device. it just blink power led then all led light forever.. any idea how to recover this one? tried tftp method. but it won't detect the device. (press reset button. power on (still holding the reset button for 3 seconds) but still loops in error. wr841n v8
Have you followed all the steps correctly? (if so you 'd not be writing here)
Did you identify your bootloader size before you start ??
If your bootloader size was 128K like most, did you type 131072 witch is the correct size of 128k ???
Did you tried TFTP recovery using a simple switch between router and PC ????
Now if its possible at all try serial recovery !!!
https://www.dd-wrt.com/wiki/index.php/Serial_Recovery http://www.dd-wrt.com/wiki/index.php/Recover_from_a_Bad_Flash
good luck...
1. root@DD-WRT:~# dd if=/dev/mtdblock6 of=/tmp/boot.bin bs=1 count=131072
131072+0 records in
131072+0 records out
root@DD-WRT:~# cd /tmp cat factory-to-ddwrt.bin >> boot.bin
root@DD-WRT:/tmp# mtd -f write boot.bin fullflash
Unlocking fullflash ...
Could not unlock MTD device: fullflash
fullflash: Not supported
Writing from boot.bin to fullflash ... [w]
root@DD-WRT:/tmp#
got up to this point then typed reboot. after that it ends up in a bootloop
TFTP recovery using simple switch? I tried to recover it using TFTP. But it seems it cannot detect the router. Tried the reset button + power on method with 192.168.0.66 etc (just like in youtube videos.) even renamed the .bin firmware (according to open-wrt website) still unable to put the router into recovery mode.
serial recovery seems to be a bit too time consuming and better if I purchase a new one.
Joined: 16 Nov 2015 Posts: 6414 Location: UK, London, just across the river..
Posted: Wed Oct 18, 2017 6:52 Post subject:
Writing from boot.bin to fullflash ... [w]
at this point you suppose to wait for 3-5 min or even more
did you read my posts above been rushy and not read is not an option ...??? _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913