BTW, with latest DD-WRT firmware (01/25/2016), no need to flash it with my custom image, just try with TFTP method using the original firmware image.
So if you have the latest firmware you on the Archer C9, even if you updated the last firmware from other ddwrt, you can go back to TP-Links firmware?
Can you describe how exactly? pls
They are called nvram_cfe and nvram in ddwrt firmware and has always been so the partitiontable you showed a few posts up and which you say is from a dec 24 ddwrt firmware is confusing and is probably from stock firmware. Size of linux partition also indicates that.
I don't think there is a way to distinguish between C1900 and C9, at least not early in the boot sequence.
Router type detection is mainly based on a combination of board identifier nvram variables.
Thanks LOM.
RalphMalph wrote:
So if you have the latest firmware on the Archer C9, even if you updated the last firmware from other ddwrt, you can go back to TP-Links firmware?
Can you describe how exactly? pls
If you have already flashed and run your router with an older DD-WRT firmware, you already had TP-Link partitions overwritten even if later you have flashed with latest firmware. In this case, TFTP method won't work since the bootloader will try to match the info from new image with what ever is on the product-info nvram partition. And the info won't match.
You can check if "TP-Link" partitions have been overwritten by enabling SSH, connect with Putty, dump mtd1 (Linux) partition by running 'cat /dev/mtd1 > /tmp/mtd1.bin" and using a program such WinSCP to transfer mtd1.bin to your machine. With an hex editor you can verify the content of "product-info" partition by going to index 0xe00400.
The correct info for Archer C9 should look like (text):
You can check if "TP-Link" partitions have been overwritten by enabling SSH, connect with Putty, dump mtd1 (Linux) partition by running 'cat /dev/mtd1 > /tmp/mtd1.bin" and using a program such WinSCP to transfer mtd1.bin to your machine. With an hex editor you can verify the content of "product-info" partition by going to index 0xe00400.
The correct info for Archer C9 should look like (text):
Yes, the partition content can be restored and there are multiple ways of achieving that.
But you first have to try to restore the original firmware using TFTP method and if that doesn't work, next step is to confirm TP-Link "product-info" partition was overwritten.
Once you confirm, dmesg can be used from SSH client to get DD-WRT partition layout (should be identical to what I have already reported for the latest DD-WRT firmware). "ddwrt" partition is now used to protect TP-Link "mac", "pin" and "product-info" partitions.
Same "ddwrt" partition can be used to write a custom image (using mtd command) that will restore TP-Link partitions so you can flash later the original firmware via TFTP method.
I believe the above method will be the safest one to not brick your router since nobody confirmed if my ddwrt-to-factory.bin revert image works or not for Archer C9.
Posted: Tue Feb 02, 2016 5:57 Post subject: Most recent stable version for Archer C9 ?
Hello Folks,
I have been Interested in flashing dd-wrt for very long,but never had a router which supported it before,finally I purchased Archer c9,I am checking to see what is the most recent stable version that I can put it on my archer c9 with out bricking it.
Posted: Thu Feb 04, 2016 0:29 Post subject: Semi-Bricked router
chrisdmc wrote:
Latest DD-WRT firmware (01/25/2016) no longer overwrites TP-Link partitions, try first to revert to stock using TFTP method!
For Archer C9 I have modified 12.bin image from @Heinzek to make it flash from DD-WRT web interface.
WARNING: Wait until somebody that have open the router case and has UART, have flash it and confirms that it works! Otherwise you could end-up with a bricked router.
WARNING: The image will overwrite default MAC and Pin on your router, to restore them you will have to modify the image in same way I have posted instructions for Costco US Archer C1900 (black case) or in the worst case flash the 'default-mac' and 'pin' partitions from CFE with correct data.
To validate the image works as expected:
1. Extract ddwrt-to-factory.bin from the attached zip and flash it from DD-WRT web interface as you would normally flash a DD-WRT update image (webflash.bin). Wait until DD-WRT reboots the router.
2. After DD-WRT reboots the router, do a hard-reset by pressing the reset button for around 30secs or until all the lights turn on.
3. Once in TP-Link web interface, flash the router with an official firmware. It should work.
4. Try to flash the official firmware by using TFTP (instructions by @Heinzek - page 2).
Hello!
First I flashed the router 1st time with ddwrt firmware (Downloads › betas › 2016 › 02-01-2016-r29002 › tplink_archer-c9v1). After some testing I wanted to go back to original.
I flashed the router as you described since I could not managed to work TFTP server with original firmware.
After the flashing it only its power led flashing continiously nothing else is on. The router is "working" (hald-dead) without WIFI, but cannot reach it on webinterface and make any change on it.
Two questions:
1. Why TFTP is not working for me? I tried severel files and many name variants. I followed page2 description also checked it 3 times. The router never ever connected, downloaded anything from it.
2. Is there any other option to fix the router without opening the case? Go back any working state (original or ddwrt)?
Update: from my laptop and with different TFTP program version (32bit not 64) I managed to trick back to ddwrt but if I try to update same way to original state I got the same useless router.
Is there a solution to go back original? Why does not accept it with TFTP? Maybe bad MAC and PIN change could it make wrong? I am not sure that I did it the right way...
@Kiof If it worked for you to flash back DD-WRT it should work to flash the original firmware as well using TFTP.
Since it worked to flash back DD-WRT after you have flashed my image it also means I properly write product-info partition with the right data.
Otherwise you shouldn't be able to flash it at all.
I do not believe a bad MAC or Pin would prevent you from booting the router.
BTW, what original firmware image do you try to flash? Could you provide the link?
They are called nvram_cfe and nvram in ddwrt firmware and has always been so the partitiontable you showed a few posts up and which you say is from a dec 24 ddwrt firmware is confusing and is probably from stock firmware. Size of linux partition also indicates that.
I don't think there is a way to distinguish between C1900 and C9, at least not early in the boot sequence.
Router type detection is mainly based on a combination of board identifier nvram variables.
Thanks LOM.
RalphMalph wrote:
So if you have the latest firmware on the Archer C9, even if you updated the last firmware from other ddwrt, you can go back to TP-Links firmware?
Can you describe how exactly? pls
If you have already flashed and run your router with an older DD-WRT firmware, you already had TP-Link partitions overwritten even if later you have flashed with latest firmware. In this case, TFTP method won't work since the bootloader will try to match the info from new image with what ever is on the product-info nvram partition. And the info won't match.
You can check if "TP-Link" partitions have been overwritten by enabling SSH, connect with Putty, dump mtd1 (Linux) partition by running 'cat /dev/mtd1 > /tmp/mtd1.bin" and using a program such WinSCP to transfer mtd1.bin to your machine. With an hex editor you can verify the content of "product-info" partition by going to index 0xe00400.
The correct info for Archer C9 should look like (text):
I think I did evertything ok, but when I check in Hex-editor I see only crap:
�!=9ӉQ�N7k<ʟ,KĒ�
�'�7��X<���0��E�%��w;X2�� 7P�"�.c~F<)Z�C�� yYJ��P��U�\�@�@��Cg����6�OOg�z*��C�O�kͿ���M��L6u�n\���F˸��3��UN@����N�d�p���Gg���(��P�U��Po
Is this good?
This is with ddwrt, or should I flash to factory with tftp first and then check the mtd1
So, have you tried to rename archer_c9v1_eu-up-ver3-18-0-P1[20151125-rel64793].bin to archerc9v1_tp_recovery.bin and attempt to flash it using TFTP?
First, you should see the bin file being downloaded by the router in your TFTP client and next the router should flash it if the proper info is in the product-info TP-Link partition on your router.
I think I did evertything ok, but when I check in Hex-editor I see only crap:
�!=9ӉQ�N7k<ʟ,KĒ�
�'�7��X<���0��E�%��w;X2�� 7P�"�.c~F<)Z�C�� yYJ��P��U�\�@�@��Cg����6�OOg�z*��C�O�kͿ���M��L6u�n\���F˸��3��UN@����N�d�p���Gg���(��P�U��Po
Is this good?
This is with ddwrt, or should I flash to factory with tftp first and then check the mtd1
If that is the content of TP-Link product-info partition, than the content was overwritten by DD-WRT.
Could you check using dmesg command what's the DD-WRT current partition layout on your router?
So, have you tried to rename archer_c9v1_eu-up-ver3-18-0-P1[20151125-rel64793].bin to archerc9v1_tp_recovery.bin and attempt to flash it using TFTP?
First, you should see the bin file being downloaded by the router in your TFTP client and next the router should flash it if the proper info is in the product-info TP-Link partition on your router.
I cannot go back to the original firmware with TFTP. If I try I got the stupid router with no wifi, no webaccess and so on. But I can go back to ddwrt and its working there porperly.
"proper info TP-Link partition" - How can I check it?
ps. Not even the settings of the router was "damaged" during stupid period. After I went back to ddwrt all my settings were in place.
I cannot go back to the original firmware with TFTP. If I try I got the stupid router with no wifi, no webaccess and so on. But I can go back to ddwrt and its working there porperly.
"proper info TP-Link partition" - How can I check it?
ps. Not even the settings of the router was "damaged" during stupid period. After I went back to ddwrt all my settings were in place.
I'm confused. Is the original image accepted and flashed to router or not?
How exactly do you flash back DD-WRT? Using TFTP?
If you have flashed it with original firmware, try to reset it before attempting to connect to it by using the hardware reset button.
I cannot go back to the original firmware with TFTP. If I try I got the stupid router with no wifi, no webaccess and so on. But I can go back to ddwrt and its working there porperly.
Power LED fast blinking?
This is because partition "radio base" is damaged.
You can repair this partition on DD-Wrt:
1. Login in to DD-WRT config page.
2. Go to Services - Secure Shell - SSHd > Enable
3. On Windows install WinSCP - https://winscp.net/eng/download.php
4. Connect to 192.168.1.1 using SCP protocol. Login root, password is the same for webinterface.
5. Download and extract archive: https://mega.nz/#!gRJQAZZC!MfnW31l-qP2Qkpy1wOrfiSi6R4Vasa9UDUiZ2rrOAmg
6. Copy file radio.bin to /tmp/ directory on router.
7. Open Terminal ( CTRL + T) and Enter command: mtd write /tmp/radio.bin nvram_cfe
8. Click Execute and wait 3 sec and click close.
9. Turn off router.
10. Use recovery to go back to factory firmware. _________________ tplinkforum.pl - Polskie forum poświęcone tematyce urządzeń firmy TP-link i Neffos
I cannot go back to the original firmware with TFTP. If I try I got the stupid router with no wifi, no webaccess and so on. But I can go back to ddwrt and its working there porperly.
Power LED fast blinking?
This is because partition "radio base" is damaged.
You can repair this partition on DD-Wrt:
1. Login in to DD-WRT config page.
2. Go to Services - Secure Shell - SSHd > Enable
3. On Windows install WinSCP - https://winscp.net/eng/download.php
4. Connect to 192.168.1.1 using SCP protocol. Login root, password is the same for webinterface.
5. Download and extract archive: https://mega.nz/#!gRJQAZZC!MfnW31l-qP2Qkpy1wOrfiSi6R4Vasa9UDUiZ2rrOAmg
6. Copy file radio.bin to /tmp/ directory on router.
7. Open Terminal ( CTRL + T) and Enter command: mtd write /tmp/radio.bin nvram_cfe
8. Click Execute and wait 3 sec and click close.
9. Turn off router.
10. Use recovery to go back to factory firmware.
Thanks! I dont know how it was done but I am back to original now.
I did what you wrote BUT I got this failure note during execution:
"/tmp$ mtd write /tmp/radio.bin nvram_cfe
Unlocking nvram_cfe ...
Could not unlock MTD device: nvram_cfe
nvram_cfe: Not supported
Writing from /tmp/radio.bin to nvram_cfe ... [ ][e][w][w][w][w]"
Despite the failure I followed through your steps and I am back to original firmware.
Thanks both of you: chrisdmc and Heinzek! Your are expert and very helpful!