TP-Link Archer C9 Brick Fix (Revert To Stock Possibly)

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3 ... 10, 11, 12 ... 20, 21, 22  Next
View previous topic :: View next topic  
Author Message
RalphMalph
DD-WRT Novice


Joined: 29 Dec 2011
Posts: 43
PostPosted: Wed Jan 27, 2016 14:38    Post subject: Reply with quote
chrisdmc wrote:
BTW, with latest DD-WRT firmware (01/25/2016), no need to flash it with my custom image, just try with TFTP method using the original firmware image.


So if you have the latest firmware you on the Archer C9, even if you updated the last firmware from other ddwrt, you can go back to TP-Links firmware?
Can you describe how exactly? pls
Back to top View user's profile Send private message
Sponsor
chrisdmc
DD-WRT Novice


Joined: 18 Jan 2016
Posts: 19
PostPosted: Wed Jan 27, 2016 17:52    Post subject: Reply with quote
LOM wrote:
They are called nvram_cfe and nvram in ddwrt firmware and has always been so the partitiontable you showed a few posts up and which you say is from a dec 24 ddwrt firmware is confusing and is probably from stock firmware. Size of linux partition also indicates that.

I don't think there is a way to distinguish between C1900 and C9, at least not early in the boot sequence.
Router type detection is mainly based on a combination of board identifier nvram variables.


Thanks LOM.

RalphMalph wrote:
So if you have the latest firmware on the Archer C9, even if you updated the last firmware from other ddwrt, you can go back to TP-Links firmware?
Can you describe how exactly? pls


If you have already flashed and run your router with an older DD-WRT firmware, you already had TP-Link partitions overwritten even if later you have flashed with latest firmware. In this case, TFTP method won't work since the bootloader will try to match the info from new image with what ever is on the product-info nvram partition. And the info won't match.

You can check if "TP-Link" partitions have been overwritten by enabling SSH, connect with Putty, dump mtd1 (Linux) partition by running 'cat /dev/mtd1 > /tmp/mtd1.bin" and using a program such WinSCP to transfer mtd1.bin to your machine. With an hex editor you can verify the content of "product-info" partition by going to index 0xe00400.

The correct info for Archer C9 should look like (text):

........vendor_name:TP-LINK.vendor_url:www.tp-link.com.product_name:ArcherC9.language:UN.product_ver:1.0.0.product_id:00090001.special_id:00000000
Back to top View user's profile Send private message
RalphMalph
DD-WRT Novice


Joined: 29 Dec 2011
Posts: 43
PostPosted: Thu Jan 28, 2016 10:49    Post subject: Reply with quote
chrisdmc wrote:

You can check if "TP-Link" partitions have been overwritten by enabling SSH, connect with Putty, dump mtd1 (Linux) partition by running 'cat /dev/mtd1 > /tmp/mtd1.bin" and using a program such WinSCP to transfer mtd1.bin to your machine. With an hex editor you can verify the content of "product-info" partition by going to index 0xe00400.

The correct info for Archer C9 should look like (text):

........vendor_name:TP-LINK.vendor_url:www.tp-link.com.product_name:ArcherC9.language:UN.product_ver:1.0.0.product_id:00090001.special_id:00000000



If the "TP-LINK-partition" is overwritten (I didnt check yet), is there a possibility to get it back?
Back to top View user's profile Send private message
chrisdmc
DD-WRT Novice


Joined: 18 Jan 2016
Posts: 19
PostPosted: Fri Jan 29, 2016 3:42    Post subject: Reply with quote
Yes, the partition content can be restored and there are multiple ways of achieving that.

But you first have to try to restore the original firmware using TFTP method and if that doesn't work, next step is to confirm TP-Link "product-info" partition was overwritten.

Once you confirm, dmesg can be used from SSH client to get DD-WRT partition layout (should be identical to what I have already reported for the latest DD-WRT firmware). "ddwrt" partition is now used to protect TP-Link "mac", "pin" and "product-info" partitions.
Same "ddwrt" partition can be used to write a custom image (using mtd command) that will restore TP-Link partitions so you can flash later the original firmware via TFTP method.

I believe the above method will be the safest one to not brick your router since nobody confirmed if my ddwrt-to-factory.bin revert image works or not for Archer C9.
Back to top View user's profile Send private message
aaasnttgir
DD-WRT Novice


Joined: 02 Feb 2016
Posts: 3
PostPosted: Tue Feb 02, 2016 5:57    Post subject: Most recent stable version for Archer C9 ? Reply with quote
Hello Folks,
I have been Interested in flashing dd-wrt for very long,but never had a router which supported it before,finally I purchased Archer c9,I am checking to see what is the most recent stable version that I can put it on my archer c9 with out bricking it.

Appreciate your help in advance!!
Back to top View user's profile Send private message
Kiof
DD-WRT Novice


Joined: 04 Feb 2016
Posts: 5
PostPosted: Thu Feb 04, 2016 0:29    Post subject: Semi-Bricked router Reply with quote
chrisdmc wrote:
Latest DD-WRT firmware (01/25/2016) no longer overwrites TP-Link partitions, try first to revert to stock using TFTP method!

For Archer C9 I have modified 12.bin image from @Heinzek to make it flash from DD-WRT web interface.

WARNING: Wait until somebody that have open the router case and has UART, have flash it and confirms that it works! Otherwise you could end-up with a bricked router.

WARNING: The image will overwrite default MAC and Pin on your router, to restore them you will have to modify the image in same way I have posted instructions for Costco US Archer C1900 (black case) or in the worst case flash the 'default-mac' and 'pin' partitions from CFE with correct data.

To validate the image works as expected:

1. Extract ddwrt-to-factory.bin from the attached zip and flash it from DD-WRT web interface as you would normally flash a DD-WRT update image (webflash.bin). Wait until DD-WRT reboots the router.
2. After DD-WRT reboots the router, do a hard-reset by pressing the reset button for around 30secs or until all the lights turn on.
3. Once in TP-Link web interface, flash the router with an official firmware. It should work.
4. Try to flash the official firmware by using TFTP (instructions by @Heinzek - page 2).


Hello!

First I flashed the router 1st time with ddwrt firmware (Downloads › betas › 2016 › 02-01-2016-r29002 › tplink_archer-c9v1). After some testing I wanted to go back to original.

I flashed the router as you described since I could not managed to work TFTP server with original firmware.

After the flashing it only its power led flashing continiously nothing else is on. The router is "working" (hald-dead) without WIFI, but cannot reach it on webinterface and make any change on it.

Two questions:
1. Why TFTP is not working for me? I tried severel files and many name variants. I followed page2 description also checked it 3 times. The router never ever connected, downloaded anything from it.

2. Is there any other option to fix the router without opening the case? Go back any working state (original or ddwrt)?

Update: from my laptop and with different TFTP program version (32bit not 64) I managed to trick back to ddwrt but if I try to update same way to original state I got the same useless router.

Is there a solution to go back original? Why does not accept it with TFTP? Maybe bad MAC and PIN change could it make wrong? I am not sure that I did it the right way...
Back to top View user's profile Send private message
chrisdmc
DD-WRT Novice


Joined: 18 Jan 2016
Posts: 19
PostPosted: Thu Feb 04, 2016 3:11    Post subject: Reply with quote
@Kiof If it worked for you to flash back DD-WRT it should work to flash the original firmware as well using TFTP.

Since it worked to flash back DD-WRT after you have flashed my image it also means I properly write product-info partition with the right data.
Otherwise you shouldn't be able to flash it at all.

I do not believe a bad MAC or Pin would prevent you from booting the router.

BTW, what original firmware image do you try to flash? Could you provide the link?
Back to top View user's profile Send private message
Kiof
DD-WRT Novice


Joined: 04 Feb 2016
Posts: 5
PostPosted: Thu Feb 04, 2016 17:18    Post subject: Reply with quote
@chrisdmc

Here the link: http://www.tp-link.com/res/down/soft/Archer_C9_V1_151125.zip and the filename: archer_c9v1_eu-up-ver3-18-0-P1[20151125-rel64793].bin.

So there is still hope for me.
Back to top View user's profile Send private message
RalphMalph
DD-WRT Novice


Joined: 29 Dec 2011
Posts: 43
PostPosted: Thu Feb 04, 2016 21:53    Post subject: Reply with quote
chrisdmc wrote:
LOM wrote:
They are called nvram_cfe and nvram in ddwrt firmware and has always been so the partitiontable you showed a few posts up and which you say is from a dec 24 ddwrt firmware is confusing and is probably from stock firmware. Size of linux partition also indicates that.

I don't think there is a way to distinguish between C1900 and C9, at least not early in the boot sequence.
Router type detection is mainly based on a combination of board identifier nvram variables.


Thanks LOM.

RalphMalph wrote:
So if you have the latest firmware on the Archer C9, even if you updated the last firmware from other ddwrt, you can go back to TP-Links firmware?
Can you describe how exactly? pls


If you have already flashed and run your router with an older DD-WRT firmware, you already had TP-Link partitions overwritten even if later you have flashed with latest firmware. In this case, TFTP method won't work since the bootloader will try to match the info from new image with what ever is on the product-info nvram partition. And the info won't match.

You can check if "TP-Link" partitions have been overwritten by enabling SSH, connect with Putty, dump mtd1 (Linux) partition by running 'cat /dev/mtd1 > /tmp/mtd1.bin" and using a program such WinSCP to transfer mtd1.bin to your machine. With an hex editor you can verify the content of "product-info" partition by going to index 0xe00400.

The correct info for Archer C9 should look like (text):

........vendor_name:TP-LINK.vendor_url:www.tp-link.com.product_name:ArcherC9.language:UN.product_ver:1.0.0.product_id:00090001.special_id:00000000


I think I did evertything ok, but when I check in Hex-editor I see only crap:
�!=9ӉQ�N7k<ʟ,KĒ�
�'�7��X<���0��E�%��w;X2�� 7P�"�.c~F<)Z�C�� yYJ��P��U�\�@�@��Cg����6�OOg�z*��C�O�kͿ���M��L6u�n\���F˸��3��UN@����N�d�p���Gg���(��P�U��Po

Is this good?
This is with ddwrt, or should I flash to factory with tftp first and then check the mtd1
Back to top View user's profile Send private message
chrisdmc
DD-WRT Novice


Joined: 18 Jan 2016
Posts: 19
PostPosted: Fri Feb 05, 2016 17:27    Post subject: Reply with quote
Kiof wrote:
@chrisdmc

Here the link: http://www.tp-link.com/res/down/soft/Archer_C9_V1_151125.zip and the filename: archer_c9v1_eu-up-ver3-18-0-P1[20151125-rel64793].bin.

So there is still hope for me.


So, have you tried to rename archer_c9v1_eu-up-ver3-18-0-P1[20151125-rel64793].bin to archerc9v1_tp_recovery.bin and attempt to flash it using TFTP?

First, you should see the bin file being downloaded by the router in your TFTP client and next the router should flash it if the proper info is in the product-info TP-Link partition on your router.
Back to top View user's profile Send private message
chrisdmc
DD-WRT Novice


Joined: 18 Jan 2016
Posts: 19
PostPosted: Fri Feb 05, 2016 17:36    Post subject: Reply with quote
RalphMalph wrote:


I think I did evertything ok, but when I check in Hex-editor I see only crap:
�!=9ӉQ�N7k<ʟ,KĒ�
�'�7��X<���0��E�%��w;X2�� 7P�"�.c~F<)Z�C�� yYJ��P��U�\�@�@��Cg����6�OOg�z*��C�O�kͿ���M��L6u�n\���F˸��3��UN@����N�d�p���Gg���(��P�U��Po

Is this good?
This is with ddwrt, or should I flash to factory with tftp first and then check the mtd1


If that is the content of TP-Link product-info partition, than the content was overwritten by DD-WRT.

Could you check using dmesg command what's the DD-WRT current partition layout on your router?
Back to top View user's profile Send private message
Kiof
DD-WRT Novice


Joined: 04 Feb 2016
Posts: 5
PostPosted: Fri Feb 05, 2016 22:35    Post subject: Reply with quote
chrisdmc wrote:

So, have you tried to rename archer_c9v1_eu-up-ver3-18-0-P1[20151125-rel64793].bin to archerc9v1_tp_recovery.bin and attempt to flash it using TFTP?

First, you should see the bin file being downloaded by the router in your TFTP client and next the router should flash it if the proper info is in the product-info TP-Link partition on your router.


I cannot go back to the original firmware with TFTP. If I try I got the stupid router with no wifi, no webaccess and so on. But I can go back to ddwrt and its working there porperly.

"proper info TP-Link partition" - How can I check it?

ps. Not even the settings of the router was "damaged" during stupid period. After I went back to ddwrt all my settings were in place.
Back to top View user's profile Send private message
chrisdmc
DD-WRT Novice


Joined: 18 Jan 2016
Posts: 19
PostPosted: Sat Feb 06, 2016 4:07    Post subject: Reply with quote
Kiof wrote:

I cannot go back to the original firmware with TFTP. If I try I got the stupid router with no wifi, no webaccess and so on. But I can go back to ddwrt and its working there porperly.

"proper info TP-Link partition" - How can I check it?

ps. Not even the settings of the router was "damaged" during stupid period. After I went back to ddwrt all my settings were in place.


I'm confused. Is the original image accepted and flashed to router or not?
How exactly do you flash back DD-WRT? Using TFTP?

If you have flashed it with original firmware, try to reset it before attempting to connect to it by using the hardware reset button.
Back to top View user's profile Send private message
Heinzek
DD-WRT User


Joined: 07 Apr 2013
Posts: 59
Location: Poland
PostPosted: Sat Feb 06, 2016 10:21    Post subject: Reply with quote
Kiof wrote:

I cannot go back to the original firmware with TFTP. If I try I got the stupid router with no wifi, no webaccess and so on. But I can go back to ddwrt and its working there porperly.


Power LED fast blinking?

This is because partition "radio base" is damaged.
You can repair this partition on DD-Wrt:

1. Login in to DD-WRT config page.
2. Go to Services - Secure Shell - SSHd > Enable
3. On Windows install WinSCP - https://winscp.net/eng/download.php
4. Connect to 192.168.1.1 using SCP protocol. Login root, password is the same for webinterface.
5. Download and extract archive: https://mega.nz/#!gRJQAZZC!MfnW31l-qP2Qkpy1wOrfiSi6R4Vasa9UDUiZ2rrOAmg
6. Copy file radio.bin to /tmp/ directory on router.
7. Open Terminal ( CTRL + T) and Enter command: mtd write /tmp/radio.bin nvram_cfe
8. Click Execute and wait 3 sec and click close.
9. Turn off router.
10. Use recovery to go back to factory firmware.
_________________
tplinkforum.pl - Polskie forum poświęcone tematyce urządzeń firmy TP-link i Neffos
Back to top View user's profile Send private message Visit poster's website
Kiof
DD-WRT Novice


Joined: 04 Feb 2016
Posts: 5
PostPosted: Sat Feb 06, 2016 20:45    Post subject: Reply with quote
Heinzek wrote:
Kiof wrote:

I cannot go back to the original firmware with TFTP. If I try I got the stupid router with no wifi, no webaccess and so on. But I can go back to ddwrt and its working there porperly.


Power LED fast blinking?

This is because partition "radio base" is damaged.
You can repair this partition on DD-Wrt:

1. Login in to DD-WRT config page.
2. Go to Services - Secure Shell - SSHd > Enable
3. On Windows install WinSCP - https://winscp.net/eng/download.php
4. Connect to 192.168.1.1 using SCP protocol. Login root, password is the same for webinterface.
5. Download and extract archive: https://mega.nz/#!gRJQAZZC!MfnW31l-qP2Qkpy1wOrfiSi6R4Vasa9UDUiZ2rrOAmg
6. Copy file radio.bin to /tmp/ directory on router.
7. Open Terminal ( CTRL + T) and Enter command: mtd write /tmp/radio.bin nvram_cfe
8. Click Execute and wait 3 sec and click close.
9. Turn off router.
10. Use recovery to go back to factory firmware.


Thanks! I dont know how it was done but I am back to original now.

I did what you wrote BUT I got this failure note during execution:
"/tmp$ mtd write /tmp/radio.bin nvram_cfe
Unlocking nvram_cfe ...
Could not unlock MTD device: nvram_cfe
nvram_cfe: Not supported
Writing from /tmp/radio.bin to nvram_cfe ... [ ][e][w][w][w][w]"

Despite the failure I followed through your steps and I am back to original firmware.

Thanks both of you: chrisdmc and Heinzek! Your are expert and very helpful!
Back to top View user's profile Send private message
Goto page Previous  1, 2, 3 ... 10, 11, 12 ... 20, 21, 22  Next Display posts from previous:    Page 11 of 22
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum