Showing posts from December, 2014

Hidden TFTP of TP-Link routers

I did some more investigation after the positive results with the TL-WR740Nv4 (click the link to get introduced to the way of recovery). Most users report that devices and firmware updates released after a point in time usually have this mode enabled. If a firmware update is available from the vendor for your device, it's a good idea to apply that update before installing OpenWRT or dd-wrt UNLESS you own something for which upgrading will ensure incompatible with OpenWrt, like a TL-WR730N, and possible some other models (please report). Note that some old models have newer updates in different languages, those may also be worth a try (TODO: compatibility?). Also remember that later on, tftp recovery will need a type of firmware image without a boot loader, so strip it with dd if yours has it (grep U-Boot, or check the filename).

Positive reported claims so far (personal results highlighted):
TL-WDR4300 router server query wdr4300v1_tp_recovery.bin from wdr…

Tftp secret of TL-WR740N uncovered

I've found out that even this particular entry level router supports anti-bricking, so there's no need for soldering, unless of course you are modding. The method I used is the following:
Set up a tftp server on your PC and verify if it works correctly (configuration, permissions, firewalls, etc.)Rename your target firmware to wr740v4_tp_recovery.bin and copy it to your base folder (by default /tftpboot). I tested with openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-factory.bin r43602.Set up the following static IP for your PC: If you're not sure about the firmware name on a different model, start a packet sniffer on your PC (tcpdump -i eth0 -n -l) and look for the name in the RRQ message.Preferably disconnect WAN from the routerConnect the PC to a LAN portPower off the routerPress and hold the reset buttonPower on the routerAfter the leftmost (power) LED and the rightmost (padlock) LED turn on alone in a few seconds, release the reset buttonThe rou…