router mod project

Thursday, August 15, 2019

Updating Boot loader of your Router:: more robust boot loader!!

For Atheros or QCA/Atheros based routers the Boot loader is uboot. For Broadcom(cpu) based routers boot loader is CFE!!

Please note most people do not need to update their boot loader, as it got no functional purpose for them. But professional router technician or Network Professionals it's a must. What can be achieved with updated and more robust boot loaders,

1. Can update or change MAC or Hardware address of the router in hand.
2. You got httpd server embedded in them to flash openwrt or dd-wrt or update firmware with a more convenient web interface.
3. In some routers(older) if flash chip changed to 8 or 16 MB the older u-boot do not identify the new size of the chip, which is not intended result!!
4. If flash chip changed to 8 or 16 MB chip then need to re-flash ART partition to the end of the newly installed flash chip with web interface, which is more convenient.
5. Overclock the router cpu to extract more power from the router!!
6. Some users report some routers u-boot got backdoors!!, though I cannot confirm it!!

Flashing u-Boot could potentially brick your router. please have serial console, or JTAG set up before hand to recover from any mistake or bad flash. Also an external flash programmer may also be necessary.

But before proceeding further, you must know the SoC or CPU of your router. As one must install boot loader specifically build for that SoC. Here I'm interested in low cost qca953x based routers, which are Tp-link tl840v2 or v3, tl841v8/v9/v10/v11 or v12, tl850n/re etc Routers. But if you know the processor or cpu then you can do similar things to other routers with other or more powerful SoC's. Also There are potetially 100's of cheap routers that use qca9531(with usb)/9533 processors that can use this mod!!

To Flash u-boot you need a working tftp server in your computer. Connection must be made with your router from the computer directly with a UTP cable. First try connect with the WAN port of your router if not then try any of the LAN port starting from the LAN1 port.

If you need help setup tftp server and how to go about connecting your router with your computer/pc, please follow the page containing "Flashing router with serial port...." here,

Flashing Router via Serial Port:: This is the Preferred way to flash Firmware of any router

In fact Flashing u-boot of a router with serial port/console is the same or similar.

First connect the Serial to USB converter such as cp2102 from your pc to the routers serial port and turn the router on. Then in the console window, check the environment variables containing the memory location of your "memory load address", with the command "printenv" and find something like below sent to your screen/monitor,

u-boot> printenv
bootargs=console=ttyS0,115200 root=31:02 rootfstype=squashfs init=/sbin/init mt)
bootcmd=bootm 0x9F020000
bootdelay=1
baudrate=115200
autoload=no
loadaddr=0x80800000
uboot_name=u-boot.bin
uboot_addr=0x9F000000
ethaddr=FC:05:6B:C2:34:CE
ethact=eth0
bootfile=firmware.bin
serverip=192.168.100.100
netmask=255.255.255.0
ipaddr=192.168.100.10

In above we have set our serverip i.e. our computer's ip and ipaddr of the router with following command,

set serverip 192.168.100.100
set ipaddr 192.168.100.10

Note, in our computer we have set it's ip address to 192.168.100.100 with netmask 255.255.255.0 and gateway as 192.168.100.10, Above all process described in here : Flashing router with serial port

Now about u-boot, It resides in the First 0x20000 (128KB) of your flash memory chip. So make sure your intended u-boot binary image is 128kb or less in size. If your u-boot size is 0x1ec00(123 KB), you must copy nearest multiple of 64KB in size, for us it's 2x64=128KB!!(0x20000)

Now, copy a compatible image/bin u-boot file to your tftp server directory,
If you are flashing a tl840/841 qca9533(cpu) based router it should be something like this,
u-boot_mod__tp-link_tl-wr841n_v9__20181017__git_master-7a540a78.bin (For qca9533-al3a)
u-boot_mod__tp-link_tl-wr841n_v10__20180223__git_master-7a540a78.bin(For qca9533-bl3a)
u-boot_mod__tp-link_tl-wr841n_v11__20180223__git_master-7a540a78.bin( same above)

rename above file to something small like u-boot-new.bin and copy to tftp server directory.

Now ping your server i.e. your computer from existing u-boot with ping 192.168.100.100, if says server exists or ping successful then use the following commands,

1. copy tftp image from your tftp server of computer 192.168.100.100 to your routers ram with the following command,

ap123> tftpboot 0x80800000 uboot-new.bin
eth1 link down
Using eth0 device
TFTP from server 192.168.100.100; our IP address is 192.168.100.10
Filename 'uboot-new.bin'.
Load address: 0x80800000
Loading: #########################
done
Bytes transferred = 125952 (1ec00 hex)

ap123>

2. Now erase the first 0x20000 KiB of flash space. U-boot address is given in the 'printenv' command, so we erase,

ap123> erase 0x9F000000 +0x20000

First 0x0 last 0x1 sector size 0x10000
Erased 2 sectors

ap123>

3. Now your router do not have a bootloader, do not POWER DOWN the device/router. Copy the flash image with following command to flash chip,

ap123> cp.b 0x80800000 0x9F000000 0x20000

Copy to Flash... write addr: 9f000000
done

If everything looks ok, then do,

4. ap123> reset

This will reset the board and boot new bootloader!!

If you are upgrading a 2 mb or 4 mb flash chip to 8MB or 16MB flash chip. The process is simple.
1. First flash/install openwrt in the old chip, with original u-boot.
2. Backup u-boot and ART with openwrt with mtd or dd command see "Flashing with serial port page".
3. Flash u-boot to new Flash chip with an external programmer, can be done with ch341a or tl866ii programmer or others i.e. a respberry pie!!
4. Solder new chip to router and boot up to new u-boot.
5. Flash openwrt or your chosen os/firmware.
6. Flash ART from web interface of the pepe2k u-boot or use serial console just like flashing u-boot or openwrt or ddwrt etc.

We shall try posting CFE upload at a later date.

Friday, August 9, 2019

Bad Wan port : Do not throw away the router!! :: Solve Problem by using other ports as WAN

After using routers constantly, I had many friends throw their routers away as They got only one WAN port and that went bad. So no way to connect to ISP media converter or switch or router for internet connectivity!!

For any router WAN port is just like any other ports on the back of their router. Though the wan port is wired differently(internally) but it is really like any other lan ports on the back of the router. In reality anyone can use any of the LAN ports as wan and still use the router as if nothing has happened!!

To use the router we must install Openwrt as the vendor provided router software is configured to use only the WAN port as wan and Router vendor like TP-Link lock their CLI access with passcodes so that users cannot fiddle with their default settings. If can access router CLI(Command line Interface) with a serial port i.e. serial interface access can be had then routers default software can also be USED, but not possible, as they will not tell u their passcode!! So we need to install OPENWRT and do it that way, even with their GUI i.e. LUCI web interface.

After Installing Openwrt with Luci anyone can use anyone of the LAN ports as wan. Here I'm using one friends Tp-link 840n v2 router as example, as this router got A Bad Wan port. Also the First lan port is BAD too ( in the SoC!! -Hardware). So We must use the Three Lan ports only!! Below image shows the Bad wan and 1st. lan port(port adjacent to wan port). We Now set the 2nd lan port as wan and rest are lan ports.

Now Logon to LUCI Web Interface(Starts with 192.168.1.1, First boot!!) of Openwrt and we go to switch settings from Network->Switch menu and setup one extra vlan for the WAN port only as shown below,

Here in above image, Our Newly created VLAN 2 got CPU-tagged, LAN1-off(Bad), LAN2-Untagged(using here in vlan2) and rest off i.e. LAN3-off, LAN4-off, LAN3 & LAN4 are not used in VLAN2

Changed VLAN1 as shown too, CPU-tagged, LAN1-off(Bad), LAN2-off(not using in vlan1), LAN3-untagged, LAN4-untagged, So LAN3 AND LAN4 are used in VLAN1 switch.

Now we go to Netwok-> Interfaces menu and add a 'WAN2' interface tagging wan6 along with this wan2(eth0.2) instead of existing wan port(eth1). Now we also disable wan(eth1) port which is bad!!

In above image we only Change WAN2 interface to tag eth0.2 interface which is VLAN2 that we created earlier, so eth0.1 is the br-lan and eth0.2 now our new WAN PORT.

Now connect your ISP cable modem or fiber media converter or lan switch and configure as per your ISP, mine here connected to upstream with a fixed ip/static ip address.

Please also make sure ipv6 interface now attached with eth0.2 instead of eth1 by default as shown below,

Also make sure firewall adds this new wan to its wan list(it should automatically), check firewall settings in WAN6.

So, Now Network->Interfaces should look like below,

LAN--->br-lan, WAN--->eth1(Stopped), WAN2--->eth0.2(Our new wan), WAN6--->eth0.2(was eth1)

For Wan6 one might need to set "Client ID to send when requesting DHCP" and/or "Override MAC Address" to the MAC Address of your router i.e. The MAC/Hardware address shown in LAN or WAN and in the Back sticker of your router. See Menu Network->Interfaces->Wan6(or edit wan6)->Advanced Settings. You only do this if your wan/wan6 do not work/connect.

Alternatively if you got CLI access i.e. serial or SSH or telnet, you can directly change the /etc/config/network file and be done with it!!

Warning: If you change or delete this vlan0.2 without proper precaution, you will not be able to access this router as it is getting wan and lan from the same set of ports that the cpu considers same/similar LAN ports. If you change auto configured wan6 to disabled wan port instead of wan2 that we created, then you won't hv any problem connecting your pc/computer to anyone of the good lan ports!!

Note: for a copy of tplink firmware or openwrt for tplink basic routers, please see my previous post.

For Routers Using ecos firmware i.e. tenda with broadcom chip or Tomato for broadcom or for DDWRT you can change the vlan settings from the cli(command line interface) of the router. First need to login to router via putty(Windows) use protocol telnet or ssh, for linux you can use both from the Terminal.
Issue command,
1. nvram show | grep vlan.*ports , will show,
vlan1ports= 0 1 2 3 4 5* (Assuming a 5 port router)
vlan2ports= 4 5 or vlan2ports= 4 5*
Here 5* being CPU Port 0 1 2 3 are LAN Ports and Port 4 is the Wan port.
Now change this to use Lan port 3 as wan,
2. nvram set vlan1ports="0 1 2 5*"
3. nvram set vlan2ports="3 4 5*" or "3 4 5" (depending on router model)
Now make sure everything as u wanted and issue,
4. nvram show | grep vlan.*ports and it should show,
vlan1ports= 0 1 2 5*
vlan2ports= 3 4 5 or 3 4 5* (depending on router model)
Now issue command,
5. nvram commit , returns,
commit...Done or something like that.
now issue
6. reboot, router reboots with new vlan settings, check in gui to make sure if it's what was intended.

Special Note on nvram command : In some routers ecos firmware is stripped down to extreme and grep command not included(tenda f3). In this cases to view the ports one should use command as below,
1. nvram show vlan1ports , output,
CLI> nvram show vlan1ports
vlan1ports=1 2 3 4 5*
2. nvram show vlan2ports
CLI> nvram show vlan2ports
vlan2ports=2 5
or
CLI> nvram show vlan2p
vlan2ports=2 5
or for all ports,
3. nvram show vlan , output is,
CLI> nvram show vlan
vlan2ports=2 5
vlan2hwname=et0
vlan1hwname=et0
vlan1ports=1 2 3 4 5*

Above is given to enable one to understand about how to use nvram commands with some low cost routers!!

Sunday, August 4, 2019

Router Firmware/OS Files for Different Routers

Tuesday, September 18, 2018

Flashing Router via Serial Port:: This is the Preferred way to flash Firmware of any router

Flashing router got several ways. But flashing through the serial port of the router is the preferred way. As you are dealing directly via the cli(command line) you instantly know what is going on, if your flashing done successfully or not.

In the last two posts I have described how to do part of the work. I will not go into it here in this post.

1. You will need a tftp server running in the computer that you are using to flash your router. Please go through this post here to know how to setup tftpd,

http://router-mod.blogspot.com/2018/09/the-easy-way-out-easy-flashing-without.html

For Linux(that I use) you can use tftpd-hpa. It's config file is in the directory(arch/manjaro linux) is in /etc/conf.d/tftpd, mine looks like this,
TFTP_ADDRESS="0.0.0.0:69"
TFTPD_ARGS="-c -vvvv --secure /srv/gtftp/"

For windows above url details how to setup the tftp server.

2. You will also need to setup a serial/UART TTL Converter for serial input/output commands. Previous document/post got the complete details about how to do that, link is here,

http://router-mod.blogspot.com/2018/09/router-serial-or-uart-port-how-to-find.html

Now connect your serial port just like the last two images(not posting here) in the above linked post.

For windows you use putty and for linux it's screen or minicom(i use this). In the router boot process there are two types of software loading happens. First the bootloader, for Atheros based router it's usually u-boot and for broadcom based routers it's CFE(Common Firmware Environment). The bootloadar loads all the hardware parameters and passes it to the actual firmware that it loads.

We are replacing the firmware provided by the router vendor to custom firmware i.e. openwrt or dd-wrt or tomato. So we need our bootloader to halt booting the firmware and wait for our commands at it's cli interface that is only available via serial console/UART console. For linux just open up a terminal, Connect your UART to Serial Adapter/Converter(cp210x etc) and start up minicom. For windows you need to start and connect putty to serial port. To halt booting existing vendor provided firmware we need to do the following,

1.Atheros/Qca-Atheros u-boot : For Atheros SOC based routers u-boot will likely be your bootloader. To halt the boot loader at it's cli, We need to be alert as it will show a 1 second boot wait time, and if it's a tp-link router we shall have to write "tpl" and hit enter very fast. for every 4 or 5 bootings I could do it probably once. So, what I did, I programmed minicom to startup with "tpl" and hit enter(auto). So, As soon as I power on the router, I start minicom and it initialize the router with 'tpl'. This way, I get my boot loader prompt!! each time I switch on my router.

In above image, u-boot is awaiting commands after "tpl"...

Your boot prompt is likely different such as "ap143>" or "ap121>" etc for tp-link routers with default bootloader provided by the vendor.

Meanwhile You must download the router firmware i.e. if it's openwrt go here and download firmware image file for your router,

downloads.openwrt.org

for dd-wrt go here,

https://dd-wrt.com/support/other-downloads/

In case You are not successful in your flash or wish to revert back to vendor firmware you should download firmware from vendor site, for tp-link it should be here,

https://www.tp-link.com/en/

Special Note:

Please backup your current Firmware Before you do new flashing. As it is not possible from cli, You must get a copy of your Latest firmware from vendor site, like mentioned above. If you got tp-link router and the firmware got "boot" mentioned in the downloaded file then You need to strip the file with dd in linux,

you will need to strip out the first 0x20200 bytes (131584 bytes),

dd if=orig.bin of=tplink.bin skip=257 bs=512 (dd is a linux command line tool) or

Download a stripped image from here,

http://www.friedzombie.com/tplink-stripped-firmware/

Note : You can contact me or leave Message for me to get you a stripped image if required.

Now, Copy your desired firmware file, copy it into the tftpd directory in your computer i.e. in my case my tftpd server directory is /srv/gftpd and I copy the file into it.

Connect your router with your computer via a UTP cable directly into in any of the lan or the wan port. One also must setup the router and the computer ip manually at this point. Please go into your ip settings and manually choose a subnet and set it up like this,

I choose subnet of 192.168.100.x so I choose my computer details as below,

IP: 192.168.100.100, subnet mask: 24 aka 255.255.255.0 and gateway to my router i.e. 192.168.100.10(my pre-determined router ip).

Notice, In above Image I have selected a subnet and setup ipv4 manually, look into method it's manual for "Network Manager" in linux, similar for windows, setup ip manually.

At this point If you got windows, turn off windows firewall in order to have the router access tftp server of your computer. for Linux you have to turn of firewall like this,
Check if firewall enabled, systemctl status ufw, if enabled and green!!, then
a. systemctl disable ufw,
b. systemctl stop ufw., this will disable ufw(linux firewall) completely.

Now Setup your router via cli in serial port with u-boot or cfe,

Old u-boot(default),

(I'm using subnet x.x.100.x),

set serverip 192.168.100.100

set ipaddr 192.168.100.10

If it's new u-boot from pepe's repo, then,

setenv serverip 192.168.100.100

setenv ipaddr 192.168.100.10

Now verify if ip addresses are correctly set with,
printenv

Now check if connection established bitween computer and router,

1. ping 192.168.100.10 (Check if server is live!!)

If connected then will see something like this,

gfx:/etc/conf.d$ ping 192.168.100.10

PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.

64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.368 ms

64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.265 ms

64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.282 ms

64 bytes from 192.168.100.10: icmp_seq=4 ttl=64 time=0.393 ms

If not connected, then retry reconnecting the wires and try ping again

If it's connected then,

2. tftpboot 0xa0800000 tftp-boot-file(Yr dd-wrt/openwrt rom)

Example,

ar7240> tftpboot 0x80000000 openwrt-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin
Using eth0 device
TFTP from server 192.168.1.100; our IP address is 192.168.1.111
Filename 'openwrt-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin'.
Load address: 0x80000000
Loading: checksum bad
#################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         #################################################################
         ######################################################
done
Bytes transferred = 3932160 (3c0000 hex)

With above commands you have loaded your new router boot file/image into routers ram!!

Now erase your routers current firmware from flash rom,

3. erase 0x9f020000 +0x3c0000

Please note that above "+0x3c0000" Memory location is mentioned after loading new rom image into routers ram i.e. "Bytes transferred = 3932160 (3c0000 hex)"

Now, Copy Ram content to flash
4. cp.b 0xa0800000 0x9f020000 0x3c0000

Now boot router with newly installed openwrt rom(in this case),

5. bootm 0x9f020000

If booting successful you will be greeted with messages similar below(Serial Console or SSH),

====================================================


BusyBox v1.25.1 () built-in shell (ash)                                         

     _________                                                                  

    /        /\      _    ___ ___  ___                                          

   /  LE    /  \    | |  | __|   \| __|                                         

  /    DE  /    \   | |__| _|| |) | _|                                          

 /________/  LE  \  |____|___|___/|___|                      lede-project.org   

 \        \   DE /                                                              

  \    LE  \    /  -----------------------------------------------------------  

   \  DE    \  /    Reboot (17.01-SNAPSHOT, r3909-b6a1f43075)                   

    \________\/    -----------------------------------------------------------  

=== WARNING! =====================================                              

There is no root password defined on this device!                               

Use the "passwd" command to set up a new password                               

in order to prevent unauthorized SSH logins.                                    

--------------------------------------------------                              

root@LEDE:/#

===================================================

If you find you are in boot loop or not booting new firmware, Please do not panic. You can go back to your original firmware if you have done the backup mentioned previously or if you got a stripped original firmware file from vendor site.

Use above commands and reflash to get back to working original firmware,

1. ping 192.168.100.10 (Check if server is live!!)

2. tftpboot 0xa0800000 wr841nv3-3169-160612.bin(Yr tp-link downloaded fimrware file)

3. erase 0x9f020000 +0x3c0000 (note the last 3c0000 address)
4. cp.b 0xa0800000 0x9f020000 0x3c0000 (Copy ram contant to flash chip)

5. bootm 0x9f020000 (Boot Router to new flashed image)

For Information about current boot environment variables you can do,

6. printenv

uboot will show all available commands in env. variable.

If you have uboot or cfe you can use,
7. help
It will show you all available commands for you to use.
For most u-boot/cfe using,
7a. help <command> i.e. help ifconfig, will show how to use that command!!

Note : In some routers u hv to note down yr Hardware or mac address as it may get changed, u hv to change it back to original. It is also printed in the back sticker of your router!!

If you have successfully flashed openwrt then the first thing you should do is make a backup of your current firmware i.e. openwrt and other tools i.e. u-boot and art partition like this,

cat /proc/mtd (Check which is art, u-boot and firmware),
cat /dev/mtd0 > /tmp/uboot_backup.bin
cat /dev/mtd4 > /tmp/art_backup.bin
cat /dev/mtd5 > /tmp/firmware_backup.bin

Another way(Online with firmwares with boot in it i.e with bootloader),
ls /dev/ (Verify if mtd4 is art and mtd0 is uboot)
dd if=/dev/mtd4 of=/tmp/art_back2.bin (art back here)

Note : U need to copy above art backup i..e art_back2.bin to yr computer with scp...see below how to scp

After you have flashed you need to update openwrt,
1. ssh root@192.168.1.1 (whichever ip now i.e. openwrt starts with 192.168.1.1 or 192.168.0.1)
1b. change password first, issue passwd command and change password to yr liking.
1c.then reboot system...

Then copy upgrade file to tmp dir,
scp /srv/gtftp/lede-ar71xx-generic-tl-wr841-v12-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/

sysupgrade /tmp/lede-ar71xx-generic-tl-wr841-v12-squashfs-sysupgrade.bin

reboot system again
at this point you should be connected to internet, if not you will need to connect via web interface or command line, web preferred.

issue, opkg update
issue opkg install luci (if u have not added luci during compile time, or using pre-build images without luci)
issue, /etc/init.d/uhttpd enable
/etc/init.d/uhttpd start
then go into 192.168.1.1(from yr web browser) and change ip of router to 192.168.x.x(whatever subnet u prefer) and reboot.

2. Broadcom CFE : If the router got broadcom SOC(System on chip) then you will likely have CFE as boot loader. You need to switch on the router and at the same time keep "Ctrl-C" i.e. Control C keys pressed and boot loader will stop booting existing firmware and will stop at it's cli/command prompt!!

Please note, all this broadcom routers use trx files with no extra headers, to flash from serial console I have used following sequence of commands,

NOTE : Press and hold Ctrl-C Right before switch on router to go into CFE!!!!

I had setup a tftp server hpa-tftp in my arch linux box at ip 0.0.0.0:63(I use it for many other flashing!)

ifconfig eth0 -addr=192.168.1.11 -mask=255.255.255.0 -gw=192.168.1.4 -dns=192.168.1.4

Connected router with my computer with any of the lan ports.

nvram erase

flash -noheader 192.168.1.4:tomato-K26USB-1.28.9999MIPSR2RAF-TendaN6.trx flash1.trx

then just do reboot on CFE command prompt.
after boot up,
use nvram erase again. and reboot to go into fresh and clean tomato install.

To backup cfe and flash files(From within cfe), I have instructions before, please find them, they are everywhere if u look close enough like,

save 192.168.1.4:fh305.cfe BC000000 20000

cfe size total = Boot partition size = 131072(0x20000)
Rom total size is : 1048576 = 100000 Hex. ( 1 MB)
So total Rom,
save 192.168.1.4:fh305full.bin BC000000 100000

Tenda fh305 only got id starting from vlan1 and tomato sets vlan1 as wan, which is incorrect for this router(It was expecting vlan0 for lan ports). All I did set vlan1 to Lan ports and vlan2 to wan with ofcourse adding cpu flags which is also different from most other routers.

To Configure the vlan for tenda fh305 in tomato Commands I have used,

nvram set vlan1ports="1 2 3 5"
nvram set vlan2ports="0 5"
nvram set vlan0ports=""
nvram set manual_boot_nv=1
nvram commit
reboot

============================================================
My Profession : By trade I'm a Software Engineer. But I Love trading currency or Forex markets and trade mostly eurusd markets. So I needed a reliable and dependable router system that I think openwrt or tomato can provide with a good ISP. I trade with reputable International Forex brokers.

To know how to do Forex Trading go here : Forex Trading: My regular source of income

For signals on eurusd go here My Forex Trading Journal

Monday, September 10, 2018

Router Serial or UART Port: How to find and Configure

I received several e-mails regarding how to find out the serial port on the router motherboard or PCB. It's actually very easy on most routers.

Disclaimer : Modification of Hardware or Software has a possibility of Bricking an Embedded Device, such as a router. Please do the Below Procedure(s) on your own risk...

Test Case Tp-link archer c50 AC1200 routers.

If you look close into the image, You will clearly see a 4 pin connector, most of the times all 4 pins connectors are serial risers. In recent routers almost all routers got 4 pin serial connectors like this.

All you have to do is, find the Tx/Rx and Ground pins. Vcc is not required but good to know which of the 4 pins is a vcc. We shall note it and no connect any pins to it!!

You will need a multimeter to test to know which of the pins are tx/rx and ground/vcc.

1. First try finding the ground pin of the UART. Keep router powered off. Get a Multimeter and get it into Diode test/Continuity test/Short test mode. Connect one pin of MM to one of the pins of the UART and Another(gnd/black) connect to one of the Antenna connector or Antenna connector solder point(whichever available for your router). In our archer c50 case there is Antenna connectors but not the cheaper antenna solder point. Here we are using Antenna connector as the ground plain of the router. If There is continuity from antenna connector to the UART pin that is connected to MM then that is our UART Ground point, if not test all of the pins one by one to find which is Gnd(ground), MM will provide a continuous Beep and Diode test light will light up depending on the MM, while MM connector is on the ground pin of the UART. This test is actually checking which pin is connected to the router boards ground plain. It's like connecting one single wire in two different points and MM starts to beep/light as these two points/pins are shorted to ground i.e. ground pin.

2. Now Try find the Vcc pin. We must know which pin got constant voltage of V3.3. Now Connect MM Black lead to the Antenna connector And another to one of the 3 remaining pins. Now Connect the router to power and observe very carefully what happens. Keep an eye on the leds of the router. As soon as Led shows power on...Very carefully observe if we are getting Voltage of 3.3 Consistently throughout the Entire boot process of the routers. You will know your router, as soon as booting finish all the light starts to blink or some constantly lit. The pin that got consistent 3.3volt(or close), no change in voltage, is your UART VCC pin.

3. Now try finding the Tx or Transmit pin, this is the pin router sends data through the Serial UART. Now again connect MM Black/Gnd Lead to Antenna point and Another to one of the 2 remaining pins of the UART. Now, Power on the router. Observe very carefully, if you find voltage spikes throughout the boot process of the router, then that is your Tx pin of the UART. As data passed through the Serial port, Voltage will go up and down and as such get voltage reading ranging from few milivolts to full 3.3 volt. After booting finish voltage should stabilize at somewhere around 2/3 of the full 3.3 volt. But as it's a router, as soon as connected to internet user programs starts to connect to net & voltage spiking may not stop. so common to have 0.5 volts to 2.xx to 3.3 volts. on Tx pin.

4. Remaining pin is very tricky. Rx pin can have same voltage as Vcc or it can go short to ground or remain/hang in somewhere in between 0.5 to 3.3 volts.

But we already got the Gnd, Vcc and Tx pin. If Tx/Rx is wrong, no problem, You will get garble from the serial port to your Serial comm program. If so just swich Tx/Rx and should get clear text while booting.

Problems in Soldering :: If u still get garbled text then may be ground pin of the serial UART not soldered properly. Try resolder all pins. If You can see text clearly in the comm program but whatever is typed isn't shown, then probably poor soldering quality. Either you shorted Rx pin to ground or Dirty solder at Rx pin!! Re-do your soldering.

Your Serial comm program should be in Baud rate of 115200 and 8-n-1. Do not turn on Hardware flow control, as we are not using DTS/RTS pins, not available, as it's not a real modem!!

Software flow control should also be turned off by default.

Test case 2 Tp link tl-wr802-v1

If you see the image on your left, it's a tiny little older tplink router with USB ports. Here is no clearly pointed out Serial UART port. But It's more visual finding the correct serial pinout spread all over the tiny board.

There are 4 pins clearly marked.

1. Tp_out, which is Rx pin, Tp_In, which is Tx pin of the router. There is Tp3v3, which is Vcc of 3.3volts. There is another one which is TP3, Verify with MM whether it's connected to ground plain i.e. The Antenna connector and other exposed metal like the outer shell of the USB or UTP Connector(Network connector) port(outer shell only). If it passes continuity test then use TP3 AS your ground.

TP3V3 has to be measured while router is booting. If as usual you find consistent 3.3 volt in TP3V3 then that is your Vcc. Try finding the other pins as outlined in the First router case.

Test case 3 Xiaomi mi router 3

This is a Mediatek router made by xiaomi. Here the UART is clearly marked. But as wise men say, always verify what is said is true or not!! So, verify the pins as per test case 1 and 2, or else if u connect your Serial TTL converter to vcc, your router may burn out or to the least your serial converter will short out for sure.

Test Case 4 Tp-link Tl-wr840n-V4(EU)

As seen on Last case No 3, this tp-link router also have it's serial port UART marked clearly. All pins are marked. But as said before You must verify as what is marked on the router. Verify all the pins i.e. Tx - Rx - Gnd -Vcc, as like test case No.1

Now I have my serial UART port figured out, What and how I'm going to use it. It's a bit tricky and risky now. First You need to solder a 3 pin riser to the Serial port you have seen so far. It's same for all modem. If you are unable to do soldering or are afraid, which is to be expected, You can go to a local Electronic repair shop and request to connect the pin header or some wires to the UART/Serial Interface, and you are done.

Now You will need a USB to Serial TTL Level shifter/converter. You can order in your local electronic shop. Best so far are CP2102 for Tp-link, Tenda or asus or any other router. There is also pl2303 which also will work. Last but not the least is the ch341a which is a TTL Level shifter along with a SPI(Serial Programming Interface) programmer, that you can use to program the routers flash chip and all above are very very cheap around $2.50 to $3.00. Here are the photos of them here,

Left is cp2102

Right is ch341a

Bottom pl2303

You will see pin header/connector in all of the above, just connect your router's UART or Serial Port Tx/Rx and Ground pin like this, Router Tx->Converter Rx, Router Rx->ConverterTx, Router Gnd->Converter Gnd.

WARNING!: Some people reported they fried their router connecting the voltage pins despite it isn't necessary. NEVER connect voltage pins when using USB adapters unless you know what are you doing. Unless you need to power the device, you don't have to connect the voltage pins. And you usually don't need to power it this way - use the router power supply.

Pls. Do not connect any pins or headers to the router or the Converter's VCC connector. This is very very Important, otherwise Your converter or router or both may be damaged/burned/shorted.

Please review the Image above, one is cp2102 another is ch341a used as a TTL Converter Instead of a Programmer

Now You need to Install a Communication program if in windows. There is one Modem dialer but prefer Putty, Download and install from here,

https://www.putty.org/

Now After connecting the TTL Converter to Router and Computer, Pls. keep the router turned off. Now Check in windows "Device Manager", In which port the TTL Converter connected, if nothing shown, then You will have to install the Driver for cp2102 or ch341a from internet. Just search in google "ch2102 Driver download" or "ch341a Driver Download" and go to the First available link to download them, You have to install the driver and then Disconnect and reconnect the TTL Converter/adapter, while keep Device manager window open and you will see live the device connecting!! to virtual com port assigned to the serial adapter.

If you do not install driver it should be like above, not detected properly

If you install serial adapter driver it should look like above

For Linux if you got Latest 4.xx kernel then no worries it got drivers in the lib. and dmesg it to see in which port connected, usually ttyUSB0 or ttyACM0 etc. Like below,

Now you need to start putty and then setup serial connection to the converter port i.e. port com5 or so(whatever reported in device manager)...for linux just start minicom with ttyUSB0 etc.

After startup the Putty or Minicom now switch on the router, TTL Converters light will get lit and watch the router boot log live in the serial port window like below,

For Myself I Also use TL866 II plus programmer as seen here

If you need firmware for some Tp-link routers(popular) please visit this page.

===================================================================
My Profession : By trade I'm a Software Engineer. But I Love trading currency or Forex markets and trade mostly eurusd markets. So I needed a reliable and dependable router system that I think openwrt or tomato can provide with a good ISP. I trade with reputable International Forex brokers.

To know how to do Forex Trading go here : Forex Trading: My regular source of income

For signals on eurusd go here My Forex Trading Journal

Sunday, September 9, 2018

The Easy way out : Easy flashing without opening router!!

If u thing You can live with 4 mb flash/32 Mb ram, Or just want a stable router that do not hang or reboot unexpectedly, you can try Factory firmware recovery method. In this method You do not have to even open up your router. No need TTL adapter and as such.

But Be warned, with small flash and/or 32 Mb memory It's not possible to use the router other then for routing securely.

OK, here is the easy way....

If you have a tp-link router and it's 8xx series or 7xx series i.e. tl-wr840/841n or tl-wr-740/741 or tiny routers with USB port you can use factory recovery to install custom firmware such as openwrt or dd-wrt!!

Most people use windows, so I will go with windows installation steps here.

First download firmware from openwrt download page, use the latest version for your router.,
https://downloads.openwrt.org/
For DD-wrt go to their download page and search in beta folder here,
https://dd-wrt.com/support/other-downloads/
OR for actual recovery go to tp-link website to download firmware for your router..search for your router and if found go to download page for that router,
https://www.tp-link.com/en/

first of all, you need to set up a TFTP Server on your computer with IP 192.168.0.66/24. i.e. your computer address at 192.168.0.66, netmask 255.255.255.0 gateway to any address in subnet 192.168.0.x i.e. 192.168.0.86(your routers address!!, not important at this time). Please note that you are actually setting up your computer with tftpd server at static ip address of 192.168.0.66(Very Very Important).

Download tftpd32/64 (in same package) from below link and install in your windows. Setup a directory for your router to download your firmware file that you have downloaded from above sources of openwrt/dd-wrt or tplink website.
https://bitbucket.org/phjounin/tftpd64 or,
http://www.tftpd64.com/

1. Here comes the most important part,switch off your router and Connect a LAN port of your router to your TFTP Server machine(your computer).
2. Hold down the Reset button on the back of the router and switch it on till you could see the information below in the log viewer option.
3. Obviously, you have to press the log viewer at first, you can see the name was(requested by your router to your computers tftp server) :: routername_tp_recovery.bin. i.e. if it's tp-link tl-wr841n/nd ver 2 then file name should be wr841nv2_tp_recovery.bin. Here are some more names your routers bootloader may request if it's different version of tplink 841 or other router,
wr841nv8_tp_recovery.bin (for v8.x); for v9 wr841nv9_tp_recovery.bin; for v10 wr841nv10_tp_recovery.bin; for v11 and v12 wr841nv11_tp_recovery.bin. Note: You can find the version number of your router, on the back sticker of the router.
4. You may need to try step 3 several times.

5. Rename the file you have downloaded from above openwrt or dd-wrt or tp-link suitable for your router to the name your router is requesting for download i.e. to flash the image to your router via the bootloader, It's actually bootloader u-boot requesting for the firmware image(binary) file. So, rename according to what has been requested by the routers bootloader..if it's tp-link tl-wr841n version 9.x then it should be renamed to wr841nv9_tp_recovery.bin. Other tp-link routers such as wdr4300 ver 1.0 file should be wdr4300v1_tp_recovery.bin. For tplink tl-wr841hp ver3 it should be, wr841hpv3_tp_recovery.bin. Now copy that renamed file to your tftp server download directory that you have set while setting up tftpd32/64. Also Browse to the download folder ensuring the download path and file name is correct.

6. Now Switch off your router. Then hold down the reset button on the back of the router, while reset button keep pressed now switch on your router. After turning on the router keep it pressed until you see your router is requesting recovery file in the tfpd server log viewer window!! and a popup messag appears like below image,

7. Now wait for some time until router reboot itself, You will see router lights turning off and on again. If the flashing is successful you will be able to login to web interface of your router with your new firmware or recovered firmware. Pls. remember, if openwrt or tp-link or dd-wrt installed, router will restart at address 192.168.1.1 or 192.168.0.1, will also try assigning your computer a DHCP address, so after reboot, do not forget to change to "automatic ip or DHCP" mode in windows instead of set static ip.

Important Notes/Notice:
1. Your routers bootloader may not support this tftpd recovery mode. To make sure, you should try this method for some time, at least 10/15 times, giving 5 to 8 minutes time for each trial.
2. Some routers tftpd address may be different., i.e. Some tp-link router(u-boot bootloader) expects tftpd server at 192.168.1.66/24 which is a different subnet, so should configure your computer accordingly. So, In this case, Your computers ip should be 192.168.1.66, netmask 255.255.255.0 gateway 192.168.1.86 etc.
3. If the router's IP (192.168.1.1) doesn't respond to ping(after reboot), try clear ARP cache on your machine/computer, run in command prompt,
arp -d
4. After reboot if you have installed openwrt, login is, Login id: admin, password: none/empty. If it's dd-wrt login is: root or admin, password is admin, for tp-link it's id/pass, admin/admin

Warning: If your router firmware image name got boot in it(that you have downloaded from tp-link website for your router), meaning it got bootloader appended at the beginning of the firmware. In such cases if it's successfully flashed, your router may be bricked completely. Even serial console will not help in this case. U will need J-tag or external programmer to reload bootloader with firmware into your flash chip!!! If you wish to get a stripped of Bootloader firmware image i.e. firmware image/bin file without bootloader you can try downloading it from this website,

http://www.friedzombie.com/tplink-stripped-firmware/

But if you are using linux/unix variant i.e. freebsd, then it's a different ball game, u can easily strip the firmware of off it's bootloader with dd,
you will need to strip out the first 0x20200 bytes (131584 bytes),
dd if=orig.bin of=tplink.bin skip=257 bs=512 (dd is a linux command line tool)

But after flashed, if router not booting but light up(router leds) and system or power light flashes rapidly or any other led light flashes, that means not everything is lost. You still got a functioning boot loader signalling you that you have flashed the wrong firmware. In such case if you try going into 192.168.1.1 or 192.168.0.1 You may find web interface of your bootloader(Emergency web enabled) and you can flash another firmware carefully selected for your router by you!!. Even if you do not get the web interface, no worries, you can still flash another firmware image/bin file with TFTPd method, explained in detail above.

====================================================================
My Profession : By trade I'm a Software Engineer. But I Love trading currency or Forex markets and trade mostly eurusd markets. So I needed a reliable and dependable router system that I think openwrt or tomato can provide with a good ISP. I trade with reputable International Forex brokers.

To know how to do Forex Trading go here : Forex Trading: My regular source of income

For signals on eurusd go here My Forex Trading Journal

Saturday, September 8, 2018

Many routers hardware slowdown overtime why ?

As we know many cheap routers slow down and start to falter over time. I have seen routers starts to deteriorate within a year of usage.

Why o why this happens?? But this doesn't happens to expensive routers such as cisco, asus, linksys etc.!!, at least not within 2 to 3 years of usage.

There are two things matter in this ,

1. Hardware : Most cheap routers use cheap Electrolytic capacitors that degrade within a few months of usage!! Also to cut costs they use small size ram chip and tiny flash chip. Which is a constraint on the CPU and surrounding components. Also to cut cost they do not use heat dissipating elements over the tiny cpu's they got, as a result after a while dust build up and cpu gets really really hot and melts other parts, such a tiny VRM components such as SMD Mosfets and capacitors. They use wifi amps but do not use proper antenna, this also puts pressure on the wifi modules and wifi part of the CPU. Ovarall heat buildup really aggravates cpu and other component efficiency and router starts to slow down very quickly after power up.

2. Software : Usually cheap router vendors do not use proper software along with the router hardware. The problem with cheap WiFi routers aimed at consumers is there is no need to write decent software. They only have to appear to work when first turned on so they don’t get returned to the shop. Over time they fill their internal tables, have memory leaks and other failures due to poorly written and tested code. The easy way to work around this is simply to power cycle the router but that sucks in a busy and active environment.

Anyone can buy high quality routers from Cisco and similar companies and they will run indefinitely without slowing down. While the hardware is sightly better quality the real difference is the software. It is properly written and tested so does not slow down.

But anyone can have the best of both worlds with OpenWRT or Tomato or DD-WRT. OpenWrt/DD-Wrt is Linux based open source software designed for routers that will run on some of the cheap routers, so is Tomato(for broadcom). Many cheap routers are not supported due to their lack of memory but some are supported. I have routers that I paid less than $20 for that can run OpenWRT and they are rock solid and will run as long as I want without slowing down. If you do your home work and find a router that supports OpenWRT you will not regret it and a decade later when you replace it get another that runs OpenWRT again and you find you already know how to use it because it has the same core design as the older one.

Router Placement and Interference : Placing a router also has negative effect on it's performance. Always try placing router in the middle of the house or if not possible then add another as repeater. Interference from other wifi routers do effect badly with wifi connection, but good software like Openwrt will help negate that effect!! i.e. very closeby router at the same channel of your wifi router, Openwrt can and do detect it and change channel, but tenda with it's crappy eCos will remain in that channel and Outcry that "Wifi gone", in the house among the children will be heard in the office over the phone!!