Please, Don't be afraid, it's actually very easy to do the modding just for the firmware. If u'r using routers produced on or after 2016, you are ok. I would recommend to get a tp-link router, notably tp-link tl-wr841n/nd.
Now, lets get into the business. You will need the following items to do the modding. You will need some wires with connectors, pins and a usb to serial/UART TTL converter circuit. I would recommend to get a cp-2102 converter. There is another one, It's pl-2303 Serial to TTL Converter. It's also feasible to buy a cheap ch341a Bios programmer, that u can also use as a usb to serial TTL adapter, chip ch341 got UART to TTL conversion circuit inside.
The Items in picture on the left are, 1. ch341a programmer. 2 Some pins to connect in the serial riser/port. 3. a cp-2102 USB to serial coverter/adapter. 4. Some wires. U can get either of the item 1 or 3 or both.
In the Image below(2nd. image/photo): Ram and Flash chip, You might need them in case u want to replace the flash chip and ram chip. In recent routers might not be needed.
You will also need a soldering iron, some solder etc. If u'r afraid to do soldering, Can get someone experienced in electronic work (in your local electronic shop) to do the job for you.
In some recent routers, serial port/riser are clearly marked, Please review the 3rd. image/photo. Also the antenna point got a connector in this router. Please review carefully.
In 4th. image Connection to serial converter to the computer and router shown. Extra extension cord connected to a USB port at the back of my pc running linux.
To get the Bootloader prompt before loading of default firmware, There are some procedures needs to be followed.
For CFE(Common Firmware Environment) : In broadcom based routers CFE is the boot loader. To get the cfe prompt, All I do is, Just after switching on the router, I keep "Ctrl-C" Pressed, Until I get the cfe prompt. Remember, Keep Your Left Ctrl Key and c key pressed but must switch on router first. If u do not keep "Ctrl-C" pressed there is very little time and cfe
Will boot into the existing firmware/os in the flash chip.
For U-boot(For Atheros and Qualcomm Atheros Based Routers) : I think U-boot is more advanced then cfe. If it's tp-link router with u-boot, Right after bootloader u-boot boots, It waits for 1 second and within this 1 second needed to write "tpl" and press enter to stop booting into existing firmware resident in the flash chip!! I never could do this, guess I'm not fast enough to do all that typing and press enter within 1 second. So What I did I programmed minicom to start with modem initialization code of "tpl" and enter(auto pressed) as soon as started. So All I do is, switch on the router and as soon as the power light is on, I start minicom and it initialize the router with "tpl" and I get the boot loader prompt!! Now I have also found out that there is u-boot modification by some one named pepe-2k and that u-boot if supported, can boot most tp-link and other routers. Here is the URL to download the pepe-2k prebuild u-boot images,
https://github.com/pepe2k/u-boot_mod/tree/master/original_u-boot_images
Do not wish to compile from source ?, then above url got all the prebuild images i.e. for Atheros/QCA Atheros cpu other routers. Please note that If your router is tl-wr840n v2/v3 with QCA9533-BL3A/AL3A or plain QCA9533, then u-boot for tl-wr841 v9/v10/v11 will work just fine as they share the same cpu/SOC!! i.e. both got qca9533-bl3a/al3a.
The reason I'm sharing above boot loader info:: The latest u-boot modification by above pepe2k user, made it much easier to get the bootloader prompt, You don't have to do 'tpl" enter, You can just start up your router and when it waits for a socond(1 second wait time) you just press "Esc" i.e. escape key on your keyboard, and walla u-boot stops booting existing firmware and yields a boot prompt.
Please also note that a tftp server needed to transfer custom image/rom from your computer to the routers memory. For Windows Just download and use tftp32 or tftp64 depending on your windows version. Setting it up is easy, Just select a directory anywhere even in yr desktop will do. For linux default for arch linux is tftp-hpa, and It needs a small config file. My config is as below,
TFTP_ADDRESS="0.0.0.0:69"
TFTPD_ARGS="-c --secure /srv/gtftp/"
and Started with systemd i.e.
1. systemctl status tftpd 2. systemctl enable tftpd 3. systemctl start tftpd.
systemd deamon response on command line/cli/terminal,
● tftpd.service - hpa's original TFTP daemon
Loaded: loaded (/usr/lib/systemd/system/tftpd.service; enabled; vendor prese>
Active: active (running) since Mon 2018-07-06 14:23:40 +06; xx-min ago
Main PID: 456 (in.tftpd)
Tasks: 1 (limit: 4915)
Memory: 328.0K
CGroup: /system.slice/tftpd.service
└─456 /usr/bin/in.tftpd --listen -c --secure /srv/gtftp/
Now, lets get into the business. You will need the following items to do the modding. You will need some wires with connectors, pins and a usb to serial/UART TTL converter circuit. I would recommend to get a cp-2102 converter. There is another one, It's pl-2303 Serial to TTL Converter. It's also feasible to buy a cheap ch341a Bios programmer, that u can also use as a usb to serial TTL adapter, chip ch341 got UART to TTL conversion circuit inside.
In the Image below(2nd. image/photo): Ram and Flash chip, You might need them in case u want to replace the flash chip and ram chip. In recent routers might not be needed.
You will also need a soldering iron, some solder etc. If u'r afraid to do soldering, Can get someone experienced in electronic work (in your local electronic shop) to do the job for you.
In some recent routers, serial port/riser are clearly marked, Please review the 3rd. image/photo. Also the antenna point got a connector in this router. Please review carefully.
To get the Bootloader prompt before loading of default firmware, There are some procedures needs to be followed.
For CFE(Common Firmware Environment) : In broadcom based routers CFE is the boot loader. To get the cfe prompt, All I do is, Just after switching on the router, I keep "Ctrl-C" Pressed, Until I get the cfe prompt. Remember, Keep Your Left Ctrl Key and c key pressed but must switch on router first. If u do not keep "Ctrl-C" pressed there is very little time and cfe
Will boot into the existing firmware/os in the flash chip.For U-boot(For Atheros and Qualcomm Atheros Based Routers) : I think U-boot is more advanced then cfe. If it's tp-link router with u-boot, Right after bootloader u-boot boots, It waits for 1 second and within this 1 second needed to write "tpl" and press enter to stop booting into existing firmware resident in the flash chip!! I never could do this, guess I'm not fast enough to do all that typing and press enter within 1 second. So What I did I programmed minicom to start with modem initialization code of "tpl" and enter(auto pressed) as soon as started. So All I do is, switch on the router and as soon as the power light is on, I start minicom and it initialize the router with "tpl" and I get the boot loader prompt!! Now I have also found out that there is u-boot modification by some one named pepe-2k and that u-boot if supported, can boot most tp-link and other routers. Here is the URL to download the pepe-2k prebuild u-boot images,
https://github.com/pepe2k/u-boot_mod/tree/master/original_u-boot_images
Do not wish to compile from source ?, then above url got all the prebuild images i.e. for Atheros/QCA Atheros cpu other routers. Please note that If your router is tl-wr840n v2/v3 with QCA9533-BL3A/AL3A or plain QCA9533, then u-boot for tl-wr841 v9/v10/v11 will work just fine as they share the same cpu/SOC!! i.e. both got qca9533-bl3a/al3a.
The reason I'm sharing above boot loader info:: The latest u-boot modification by above pepe2k user, made it much easier to get the bootloader prompt, You don't have to do 'tpl" enter, You can just start up your router and when it waits for a socond(1 second wait time) you just press "Esc" i.e. escape key on your keyboard, and walla u-boot stops booting existing firmware and yields a boot prompt.
Please also note that a tftp server needed to transfer custom image/rom from your computer to the routers memory. For Windows Just download and use tftp32 or tftp64 depending on your windows version. Setting it up is easy, Just select a directory anywhere even in yr desktop will do. For linux default for arch linux is tftp-hpa, and It needs a small config file. My config is as below,
TFTP_ADDRESS="0.0.0.0:69"
TFTPD_ARGS="-c --secure /srv/gtftp/"
and Started with systemd i.e.
1. systemctl status tftpd 2. systemctl enable tftpd 3. systemctl start tftpd.
systemd deamon response on command line/cli/terminal,
● tftpd.service - hpa's original TFTP daemon
Loaded: loaded (/usr/lib/systemd/system/tftpd.service; enabled; vendor prese>
Active: active (running) since Mon 2018-07-06 14:23:40 +06; xx-min ago
Main PID: 456 (in.tftpd)
Tasks: 1 (limit: 4915)
Memory: 328.0K
CGroup: /system.slice/tftpd.service
└─456 /usr/bin/in.tftpd --listen -c --secure /srv/gtftp/
No comments:
Post a Comment