Of bricked routers and recovery

This is the epic tale of flashing a TP-Link TL-WDR3600

I was excited, the router I had ordered from Amazon had arrived, I knew after LOTS of research that I was going to Flash a compatible alternative firmware on it, I had looked at DD-WRT, Gargoyle-Router, SuperWrt, ofmodemsandmen but had decided to go for OpenWRT as I thought it would represent a nice learning curve that I could learn from installing and configuring.

I waited for the kids to be in bed , then I started after reading the warnings about being careful, I had located the correct OpenWRT firmware and downloaded it ready, I had been in two minds about whether I could be bothered actually updating the the stock firmware, but thought “what the heck lets do it!”, later this action would pay off, big-time.

So I updated to the latest stock firmware , and after a thorough restart and factory reset had a clean router ready for OpenWRT, every thing went smoothly it was about 2230 at this point , and my two youngest had decided to have a loud conversation/disagreement on something, I was due to start configuring , but wanted to connect to my ISP first , so I had selected LAN, and changed the setting to PPPoE , the kids got louder, so I hastily confirmed the setting and went through to the room to quiet them down as it was late.

It was just as I reached my desk that I realised, I had selected LAN, not WAN! and as it was confirmed , it had changed , I tried many ways to get back into the settings and but was unable to get in access, no LAN, WLAN, SHH or telnet connection was possible, so I stared , almost in tears of stupidity at my recently purchased paperweight with lights…

Unbricking a TP-Link TL-WDR3600

I had bricked my brand new router, it was not a nice feeling, and I was caught in a mix of anger and a state of panic. Then just as I was trying to think of a way to claim under the warranty , I remembered, one of the functions that the latest stock firmware had given the router.

TFTP recovery mode!!

I got my phone and googled for OpenWRT TL-WDR3600 recovery , there was a section on the OpenWRT wiki for recovering the router in this circumstance, however it was not 100% clear what to do , as the section ended with (paraphrasing here) – “once you see this behaviour place the renamed file in to tftp root ”

I did not fully understand , however after reconnecting via the previous router I installed both tcpdump and tftp-hpa, the following is a condensed/abridged version of how I managed to get the router re-flashed with the latest stock firmware to enable the re-flashing of OpenWRT.

 pacman -S tcpdump tftp-hda 

I then reconnected to the LAN1 port with the router off, then typed

tcdummp -ni enp3s0 arp

then switched the router on while holding the reset/wps button, releasing when the wps light come on (its the one end that that looks like refresh/reload arrows) at this point you should see

ARP, Request who-has 192.168.0.66 tell 192.168.0.86, length 46

which confirms that the router is looking for a TFTP server with a file , but times out as its not able to see where it should be (at 192.168.0.66)

so now you have to have a TFTP server running with the firmware available at the TFTP server root. knowing that my pc would need to have the right IP address I changed it and made it ready.

ip addr add dev <ethernetdevice> 192.168.0.66/24

ip link set <ethernetdevice> up 

After trying what follows a few times with the OpenWRT firmware and failing , I decided to try the stock firmware. however as the firmware had the word “boot” in it , I had to “trim” the firmware as per the OpenWRT wiki.

dd if=downloaded_firmware_with_boot_in_name.bin of=wdr3600v1_tp_recovery.bin skip=257 bs=512 

I then needed to put the recovery firmware into the “root” of teh TFTP server,

cp /wdr3600v1_tp_recovery.bin /srv/tftp/

and then started the TFTP server

 systemctl start tftpd 

then with the router OFF I used the following as noted in the OpenWRT wiki

tcpdump -npi enp3s0 udp

Then once again while holding the wps button turned on the router, releasing the button once the wps arrows light came on.

Then after a flurry of lights , the router restarted !

I quickly stopped the TFTP server

systemctl stop tftpd

I then waited for the lights to settle and launched Firefox and logged into the router stock firmware! , at this point it was 0200hours and time for bed.

I was able to re-complete and configure the Flash to OpenWRT the following day. (today)

I really, really hope that my Tale helps others in a similar position, and serves as a warning not to rush or be distracted by other things while flashing firmware in a device

Jase

Advertisements
Of bricked routers and recovery

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s