Can you please upload new images? Thanks a lot.
I updated the images. They are customized according to my needs (check config.buildinfo) but that shouldn't be a problem.
Hi all
I made a mistake when trying to revert my device to stock firmware.
Now it's just sitting with the power light on.
I can get it to boot and pull an image from TFTP, but still nothing.
I've tried the stock TP link binary, and the squash-fs factory (renamed to TL-WA1201v2_tp_recovery.bin so the tftp boot picks up the file).
Please can anyone assist in unbricking?
Thanks in advance
Uri
Unfortunately
What mistake?
Hey, thanks for the speedy reply!
Uploaded the stock Tp-Link firmware via the web OpenWrt UI. D'oh.
I understand these things are always done at one's own risk etc...just seems if the device is still able to look for a recovery image via tftp perhaps something can be done?
You'll probably need serial, to investigate further.
The bootloader might pull the firmware from your tftp server and then check it and decide that it doesn't want to flash it. Only the uart/serial output might shed light on that.
But for that you need to open the case anyway and attach a ttl converter and in that case you might as well just flash the firmware correctly via bootloader.
Problem is that I don't know how to open the device without damaging it. Bluewww did it somehow but I can't say if he broke any taps in the process which would definitely void the warranty.
Meanwhile I wonder: have you tried flashing the openwrt factory image the same way via the tftp recovery? That might just work.
Hey Bob
Tried the openwrt factory image with the same result.
I got it open with a bit of brute force, as it's toast anyway.
Sadly there isn't a nice looking header on the board, but I can see 3 TINY dots labelled as follows:
TP_GND
TP_3.3V
TP_UART_IN
Is that what I'm looking for to manually solder in a suitable USB serial cable?
@bluewww is the one who had the device open. I can only look at the bad photos TP-Link sent to the FCC and those aren't good enough to make out anything: https://fccid.io/TE7WA1201V2/Internal-Photos/18-Internal-Photos-4633115.iframe
My devices are currently in production, so even if I wanted to break them open, I can't easily replace them right now.
But he says in his very first post here that Uart/serial is exposed on three test points. I can only wonder if that means that your TP_3.3V is the UART_OUT pin. I'm just not sure about that.
Maybe post a photo with good quality so we can actually see what is printed on the board and I'll have a look.
Apart from that the serial connection of such devices usually consists of 4 pins: 3.3V, TX, RX and GND.
You definitely need GND so the device and your PC share a common ground so both ends have a reference to even know what 5V is for instance.
You definitely DON'T want to touch the 3.3V because that can lead to your PC damaging the device or vise versa. The PC has its own power supply and so does the device.
RX (your TP_UART_IN) is used to receive commands from your serial console on your PC.
TX is used to transmit whatever the device wants to print to your serial console. And without that you're flying blind.
So either the TP_3.3V pin is the TX pin or we have to find that first.
1 Like
More awesome info, thanks Bob!
I am struggling a bit for pics to come out well, perhaps these help?
TBH Even if we identify the correct points I doubt my soldering skills are up to it, but perhaps this will help someone else.
Going back to the "blind" TFTP, I did have a look at the traffic with wireshark and it does seem to be transferring an image but then not "doing" anything with it. Perhaps these images need to be trimmed?
Having said that, the image is going in 2-3 seconds which seems suspiciously fast to me...?
Trying the TP-Link firmware or any of the openwrt images doesn't work.
Maybe bluewww can weigh in also?
The bootloader might load the image into RAM just fine, but you don't know what it does after that. It might be checking the image for some checksum or there might be some other problem and that will only present itself via the serial console.
If those are the only three pads you see then you could try TP_3.3V with a multimeter against TP_GND and see if the voltage fluctuates. If it does then that might be TX. But I would rather wait for bluewww to tell you what is what.
Bit out of my depth but I did connect a multimeter to TP_3.3V and TP_GND (I think that is what you meant?).
On reboot with reset pushed and TFTP set up, the power reading spikes twice from 2.9v to 3.0v. That pattern is repeated on every reboot.
Does that make it likely that these are useful spots?
Yes, that's what I meant. If TP_3.3V was the actual Vcc pin then it would read 3.3V constantly. Since you checked and it doesn't that means that it's the TX pin of the SoC and you can connect that to RX of your TTL usb dongle.
Now knowing what connector of the usb dongle needs to be connected to which pad, you can use that together with a serial monitor application (like putty if you're using Windows) and can see what the bootloader spits out.
I'm pretty sure the pads were named something like
TP_UART_IN
TP_UART_OUT
and
TP_GND
One of the UART test pins is hidden in the metal casing which you have to pry of with a screwdriver.
I can make a photo of my device's PCB if you want. It still has the serial wires soldered onto it.
AHA!
Thanks for the reply on this bluewww - a pic would be very helpful, thankyou!
Also, have you had to do a TFTP recovery for this device, and if so which image did you use?
Guess I was wrong with my assumption then. Just strange that the Vcc pin only reads 2.9V. I would have imagined that this would only happen because the multimeter doesn't display the fast change of voltages while characters are sent (if it was the TX pin).
About your bricked device:
Here is a similar bricked TP-Link device after trying to flash the stock firmware: EAP245 (US) V3 - Soft bricked
Might be the same reason your device is now soft-bricked.
But you should of course first get serial console access so you can see what the problem actually is.
About flashing the stock firmware:
I didn't know that either until now because I have no desire to go back to stock on my devices but it seems that if you want to do that then you have to compile the tplink-safeloader.c and convert the stock firmware to a sysupgrade firmware as talked about in this reply: Adding OpenWrt support for TP-Link EAP245 - #145 by svanheule
That of course only works if you have a running OpenWrt firmware on the device. So first get access to the serial console to see what error it spits out.
More great info, thanks very much indeed.
Well, I now have a soldering iron and am ready to ruin...I mean solder some wires to the board.
I took off the cover and saw the extra pin (attached).
When using the various methods to check the pins (i.e. here: https://blog.manchestergreyhats.co.uk/posts/hacking-home-routers-for-fun-and-practise/), am I right to think that the metal frame for that shield is GND?
Thanks again all, great learning experience
As a soldering beginner, you can easily (but inadvertently) combine the one with the other.
Rule #1 for beginners: Don't overheat the board by repeatedly holding the soldering iron for extended periods of time onto the board. Soldering a wire to the board should not require more than 5sec (!) of the soldering iron in contact to the board, per wire.
Fantastic, thanks all!
Out of interest, what wire did you use to make the connections?
Step 1 for me is soldering.
Step 2 will be connecting to a terminal. I may try and use the gpio header on a raspberry pi and minicom. If not a USB dingle will be the way to go.