Adding OpenWrt support for TP-Link Archer MR200 V5.3

gurangax · September 18, 2023, 6:48am

ok will try to flash back to stock on my mr200v5 and find solution

gurangax · September 19, 2023, 4:14am

I found the problem.

Blockquote
Copy 0x80080000 to 0x00020000, count 0x7A0000

so it copies the firmware only till 0x7a0000 and there are still datas after 0x7a0000 for v5. v4 doesnt have datas after 0x7a0000 that explains why it works for that file. Now we need to find a firmware that doesn't have datas after 0x7a0000, or modify the bootloader so it can write further ahead or we can use openwrt to write the firmware. anyways this is tp-link bug, or the file isn't meant to be used for tftp upgrade.

I found the first firmware release which is what we need and testing it now.

gurangax · September 19, 2023, 1:50pm

Found something else. Actually the real problem is spi driver not recognizing the eeprom IC. It reverted to default driver with size of 4MB so the other partitions are not recognized.

flash manufacture id: 1c, device id 70 17
Warning: un-recognized chip ID, please update SPI driver!
EN25QH32B(1c 70161c30 flash_version = 1) (4096 Kbytes)
mtd .name = raspi, .size = 0x00400000 (4M) .erasesize = 0x00010000 (64K) .numeraseregions = 0

after modifying the bootloader to erase and write up to 0x7c0000 and using my firmware dump which has newer spi driver, everything works as it should.


Bytes transferred = 8126464 (7c0000 hex)
NetBootFileXferSize= 007c0000

 Erase flash !!
From 0x20000 length 0x7C0000
............................................................................................................................

 Copy 0x80080000 to 0x00020000, count 0x7C0000....
............................................................................................................................

The problem now would be how to write to u-boot or mtd0 partition since it is readonly. We could either mark mtd0 as read write in openwrt or simply use external eeprom programmer to write the modified bootloader. I used a programmer just to test the bootloader. Anyway I think this is a bug on tp-link side or maybe they stopped supporting tftpd on v5.

If you do a firmware upgrade from the webpage, it will also update the bootloader so any changes on the bootloader needs to be redone, or we just need to modify the bootloader in the firmware first before doing firmware upgrade.

I think a much simpler hack would be to modify v4 bootloader. install it with tp_recovery method. after boot succesfully do firmware upgrade with v4 bootloader modified. after that you can install v5 tp_recovery from my dump.

EisAmStiel · September 19, 2023, 2:25pm

I've got a SOIC clip, so writing the flash chip directly isn't much of an issue either. So pretty much replacing the current bootloader with the one in the v5 dump?

gurangax · September 19, 2023, 2:27pm

no. I will send the file with modified bootloader. But you must backup your firmware first if you are using soic clip. And you need to replace the bootloader in your dump with the modified bootloader

EisAmStiel · September 19, 2023, 2:29pm

Alright, will do that

gurangax · September 19, 2023, 2:35pm

Here is the link

if you have a hex editor, just copy paste the modified bootloader into your firmware dump at 0x0

ttyridal · September 24, 2023, 3:52pm

@gurangax

I got a bit lost in the discussion here . Are any of the files you've uploaded tftp-able over stock firmware?

And any chance it works without serial?

gurangax · September 25, 2023, 6:56am

Yes all working. Only problem is when you want to revert back to stock firmware since the bootloader is buggy. At least this is true for v5.2. I tested it with v5.3 firmware too and it seems to work fine although further testing is needed.

ttyridal · September 26, 2023, 6:23pm

Cool, thanks! Have you published the dts somewhere? Is it builds of mrhaav/openwrt/tree/master/MR200v4?

gurangax · September 27, 2023, 4:51am

i tested his build too. v4 seems it can be used on v5 but further tetsting is needed. I only took his uqmi fork since its much more usable than the one used in openwrt. I didn't put my build in github at least not yet.

sina · December 15, 2023, 10:25pm

hi
i have Archer MR200 v5 can you guys please help me how install it

sina · December 16, 2023, 6:05pm

is not working for mr200 v5

gurangax · December 17, 2023, 12:02am

use this firmware to upgrade to openwrt

you need to use tftp method to install it. your pc must use 192.168.0.225 as lan ip address.

sina · December 17, 2023, 8:04am

i have a macbook can i install it with wifi?

frollic · December 17, 2023, 8:22am

No, wired only.

sina · December 17, 2023, 10:27am

unfortunately i don't have LAN or pc rn
tftp is only way for mr200 v5?

frollic · December 17, 2023, 10:28am

I don't think he'll post the most cumbersome Installation method, just to f*k with you...

If you have another Openwrt device, dnsmasq have a TFTP server built in, just need to enable it, and perhaps do some config.

slh · December 17, 2023, 12:40pm

USB ethernet cards are cheap (at least the slower ones) and plenty…

yolo123 · January 15, 2024, 5:07am

Hi Gurangax, can I use firmware from ver5.3 to flash without using bootloader mod firmware with router v5.2? I want to get back to stock firmware.