ArcherC7 v2 - bricked? Emergency triggers - rejected SSH


Please know that I’ve read through many pages of FAQs regarding this device and how to recover from no access via SSH (or Luci, web GUI). I’m hoping I don’t have to resort to serial cable.

When using wire shark or other reccomended methods, the communication confirmation is encouraging when I can read the special message signaling me to attempt entry.

I’ve ended up here by being overzealous (or over paranoid) when setting up the incoming / outgoing in firewall routing to rejected. I guess I figured a hardline connection would overrule the user defined settings... this software is TOO secure for me :slight_smile:

I’ve tried changing my IP to be in the range of the router and had that setup correctly (which is why I was able to receive message) - what am I missing here?

I feel silly - I swear this happened before and I was still able to SSH in which is why I clicked save with such confidence.

Thanks in advance - I’ve got some nosey neighbors causing trouble right now and this little device can save me!

Follow this tutorial on the TP-Link forums...

Rename the stock firmware file archerc7v2_tp_recovery.bin

1 Like

Holy quick reply / unseen page after months of looking. Thank you - this community rules / you are a rockstar.

I’ll try this tonight and report back once I’ve finished the instructions posted.

My heart just skipped a beat. :heart:

The normal firstboot procedure should already fix that issue - and is quite a bit safer than tftp (which should be safe, but better to start gently, before invoking the big machinery).

The OP is not able to SSH in.

The TFTP method posted is run as a server from an attached computer, and uses the TP-Link reset button.

Hardly "big machinery".

That should change after invoking firstboot, especially in case of just messing up firewall rules for the installed system.

Instructions for "Failsafe Mode" would probably be helpful...

OP has a choice.

If you want to try keeping LEDE, use the procedures here...[]=failsafe

If you want to revert back to TP-Link stock firmware, use the TFTP procedures posted above.

I’ve tried the fail safe methods listed after OR. I tried to hint towards that (pardon my newbness) by saying I received the SSH ME NOW message via packet sniffing. Part of the instructions unless they’ve changed right?

I definitely want to stick with LEDE (a little UE speed bump doesn’t scare me) - just seems like finding a way in is important first.

I tried using PuTTY with the provided credentials and I keep getting rejected.

Based on how I left my routing, it makes sense (incoming reject) but emergency mode should bypass that. I’ll keep trying sorry for slight delay... you guys stay up later than me!

I'm pretty sure the C7 has uses the "gear" to indicate progress as OpenWrt boots. When it starts to flash rapidly, press the reset button several times. If you were successful at getting to failsafe, it will blink very rapidly. If that doesn't work, cut the power and reboot again try the WPS button instead.

Awesome support. Once I get to my computer I’ll post a detailed, up to date guide with what worked (I had to Frankenstein two tutorials and one YouTube for the correct info)


Program used:
Tftpd64 - Service Edition

Firmware used:
Zombie’s stripped factory ArcherC7v2

IP Used: (screenshot is confusing in guide because it shows the loop back when you’re supposed to start with Ethernet, and then Tftpd will auto flip to


  1. Power off router and make sure network settings on host machine match requirements.

  2. Make sure A/V and Firewall are completely disabled

  3. Grab the stripped file from source

  4. Set a directory within TFtpd that will act as a upload container for modified BIN

  5. Switch to the log tab within Tftpd

  6. Start the power cycle as instructed from the first reply in this thread.

  7. Wait for the log to either show you:
    A.) successful transfer
    B.) “invalid argument” due to file name not matching. It will tell you what it wants(ArcherC7v2_tp_recovery.bin)

  8. Wait for router to power cycle, switch your TCP/IP back to auto and connect to the web address (not IP) listed on bottom of router.

  9. Connect with default credentials and jump with joy (ok that’s optional)

Now that I can communicate with my router, I’ll follow other guides to come back to the promise land of LEDE.

If anyone has any suggestions for hardening beyond what’s in the FAQ (custom firewall rules, fail2ban, other useful packages) that would be greatly appreciated!

Gotta make sure these pesky neighbors that are most likely reading this can’t do some crazy Mr. Robot 1337 scriptz to hack my mainframe.

Much love - now I have a weekend project!

Not necessary if tftp32 or tftp64 has permissions through the firewall.

The recovery bin file should be in the same directory as tftp32 or tftp64.

Which is turn on the power to the router while holding in the reset button. Release after 10 seconds.

All of the instructions you need are in the TP-Link forums post...