I got the C1200 V1 as well, any compatibility yet?
i'm also interested. it's a pretty cool hardware.
Hello!
I'm trying to make LEDE for TP-LINK C1200 V1, but I've ran into few errors.
I hope there's anyone willing to help me.
- I can only flash initramfs.trx image with ramdisk. Squashfs.bin gives me:
CFE> go
Loader:raw Filesys:raw Dev:flash0.os File: Options:(null)
Loading: Image compressed with unsupported method
Failed.
Could not load flash0.os: Unsupported function
- Router throws (common errors)
Wrong IRQs?
[ 0.834258] bcma: bus0: Core 2 found: PCIe Gen 2 (manuf 0x4BF, id 0x501, rev 0x05, class 0x0)
[ 0.843126] bcma: bus0: bcma_of_get_irq() failed with rc=-22
Wrongly mapped PCI?
[ 1.572869] pci_bus 0000:01: busn_res: can not insert [bus 01] under [??? 0x00000000 flags 0x0] (conflicts with (null) [??? 0x00000000 flags 0x0])
This is probably problem with my device tree, but I have limited knowledge about how to fix that.
- WiFi is immediately after enabling brought down and disappears from ifconfig
No IP, should be bridged with br-lan (or not?)
That's all what came on my mind at the moment
I'm appending dmesg, device tree (it's a mess), ifconfig and iomem files
dmesg
Starting program at 0x00008000
Uncompressing Linux... done, booting the kernel.
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Linux version 4.9.58 (newage@debian-VM) (gcc version 5.5.0 (LEDE GCC 5.5.0 r5175-1dcd8e7cf1) ) #0 SMP Thu Oct 26 13:41:07 2017
[ 0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
[ 0.000000] CPU: div instructions available: patching division code
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[ 0.000000] OF: fdt:Machine model: TP-LINK Archer C1200 V1
[ 0.000000] bootconsole [earlycon0] enabled
[ 0.000000] Memory policy: Data cache writealloc
[ 0.000000] Hit pending asynchronous external abort (FSR=0x00000c06) during first unmask, this is most likely caused by a firmware/bootloader bug.
[ 0.000000] On node 0 totalpages: 32768
[ 0.000000] free_area_init_node: node 0, pgdat c08b8380, node_mem_map c7ef8000
[ 0.000000] Normal zone: 256 pages used for memmap
[ 0.000000] Normal zone: 0 pages reserved
[ 0.000000] Normal zone: 32768 pages, LIFO batch:7
[ 0.000000] percpu: Embedded 13 pages/cpu @c7ee5000 s22028 r8192 d23028 u53248
[ 0.000000] pcpu-alloc: s22028 r8192 d23028 u53248 alloc=13*4096
[ 0.000000] pcpu-alloc: [0] 0
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 32512
[ 0.000000] Kernel command line: root=/dev/mtdblock2 console=ttyS0,115200 earlyprintk debug
[ 0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)
[ 0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[ 0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[ 0.000000] Memory: 120604K/131072K available (3703K kernel code, 115K rwdata, 980K rodata, 4092K init, 300K bss, 10468K reserved, 0K cma-reserved, 0K highmem)
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xffc00000 - 0xfff00000 (3072 kB)
[ 0.000000] vmalloc : 0xc8800000 - 0xff800000 ( 880 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xc8000000 ( 128 MB)
[ 0.000000] pkmap : 0xbfe00000 - 0xc0000000 ( 2 MB)
[ 0.000000] modules : 0xbf000000 - 0xbfe00000 ( 14 MB)
[ 0.000000] .text : 0xc0008000 - 0xc03a6080 (3705 kB)
[ 0.000000] .init : 0xc049d000 - 0xc089c000 (4092 kB)
[ 0.000000] .data : 0xc089c000 - 0xc08b8ca0 ( 116 kB)
[ 0.000000] .bss : 0xc08b8ca0 - 0xc0904028 ( 301 kB)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] Hierarchical RCU implementation.
[ 0.000000] RCU restricting CPUs from NR_CPUS=2 to nr_cpu_ids=1.
[ 0.000000] RCU: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
[ 0.000000] NR_IRQS:16 nr_irqs:16 16
[ 0.000000] arm_arch_timer: WARNING: Invalid trigger for IRQ18, assuming level low
[ 0.000000] arm_arch_timer: WARNING: Please fix your firmware
[ 0.000000] arm_arch_timer: Architected cp15 timer(s) running at 0.03MHz (virt).
[ 0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x10abe1c54, max_idle_ns: 56421785873376 ns
[ 0.000000] sched_clock: 56 bits at 35kHz, resolution 28331ns, wraps every 70368744166032ns
[ 0.008584] Ignoring delay timer 0xc08b8f38, which has insufficient resolution of 28331ns
[ 0.017112] Calibrating delay loop... 1784.21 BogoMIPS (lpj=8921088)
[ 0.079867] pid_max: default: 32768 minimum: 301
[ 0.084740] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.091568] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.099416] CPU: Testing write buffer coherency: ok
[ 0.104912] CPU0: update cpu_capacity 1024
[ 0.109162] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000
[ 0.115083] Setting up static identity map for 0x82a0 - 0x82d4
[ 0.122676] Brought up 1 CPUs
[ 0.125849] SMP: Total of 1 processors activated (1784.21 BogoMIPS).
[ 0.132394] CPU: All CPU(s) started in SVC mode.
[ 0.137975] devtmpfs: initialized
[ 0.143274] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 0.153445] futex hash table entries: 256 (order: 2, 16384 bytes)
[ 0.159791] pinctrl core: initialized pinctrl subsystem
[ 0.165769] NET: Registered protocol family 16
[ 0.170670] DMA: preallocated 256 KiB pool for atomic coherent allocations
[ 0.193648] SCSI subsystem initialized
[ 0.200617] clocksource: Switched to clocksource arch_sys_counter
[ 0.211497] NET: Registered protocol family 2
[ 0.216710] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.224048] TCP bind hash table entries: 1024 (order: 1, 8192 bytes)
[ 0.230621] TCP: Hash tables configured (established 1024 bind 1024)
[ 0.237250] UDP hash table entries: 256 (order: 1, 8192 bytes)
[ 0.243313] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
[ 0.249971] NET: Registered protocol family 1
[ 0.254589] PCI: CLS 0 bytes, default 64
[ 0.711837] Crashlog allocated RAM at address 0x3f00000
[ 0.718948] workingset: timestamp_bits=30 max_order=15 bucket_order=0
[ 0.731357] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 0.737364] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (CMODE_SIZE) (c) 2001-2006 Red Hat, Inc.
[ 0.757224] jitterentropy: Initialization failed with host not compliant with requirements: 2
[ 0.766914] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 252)
[ 0.774648] io scheduler noop registered
[ 0.778700] io scheduler deadline registered (default)
[ 0.787029] Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
[ 0.797909] libphy: Fixed MDIO Bus: probed
[ 0.802527] bgmac_bcma: Broadcom 47xx GBit MAC driver loaded
[ 0.808873] bcma: bus0: Found chip with id 53573, rev 0x03 and package 0x01
[ 0.816268] bcma: bus0: Core 0 found: ChipCommon (manuf 0x4BF, id 0x800, rev 0x36, class 0x0)
[ 0.825220] bcma: bus0: Core 1 found: IEEE 802.11 (manuf 0x4BF, id 0x812, rev 0x38, class 0x0)
[ 0.834258] bcma: bus0: Core 2 found: PCIe Gen 2 (manuf 0x4BF, id 0x501, rev 0x05, class 0x0)
[ 0.843126] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[ 0.848963] bcma: bus0: Core 3 found: ARM CA7 (manuf 0x4BF, id 0x847, rev 0x00, class 0x0)
[ 0.857632] bcma: bus0: Core 4 found: USB 2.0 Host (manuf 0x4BF, id 0x819, rev 0x05, class 0x0)
[ 0.866783] bcma: bus0: Core 5 found: GBit MAC (manuf 0x4BF, id 0x82D, rev 0x08, class 0x0)
[ 0.875481] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[ 0.881346] bcma: bus0: Core 6 found: I2S (manuf 0x4BF, id 0x834, rev 0x06, class 0x0)
[ 0.889562] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[ 0.895427] bcma: bus0: Core 7 found: CNDS DDR2/3 memory controller (manuf 0x4BF, id 0x846, rev 0x00, class 0x0)
[ 0.905938] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[ 0.911803] bcma: bus0: Core 8 found: NAND flash controller (manuf 0x4BF, id 0x509, rev 0x01, class 0x0)
[ 0.921719] bcma: bus0: Core 9 found: IEEE 802.11 (manuf 0x4BF, id 0x812, rev 0x38, class 0x0)
[ 0.930785] bcma: bus0: Core 10 found: GBit MAC (manuf 0x4BF, id 0x82D, rev 0x08, class 0x0)
[ 0.939511] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[ 0.945404] bcma: bus0: Core 11 found: I2S (manuf 0x4BF, id 0x834, rev 0x06, class 0x0)
[ 0.953705] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[ 0.959542] bcma: bus0: Core 12 found: GCI (manuf 0x4BF, id 0x840, rev 0x08, class 0x0)
[ 0.967871] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[ 0.973736] bcma: bus0: Core 13 found: PMU (manuf 0x4BF, id 0x827, rev 0x1C, class 0x0)
[ 0.982009] bcma: bus0: Found rev 28 PMU (capabilities 0x507E351C)
[ 0.988355] bcma: bus0: Found serial flash
[ 0.992633] bcma: bus0: Found M25FL128 serial flash (size: 16384KiB, blocksize: 0x10000, blocks: 256)
[ 1.009859] console [ttyS0] disabled
[ 1.013769] 18000300.serial: ttyS0 at MMIO 0x18000300 (irq = 20, base_baud = 2500000) is a 16550A
[ 1.022920] console [ttyS0] enabled
[ 1.022920] console [ttyS0] enabled
[ 1.030088] bootconsole [earlycon0] disabled
[ 1.030088] bootconsole [earlycon0] disabled
[ 1.237335] 4 bcm47xxpart partitions found on MTD device bcm47xxsflash
[ 1.243993] Creating 4 MTD partitions on "bcm47xxsflash":
[ 1.249490] 0x000000000000-0x000000040000 : "boot"
[ 1.257706] 0x000000040000-0x000000080000 : "boot"
[ 1.265214] 0x000000080000-0x000000ff0000 : "firmware"
[ 1.273232] 2 trx-fw partitions found on MTD device firmware
[ 1.278983] 0x00000008001c-0x000100080000 : "kernel"
[ 1.284168] mtd: partition "kernel" extends beyond the end of device "bcm47xxsflash" -- size truncated to 0xf7ffe4
[ 1.297370] 0x000000080000-0x000000ff0000 : "rootfs"
[ 1.305247] mtd: device 4 (rootfs) set to be root filesystem
[ 1.311168] mtdsplit: no squashfs found in "rootfs"
[ 1.316154] 1 trx partitions found on MTD device firmware
[ 1.321679] Creating 1 MTD partitions on "firmware":
[ 1.326722] 0x00000000001c-0x000000f70000 : "linux"
[ 1.334457] 0x000000ff0000-0x000001000000 : "nvram"
[ 1.372620] bcma: bus0: Using SPROM revision 11 provided by platform.
[ 1.379164] bcma: bus0: PMU resource config unknown or not needed for device 0xD145
[ 1.388939] bcma: bus0: Workarounds unknown or not needed for device 0xD145
[ 1.510709] pcie_iproc_bcma bcma0:2: PCI host bridge to bus 0000:00
[ 1.517084] pci_bus 0000:00: root bus resource [mem 0x10000000-0x17ffffff]
[ 1.524138] pcie_iproc_bcma bcma0:2: link: UP
[ 1.528558] pci_bus 0000:00: scanning bus
[ 1.532694] pci 0000:00:00.0: [14e4:d145] type 01 class 0x060400
[ 1.538871] pci 0000:00:00.0: calling pci_fixup_ide_bases+0x0/0x48
[ 1.545217] pci 0000:00:00.0: PME# supported from D0 D3hot D3cold
[ 1.551450] pci 0000:00:00.0: PME# disabled
[ 1.555927] pci_bus 0000:00: fixups for bus
[ 1.560176] PCI: bus0: Fast back to back transfers disabled
[ 1.565871] pci 0000:00:00.0: scanning [bus 01-01] behind bridge, pass 0
[ 1.572869] pci_bus 0000:01: busn_res: can not insert [bus 01] under [??? 0x00000000 flags 0x0] (conflicts with (null) [??? 0x00000000 flags 0x0])
[ 1.586242] pci_bus 0000:01: scanning bus
[ 1.590350] pci 0000:01:00.0: [14e4:a8db] type 00 class 0x028000
[ 1.596526] pci 0000:01:00.0: reg 0x10: [mem 0x00000000-0x00007fff 64bit]
[ 1.603524] pci 0000:01:00.0: calling pci_fixup_ide_bases+0x0/0x48
[ 1.609870] pci 0000:01:00.0: supports D1 D2
[ 1.614488] pci_bus 0000:01: fixups for bus
[ 1.618738] PCI: bus1: Fast back to back transfers disabled
[ 1.624461] pci_bus 0000:01: bus scan returning with max=01
[ 1.630128] pci 0000:00:00.0: scanning [bus 01-01] behind bridge, pass 1
[ 1.636956] pci_bus 0000:00: bus scan returning with max=01
[ 1.642679] pci 0000:00:00.0: BAR 8: assigned [mem 0x10000000-0x100fffff]
[ 1.649592] pci 0000:01:00.0: BAR 0: assigned [mem 0x10000000-0x10007fff 64bit]
[ 1.657071] pci 0000:00:00.0: PCI bridge to [bus 01]
[ 1.662143] pci 0000:00:00.0: bridge window [mem 0x10000000-0x100fffff]
[ 1.669084] pci 0000:00:00.0: fixup irq: got 22
[ 1.673730] pci 0000:00:00.0: assigning IRQ 22
[ 1.678292] pci 0000:01:00.0: fixup irq: got 22
[ 1.682910] pci 0000:01:00.0: assigning IRQ 22
[ 1.687528] pcieport 0000:00:00.0: enabling device (0140 -> 0142)
[ 1.693789] pcieport 0000:00:00.0: enabling bus mastering
[ 1.699824] bgmac_bcma bcma0:5: Found PHY addr: 30 (NOREGS)
[ 1.722886] libphy: bcma_mdio mii bus: probed
[ 1.727334] bgmac_bcma bcma0:5: Support for Roboswitch not implemented
[ 1.735182] bgmac_bcma bcma0:5: Timeout waiting for reg 0x1E0
[ 1.844344] b53_common: found switch: BCM53125, rev 4
[ 1.850804] bgmac_bcma bcma0:10: Found PHY addr: 30 (NOREGS)
[ 1.856555] bgmac_bcma bcma0:10: Support for Roboswitch not implemented
[ 1.864375] bgmac_bcma bcma0:10: Timeout waiting for reg 0x1E0
[ 1.888570] gpio gpiochip0: (bcma_gpio): added GPIO chardev (254:0)
[ 1.896447] gpiochip_setup_dev: registered GPIOs 0 to 15 on device: gpiochip0 (bcma_gpio)
[ 1.907411] bcm47xx-wdt bcm47xx-wdt.0: BCM47xx Watchdog Timer enabled (30 seconds)
[ 1.915259] bcma: bus0: Bus registered
[ 1.919254] bcma-pci-bridge 0000:01:00.0: enabling device (0140 -> 0142)
[ 1.926138] bcma-pci-bridge 0000:01:00.0: enabling bus mastering
[ 1.932315] bcma: bus1: Found chip with id 43217, rev 0x01 and package 0x09
[ 1.939426] bcma: bus1: Core 0 found: ChipCommon (manuf 0x4BF, id 0x800, rev 0x27, class 0x0)
[ 1.948124] bcma: bus1: Core 1 found: IEEE 802.11 (manuf 0x4BF, id 0x812, rev 0x1E, class 0x0)
[ 1.956935] bcma: bus1: Core 2 found: PCIe (manuf 0x4BF, id 0x820, rev 0x14, class 0x0)
[ 1.965151] bcma: bus1: Found rev 12 PMU (capabilities 0x108C260C)
[ 1.993823] can not parse nvram name 0:ag2(null) with value 0xFF got -34
[ 2.000651] can not parse nvram name 0:ag3(null) with value 0xFF got -34
[ 2.035443] bcma: bus1: Using SPROM revision 8 provided by platform.
[ 2.041931] bcma: bus1: PMU resource config unknown or not needed for device 0xA8D1
[ 2.051705] bcma: bus1: Workarounds unknown or not needed for device 0xA8D1
[ 2.090746] gpiochip_find_base: found new base at 496
[ 2.095903] gpio gpiochip1: (bcma_gpio): added GPIO chardev (254:1)
[ 2.102957] gpiochip_setup_dev: registered GPIOs 496 to 511 on device: gpiochip1 (bcma_gpio)
[ 2.111627] bcma: bus1: Bus registered
[ 2.116387] NET: Registered protocol family 10
[ 2.123753] NET: Registered protocol family 17
[ 2.128343] 8021q: 802.1Q VLAN Support v1.8
[ 2.132791] Registering SWP/SWPB emulation handler
[ 2.140667] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/lan[0]' - status (0)
[ 2.149903] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/lan1[0]' - status (0)
[ 2.159224] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/lan2[0]' - status (0)
[ 2.168517] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/lan3[0]' - status (0)
[ 2.177782] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/lan4[0]' - status (0)
[ 2.187075] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/wps[0]' - status (0)
[ 2.196254] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/2ghz[0]' - status (0)
[ 2.205519] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/5ghz[0]' - status (0)
[ 2.214811] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/usb2[0]' - status (0)
[ 2.224076] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/wan-blue[0]' - status (0)
[ 2.233709] of_get_named_gpiod_flags: parsed 'gpios' property of node '/leds/wan-amber[0]' - status (0)
[ 2.243313] gpio-15 (?): gpiod_request: status -16
[ 2.248810] leds-gpio: probe of leds failed with error -16
[ 2.266177] Freeing unused kernel memory: 4092K
[ 2.270852] This architecture does not have kernel memory protection.
[ 2.296577] init: Console is alive
[ 2.300373] init: - watchdog -
[ 2.335647] kmodloader: loading kernel modules from /etc/modules-boot.d/*
[ 2.348254] usbcore: registered new interface driver usbfs
[ 2.354091] usbcore: registered new interface driver hub
[ 2.359587] usbcore: registered new device driver usb
[ 2.367293] of_get_named_gpiod_flags: parsed 'gpios' property of node '/gpio-keys/wps[0]' - status (0)
[ 2.376898] of_get_named_gpiod_flags: parsed 'gpios' property of node '/gpio-keys/restart[0]' - status (0)
[ 2.392084] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
[ 2.420954] init: - preinit -
[ 2.572699] random: jshn: uninitialized urandom read (4 bytes read)
[ 2.623583] random: jshn: uninitialized urandom read (4 bytes read)
[ 2.732859] random: jshn: uninitialized urandom read (4 bytes read)
[ 2.784338] random: jshn: uninitialized urandom read (4 bytes read)
[ 2.845024] random: jshn: uninitialized urandom read (4 bytes read)
[ 2.967956] random: procd: uninitialized urandom read (4 bytes read)
[ 2.984615] bgmac_bcma bcma0:5: Timeout waiting for reg 0x1E0
[ 2.991302] bcma: bus0: No bus clock specified for D145 device, pmu rev. 28, using default 80000000 Hz
[ 3.001161] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[ 3.007224] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
[ 4.030513] bgmac_bcma bcma0:5 eth0: Link is Up - 1Gbps/Full - flow control off
[ 4.038021] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 4.044849] IPv6: ADDRCONF(NETDEV_CHANGE): eth0.1: link becomes ready
[ 6.311933] bgmac_bcma bcma0:5: Timeout waiting for reg 0x1E0
[ 6.351371] procd: - early -
[ 6.354459] procd: - watchdog -
[ 6.940701] procd: - watchdog -
[ 6.960987] procd: - ubus -
[ 6.973424] random: ubusd: uninitialized urandom read (4 bytes read)
[ 7.021220] random: ubusd: uninitialized urandom read (4 bytes read)
[ 7.028133] random: ubusd: uninitialized urandom read (4 bytes read)
[ 7.034791] random: ubusd: uninitialized urandom read (4 bytes read)
[ 7.042582] procd: - init -
Please press Enter to activate this console.
[ 7.261474] kmodloader: loading kernel modules from /etc/modules.d/*
[ 7.277935] ntfs: driver 2.1.32 [Flags: R/O MODULE].
[ 7.286236] tun: Universal TUN/TAP device driver, 1.6
[ 7.291506] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[ 7.302583] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 7.318817] i2c /dev entries driver
[ 7.325532] Loading modules backported from Linux version wt-2017-10-06-0-ga7a22fbbd1f0
[ 7.333805] Backport generated by backports.git v4.14-rc2-1-6-gedfb595c
[ 7.343438] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 7.352532] lib80211: common routines for IEEE802.11 drivers
[ 7.358284] lib80211_crypt: registered algorithm 'NULL'
[ 7.365508] lib80211_crypt: registered algorithm 'CCMP'
[ 7.372450] lib80211_crypt: registered algorithm 'TKIP'
[ 7.378938] lib80211_crypt: registered algorithm 'WEP'
[ 7.388032] nf_conntrack version 0.5.0 (2048 buckets, 8192 max)
[ 7.437953] xt_time: kernel timezone is -0000
[ 7.471923] PPP generic driver version 2.4.2
[ 7.479232] NET: Registered protocol family 24
[ 7.489205] b43-phy0: Broadcom 43217 WLAN found (core revision 30)
[ 7.495636] bcma: bus1: Switched to core: 0x812
[ 7.501048] b43-phy0: Found PHY: Analog 9, Type 4 (N), Revision 17
[ 7.507366] b43-phy0: Found Radio: Manuf 0x17F, ID 0x2057, Revision 14, Version 0
[ 7.520965] Broadcom 43xx driver loaded [ Features: PNL ]
[ 7.530853] kmodloader: done loading kernel modules from /etc/modules.d/*
[ 7.539976] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[ 12.393415] bgmac_bcma bcma0:5: Timeout waiting for reg 0x1E0
[ 12.399988] bcma: bus0: No bus clock specified for D145 device, pmu rev. 28, using default 80000000 Hz
[ 12.409763] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[ 12.479431] bgmac_bcma bcma0:10: Timeout waiting for reg 0x1E0
[ 12.485919] bcma: bus0: No bus clock specified for D145 device, pmu rev. 28, using default 80000000 Hz
[ 12.495806] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[ 12.860579] b43-phy0: Loading firmware version 666.2 (2011-02-23 01:15:07)
[ 13.280626] b43-phy0 debug: Chip initialized
[ 13.285358] b43-phy0 debug: 64-bit DMA initialized
[ 13.290287] b43-phy0 debug: QoS enabled
[ 13.330774] b43-phy0 debug: Wireless interface started
[ 13.410698] b43-phy0 debug: Adding Interface type 2
[ 13.470591] bgmac_bcma bcma0:5 eth0: Link is Up - 1Gbps/Full - flow control off
[ 13.521758] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 13.528218] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 13.551025] bgmac_bcma bcma0:10 eth1: Link is Up - 1Gbps/Full - flow control off
[ 13.558590] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[ 14.511219] bgmac_bcma bcma0:10: Timeout waiting for reg 0x1E0
[ 14.698804] bgmac_bcma bcma0:5: Timeout waiting for reg 0x1E0
[ 14.885681] bgmac_bcma bcma0:5: Timeout waiting for reg 0x1E0
[ 14.892367] bcma: bus0: No bus clock specified for D145 device, pmu rev. 28, using default 80000000 Hz
[ 14.902085] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[ 15.025980] br-lan: port 1(eth0.1) entered blocking state
[ 15.031618] br-lan: port 1(eth0.1) entered disabled state
[ 15.037652] device eth0.1 entered promiscuous mode
[ 15.042611] device eth0 entered promiscuous mode
[ 15.200929] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
[ 15.256119] bgmac_bcma bcma0:10: Timeout waiting for reg 0x1E0
[ 15.262692] bcma: bus0: No bus clock specified for D145 device, pmu rev. 28, using default 80000000 Hz
[ 15.272438] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[ 15.278813] bgmac_bcma bcma0:10 eth1: Link is Up - 1Gbps/Full - flow control off
[ 15.318959] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[ 15.950617] bgmac_bcma bcma0:5 eth0: Link is Up - 1Gbps/Full - flow control off
[ 15.958125] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 16.100804] br-lan: port 1(eth0.1) entered blocking state
[ 16.106329] br-lan: port 1(eth0.1) entered forwarding state
[ 16.213423] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
device tree
/ {
compatible = "tplink,archer-c1200-v1", "brcm,bcm47189", "brcm,bcm53573";
model = "TP-LINK Archer C1200 V1";
cpus {
#address-cells = <1>;
#size-cells = <0>;
cpu@0 {
compatible = "arm,cortex-a7";
clock-frequency = <9000000>;
reg = <0>;
};
};
chosen {
bootargs = "root=/dev/mtdblock2 console=ttyS0,115200 earlyprintk debug";
};
memory {
reg = <0x00000000 0x08000000>;
};
reserved-memory {
#address-cells = <1>;
#size-cells = <1>;
ranges;
linux,dma {
compatible = "shared-dma-pool";
reusable;
reg = <0xf7e00000 0x08000000>;
};
};
mpcore {
compatible = "simple-bus";
ranges = <0x00000000 0x18310000 0x00008000>;
#address-cells = <1>;
#size-cells = <1>;
gic: interrupt-controller@1000 {
compatible = "arm,cortex-a7-gic";
#interrupt-cells = <3>;
#address-cells = <0>;
interrupt-controller;
arm,routable-irqs = <256>;
reg = <0x1000 0x1000>,
<0x2000 0x0100>;
};
};
clocks {
#address-cells = <1>;
#size-cells = <1>;
ranges;
alp: oscillator {
#clock-cells = <0>;
compatible = "fixed-clock";
clock-frequency = <40000000>;
};
};
axi@18000000 {
compatible = "brcm,bus-axi";
reg = <0x18000000 0x1000>;
ranges = <0x00000000 0x18000000 0x00100000>;
#address-cells = <1>;
#size-cells = <1>;
#interrupt-cells = <1>;
interrupt-map-mask = <0x000fffff 0xffff>;
interrupt-map =
/* ChipCommon */
<0x00000000 0 &gic GIC_SPI 0 IRQ_TYPE_LEVEL_HIGH>,
/* IEEE 802.11 0 WiFi*/
<0x00001000 0 &gic GIC_SPI 1 IRQ_TYPE_LEVEL_HIGH>,
/* PCIe Controller 0 */
<0x00002000 0 &gic GIC_SPI 34 IRQ_TYPE_LEVEL_HIGH>,
<0x00002000 1 &gic GIC_SPI 34 IRQ_TYPE_LEVEL_HIGH>,
<0x00002000 2 &gic GIC_SPI 34 IRQ_TYPE_LEVEL_HIGH>,
<0x00002000 3 &gic GIC_SPI 34 IRQ_TYPE_LEVEL_HIGH>,
<0x00002000 4 &gic GIC_SPI 34 IRQ_TYPE_LEVEL_HIGH>,
<0x00002000 5 &gic GIC_SPI 34 IRQ_TYPE_LEVEL_HIGH>,
/* USB 2.0 Controller */
<0x00004000 0 &gic GIC_SPI 36 IRQ_TYPE_LEVEL_HIGH>,
/* Ethernet Controller 0 */
<0x00005000 0 &gic GIC_SPI 25 IRQ_TYPE_LEVEL_HIGH>,
/* IEEE 802.11 1 WiFi*/
<0x0000a000 0 &gic GIC_SPI 7 IRQ_TYPE_LEVEL_HIGH>,
/* Ethernet Controller 1 */
<0x0000b000 0 &gic GIC_SPI 26 IRQ_TYPE_LEVEL_HIGH>,
/* USB 2.0 */
<0x0000d000 0 &gic GIC_SPI 24 IRQ_TYPE_LEVEL_HIGH>;
chipcommon: chipcommon@0 {
compatible = "simple-bus";
reg = <0x00000000 0x1000>;
ranges;
#address-cells = <1>;
#size-cells = <1>;
gpio-controller;
#gpio-cells = <2>;
uart0: serial@0300 {
compatible = "ns16550a";
reg = <0x0300 0x8>;
interrupt-parent = <&gic>;
interrupts = <GIC_PPI 16 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&alp>;
status = "okay";
};
};
pcie0: pcie@2000 {
reg = <0x00002000 0x1000>;
interrupts = <34>;
};
usb2: usb2@4000 {
reg = <0x4000 0x1000>;
ranges;
#address-cells = <1>;
#size-cells = <1>;
ehci: ehci@4000 {
compatible = "generic-ehci";
reg = <0x4000 0x1000>;
interrupt-parent = <&gic>;
interrupts = <GIC_SPI 24 IRQ_TYPE_LEVEL_HIGH>;
//interrupts = <36>;
#address-cells = <1>;
#size-cells = <0>;
ehci_port1: port@1 {
reg = <1>;
#trigger-source-cells = <0>;
};
ehci_port2: port@2 {
reg = <2>;
#trigger-source-cells = <0>;
};
};
ohci: ohci@d000 {
#usb-cells = <0>;
compatible = "generic-ohci";
reg = <0xd000 0x1000>;
interrupt-parent = <&gic>;
interrupts = <GIC_SPI 24 IRQ_TYPE_LEVEL_HIGH>;
/*interrupts = <36>;*/
#address-cells = <1>;
#size-cells = <0>;
ohci_port1: port@1 {
reg = <1>;
#trigger-source-cells = <0>;
};
ohci_port2: port@2 {
reg = <2>;
#trigger-source-cells = <0>;
};
};
};
gmac0: ethernet@5000 {
reg = <0x5000 0x1000>;
interrupts = <25>;
};
/* WAN */
gmac1: ethernet@b000 {
reg = <0xb000 0x1000>;
interrupts = <26>;
};
pmu@12000 {
compatible = "simple-mfd", "syscon";
reg = <0x00012000 0x00001000>;
ilp: ilp {
compatible = "brcm,bcm53573-ilp";
clocks = <&alp>;
#clock-cells = <0>;
clock-output-names = "ilp";
};
};
};
norflash@1c000000 {
reg = <0x1c000000 0x0ffffff>;
};
leds {
compatible = "gpio-leds";
lan {
label = "bcm53xx:blue:lan";
gpios = <&chipcommon 1 GPIO_ACTIVE_LOW>;
};
lan1 {
label = "bcm53xx:blue:lan1";
gpios = <&chipcommon 15 GPIO_ACTIVE_LOW>;
};
lan2 {
label = "bcm53xx:blue:lan2";
gpios = <&chipcommon 13 GPIO_ACTIVE_LOW>;
};
lan3 {
label = "bcm53xx:blue:lan3";
gpios = <&chipcommon 6 GPIO_ACTIVE_LOW>;
};
lan4 {
label = "bcm53xx:blue:lan4";
gpios = <&chipcommon 8 GPIO_ACTIVE_LOW>;
};
wps {
label = "bcm53xx:blue:wps";
gpios = <&chipcommon 2 GPIO_ACTIVE_LOW>;
};
2ghz {
label = "bcm53xx:blue:2ghz";
gpios = <&chipcommon 4 GPIO_ACTIVE_LOW>;
};
5ghz {
label = "bcm53xx:blue:5ghz";
gpios = <&chipcommon 5 GPIO_ACTIVE_LOW>;
};
usb2 {
label = "bcm53xx:blue:usb2";
gpios = <&chipcommon 7 GPIO_ACTIVE_LOW>;
trigger-sources = <&ohci_port1>, <&ehci_port1>;
linux,default-trigger = "usbport";
};
wan-blue {
label = "bcm53xx:blue:wan";
gpios = <&chipcommon 14 GPIO_ACTIVE_LOW>;
};
wan-amber {
label = "bcm53xx:amber:wan";
gpios = <&chipcommon 15 GPIO_ACTIVE_LOW>;
};
power {
label = "bcm53xx:blue:power";
gpios = <&chipcommon 18 GPIO_ACTIVE_LOW>;
linux,default-trigger = "default-on";
};
};
gpio-keys {
compatible = "gpio-keys";
#address-cells = <1>;
#size-cells = <0>;
wps {
label = "WPS";
linux,code = <KEY_WPS_BUTTON>;
gpios = <&chipcommon 0 GPIO_ACTIVE_LOW>;
};
restart {
label = "Reset";
linux,code = <KEY_RESTART>;
gpios = <&chipcommon 3 GPIO_ACTIVE_LOW>;
};
};
};
ifconfig
br-lan Link encap:Ethernet HWaddr 00:90:4C:1E:20:01
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::3069:8d4c:2c72:3a0f/64 Scope:Link
inet6 addr: fd32:a162:8d67::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1166 (1.1 KiB)
eth0 Link encap:Ethernet HWaddr 00:90:4C:1E:20:01
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:24
eth0.1 Link encap:Ethernet HWaddr 00:90:4C:1E:20:01
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1551 (1.5 KiB)
eth1 Link encap:Ethernet HWaddr 00:90:4C:20:20:01
inet6 addr: fe80::29b9:f0f3:8930:9424/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:26
eth1.2 Link encap:Ethernet HWaddr 00:90:4C:20:20:01
inet6 addr: fe80::290:4cff:fe20:2001/64 Scope:Link
[ 18.165414] random: fast init done
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1760 (1.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:316 (316.0 B) TX bytes:316 (316.0 B)
wlan0 Link encap:Ethernet HWaddr 50:C7:BF:61:5B:AF
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Body length reached... iomem in second post
LEDE iomem
root@LEDE:/# cat proc/iomem
00000000-07ffffff : System RAM
00008000-0049cfff : Kernel code
0089c000-00904027 : Kernel data
10000000-17ffffff : PCIe MEM space
10000000-100fffff : PCI Bus 0000:01
10000000-10007fff : 0000:01:00.0
10000000-10007fff : bcma-pci-bridge
18000300-18000307 : serial
1c000000-1d000000 : bcma_sflash
1c000000-1d000000 : bcma_sflash
Original iomem
cat /proc/iomem
10000000-17ffffff : PCIe Outbound Window, Port 0
10000000-100fffff : PCI Bus 0001:01
10000000-10007fff : 0001:01:00.0
18000300-18000307 : serialp
18002000-18002fff : pcie0
18004000-18004fff : ehci_hcd
1800d000-1800dfff : ohci_hcd
18012000-18012fff : pmu_regs
1c000000-1cffffff : norflash
80000000-87ffffff : System RAM
Hi all,
I'm sorry for asking here, but I think this is the most appropriate place to ask.
I bricked my Archer C1200 while attempting a firmware update last night, and I eventually managed to get a serial console working. The router is stuck booting to CFE. I've attempted to reflash the stock firmware several times, both just using the flash command, as well as using the firmware recovery mode. When I try firmware recovery, I get the following:
Summary
Start firmware recovery command(ifconfig eth0 -addr=192.168.0.86 -mask=255.255.255.0;flash -fr -offset=0x40000 192.168.0.66:ArcherC1200v1_us_tp_recovery.bin flash0)
Device eth0: hwaddr XX-XX-XX-XX-XX-XX, ipaddr 192.168.0.86, mask 255.255.255.0
gateway not set, nameserver not set
Reading 192.168.0.66:ArcherC1200v1_us_tp_recovery.bin: Done. 13894377 bytes read
Reading Partition Table from NVRAM ... OK
Parsing Partition Table ... OK
file_len:13894377
Firmware process id 2.
Image verify OK!
[Error]sysmgr_proinfo_buildStruct():00524 @ should be 2 args (1).
[Error]sysmgr_cfg_checkSupportList():00921 @ productName Archer C1200 NOT Match.
[Error]sysmgr_cfg_checkSupportList():00921 @ productName Archer C1200 NOT Match.
Firmwave not supports, check failed.
[NM_Error](nm_checkUpdateContent) 01110: the firmware is not for this model
[NM_Error](nm_buildUpgradeStruct) 01210: checkUpdateContent failed.
check firmware error!
factory boot check integer flag is not 1.
Device eth0: hwaddr XX-XX-XX-XX-XX-XX, ipaddr 192.168.0.1, mask 255.255.255.0
gateway not set, nameserver not set
This only other similar case I was able to find online is this one involving an Archer C9. That case was solved by using "recover-to-stock" files provided by other Archer C9 owners.
I believe that the firmware upgrade failed early on in the upgrade process, when critical boot files at the beginning of the flash memory were being overwritten. I think that it is possible to recover the router if I can acquire a dump of the flash of a working Archer C1200 router, be it on stock or LEDE. I would greatly appreciate it if someone here could dump the entire flash of their Archer C1200 and make it available for others to download (as someone did here for the Archer C9). This would benefit everyone who runs into issues flashing the Archer C1200.
I can help walk someone through this if they are willing. To do this, one would need to open up their router's case, solder in some pin headers, and connect a FTDI USB-to-serial adaptor to the pin headers. From there, I think you could start a TFTP client on your computer, boot into CFE on the router, and use the save command to write from flash to a file on your computer.
EDIT: Actually, it seems that opening the router might not be necessary if LEDE is installed. As long as dd is available, it should be possible to dump the flash.
EDIT2: In fact, it might even be possible on a stock router if you can telnet into it.
Hi @mist3rwalter,
I have flash0.os image from my C1200 v1 eu version if you would like to try
I'd flash it with flash -noheader ipaddr:filename flash0.os
Otherwise you can try to boot my WIP LEDE image, same command just replace last arg with flash0.trx
(for now no WiFi, only cabel works, also gots corrupted after few reboots - some jffs2 errors)
You can find those files on my Google Drive
If both doesn't help you, tell me as I'm still able to flash back to stock and dump whole flash.
Good luck!
//EDIT uploaded mtdblocks:
0 should be boot
1 kernel w/ squash
2 squash
3 partition table
4 IDK
1 Like
Thanks so much for your help!
Unfortunately neither flashing flash0.os or your LEDE image seemed to help.
Maybe my CFE is corrupted or something?
Here's the output after trying to flash flash0.os:
Summary
CFE> flash -noheader 192.168.0.2:flash0.os flash0.os
flash -noheader 192.168.0.2:flash0.os flash0.os
Reading 192.168.0.2:flash0.os: Done. 16187392 bytes read
Programming...done. 16187392 bytes written
*** command status = 0
CFE> reboot
reboot
Decompressing...done
CFE version 9.10.178.27 (r584393) based on BBP 1.0.37 for BCM947XX (32bit,SP,)
Build Date: 2016年 05月 24日 星期二 10:29:15 EDT (seal@localhost.localdomain)
Copyright (C) 2000-2008 Broadcom Corporation.
Init Arena
Init Devs.
Boot partition size = 262144(0x40000)
DDR Clock: 533 MHz
Info: DDR frequency set from clkfreq=900,*533*
bcm_robo_enable_switch: EEE is disabled
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 9.10.178.27 (r584393)
CPU type 0x0: 900MHz
Tot mem: 131072 KBytes
CFE mem: 0x00F00000 - 0x02FB70C4 (34304196)
Data: 0x00F69888 - 0x00F6EBCC (21316)
BSS: 0x00F6EBD8 - 0x00FB50C4 (287980)
Heap: 0x00FB50C4 - 0x02FB50C4 (33554432)
Stack: 0x02FB50C4 - 0x02FB70C4 (8192)
Text: 0x00F00000 - 0x00F5DC14 (384020)
Committing NVRAM...done
Waiting for reset button release...done
˙Decompressing...done
CFE version 9.10.178.27 (r584393) based on BBP 1.0.37 for BCM947XX (32bit,SP,)
Build Date: 2016年 05月 24日 星期二 10:29:15 EDT (seal@localhost.localdomain)
Copyright (C) 2000-2008 Broadcom Corporation.
Init Arena
Init Devs.
Boot partition size = 262144(0x40000)
DDR Clock: 533 MHz
Info: DDR frequency set from clkfreq=900,*533*
bcm_robo_enable_switch: EEE is disabled
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 9.10.178.27 (r584393)
CPU type 0x0: 900MHz
Tot mem: 131072 KBytes
CFE mem: 0x00F00000 - 0x02FB70C4 (34304196)
Data: 0x00F69888 - 0x00F6EBCC (21316)
BSS: 0x00F6EBD8 - 0x00FB50C4 (287980)
Heap: 0x00FB50C4 - 0x02FB50C4 (33554432)
Stack: 0x02FB50C4 - 0x02FB70C4 (8192)
Text: 0x00F00000 - 0x00F5DC14 (384020)
Device eth0: hwaddr XX-XX-XX-XX-XX-XX, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
Reading Partition Table from NVRAM ... OK
Parsing Partition Table ... OK
[NM_Error](nm_api_readPtnFromNvram) 00134: partition name not found.
factory boot check integer read flag partition fail.
Device eth0: hwaddr XX-XX-XX-XX-XX-XX, ipaddr 192.168.0.1, mask 255.255.255.0
gateway not set, nameserver not set
CFE>
The only thing I changed about that output is that I censored the MAC address.
It seems like the router reboots, tries to load the OS, and fails. Before the second "Decompressing..." message, there's almost always a garbage character - usually a u with an accent over it on my machine.
Do you think a whole-flash dump would help here? It may be worth it if there's a chance it could repair any CFE errors.
Again, thank you so much!
EDIT: Maybe just a dump of flash1 would work, I think that's where the CFE lives
Hi again, I've dumped all partitions from flash0 (no idea how to select flash1 addr), they are in same directory on drive.
I don't recommend to flashing the boot partitions though, even firmware recovery skips them. The error speaks about nvram, so I'd start there.
Hi,
I first flashed the NVRAM partition and reset NVRAM, no change. I then flashed the entire flash0 file to the router, and I think I killed it. I'm not getting any serial data from the router any more, and the only LED that was on previously (the WPS one) is now off. One of the LEDs is very dimly glowing, but I think it's a lost cause at this point.
I don't know if there's any way to directly access the flash memory on the router - I have access to hot-air rework tools, as well as logic analyzers (maybe I can find a Bus Pirate).
In any case, thank you for your help! It was worth a shot!
Hi,
This isn't really good. Maybe you can figure out how to access the memory directly onboard and flash it. (JTAG?)
Fingers crossed!
My C1200 v2 (EU) on the latest official firmware is actually running a custom version of OpenWRT 12.09rc1. I managed to enable dropbear and SSH into it and escalated to root to take a look around as I was running into some issues that I wanted to debug. I don't have experience with porting and developing on LEDE/OpenWRT (just as user on my previous routers). Anyone can point me in the right direction to make something out of it?
Thanks.
(x-post to the OpenWRT forum)
Hi! Take a look at mine github - this should point you in right direction. There's also wiki link with steps for adding new device.
//EDIT:
These routers are indeed using customized version of old OpenWRT and I'd suggest you stick with them for now. They're on old kernel (2.6 I think) with proprietary drivers. If you still want change, you'll lose your Wi-Fi (mine V1 can't even toggle 2,4GHz).
Errors I've encountered with my build:
Wi-Fi gone
Lower speed (no NAT boost)
Corrupting flash storage (sometimes few reboots fix that, but it still throws jffs2 errors on boot)
Unplugging USB causes boot loop after reboot
1 Like
Thank you for your suggestion, I'd look a bit more into it as root user on their custom firmware, and if I don't debug the issues I'm getting I'll buy a supported router (this is the first one in years, got it on sale on Amazon, so I'll probabily return it for something that I can play with if the original firmware is not worth it). Again, thanks.
May I ask how do you enable dropbear?
I downloaded the configuration from the router (backup configuration on the original firmware).
Then I unpacked it. The backup_config.bin is basically a zlib compressed, aes encrypted tar file with the router name as key.
So, I go by memory, but you can get the gist:
openssl zlib -d -in config.bin | openssl aes-256-cbc -d -k 'Archer C1200' -out config.tar
tar xf config.tar
You should have two files in the archive, the "certificate" partition and the config partition. The latter is just an XML file, I edited the file to contain "< RemoteSSH >on< /RemoteSSH >" in Dropbear (as I had previously analysed the modified version they ship, thanks to the GPL code they released).
You're done. Now you can enter as admin/your_router_password.
<SysAccountLogin>off</SysAccountLogin>
Is another one. If it's off (default) it uses a custom authentication process where you can only login as admin (it doesn't matter what user you select, you end up logging in as user with UID 1000, and the password is the one stored in LUCI.
If it's on it uses PAM (but the passwords are not the same and if you have a blank system password it doesn't let you login!).
Hope it helps.
EDIT: obviously when "you're done", you have to repack the tar file, recompress it with zlib, encrypt it again, and upload it to the router using "config restore".
1 Like
Err....
.....any method for doing it in Windows?
I tried Ubuntu, but the command didn't work. (Yes, I renamed it to config.bin)
You could use cygwin on Windows, but if the command didn't work is because you don't have openssl installed. Mine wasn't a guide, just an explanation. Anyways, if you're not fully aware of what you're doing I'd recommend not messing with it because you could end up with a bricked router. 
had to do command other way round (i have v2) but dropbear is already on in config
openssl aes-256-cbc -d -in config.bin -k 'Archer C1200' | openssl zlib -d -out config.tar
tar xf config.tar
I found out why. Ubuntu openssl doesn't come with zlib support.
So, i manually configure-make-install zlib with openssl.
Can I have the command to recompress and re-encrypt? Thanks.
EDIT: I need to gain SSH admin access. Need to copy something into the router to test wifi functionality.
EDIT2: After some trial and error, I was able to find out the command to compress and encrypt
openssl zlib -in config.tar | openssl aes-256-cbc -out config.bin -k 'Archer C1200'
I was able to upload modifed config.bin to the router successfully (verified based on wifi channel modification at config.bin), however, when I used Putty to SSH into the router, I can't seem to login.
I tried username admin with my router password, but it keeps displaying access denied.
It is port 22. I tried :
admin admin
admin (my own password)
root root
blank blank
blank admin
admin blank
No luck. Previously before I enable SysAccountLogin to 'on', putty will display "PTY allocation request failed on channel 0" and "shell request failed on channel 0" after I typed admin as username and my router password.
SysAccountLogin needs to be off. You may want to try to enable RootLogin and also be sure to type the router password correctly. Download the backup again and check there. Also please note that whatever you need to copy into the router won't work unless you escalate from admin to root, there's no su executable. What I did is I changed the cgi-bin directory of the webserver (that run as root) to be on the USB mounted pendrive and went from there...