I first flashed the NVRAM partition and reset NVRAM, no change. I then flashed the entire flash0 file to the router, and I think I killed it. I'm not getting any serial data from the router any more, and the only LED that was on previously (the WPS one) is now off. One of the LEDs is very dimly glowing, but I think it's a lost cause at this point.
I don't know if there's any way to directly access the flash memory on the router - I have access to hot-air rework tools, as well as logic analyzers (maybe I can find a Bus Pirate).
In any case, thank you for your help! It was worth a shot!
My C1200 v2 (EU) on the latest official firmware is actually running a custom version of OpenWRT 12.09rc1. I managed to enable dropbear and SSH into it and escalated to root to take a look around as I was running into some issues that I wanted to debug. I don't have experience with porting and developing on LEDE/OpenWRT (just as user on my previous routers). Anyone can point me in the right direction to make something out of it?
Hi! Take a look at mine github - this should point you in right direction. There's also wiki link with steps for adding new device.
//EDIT:
These routers are indeed using customized version of old OpenWRT and I'd suggest you stick with them for now. They're on old kernel (2.6 I think) with proprietary drivers. If you still want change, you'll lose your Wi-Fi (mine V1 can't even toggle 2,4GHz).
Errors I've encountered with my build:
Wi-Fi gone
Lower speed (no NAT boost)
Corrupting flash storage (sometimes few reboots fix that, but it still throws jffs2 errors on boot)
Unplugging USB causes boot loop after reboot
Thank you for your suggestion, I'd look a bit more into it as root user on their custom firmware, and if I don't debug the issues I'm getting I'll buy a supported router (this is the first one in years, got it on sale on Amazon, so I'll probabily return it for something that I can play with if the original firmware is not worth it). Again, thanks.
You should have two files in the archive, the "certificate" partition and the config partition. The latter is just an XML file, I edited the file to contain "< RemoteSSH >on< /RemoteSSH >" in Dropbear (as I had previously analysed the modified version they ship, thanks to the GPL code they released).
You're done. Now you can enter as admin/your_router_password.
<SysAccountLogin>off</SysAccountLogin>
Is another one. If it's off (default) it uses a custom authentication process where you can only login as admin (it doesn't matter what user you select, you end up logging in as user with UID 1000, and the password is the one stored in LUCI.
If it's on it uses PAM (but the passwords are not the same and if you have a blank system password it doesn't let you login!).
Hope it helps.
EDIT: obviously when "you're done", you have to repack the tar file, recompress it with zlib, encrypt it again, and upload it to the router using "config restore".
You could use cygwin on Windows, but if the command didn't work is because you don't have openssl installed. Mine wasn't a guide, just an explanation. Anyways, if you're not fully aware of what you're doing I'd recommend not messing with it because you could end up with a bricked router.
I was able to upload modifed config.bin to the router successfully (verified based on wifi channel modification at config.bin), however, when I used Putty to SSH into the router, I can't seem to login.
I tried username admin with my router password, but it keeps displaying access denied.
It is port 22. I tried :
admin admin
admin (my own password)
root root
blank blank
blank admin
admin blank
No luck. Previously before I enable SysAccountLogin to 'on', putty will display "PTY allocation request failed on channel 0" and "shell request failed on channel 0" after I typed admin as username and my router password.
SysAccountLogin needs to be off. You may want to try to enable RootLogin and also be sure to type the router password correctly. Download the backup again and check there. Also please note that whatever you need to copy into the router won't work unless you escalate from admin to root, there's no su executable. What I did is I changed the cgi-bin directory of the webserver (that run as root) to be on the USB mounted pendrive and went from there...
The above is what I got from second config.bin backup dump. Wait...didn't you said I must set 'SysAccountLogin' to 'On'?
Edit: Can you help me to test? By putting this wireless.region.json to /www/webpages/data , you can have access to all 5Ghz wifi channels. (If it works.....) I am talking about 5ghz channel 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 149, 153, 157, 161, 165.
My bad "< RemoteSSH >" needs to be on. I missed a word in my previous message because of formatting:
You should have two files in the archive, the “certificate” partition and the config partition. The latter is just an XML file, I edited the file to contain RemoteSSH “on” in Dropbear (as I had previously analysed the modified version they ship, thanks to the GPL code they released).
Regarding your file... Well wireless.region.json is not a configuration file, it doesn't exists. Is a dynamic file generated by luci on the fly.
You should still edit the XML and it will go in /etc/config/wireless during a config restore.
By editing wireless.region.json at /www/webpages/data , one can make use of extra wifi 5ghz channels which is hidden away. The problem is.....one needs a method to copy the .json into the router.......
The Malaysia firmware has TR-069 enabled by default (can't be disabled) and additional suffix @unifi at guest wifi (heard it is a advertisement agreement between the telco and TP-Link Malaysia).
Official EU firmware version only has 5ghz channel 36, 40 , 44 and 48.
The Malaysia version has channel 36,40,44,48,100,120,161 and 165.
From what I can see, the webui (luci) load will try to find the configuration at /www/webpages/data , if it can't find wireless.region.json, then it will load default EU value. If it can find that .json file, then it will load MY value.
I'm sorry is not like that. The scripts will load the config from the files in /etc/ where uci stores the data.
You just need to edit /etc/config/wireless (if you downloaded the GPL source just take a look at ./IPlatform/platform/ibase/luci/src/contrib/uci/hostfiles/etc/config/wireless for an example).
To do so, simply add the values in XML format in your config file.
Now, I agree that then you potentially loose the ability to manipulate this from the web interface. It depends what you want to do.
I see....pardon my ignorance....still new in learning these stuff.
Anyway, I tried to edit config.bin and add channel 165 (currently using official EU firmware), however I am sad to say it didn't work. It rebooted and automatically select channel 48. (Android Wifi Analyser also indicates channel 48 being used)
Hmm....turning txbf on for 2.4ghz in config.bin doesn't seem to do anything (no dbm improvement when streaming video to my phone and laptop) unlike 5ghz (GUI available for 5ghz only)
As far as I know the hw has not bf capabilities on the 2,4 Ghz spectrum. Regarding the channel there are other config options and files at play and you can use various tricks to set it, but you'd need to be creative about it.
I suggest you study how the various files work to bring up the wireless interface (e.g. tplink_brcm.sh) in the original firmware. I can't give you a pre-made solution because I don't have one.
When I try to decrypt the config.bin I renamed from backup-Archer C1200-2018-01-03.bin, I got the error below, am I doing anything wrong? Running Ubuntu 16.04 on VMWare with my own compiled openssl including zlib from this guide:
./config --prefix=/usr
--openssldir=/etc/ssl
--libdir=lib
shared
zlib-dynamic &&
sudo make install
....after you ....
$ ./config zlib
$ make
$ sudo make install
...?
Note: beware of the apostrophe symbol for 'Archer C1200' if you copy paste the command from this forum. For some unknown reason, the apostrophe changes to another symbol after one copied/pastes from this forum. Better retype the apostrophe symbol.