I just bought a TP-Link EAP225 v1 and was wondering how to get OpenWrt running on it. There are snapshots for v3 and Outdoor v1. Has anyone succeeded installing one of these on v1?
1 Like
Now I tried to use EAP245 v1 firmware on my EAP225 v1 device.
Since I'm quite new to OpenWrt (I have only one device, a TL-WDR4300, running OpenWrt), let me state exactly which steps I took. Mayby I made a mistake somewhere.
Or it is just not possible to upgrade a EAP225 v1 device with EAP245 v1 firmware. 
First of all I gain access to the device by changing the username into ;/usr/sbin/telnetd -l/bin/sh& and changing it back to admin directly after that.
I confirm access by typing
# telnet {device-ip}
into a terminal.
Then I change properties of /tmp by
# chmod 777 /tmp
In another terminal tab I put
# ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@{devie-ip} "dd if=/usr/bin/uclited" > uclited
and the password I used when changing the username of the device.
Then,
# cp uclited uclited-patched
# echo "000d2264: 24020000 00000000" | xxd -r - uclited-patched
The command
# sha256sum uclited*
gives this output:
d7b6af4e0416e05265251abb697a07340bbb12eb75ec4f92caef02a43b5bf60a uclited
13ed1ddea2c7b66a1039d55a72f68bd63f05c328e33599816d48d53dadc6c686 uclited-patched
Then I run
# xxd -g4 -l8 -s860772 uclited-patched
# ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@{devie-ip} "dd of=/tmp/uclited" < uclited-patched
# ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@{devie-ip} "dd of=/tmp/upgrade.bin" < openwrt-ath79-generic-tplink_eap245-v1-squashfs-factory.bin
In the 'telnet'-tab I run
# chmod +x /tmp/uclited && /tmp/uclited -u
giving the following output:
Begin Debug Mode Fireware Upgrade
Upgrade fireware size is 5267795 bytes
Upgrade fireware md5 checksum is correct!
Process 13868 Catch signal 11:
code = 1 errno = 0
Dump regs:
pc: 76fca76c
zero: 00000000 at: 00cc9a5a v0: 7ff72278 v1: 00000000
a0: 7ff72278 a1: 00000000 a2: 00000014 a3: 00000a40
t0: 00000014 t1: 00000000 t2: 00000001 t3: 00566383
t4: fffffffe t5: 00000001 t6: 00000000 t7: 00000400
s0: 7ff72278 s1: 00000003 s2: 00000020 s3: 00000030
s4: 0057aaac s5: 007acca0 s6: 00000005 s7: 007acca0
t8: 00000010 t9: 76fca720 k0: 0a0a0a0a k1: 00000000
gp: 005b2d20 sp: 7ff72240 fp/s8: 00000003 ra: 004c06c0
Dump mem stack:
(STACK: 0x7ff53000 ~ 0x7ff74000 SP: 0x7ff72240)
0x7ff72240: 00000000 00000000 00000000 00000000 005b2d20 00000000 00000000 004c5f24
0x7ff72260: 00000000 00000000 00000000 00000000 005b2d20 00000000 00000000 00000000
0x7ff72280: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0x7ff722a0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0x7ff722c0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0x7ff722e0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0x7ff72300: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0x7ff72320: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
0x7ff72340: ......
Dump call stack:
#00 pc 0002d76c /lib/libuClibc-0.9.30.so (memcpy+76)
#01 pc 000c06b8 /tmp/uclited (ucCluster_getCfg+40)
#02 pc 000c5f1c /tmp/uclited (swIsClusterMode+64)
#03 pc 000d1b0c /tmp/uclited (nm_checkUpdateContent+668)
#04 pc 000d2354 /tmp/uclited (nm_buildUpgradeStruct+1268)
#05 pc 00138428 /tmp/uclited (uclite_upgrade_debug+520)
#06 pc 001386e4 /tmp/uclited (main+276)
#07 pc 0004f858 /lib/libuClibc-0.9.30.so (__uClibc_main+600)
Exiting...
When I rerun it, the output is:
Begin Debug Mode Fireware Upgrade
Upgrade fireware size is 5267795 bytes
Upgrade fireware md5 checksum is not correct!
The same has been reported by Knogle.
Does anyone have any idea on how to circumvent this?
You're the first user I encounter with an EAP225v1 that wants to run OpenWrt!
The flashing procedure is similar to the EAP245v1, but will require a different binary patch. Let me see if I can still find it somewhere.
Edit:
So the correct patching command would be (uclited from FW v1.4.0):
echo "000d2354: 24020000 00000000" | xxd -r - uclited-patched
I threw together device support based on EAP245v1. You are probably correct about the device being capable of running the EAP245v1 firmware, though. In fact, I've cross-flashed an EAP225v3 firmware to my EAP245v1, but that probably only works from OpenWrt.
If you want to test this, it's probably a good thing to make sure you have access to the serial port first. Although I'm quite confident this patch won't brick the device, you never know 
When testing, please let confirm the following:
- All three LEDs can be controlled as expected,
- /sys/class/gpio/leds:enable can be used to toggle the LEDs
- Both radios (2.45GHz and 5GHz) work as expected
1 Like
Did it work?
I also have an EAP 225 v1, would like to give this a go.
Also, is the EAP 245 still non-mainline? I see one of the threads from last year stating that one reason is because you need to solder the serial header but - even the Think VR2600v needs you to solder a header, and that device is mainline
(If EAP245/225 works, shouldn't it be mainline?)
I don't know, never heard back. I've rebased the branch onto the latest master, feel free to compile an image and test 
The header wasn't the only reason, the terrible bootloader provided by TP-Link also had to be accounted for. In the end I did manage to provide patches that got accepted, check the table of hardware in the wiki for the EAP245.
I just tried the EAP225 v1 commit by @svanheule and it is working fine on this model 
Thank you very much!
I will now build the latest OpenWrt with this device target.
2 Likes
Thanks for testing! Would you be able to verify the debricking info by any chance? If you want, I can also add a Tested-by tag for you.
Sorry, but this is a device in school (so not my own). I am not able to solder things here 
I have created a EAP225 v1 image based on OpenWrt 21.02:
https://drive.google.com/drive/folders/1rkqi5JASjegnI6dAUDg-93Ag2Ap17c8c?usp=sharing
Default build config which is also used by OpenWrt + wpad full (to get full WPA Enterprise support).
Working flawlessly!
@svanheule sure, add me tested-by
1 Like
For the Tested-by, I would need your real name and email address. Feel free to send that in a PM if you don't want this to be on the forum, but note that it will be publicly available in the commit log of OpenWrt.
Hey thats good news, I've had one of these for a while and just looked again and found your success. Can you point me to the specific firmware for the 225 ceiling mount with rev 2.1 on latest FW 1.4 Processing: IMG_20210918_123620.jpg...
You should be able to use the image for an EAP225v1 on your EAP225v2.
I've submitted the patch with OpenWrt a while ago, but it hasn't been merged yet.
Now merged in commit 0f6b6aab2bc9. Images built for the EAP225v1 should be compatible with the EAP225v2 as well.
2 Likes
Hey Sander ,
Tried to mail you 
How can i create from the commit a binary file for the EAP225V1
thanks
You can download a snapshot build, but be aware that you will only have SSH access. LuCI is not included, so please consult the OpenWrt wiki for instructions.
Instructions on how to install the sysupgrade factory image is in the commit message.
But i can configure with openwisp ?
I suppose so, nothing that should prevent that. Better to open a separate thread on this though.
Yeah, I was at a loss to feel I knew which to try so I held off..
But now I actually need to put it to work at my rental to bring a cord in..
Thanks for your work on these!
Is it now a matter of just flashing from the stock FW? I'll go read... Cheers!
I bought a used one a week ago and flashed a snapshot image on Saturday. It's working properly but it took me some time to figure out the flashing commands.
Edit: I just updated the Wiki with the commands I used, it would be good if you could check the procedure: https://openwrt.org/toh/tp-link/eap225
2 Likes
Hmm well, this did not work out.. I can no longer reach the stock gui. unit has a wifi signal but wont connect to a client and the 192 168 0 254 is unreachable. This all given my limited amount of experience. I would appreciate any help at a revival attempt, I'm stuck
What exactly did you do and where are you stuck at? If you're still at the OEM firmware, did you try a factory reset?