Effort to bring OpenWrt to the TP-Link Archer C5400X

Hello everyone,
I'm a long time OpenWRT user and tinkerer but this is my first attempt at actually bringing OpenWRT to a yet unsupported platform.

I've created a github repository with my initial effort and findings at https://github.com/ggiraudon/c5400x-openwrt

What is interesting is that the official firmware from TP-Link is actually OpenWRT 12.09rc1 (reskinned by TP-Link).

Also interesting is that non of the OpenWRT stuff is included in the GPL package they have on their website for this model, nor is it mentioned anywhere on the TPLink website.
I only figured it out after extracting the firmware's file system.

If anyone has had any experience in a similar process (porting OpenWRT to an unsupported CPU), I would welcome any pointers. In the mean time I will continue investigating and report what I find.


1 Like

I noted that SSH seems to be enabled by default on the device.
Its running dropbear_2011.54.
The password authentication seems to work when I use the administrator configured password from the webUI with root as a user.
Unfortunately, connecting to it fails.
The error I get is :

PTY allocation request failed on channel 0
shell request failed on channel 0

Does anyone know of a way to execute commands on the target system by exploiting luci ?
It seems the issue in getting SSH to work is a problem with /dev/pts . I'm trying to find a way to remount it.

Found the UART.
You need to bridge 2 jumpers in order to access it.

Important : I had some issues with my first USB to UART converter (a Silicon Labs CP210x). When plugged in, the board would throw a bunch of errors at boot about ECC errors and the kernel wouldnt load. (I thought I had bricked the board by accidentally damaging one of the RAM chips).

In the end, using a good old FTDI USB to UART worked fine.

Got root !

1 Like

Any updates? I have the same router, but am afraid to open up the casing. The firmware is pretty old, so you could have a look at this vulnerability (https://www.cvedetails.com/vulnerability-list/vendor_id-18578/product_id-55207/version_id-289125/Openwrt-Luci-0.10.0.html). And, it seems that the connections to LUCi are encrypted / closed, as, plainly trying to access the UI results in this:

And the wireshark capture of it shows a POST to /cgi-bin/luci/;stok=3b6458f691eb43966d6cf5c19c49e9a8/admin/status?form=wan_speed HTTP/1.1\r\n

1 Like

I'm also interested in the progress or what is best to do and use with the device

Wow, nice job, I'm also a user of C5400X, however, maybe vendor has implemented some techiques to avoid user to flash with 'unofficial' firmware. Let me take a look

Make any progress? Currently also interested in this myself and wondering what I could try to build on.