In Tp-Link Archer D7 and VR2600(v) there are 2 CPU connected 1 Qualcomm for normal router operations and 1 Broadcom just for VDSL/ADSL.
We are currently able to install Openwrt on the Qualcomm CPU but if we can communicate to the Broadcom CPU we could have a fully functional xDSL modem/router.
I am trying to understand the communication protocol between these 2 processors, so I compiled tcpdump for the original Archer D7's firmware, but I don't have and ADSL line anymore so I can't make any real test.
So if someone has an Archer D7 and an ADSL line could be very helpful!
This is a guide to capture data for Archer D7:
Gain shell access using one of these 2 methods:
1.1. Without opening the case using this guide
1.2. Using UART header
It will start capturing data between the 2 processors and will store it in the usb pen.
To terminate the capture press CTRL+C.
What I need for now:
A capture when the adsl connection starts
A capture when the adsl connection ends
For what concerns the VR2600, I don't have it so I can't be 100% sure, but probably it uses the same protocol.
Probably my tcpdump version will not work because of the different cpu, but every help is appreciated
I am back from vacation since a while but i had no opportunity to test tcpdump until today. Sadly I realised that my D7 (not D7b) isn't compatible with "Annex J" what the local ADSL ISP (Deutsche Telekom) uses. Never the less I started tcpdump since the Modem LED blinked but the result doesn't look too promising.
Summery looks like that I don't know if the full log contains userdata therefore I wont upload it public:
1 0.000000 Tp-LinkT_d6:6c:81 MS-NLB-PhysServer-16_18:01:00:01 0x88b5 60 Local Experimental Ethertype 1
2 0.000296 MS-NLB-PhysServer-16_18:01:00:01 Tp-LinkT_d6:6c:81 0x88b5 79 Local Experimental Ethertype 1
Using the option "-i eth0.1" should only dumps data between Qualcomm and Broadcom cpus... so it shouldn't contains personal data untill the modem connects to internet. However in the following days I'll start again working on this modem and I'll post my findings
Hey @numero53! Great work again! I am using now Archer D7 and D7b with uboot of @blinkstar88 and modified MAC address at 0x1FC00 and how he described it on the Archer D7 discussion of you.
Now I'm interested if we can now use the modem part?
Do you need logs or should I test something? I backed up all my mtd partions before first flashing and I also have a few D50 and D5 now at my desk.
I already thought if the D50 could be a very cheap (with cut of modem part) mesh repeater in 802.11r mode? Is the QCA9882 the same chipset like in D7? So on Qualcomm website it says the QCA9882 could handle 1300 Mbit/s, but I guess there are just 2 antennas and so just able to support 866 Mbit/s.
But I would love to help you for developing finally some good to use devices with OpenWRT.
Hi @suppenkasper0815
unfortunately the problem is the ADSL connection. We don't know what happens when modem establishes the connection and what messages the 2 CPUs send in the original firmware...
We are off-topic here... however, D7 has the QCA9880 (3 streams = 1300Mbit/s) while the D50 has the QCA9882 (2 streams = 866.7Mbit/s). Probably Qualcomm is talking about the capability of the QCA9882 to be implemented as a dual band device (2.4GHz and 5GHz simultaneously) but I don't know why they say: "MIMO Configuration: 3x3 (3-stream)". Some PCIExpress cards are built to operate in dual band mode, like this one: https://wikidevi.wi-cat.ru/JJPlus_JWX6055... But not using 3 streams
