I wanted to post this as I was stuck on this and didn’t get an answer. I saw mention of some others also saying they didn’t get it working, so I thought I’d share what I did.
Apologies to some if I’m stating the obvious, but as I’m learning, this can be the “Idiot’s Guide”. I take no credit for this as other’s contributions (like those linked below) deserve any appreciation.
I have an ER605 v2 and I wanted to flash it with OpenWRT, but due to the circumstances I’ll be using it for, being able to restore to stock TP-Link firmware is essential. As recommended by chill1Penguin’s guide step 4, an MTD partition backup is recommended.
I tried to follow this and failed several attempts, so I will share what did work for me.
First off, you’ve got to get root access, which is step 3. I had some issues with this. Coming from a Windows box, I usually use Putty to SSH into things. I unboxed my brand new ER605, plugged it into my PC and accessed it on 192.168.0.1 (default). Using chill1Pengin’s steps 1, 2 & 3 I was able to get to root – hooray. (I was also lucky that my ER605 shipped with v2.0.0 so I didn’t have to downgrade or change anything).
I moved to step 4 and got very confused as I was trying to paste the full MTD backup script into my router in my Putty session. It is not meant to run on your router! You need to run it in a Linux OS and then connect to your router! (This should be obvious as it actually states this above the script, but I had not properly read/understood).
Luckily, I have a couple of Linux distros running on my PC using WSL. I opened the Ubuntu OS and tried to SSH into the router.
ssh root@192.168.0.1
Unable to negotiate with 192.168.0.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au
This is mentioned in step 3 and the recommended fix is to use
-o KexAlgorithms=+diffie-hellman-group1-sha1
However, when I do this, it complains about the other thing
ssh root@192.168.0.1 -o KexAlgorithms=+diffie-hellman-group1-sha1
Unable to negotiate with 192.168.0.1 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
The recommendation was to use -o hostkeyalgorithms=ssh-rsa
for this. Confused at this point, I wondered if a different Distro would change anything.
I switched to Oracle Linux 8 and tried to SSH into the router and this worked just fine. No errors about SSH algorithms and needing extra options at all.
Now I’m up to step 4. I paste the script into my console and run it, but fails as per my post here. I spend some time trying to work out why, googling and also trying it on online bash script validators (which showed there was nothing wrong with the script). I decided to try the same script in Ubuntu (but on a different router that I didn’t have the same SSH algorithm problems). It ran just fine! So the problem was with the way that some Linux Distros (Oracle Linux 8 in this case) had slightly different syntax required for bash scripts.
Attacking the SSH login problem next, I worked out that I actually needed BOTH options to SSH into the ER605. To be specific, I used ssh -o hostkeyalgorithms=ssh-rsa -o KexAlgorithms=+diffie-hellman-group1-sha1 root@192.168.0.1
(Seems obvious once I tried it)
Once I’d confirmed login via SSH and exited the session back into Ubuntu’s console, I edited the script to add in both SSH algorithm options. The edit looked like this:
cat << "EOF" > mtdbk.sh
#!/bin/bash
set -e
function die() {
echo "${@}"
exit 2
}
OUTPUT_FILE="mtd_backup.tgz"
OPENWRT="root@192.168.0.1"
TMPDIR=$(mktemp -d)
BACKUP_DIR="${TMPDIR}/mtd_backup"
mkdir -p "${BACKUP_DIR}"
SSH_CONTROL="${TMPDIR}/ssh_control"
function cleanup() {
set +e
echo "Closing master SSH connection"
"${SSH_CMD[@]}" -O stop
echo "Removing temporary backup files"
rm -r "${TMPDIR}"
}
trap cleanup EXIT
# Open master ssh connection, to avoid the need to authenticate multiple times
echo "Opening master SSH connection"
ssh -o "ControlMaster=yes" -o "ControlPath=${SSH_CONTROL}" -o "ControlPersist=10" -o hostkeyalgorithms=ssh-rsa -o KexAlgorithms=+diffie-hellman-group1-sha1 -n -N "${OPENWRT}"
# This is the command we'll use to reuse the master connection
SSH_CMD=(ssh -o "ControlMaster=no" -o "ControlPath=${SSH_CONTROL}" -n "${OPENWRT}")
# List remote mtd devices from /proc/mtd. The first line is just a table
# header, so skip it (using tail)
"${SSH_CMD[@]}" 'cat /proc/mtd' | tail -n+2 | while read; do
MTD_DEV=$(echo ${REPLY} | cut -f1 -d:)
MTD_NAME=$(echo ${REPLY} | cut -f2 -d\")
echo "Backing up ${MTD_DEV} (${MTD_NAME})"
# It's important that the remote command only prints the actual file
# contents to stdout, otherwise our backup files will be corrupted. Other
# info must be printed to stderr instead. Luckily, this is how the dd
# command already behaves by default, so no additional flags are needed.
"${SSH_CMD[@]}" "dd if='/dev/${MTD_DEV}ro'" > "${BACKUP_DIR}/${MTD_DEV}_${MTD_NAME}.backup" || die "dd failed, aborting..."
done
# Use gzip and tar to compress the backup files
echo "Compressing backup files to \"${OUTPUT_FILE}\""
(cd "${TMPDIR}" && tar czf - "$(basename "${BACKUP_DIR}")") > "${OUTPUT_FILE}" || die 'tar failed, aborting...'
# Clean up a little earlier, so the completion message is the last thing the user sees
cleanup
# Reset signal handler
trap EXIT
echo -e "\nMTD backup complete. Extract the files using:\ntar xzf \"${OUTPUT_FILE}\""
EOF
I pasted this into the console and pressed Enter to complete it.
Then I gave the newly created file execute permissions with chmod +x mtdbk.sh
and then ran it with ./mtdbk.sh
It completed as expected. Here is a copy of the output
# ./mtdbk.sh
Opening master SSH connection
root@192.168.0.1's password:
Backing up mtd0 (Bootloader)
1024+0 records in
1024+0 records out
Backing up mtd1 (Config)
1024+0 records in
1024+0 records out
Backing up mtd2 (Factory)
512+0 records in
512+0 records out
Backing up mtd3 (firmware)
255488+0 records in
255488+0 records out
Backing up mtd4 (panic-oops)
4096+0 records in
4096+0 records out
Backing up mtd5 (partition-table)
496+0 records in
496+0 records out
Backing up mtd6 (support-list)
496+0 records in
496+0 records out
Backing up mtd7 (device-info)
1+1 records in
1+1 records out
Backing up mtd8 (device-info.b)
1+1 records in
1+1 records out
Backing up mtd9 (tddp)
496+0 records in
496+0 records out
Backing up mtd10 (tddp.b)
496+0 records in
496+0 records out
Backing up mtd11 (bootloader)
1024+0 records in
1024+0 records out
Backing up mtd12 (kernel)
3712+0 records in
3712+0 records out
Backing up mtd13 (rootfs)
22784+0 records in
22784+0 records out
Backing up mtd14 (firmware-info)
0+1 records in
0+1 records out
Backing up mtd15 (extra-para)
744+0 records in
744+0 records out
Backing up mtd16 (log)
4216+0 records in
4216+0 records out
Backing up mtd17 (rootfs_data)
20584+0 records in
20584+0 records out
Backing up mtd18 (bootloader.b)
1024+0 records in
1024+0 records out
Backing up mtd19 (kernel.b)
3712+0 records in
3712+0 records out
Backing up mtd20 (rootfs.b)
22784+0 records in
22784+0 records out
Backing up mtd21 (firmware-info.b)
0+1 records in
0+1 records out
Backing up mtd22 (extra-para.b)
744+0 records in
744+0 records out
Backing up mtd23 (log.b)
4216+0 records in
4216+0 records out
Backing up mtd24 (rootfs_data.b)
20584+0 records in
20584+0 records out
Compressing backup files to "mtd_backup.tgz"
Closing master SSH connection
Stop listening request sent.
Removing temporary backup files
MTD backup complete. Extract the files using:
tar xzf "mtd_backup.tgz"
Now the backup is complete! As I’m using Linux via WSL, I can just look in Windows Explorer and find the backup file under \\wsl.localhost\Ubuntu\root
Now I have a successful full backup of my untouched ER605 stock system, I will move onto flashing with OpenWRT, then I will test reverting back to stock again, just to confirm.