"Going back to original firmware" and "stripped images"

zamana · April 28, 2020, 7:03pm

Hi!

Regarding "going back to original firmware" and "stripped images", may I conclude that that "skip=257" option in the dd command came from this calculation?

root@OpenWrt:~# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 0001fb00 00010000 "factory-boot"
mtd1: 00000500 00010000 "mac"
mtd2: 00010000 00010000 "u-boot"
mtd3: 007a0000 00010000 "firmware"
mtd4: 001d0000 00010000 "kernel"
mtd5: 005d0000 00010000 "rootfs"
mtd6: 00390000 00010000 "rootfs_data"
mtd7: 00020000 00010000 "tplink"
mtd8: 00010000 00010000 "art"

mtd0 size: 0001fb00 = 129792
mtd1 size: 00000500 = 1280

(129792 + 1280) / 512 = 256

In this particular case, the "skip" will continue to be 257?

Thanks.
Regards.

zamana · April 28, 2020, 7:19pm

Complementing my own question, with the skip=257 we are actually getting rid of this part?

hnyman · April 28, 2020, 7:42pm

No.
That means that you skip 257 blocks of 512 bytes each.
( the dd command parameters continue.... "skip = 257 bs=512" , bs=blocksize)

In practice, usually factory header of 512 bytes, plus 128 kB of u-boot, 128.5 kB in total.

Which router you are talking about?
That advice is for some TPLink models, where some OEM firmware files have header plus in some firmware files an unnecessary u-boot bootloader (128 kB size) before the actual firmware begins.

For some routers, TP-Link has published both "recovery images" with the u-boot to be stripped, and normal image without that and stripping of only the 0,5 kB header.

So, the correct amount depends on the exact file that you are talking about.

zamana · April 28, 2020, 8:53pm

Thanks for the explanation.

Specifically, my router is a TP-Link Archer C60 V3.

Support for OpenWRT started in February (snapshot only yet), and the stock firmware ins't available from the Brazilian region site.

I tried to apply the US and the EU firmwares, but no success.

Anyway I have a "feeling" that the US version should work, because it supports more "special_id" devices than the EU version:

US SupportList:
{product_name:Archer C60,product_ver:3.0.0,special_id:00000000}
{product_name:Archer C60,product_ver:3.0.0,special_id:45550000}
{product_name:Archer C60,product_ver:3.0.0,special_id:4B520000}
{product_name:Archer C60,product_ver:3.0.0,special_id:54570000}
{product_name:Archer C60,product_ver:3.0.0,special_id:42520000}
{product_name:Archer C60,product_ver:3.0.0,special_id:52550000}
{product_name:Archer C60,product_ver:3.0.0,special_id:55530000}

EU SupportList:
{product_name:Archer C60,product_ver:3.0.0,special_id:00000000}
{product_name:Archer C60,product_ver:3.0.0,special_id:45550000}

I only didn't find yet what would be the "special_id" of my router version.

Anyway, can you help me to calculate the skip value that I should use, if any, in the case of the US firmware version?

Thanks!

mk24 · April 28, 2020, 9:13pm

The IDs are two letter country codes in ASCII, for example 55 53 = "US" and 45 55 = "EU" and 42 57 = "BR".

Which kind of suggests your BR unit is intended to accept the US firmware. Have you tried TFTP recovery?

zamana · April 28, 2020, 9:22pm

Amazing!

"BR" would be 42 52...

Well... I tried the TFTP method with these firmwares from US and EU, and the result was a "bricked" device that I recovered by using the OpenWRT snaphot for my device.

So, I guess that, if the firmwares wasn't "accepted" by my device because "BR" isn't supported, I could change the bin file to artificially supports my BR device, and theoretically, it should work.

How much I could be possible wrong?

UPDATE: actually 42 52 is there... so no binary change is necessary.

The only thing left now would be the skip value, if any.

From the US firmware version, I found these values:

fwup-ptn fs-uboot base 0x01000 size 0x0d45b	
fwup-ptn os-image base 0x0e45b size 0xe6eda	
fwup-ptn file-system base 0xf5335 size 0x6606e5	
fwup-ptn soft-version base 0x755a1a size 0x00059	
fwup-ptn support-list base 0x755a73 size 0x001d5	
fwup-ptn extra-para base 0x755c48 size 0x0000b	
fwup-ptn profile base 0x755c53 size 0x02dae	
fwup-ptn default-config base 0x758a01 size 0x02329	
fwup-ptn partition-table base 0x00800 size 0x00800

Is it possible to calculate the skip value from this?

mk24 · April 28, 2020, 9:45pm

I think you would skip to the base of os-image, that is remove the first 0xe45b bytes.

zamana · April 29, 2020, 2:09pm

Well... unfortunately nothing worked.

I tried all the possible combinations and I'm still with the OpenWRT firmware applied. There's no way to make that US firmware to be applied on my router