Half-Bricked Archer C7?

Router Model: TP-Link Archer C7 AC1750 V3.0 (2.0 firmware interchangeable)
S/N: 215A487002242
Chipset: QCA9558
OS: Ubuntu 18.04 LTS

Background:
Original goal: Get OpenWRT with automatic reboots, ad blocking hosts file, and hardware NAT acceleration, without causing high CPU usage on laptop.

Originally loaded DD-WRT on router but WLAN disappeared when security key set. Decided to switch to OpenWRT by reverting to stock firmware, using 'ArcherC7v2_webrevert.rar' :

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=85237&postdays=0&postorder=asc&start=30

Then I upgraded to this LEDE optimized custom build for Archer:

It worked, but my CPU temp spiked to 60C every time I visited a heavy page like YouTube
...?

I wanted to revert to stock firmware, then flash stable 18.06 release from main page.

Unknowingly I used the same Webrevert file from above (may have been configured for DD-WRT) over SSH to flash.

After 10 minutes, it didn't reboot, so I unplugged my router and replugged it--then navigated to 192.168.0.1--and nothing. Same for 192.168.1.1

Boot pattern:
Back USB LED Lights on constantly.

  1. All front lights go on.
  2. Only power, 5GHz, and 8-pointed star(DMZ?) on,
  3. All except 2.4GHz and rightmost refresh(?) light up
  4. Finally just power, 5Ghz, and 8pt star on.

All happens in less than a second each, in 4 seconds.

Therefore, I cannot access failsafe mode.(blinking star never occurs) Pressing the WPS/reset button does not affect anything. Nor 30-30-30 reset. Unable to ping 192.168.0.66, 192.168.1.66 or 192.168.1.1 or 192.168.0.1

I set my IP address to 192.168.0.66 and attempted to TFTP (via ethernet LAN):

Stripped Version (did not rename) -
http://www.friedzombie.com/tplink-stripped-firmware/download.php?d=Archer-C7-V2
Original firmware (renaming it ArcherC7_v2_tp_recovery.bin):
https://www.tp-link.com/us/download/Archer-C7_V3.html#Firmware

Both said successfully uploaded on TFTP, but I'm convinced that I am just using TFTP to transfer it back to myself. The router doesn't reboot after 10 minutes or more, I can ping if my wired connection is set to 192.168.0.66, but not otherwise, and accessing to 192.168.0.66 brings up "Not Found" in browser.

After recently purchasing this router, I am REALLY hesitant to use a serial cable and don't have any soldering equipment. I do have another PC to test TFTP again on.

If you recognize this problem, or boot pattern, please share, it is highly appreciated. Thanks...

It sounds like the image in flash is unbootable.

TFTP recovery should be to power up while holding the reset button and keep holding until the LEDs do something. The router will be a TFTP server at 192.168.1.1. It will not respond to pings or serve DHCP addresses. It is only a TFTP server. Static IP your PC then TFTP put a stock firmware to it. Use binary mode and do not strip the firmware.

You do not need to solder serial pins in. Get a 1 row pin header with plastic holding the pins together. Plug your adapter wires into one side of the pins. Put the other end of the pins into the holes in the board and tilt it to the side so they make contact. Hold this position while you do your serial access. You can then remove with no trace, warranty intact.

1 Like

I have used the TFTP recovery approach on several Archer C7 v2 units with great success. https://openwrt.org/toh/tp-link/archer-c5-c7-wdr7500#tftp_recovery_de-bricking

It may take a couple tries, and tcpdump will confirm that you've got the right server address. See https://openwrt.org/toh/tp-link/tl-wdr4300#de-brick_or_oem_installation_using_the_tftp_recovery for what you'd look for with tcpdump. Holding down the button long enough was critical. As I recall, it has to be held down until the transfer starts (which can be seen with wireshark or tcpdump).

On macOS, I presently have in /private/tftpboot/

lrwxr-xr-x  1 root  wheel        61 Feb 21  2018 ArcherC7v2_tp_recovery.bin -> lede-17.01.4-ar71xx-generic-archer-c7-v2-squashfs-factory.bin

(that version selected likely based on when I last had to resort to TFTP recovery)

Update:
I have used the Tftpd32 program to flash the stock firmware(unstripped, and renamed) to the router at 192.168.0.1 .
Here are the contents of the log viewer:

Connection received from 192.168.0.86 on port 3131 [7/12 10:53:47.122]
Read request for file <ArcherC7v3_tp_recovery.bin>. Mode octet [07/12 10:53:47.123]
OACK: <timeout=3,> [07/12 10:53:47.125]
<ArcherC7v3_tp_recovery.bin>: sent 32002 blks, 16384512 bytes in 17 s. 0 blk resent [07/12 10:54:04.475]

I set my computer's IPv4 address to 192.168.0.66, port 24, and also held down the reset button until the WPS light turned on.
After the flash was complete, still nothing changed. It did not automatically reboot, and it went through the same boot pattern mentioned earlier. I should clarify that it only happens once per boot, and remains in the fourth state until I manually reboot it again.

I am unfamiliar with using tcpdump, but did my best to scan with Wireshark. On the wiki, it stated it would request for a filename, but no names have appeared. Host Unreachable is the response I got after this flash.

I'm starting to wish I had made a recovery partition....I might be willing to donate it to someone who is clever enough to fix the router.

You're going to need serial to see what is going on. Since the TFTP transfer worked, Ethernet seems to have worked from the bootloader, tcpdump / wireshark isn't really necessary.

If you have successfully booted a stock firmware, wifi APs will come on.

I suppose I have to read up on the wiki about serial. I will attempt this some more once I find the time. For now, I will link a post on the same topic from DD-WRT to refer to later, which may help others or myself later.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=277637&postdays=0&postorder=asc&start=45

Thanks to you and the documentation of OpenWRT community.

Take note of the info on needing a resistor pull-up to get the serial working on the Archer C7. It's described on the device's ToH page.