I have a TP-Link Archer C60 v1 that I've hard-bricked by accidently installing the wrong firmware to it. The firmware that was installed was the one from the Archer C60 v2 and it was installed using the TFTP method. Obviously, I'm aware that the device has checks and verifications in place to prevent this from happening, but I bypassed those protections by manually editing the firmware file before uploading it through TFTP. I wrongly assumed that v1, v2 and v3 of this device have the same partition layout and that, if things go awry, it shouldn't hard-brick the device, only soft-brick it. It turns out that although the v2 and the v3 do in fact have the same partition layout, the v1 doesn't. A really dumb mistake on my part, I know...
Since the device was now stuck in an infinite bootloop and wasn't even loading the bootloader, I desoldered the flash chip from the board in order to dump its content and analyze it. From my analysis of the flash dump of my bricked device and by cross-referencing its content with the partition layouts of the v1 and the v2 , I've so far confirmed that:
a) all the partitions have been overwritten by the data from the v2 firmware;
b) that the data was written at the addresses from v2's partition layout;
c) and that the ART partition was left intact, since for v1,v2 and v3 it resides at the same address (0x7f0000). I know, lucky me...
Now that I've established the extent of the damage, I think I am ready to attempt to debrick this device. I'm trying to figure out the best approach to take and I have a few questions.
If I extract 'u-boot' from the stock firmware and flash it to the flash chip at the right address, can I expect the device to boot even if the rest of the partitions are corrupt? If not, skip to question #2.
↳ If yes, from a working
u-bootonly, will I be able to boot OpenWRT from RAM even if the rest of the partitions are corrupt?
↳ If yes, from OpenWRT booted from RAM, will I be able to
mtd writethe partitions and expect OpenWRT to write them at correct addresses?
Can I manually build a new image to flash to the chip the following way:
i) extracting the partitions (out of the stock firmware for the generic ones; out of my flash dump for the unique-per-device ones)
ii) stitching them back together at the right address (the addresses from the partition layout)
iii) adding padding of the correct size (until the next partition's address) at the end of them with