I have a TP-Link W8970B (Ver 1.0) and following the Web Interface Hack I am able to telnet into the device.
As far as I understand I should now start a tftpd server on my Ubuntu machine and on the TP-Link I should issue the following commands: setenv, tftpboot, sf erase and sf write. However, none of these commands is available on the router:
$ telnet 192.168.1.1 1023
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
TD-W8970B login: admin
Password: 1234
~ # setenv
-sh: setenv: not found
~ # [TAB][TAB] => only these commands are available:
arping chmod dhcpd handle_card ipcrm ls ping rm switch_utility vsftpd
ash cli diagTool hostapd ipcs lsmod ping6 rmmod tc wlanconfig
atmarp cos dnsProxy hotplug ipsecVpn mkdir poweroff route telnetd wpa_supplicant
atmarpd cp dsl_cpe_control httpd iptables modem_scan ppacmd setkey tftp wpatalk
br2684ctl cwmp dyndns ifconfig iwconfig mount pppd sh umount xtables-multi
br2684ctld date ebtables igmpd iwlist netstat ps sleep upnpd zebra
brctl df echo init iwpriv noipdns racoon smbcontrol usb_modeswitch
busybox dhcp6c free insmod kill ntfs-3g radvd smbd usbp
cat dhcp6s getty ip killall ntpc reboot smbpasswd ushare
chat dhcpc halt ip6tables login pidof ripd snmpd vconfig
As you can see there is no sf or tftpboot (but there is tftp only).
Hmm, what now? Searching the forum for the specific TP-W8970B or TP-W8970 it looks like there are many people using it. Anything I am doing wrong?
Thanks, this would explain. Well, sorry if this is a stupid question but I searched the forums and web for how to boot into the uboot bootloader but cannot find anything: So, how can I telnet (or get into) the uboot bootloader? (where I could then issue the necessary commands)
You need to open the case and hook up a serial port to get into the bootloader and use that install method.
After you are able to telnet into the stock firmware, the 9970 page linked below the telnet instructions explains how to use that to install by copying firmware files from a USB flash drive.
What you are doing is breaking the file into two parts so you can copy it into two mtd partitions defined by the stock firmware. The first 1310720 bytes (20 64k blocks) goes into mtd1 and the rest of the file is in mtd2. First you try to cram the whole file into mtd1, knowing it will crash after 1310720 bytes but that is OK since the first part does copy. Then you have created a "firmware-1" file using dd to chop off the first 1310720 bytes of the image so you can write that to mtd2. What ends up in the flash chip is a contiguous true copy of the image since the two partitions are adjacent in the chip.
LEDE / OpenWrt defines a different partition table so you don't have to do that to upgrade. I think it would be best to use 15.05 first then upgrade.
Hmm, damn it. I just did as explained in the wiki: (at least I think so, if you spot an error let me know):
jens@izmir:/media/jens/blackstick$ dd if=openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade.image of=openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade-1.image bs=1310720 skip=1
2+1 records in
2+1 records out
2883588 bytes (2,9 MB, 2,8 MiB) copied, 0,108301 s, 26,6 MB/s
jens@izmir:/media/jens/blackstick$ ls -lh
total 6,8M
-rw-r--r-- 1 jens jens 2,8M Okt 7 16:10 openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade-1.image
-rw-r--r-- 1 jens jens 4,1M Okt 7 16:10 openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade.image
jens@izmir:/media/jens/blackstick$ ls -l
total 6920
-rw-r--r-- 1 jens jens 2883588 Okt 7 16:10 openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade-1.image
-rw-r--r-- 1 jens jens 4194308 Okt 7 16:10 openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade.image
jens@izmir:/media/jens/blackstick$ cd
jens@izmir:~$ telnet 192.168.1.1 1023
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
TD-W8970B login: admin
Password:
~ # ls /var/
lock run Wireless dev passwd ipsec
log tmp usbdisk samba 3G vsftp
~ # ls /var/usbdisk/
sda1
~ # ls /var/usbdisk/sda1/
openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade-1.image
openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade.image
~ # cat /dev/mtd0 > /var/usbdisk/sda1/mtd0
~ # cat /dev/mtd1 > /var/usbdisk/sda1/mtd1
~ # cat /dev/mtd2 > /var/usbdisk/sda1/mtd2
~ # cat /dev/mtd3 > /var/usbdisk/sda1/mtd3
~ # cat /dev/mtd4 > /var/usbdisk/sda1/mtd4
~ # cat /dev/mtd5 > /var/usbdisk/sda1/mtd5
~ # cat /dev/mtd6 > /var/usbdisk/sda1/mtd6
~ # ls -la /var/usbdisk/sda1/mtd1
-rwxrwxrwx 1 1310720 /var/usbdisk/sda1/mtd1
~ # cat /var/usbdisk/sda1/openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade.image > /dev/mtdblock1
cat: write error: No space left on device
~ # cat /var/usbdisk/sda1/openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade-1.image > /dev/mtdblock2
~ # reboot
Connection closed by foreign host.
...but although WiFi and network LEDs are lighted I cannot ping the W8970 anymore. I waited for 3 minutes after flashing, also re-plugged several times now. Looks like it's bricked now :-/ No WiFi, nothing... 192.168.1.1 should be the right IP even after flashing I guess. I also made sure my eth is on 192.168.1.2 (like when I flashed via telnet). Damn it.
jens@izmir:~$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.2 icmp_seq=1 Destination Host Unreachable
From 192.168.1.2 icmp_seq=2 Destination Host Unreachable
From 192.168.1.2 icmp_seq=3 Destination Host Unreachable
Hi,
as you asked for some information in the other thread I opened, I would like to give you some short pointers.
When I installed LEDE on the TD-W8970B, I had just the same problems as you had. So I proceeded as the people here already proposed: Use telnet to get on the router and then install LEDE from the USB stick. I also installed OpenWRT first and when that worked, I installed LEDE via the OpenWRT GUI.
I checked the commands you used and in my opinion you did everything right according to the tutorial. I do not not remember doing anything different than in the tutorial, but I am not perfectly sure about this.
From your post, I cannot deduct whether you connect to the flashed router via WIFI or via a cable. I think that WIFI did not work on my router after flashing, although the LED might have been already lighted. So if you do not already connect via cable, please try connecting via cable and use the command line interface or the GUI to configure the WIFI.
Ok, I am curious now and decided to by a usb-serial cable.
Any recommendation for a cable? (should be working under Linux).
Also, in order to connect the usb-to-serial cable to the W8970 is it really necessary to soldier the wires to it? Or is it sufficient to just fix them with a little bit of tape so that the wires are "connected" to (touch) it?
Thanks, pretty helpful comment What's so laughable about this? If I connect currents, it's also fine to connect the wires (without soldiering them permanently)...
Then all the methods in order to reset to factory defaults (that is, device normally listens on 192.168.1.1 were not working).
So I used sysupgrade as describe here in order flash the latest lede version. This worked and I can now access the device via Luci or ssh like I am used to it from other devices.
I read on the forum about 
What's so laughable about this? If I connect currents, it's also fine to connect the wires (without soldiering them permanently)...