MAC of br-lan and wan interface is not matching the real hardware address (Archer C5 v2)

Hi!

I am facing a strange behviour with the current stable LEDE Release 17.01.2 and the Hardware modell TP-LINK Archer C5 V2. The MAC address of br-lan and wan is on three different devices the same ( 00:90:4C:11:20:01 and 00:90:4C:11:20:02)

As background:
For a small project of extending an existing network, I bought three similar devices of the Archer C5. The flashing procedure was seamless. The initial testing was ok, I was running only one device of them simultanely. But as I started to deploy the devices in the destination, the network slowed down and was not really usable anymore.
The Webinterface was not usable anymore, the SSH access disconnected after a short period of time, even after typing three characters.

However, after disconnecting the device from network without powering them down, I managed to get the output of dmesg. There where many lines like this:
br-lan: received packet on eth0.1 with own address as source address

After that, I decided to take a look on the interfaces hardware addresses and they where matching on all three devices.
They are clearly not the original hardware address. After that, I reflashed again, but it is still the same.

Sure, I can set the MAC manually, but I think thats not the way I want to go. Is there any way to reset the discovered MAC and to reuse the original address automatically?

I am using this firmware "lede-17.01.2-bcm53xx-tplink-archer-c5-v2-squashfs.bin"

ok, Sorry, I didn't read well... You have flashed 3 devices, and now the three had same mac addresses?
There is your macaddress: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=988027&sid=8a7eb696bb3183e79dbdf6bec1e22117#988027
google it as : 00-90-4C-11-20-01

As far I read on internet there is a fallback when broadcom chipset couldn't read reversed macaddres from flash it uses that macadress... probably the image that you flashed have some offset/position of reading macaddress bad. have you tried to use OpenWRT 15.05.1 too see if it happens the same? please try, maybe LEDE needs some fix on your hw target configuration.

It's seems that everyone get some kind of defaut mac effectively, but I think that nobody filled a bug yet. I was trying to get someone look at their ART partition to look for the mac address offset but didn't get a follow up yet.

OpenWRT does not have the router model in revision 2 in their current supported hardware table; only the hardware revision 1.

It seems that I don't have an ART partion in my device.

root@NODE04:~# cat /tmp/sysinfo/model
TP-LINK Archer C5 V2
root@NODE04:~# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00040000 00010000 "boot"
mtd1: 00200000 00010000 "firmware"
mtd2: 00c00000 00010000 "rootfs"
mtd3: 009c0000 00010000 "rootfs_data"
mtd4: 001b0000 00010000 "tplink"
mtd5: 00010000 00010000 "nvram"
mtd6: 001fffe4 00010000 "linux"
root@NODE04:~#

Nevertheless, I have only managed to list the partitions, how would I do accessing the ART partition. I want to have look on one of my older devices running LEDE too.

My bad, I tought that there was an ART. I'm away now with an intermittent Internet access, but from memory it's something like cat mtd4 > /tmp/tplink.bin and then download that file and look for the mac address into it. Maybe it's doable with grep directly too.

First of all, thank you for taking the time with this, DjiPi.
Your memory is really good, only the dev was missing

cat /dev/mtd4 > /tmp/tplink.bin
produced a very large output ( 1728kb ) compared to an older TPLink model "TP-Link TL-WR1043N/ND v2" with an ART Partition (64kb)

I found an alternative way with dd, but the size remains the same.

root@NODE04:~# dd if=/dev/mtd4 of=/tmp/tplink.bin
3456+0 records in
3456+0 records out

unfortunately, I am not able to find any usefull string within the file.

27050385
vendor_name:TP-LINK
vendor_url:www.tp-link.com
product_name:ArcherC5
language:en
product_ver:2.0.0
product_id:00050002
special_id:00000000
partition fs-uboot base 0x00000 size 0x40000
partition os-image base 0x40000 size 0x200000
partition file-system base 0x240000 size 0xc00000
partition default-mac base 0xe40000 size 0x00200
partition pin base 0xe40200 size 0x00200
partition product-info base 0xe40400 size 0x00200
partition partition-table base 0xe50000 size 0x10000
partition soft-version base 0xe60000 size 0x00200
partition support-list base 0xe61000 size 0x0f000
partition profile base 0xe70000 size 0x10000
partition default-config base 0xe80000 size 0x10000
partition user-config base 0xe90000 size 0x50000
partition log base 0xee0000 size 0x100000
partition radio_bk base 0xfe0000 size 0x10000
partition radio base 0xff0000 size 0x10000
SupportList:
{product_name:ArcherC5,product_ver:2.0.0,special_id:00000000}
27050385
111000010

followed by some ip addresses, urls and some other readable but useless stuff
the last maybe interesting things are

0:pa2gw0a0=0xfe7b
0:pa2gw1a0=0x1e92
0:pa2gw2a0=0xf8b4
0:pa2gw0a1=0xfe70
0:pa2gw1a1=0x1bdf
0:pa2gw2a1=0xf93c
1:pa5ga0=0xff46,0x1857,0xfd0f,0xff38,0x1a7f,0xfcc3,0xff33,0x1a66,0xfcc4,0xff59,0
x18f5,0xfd0e
1:pa5ga1=0xff49,0x195a,0xfcf1,0xff38,0x1a37,0xfccd,0xff37,0x1aa1,0xfcc0,0xff39,0
x180e,0xfced
1:rpcal5gb0=0x6c
1:rpcal5gb3=0x7a
pci/2/1/rpcal5gb0=0x6c
pci/2/1/rpcal5gb3=0x7a
rftestflag=47081

Usually macaddress is reversed, check that way too.

i have on wan side MAC address just 00:00:00:00:00:00....my router is archer c 2600 with latest lede firmware....all working well but it is strange to have just zeroes for MAC....all others interfaces have valid MAC....

default-mac base seems to be a good lead.

@bayern You should start your own thread since this one is about Archer C5. You'll get better coverage than burried deep down into this thread. I took the liberty to add that as a precision to the OP title.

I am sorry, but I don't know how to access the storage by the given parameters
partition default-mac base 0xe40000 size 0x00200

I have spent some time by searching the web, but, I am not even sure if I am using the right search criterias. The nearest hit was a HowTo regarding the bootloader configuration.
To be honest, thats a much deeper dive into the embedded world I had ever done.

Can you supply a bootlog of your C5 ? There should be a section about partition mapping that could help us I think. If possible embed the bootlog between Preformatted text block in your post.

Edit: changed suggestion accordingly to tmomas's response.

Please use "Preformatted text" instead for long bootlogs and configs.

Here is the output of dmesg

root@NODE04:~# dmesg
[    0.000000] Booting Linux on physical CPU 0x0
[    0.000000] Linux version 4.4.71 (buildbot@builds-02.infra.lede-project.org) (gcc version 5.4.0 (LEDE GCC 5.4.0 r3103-1b51a49) ) #0 SMP Thu Jun 8 10:18:56 2017
[    0.000000] CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c5387d
[    0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[    0.000000] Machine model: TP-LINK Archer C5 V2
[    0.000000] bootconsole [uart0] enabled
[    0.000000] Memory policy: Data cache writealloc
[    0.000000] Hit pending asynchronous external abort (FSR=0x00001c06) during first unmask, this is most likely caused by a firmware/bootloader bug.
[    0.000000] On node 0 totalpages: 32768
[    0.000000] free_area_init_node: node 0, pgdat c03fce00, node_mem_map c7ef8000
[    0.000000]   Normal zone: 256 pages used for memmap
[    0.000000]   Normal zone: 0 pages reserved
[    0.000000]   Normal zone: 32768 pages, LIFO batch:7
[    0.000000] PERCPU: Embedded 11 pages/cpu @c7ee5000 s12928 r8192 d23936 u45056
[    0.000000] pcpu-alloc: s12928 r8192 d23936 u45056 alloc=11*4096
[    0.000000] pcpu-alloc: [0] 0
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 32512
[    0.000000] Kernel command line: console=ttyS0,115200 earlycon
[    0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)
[    0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[    0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[    0.000000] Memory: 125372K/131072K available (3318K kernel code, 112K rwdata, 484K rodata, 228K init, 285K bss, 5700K reserved, 0K cma-reserved, 0K highmem)
[    0.000000] Virtual kernel memory layout:
[    0.000000]     vector  : 0xffff0000 - 0xffff1000   (   4 kB)
[    0.000000]     fixmap  : 0xffc00000 - 0xfff00000   (3072 kB)
[    0.000000]     vmalloc : 0xc8800000 - 0xff800000   ( 880 MB)
[    0.000000]     lowmem  : 0xc0000000 - 0xc8000000   ( 128 MB)
[    0.000000]     pkmap   : 0xbfe00000 - 0xc0000000   (   2 MB)
[    0.000000]     modules : 0xbf000000 - 0xbfe00000   (  14 MB)
[    0.000000]       .text : 0xc0008000 - 0xc03bee44   (3804 kB)
[    0.000000]       .init : 0xc03bf000 - 0xc03f8000   ( 228 kB)
[    0.000000]       .data : 0xc03f8000 - 0xc04141c8   ( 113 kB)
[    0.000000]        .bss : 0xc04141c8 - 0xc045b978   ( 286 kB)
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] Hierarchical RCU implementation.
[    0.000000]  RCU restricting CPUs from NR_CPUS=2 to nr_cpu_ids=1.
[    0.000000] RCU: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
[    0.000000] NR_IRQS:16 nr_irqs:16 16
[    0.000000] L2C: DT/platform modifies aux control register: 0x0a130000 -> 0x0a530000
[    0.000000] L2C-310 enabling early BRESP for Cortex-A9
[    0.000000] L2C-310 full line of zeros enabled for Cortex-A9
[    0.000000] L2C-310 ID prefetch enabled, offset 1 lines
[    0.000000] L2C-310 dynamic clock gating enabled, standby mode enabled
[    0.000000] L2C-310 cache controller enabled, 16 ways, 256 kB
[    0.000000] L2C-310: CACHE_ID 0x410000c8, AUX_CTRL 0x7e530001
[    0.000015] sched_clock: 64 bits at 400MHz, resolution 2ns, wraps every 4398046511103ns
[    0.008590] clocksource: arm_global_timer: mask: 0xffffffffffffffff max_cycles: 0x5c4093a7d1, max_idle_ns: 440795210635 ns
[    0.020614] Calibrating delay loop... 1594.16 BogoMIPS (lpj=7970816)
[    0.113464] pid_max: default: 32768 minimum: 301
[    0.118442] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.125459] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.133458] CPU: Testing write buffer coherency: ok
[    0.138903] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000
[    0.144982] Setting up static identity map for 0x82a0 - 0x82d4
[    0.151955] Brought up 1 CPUs
[    0.155126] SMP: Total of 1 processors activated (1594.16 BogoMIPS).
[    0.161907] CPU: All CPU(s) started in SVC mode.
[    0.169192] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[    0.179678] futex hash table entries: 256 (order: 2, 16384 bytes)
[    0.186245] pinctrl core: initialized pinctrl subsystem
[    0.192670] NET: Registered protocol family 16
[    0.198021] DMA: preallocated 256 KiB pool for atomic coherent allocations
[    0.217852] clocksource: Switched to clocksource arm_global_timer
[    0.225232] NET: Registered protocol family 2
[    0.230532] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[    0.237919] TCP bind hash table entries: 1024 (order: 1, 8192 bytes)
[    0.244695] TCP: Hash tables configured (established 1024 bind 1024)
[    0.251540] UDP hash table entries: 256 (order: 1, 8192 bytes)
[    0.257742] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
[    0.264591] NET: Registered protocol family 1
[    0.269251] PCI: CLS 0 bytes, default 64
[    0.271823] Crashlog allocated RAM at address 0x3f00000
[    0.287720] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.294066] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.307033] io scheduler noop registered
[    0.311289] io scheduler deadline registered (default)
[    0.317140] Serial: 8250/16550 driver, 16 ports, IRQ sharing enabled
[    0.326049] console [ttyS0] disabled
[    0.329914] 18000300.serial: ttyS0 at MMIO 0x18000300 (irq = 18, base_baud = 6250000) is a 16550
[    0.339304] console [ttyS0] enabled
[    0.346468] bootconsole [uart0] disabled
[    0.356686] libphy: Fixed MDIO Bus: probed
[    0.360880] bgmac_bcma: Broadcom 47xx GBit MAC driver loaded
[    0.366665] bcma: bus0: Found chip with id 53010, rev 0x00 and package 0x02
[    0.373700] bcma: bus0: Core 0 found: ChipCommon (manuf 0x4BF, id 0x800, rev 0x2A, class 0x0)
[    0.382373] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[    0.382389] bcma: bus0: Core 1 found: Chipcommon B (manuf 0x4BF, id 0x50B, rev 0x01, class 0x0)
[    0.391202] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[    0.391215] bcma: bus0: Core 2 found: DMA (manuf 0x4BF, id 0x502, rev 0x01, class 0x0)
[    0.399249] bcma: bus0: Core 3 found: GBit MAC (manuf 0x4BF, id 0x82D, rev 0x05, class 0x0)
[    0.407718] bcma: bus0: Core 4 found: GBit MAC (manuf 0x4BF, id 0x82D, rev 0x05, class 0x0)
[    0.416185] bcma: bus0: Core 5 found: GBit MAC (manuf 0x4BF, id 0x82D, rev 0x05, class 0x0)
[    0.424657] bcma: bus0: Core 6 found: GBit MAC (manuf 0x4BF, id 0x82D, rev 0x05, class 0x0)
[    0.433055] bcma: bus0: Core 7 found: PCIe Gen 2 (manuf 0x4BF, id 0x501, rev 0x01, class 0x0)
[    0.441647] bcma: bus0: Core 8 found: PCIe Gen 2 (manuf 0x4BF, id 0x501, rev 0x01, class 0x0)
[    0.450257] bcma: bus0: Core 9 found: PCIe Gen 2 (manuf 0x4BF, id 0x501, rev 0x01, class 0x0)
[    0.458904] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[    0.458918] bcma: bus0: Core 10 found: ARM Cortex A9 core (ihost) (manuf 0x4BF, id 0x510, rev 0x01, class 0x0)
[    0.468997] bcma: bus0: Core 11 found: USB 2.0 (manuf 0x4BF, id 0x504, rev 0x01, class 0x0)
[    0.477443] bcma: bus0: Core 12 found: USB 3.0 (manuf 0x4BF, id 0x505, rev 0x01, class 0x0)
[    0.485908] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[    0.485921] bcma: bus0: Core 13 found: SDIO3 (manuf 0x4BF, id 0x503, rev 0x01, class 0x0)
[    0.494226] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[    0.494240] bcma: bus0: Core 14 found: ARM Cortex A9 JTAG (manuf 0x4BF, id 0x506, rev 0x01, class 0x0)
[    0.503658] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[    0.503671] bcma: bus0: Core 15 found: Denali DDR2/DDR3 memory controller (manuf 0x4BF, id 0x507, rev 0x01, class 0x0)
[    0.514477] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[    0.514490] bcma: bus0: Core 16 found: ROM (manuf 0x4BF, id 0x508, rev 0x01, class 0x0)
[    0.522618] bcma: bus0: Core 17 found: NAND flash controller (manuf 0x4BF, id 0x509, rev 0x01, class 0x0)
[    0.532281] bcma: bus0: bcma_of_get_irq() failed with rc=-22
[    0.532299] bcma: bus0: Core 18 found: SPI flash controller (manuf 0x4BF, id 0x50A, rev 0x01, class 0x0)
[    0.541761] bcma: bus0: Flash type not supported
[    0.552770] m25p80 spi32766.0: s25fl128s (16384 Kbytes)
[    0.669129] 6 bcm47xxpart partitions found on MTD device spi32766.0
[    0.675387] Creating 6 MTD partitions on "spi32766.0":
[    0.680513] 0x000000000000-0x000000040000 : "boot"
[    0.686822] 0x000000040000-0x000000240000 : "firmware"
[    0.693611] 0x000000240000-0x000000e40000 : "rootfs"
[    0.699703] mtd: device 2 (rootfs) set to be root filesystem
[    0.705477] 1 squashfs-split partitions found on MTD device rootfs
[    0.711649] 0x000000480000-0x000000e40000 : "rootfs_data"
[    0.718330] 0x000000e40000-0x000000ff0000 : "tplink"
[    0.724622] 0x000000ff0000-0x000001000000 : "nvram"
[    0.730682] 0x00000004001c-0x000000240000 : "linux"
[    0.749078] bcma: bus0: Using SPROM revision 8 provided by platform.
[    0.749386] bgmac_bcma bcma0:3: Found PHY addr: 30 (NOREGS)
[    0.754980] bgmac_bcma bcma0:3: Support for Roboswitch not implemented
[    0.763848] b53_common: found switch: BCM53011, rev 5
[    0.769648] bgmac_bcma bcma0:4: Found PHY addr: 0
[    0.774448] bgmac_bcma bcma0:4: Support for Roboswitch not implemented
[    0.780968] bgmac_bcma bcma0:4: Invalid MAC addr: 00:00:00:00:00:00
[    0.787224] bgmac_bcma bcma0:4: Using random MAC: b2:f6:de:ae:1c:60
[    0.795422] bgmac_bcma bcma0:5: Found PHY addr: 0
[    0.800121] bgmac_bcma bcma0:5: Support for Roboswitch not implemented
[    0.806724] bgmac_bcma bcma0:5: Invalid MAC addr: 00:00:00:00:00:00
[    0.813004] bgmac_bcma bcma0:5: Using random MAC: a6:7d:5a:24:b2:05
[    0.821306] bgmac_bcma bcma0:6: Unsupported core_unit 3
[    0.826542] bgmac_bcma: probe of bcma0:6 failed with error -524
[    0.940664] pcie_iproc_bcma bcma0:7: PCI host bridge to bus 0000:00
[    0.946922] pci_bus 0000:00: root bus resource [mem 0x08000000-0x0fffffff]
[    0.953805] pcie_iproc_bcma bcma0:7: link: UP
[    0.958169] pci 0000:00:00.0: [14e4:8011] type 01 class 0x060400
[    0.958252] pci 0000:00:00.0: PME# supported from D0 D3hot D3cold
[    0.958430] PCI: bus0: Fast back to back transfers disabled
[    0.964007] pci 0000:00:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring
[    0.972100] pci_bus 0000:01: busn_res: can not insert [bus 01-ff] under [??? 0x00000000 flags 0x0] (conflicts with (null) [??? 0x00000000 flags 0x0])
[    0.972141] pci 0000:01:00.0: [14e4:a8db] type 00 class 0x028000
[    0.972194] pci 0000:01:00.0: reg 0x10: [mem 0x00000000-0x00007fff 64bit]
[    0.972308] pci 0000:01:00.0: supports D1 D2
[    0.972474] PCI: bus1: Fast back to back transfers disabled
[    0.978033] pci_bus 0000:01: busn_res: [bus 01-ff] end is updated to 01
[    0.978051] pci_bus 0000:01: busn_res: can not insert [bus 01] under [??? 0x00000000 flags 0x0] (conflicts with (null) [??? 0x00000000 flags 0x0])
[    0.978090] pci 0000:00:00.0: BAR 8: assigned [mem 0x08000000-0x080fffff]
[    0.984878] pci 0000:01:00.0: BAR 0: assigned [mem 0x08000000-0x08007fff 64bit]
[    0.992178] pci 0000:00:00.0: PCI bridge to [bus 01]
[    0.997125] pci 0000:00:00.0:   bridge window [mem 0x08000000-0x080fffff]
[    1.110632] pcie_iproc_bcma bcma0:8: PCI host bridge to bus 0001:00
[    1.116887] pci_bus 0001:00: root bus resource [mem 0x40000000-0x47ffffff]
[    1.123768] pcie_iproc_bcma bcma0:8: link: UP
[    1.128125] pci 0001:00:00.0: [14e4:8011] type 01 class 0x060400
[    1.128198] pci 0001:00:00.0: PME# supported from D0 D3hot D3cold
[    1.128390] PCI: bus0: Fast back to back transfers disabled
[    1.133963] pci 0001:00:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring
[    1.142044] pci_bus 0001:01: busn_res: can not insert [bus 01-ff] under [??? 0x00000000 flags 0x0] (conflicts with (null) [??? 0x00000000 flags 0x0])
[    1.142082] pci 0001:01:00.0: [14e4:4360] type 00 class 0x028000
[    1.142126] pci 0001:01:00.0: reg 0x10: [mem 0x00000000-0x00007fff 64bit]
[    1.142227] pci 0001:01:00.0: supports D1 D2
[    1.142378] PCI: bus1: Fast back to back transfers disabled
[    1.147928] pci_bus 0001:01: busn_res: [bus 01-ff] end is updated to 01
[    1.147944] pci_bus 0001:01: busn_res: can not insert [bus 01] under [??? 0x00000000 flags 0x0] (conflicts with (null) [??? 0x00000000 flags 0x0])
[    1.147984] pci 0001:00:00.0: BAR 8: assigned [mem 0x40000000-0x400fffff]
[    1.154773] pci 0001:01:00.0: BAR 0: assigned [mem 0x40000000-0x40007fff 64bit]
[    1.162073] pci 0001:00:00.0: PCI bridge to [bus 01]
[    1.167021] pci 0001:00:00.0:   bridge window [mem 0x40000000-0x400fffff]
[    1.280633] pcie_iproc_bcma bcma0:9: PCI host bridge to bus 0002:00
[    1.286886] pci_bus 0002:00: root bus resource [mem 0x48000000-0x4fffffff]
[    1.293760] pcie_iproc_bcma bcma0:9: PHY or data link is INACTIVE!
[    1.299910] pcie_iproc_bcma bcma0:9: no PCIe EP device detected
[    1.305885] pcie_iproc_bcma bcma0:9: PCIe controller setup failed
[    1.313063] bcm47xx-wdt bcm47xx-wdt.0: BCM47xx Watchdog Timer enabled (30 seconds, Software Timer)
[    1.322037] bcma: bus0: Bus registered
[    1.325909] pci 0000:00:00.0: enabling device (0140 -> 0142)
[    1.331579] bcma-pci-bridge 0000:01:00.0: enabling device (0140 -> 0142)
[    1.338286] bcma: bus1: Found chip with id 43217, rev 0x00 and package 0x08
[    1.345259] bcma: bus1: Core 0 found: ChipCommon (manuf 0x4BF, id 0x800, rev 0x27, class 0x0)
[    1.353777] bcma: bus1: Core 1 found: IEEE 802.11 (manuf 0x4BF, id 0x812, rev 0x1E, class 0x0)
[    1.362405] bcma: bus1: Core 2 found: PCIe (manuf 0x4BF, id 0x820, rev 0x14, class 0x0)
[    1.370451] bcma: bus1: Found rev 12 PMU (capabilities 0x108C260C)
[    1.381174] bcma: bus1: Using SPROM revision 8 provided by platform.
[    1.381195] bcma: bus1: PMU resource config unknown or not needed for device 0xA8D1
[    1.383197] bcma: bus1: Workarounds unknown or not needed for device 0xA8D1
[    1.420761] bcma: bus1: Bus registered
[    1.424563] pci 0001:00:00.0: enabling device (0140 -> 0142)
[    1.430213] bcma-pci-bridge 0001:01:00.0: enabling device (0140 -> 0142)
[    1.436965] bcma: bus2: Found chip with id 0x4352, rev 0x03 and package 0x01
[    1.444024] bcma: bus2: Core 0 found: ChipCommon (manuf 0x4BF, id 0x800, rev 0x2B, class 0x0)
[    1.452534] bcma: bus2: Core 1 found: IEEE 802.11 (manuf 0x4BF, id 0x812, rev 0x2A, class 0x0)
[    1.461138] bcma: bus2: Core 2 found: ARM CR4 (manuf 0x4BF, id 0x83E, rev 0x02, class 0x0)
[    1.469388] bcma: bus2: Core 3 found: PCIe Gen2 (manuf 0x4BF, id 0x83C, rev 0x01, class 0x0)
[    1.477803] bcma: bus2: Core 4 found: USB 2.0 Device (manuf 0x4BF, id 0x81A, rev 0x11, class 0x0)
[    1.486688] bcma: bus2: Found rev 17 PMU (capabilities 0x10A22B11)
[    1.486763] bcma: bus2: SPROM offset 0x800
[    1.518193] bcma: bus2: Invalid SPROM read from the PCIe card, trying to use fallback SPROM
[    1.528723] bcma: bus2: Using SPROM revision 11 provided by platform.
[    1.528740] bcma: bus2: PMU resource config unknown or not needed for device 0x4352
[    1.530757] bcma: bus2: Workarounds unknown or not needed for device 0x4352
[    1.530770] bcma: bus2: Switched to core: 0x83C
[    1.531069] bcma: bus2: Bus registered
[    1.535815] NET: Registered protocol family 10
[    1.542597] NET: Registered protocol family 17
[    1.547094] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[    1.559717] 8021q: 802.1Q VLAN Support v1.8
[    1.563979] Registering SWP/SWPB emulation handler
[    1.575166] VFS: Mounted root (squashfs filesystem) readonly on device 31:2.
[    1.582600] Freeing unused kernel memory: 228K (c03bf000 - c03f8000)
[    2.201584] init: Console is alive
[    2.205155] init: - watchdog -
[    2.707241] kmodloader: loading kernel modules from /etc/modules-boot.d/*
[    2.765679] usbcore: registered new interface driver usbfs
[    2.771326] usbcore: registered new interface driver hub
[    2.776679] usbcore: registered new device driver usb
[    2.785735] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    2.793293] ehci-platform: EHCI generic platform driver
[    2.800213] ehci-platform 18021000.ehci: EHCI Host Controller
[    2.806094] ehci-platform 18021000.ehci: new USB bus registered, assigned bus number 1
[    2.814187] ehci-platform 18021000.ehci: irq 30, io mem 0x18021000
[    2.821910] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    2.828687] ohci-platform: OHCI generic platform driver
[    2.834291] ohci-platform 18022000.ohci: Generic Platform OHCI controller
[    2.841113] ohci-platform 18022000.ohci: new USB bus registered, assigned bus number 2
[    2.849111] ohci-platform 18022000.ohci: irq 30, io mem 0x18022000
[    2.855978] ehci-platform 18021000.ehci: USB 2.0 started, EHCI 1.00
[    2.863118] hub 1-0:1.0: USB hub found
[    2.867061] hub 1-0:1.0: 2 ports detected
[    2.915263] hub 2-0:1.0: USB hub found
[    2.919213] hub 2-0:1.0: 2 ports detected
[    2.926018] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
[    2.940804] init: - preinit -
[    3.379555] random: jshn: uninitialized urandom read (4 bytes read, 0 bits of entropy available)
[    3.453097] random: jshn: uninitialized urandom read (4 bytes read, 0 bits of entropy available)
[    3.787808] random: jshn: uninitialized urandom read (4 bytes read, 0 bits of entropy available)
[    3.820326] random: jshn: uninitialized urandom read (4 bytes read, 0 bits of entropy available)
[    3.862051] random: jshn: uninitialized urandom read (4 bytes read, 0 bits of entropy available)
[    4.110192] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[    4.116200] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready
[    4.140218] random: procd: uninitialized urandom read (4 bytes read, 0 bits of entropy available)
[    5.780538] bgmac_bcma bcma0:3 eth0: Link is Up - 1Gbps/Full - flow control off
[    5.787855] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[    5.794404] IPv6: ADDRCONF(NETDEV_CHANGE): eth0.1: link becomes ready
[    7.436574] jffs2: notice: (500) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[    7.452974] mount_root: switching to jffs2 overlay
[    7.465116] urandom-seed: Seeding with /etc/urandom.seed
[    7.565908] procd: - early -
[    7.568860] procd: - watchdog -
[    8.190778] procd: - ubus -
[    8.229309] random: ubusd: uninitialized urandom read (4 bytes read, 4 bits of entropy available)
[    8.251869] random: ubusd: uninitialized urandom read (4 bytes read, 4 bits of entropy available)
[    8.261108] random: ubusd: uninitialized urandom read (4 bytes read, 4 bits of entropy available)
[    8.269979] random: ubusd: uninitialized urandom read (4 bytes read, 4 bits of entropy available)
[    8.281554] procd: - init -
[    8.525055] kmodloader: loading kernel modules from /etc/modules.d/*
[    8.534467] ip6_tables: (C) 2000-2006 Netfilter Core Team
[    8.547351] Loading modules backported from Linux version wt-2017-01-31-0-ge882dff19e7f
[    8.555418] Backport generated by backports.git backports-20160324-13-g24da7d3c
[    8.564875] ip_tables: (C) 2000-2006 Netfilter Core Team
[    8.574445] nf_conntrack version 0.5.0 (1962 buckets, 7848 max)
[    8.602197] xt_time: kernel timezone is -0000
[    8.633212] PPP generic driver version 2.4.2
[    8.639197] NET: Registered protocol family 24
[    8.649561] b43-phy0: Broadcom 43217 WLAN found (core revision 30)
[    8.655866] bcma: bus1: Switched to core: 0x812
[    8.660578] b43-phy0: Found PHY: Analog 9, Type 4 (N), Revision 17
[    8.666745] b43-phy0: Found Radio: Manuf 0x17F, ID 0x2057, Revision 14, Version 1
[    8.680696] b43-phy1: Broadcom 4352 WLAN found (core revision 42)
[    8.686770] bcma: bus2: Switched to core: 0x812
[    8.708983] b43-phy1 ERROR: FOUND UNSUPPORTED PHY (Analog 12, Type 11 (AC), Revision 1)
[    8.717037] b43: probe of bcma2:1 failed with error -95
[    8.722391] Broadcom 43xx driver loaded [ Features: PNL ]
[    8.762235] kmodloader: done loading kernel modules from /etc/modules.d/*
[    8.770431] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[   11.508981] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[   11.526636] device eth0.1 entered promiscuous mode
[   11.531537] device eth0 entered promiscuous mode
[   11.553256] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
[   11.595169] IPv6: ADDRCONF(NETDEV_UP): eth0.2: link is not ready
[   11.840667] bgmac_bcma bcma0:3 eth0: Link is Up - 1Gbps/Full - flow control off
[   11.848149] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[   11.915262] br-lan: port 1(eth0.1) entered forwarding state
[   11.920928] br-lan: port 1(eth0.1) entered forwarding state
[   11.926614] IPv6: ADDRCONF(NETDEV_CHANGE): eth0.2: link becomes ready
[   12.013745] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
[   13.920494] br-lan: port 1(eth0.1) entered forwarding state
root@NODE04:~#

Thanks Martin. So if my guess is wright, default-mac base is at 0xe40000:

partition default-mac base 0xe40000 size 0x00200

Which seems to correspond, from your log of the first 0x200 bytes of the tplink partition, which is exactly starting at 0xe40000 :

[    0.718330] 0x000000e40000-0x000000ff0000 : "tplink"

So the MACs should be just hexadecimal values from the firsts 512 bytes of this tplink partition (mtd4). It's not clear text, that would be hexadecimals values, like 0FAB001927DC, which should be mac DC:27:19:00:AB:0F.

If you take your tplink.bin dump file and use an hexadecimal editor (like HxD - assuming Windows) and look at it, maybe you'll find your mac address there (and is usually reversed as per braian87b's comment).

I have seen once with a null also:

0FAB001927DC
0F  AB  00  19  27  DC
0F00AB00000019002700DC < I mean this way
0FFFABFF00FF19FF27FFDC < I don't remember if it was this way maybe

So you should try all ways, normal, reversed, with zeroes or FF's and reversed with zeroes or FF's

Thats going something weird.

HxD tells me for for Offset e40000 that this offset is not existing. The last offset I have is 001AFFF0
Also for searching somewhat part of the MAC I haven't found anything.
Only one MAC is listed on the device with A4:2B:B0:EA:11:FA.
I guess, for all MACs I need to flash the factory image.

For reference, here is the tplink.bin file I have exported via dd if=/dev/mtd4 of=/tmp/tplink.bin and copied via winscp to my windows machine.
https://drive.google.com/open?id=0B6yS6HoT-MRKNG53bTdLTVFvRTQ

That's because mtd4 partition is a shortcut that points to address 0xe40000 from the base flash directly. Reading position 0x0 from mtd4 would be equal to read position 0xe40000 from base flash. So your dump file position 0x0 is in fact a dump from memory position 0xe40000.

You mean on the label or in the tplink's partition? Because after downloading your partition, there is effectively only one MAC present. I think that this base mac address is meant to be derived from for other interfaces, that's why there is only one.

No you don't have to. LEDE doesn't overwrite the specials partitions. So the tplink partition is untouched. But if you mean to find out really how the stock firmware attributes its MAC, that could be interesting. My guess is that it will be A4:2B:B0:EA:11:FA for WAN, then A4:2B:B0:EA:11:FB, then A4:2B:B0:EA:11:FC and so on.

You were so close to find it, tplink + 0x8:

@MaSt is 27050385 your PIN for WPS by the way ?

Very interesting facts about the MTD technology. I have never thought about

I meant on the label.

YES it is listed as wireless password/pin on the label.

Now with all these good informations and research, I think that it could be a good time to post a bug report and linking to this thread.

Could an owner of an Archer C5 v2 post such a bug report please? I can't do bug report as I don't own such device

Cc: @guidoa, @ssnake, @Klingon excuse me for inviting you indirectly, but it would really be appreciated if you were able to confirm Martin's findings about MAC address location in partition tplink.

Hello,
Sorry if the question is very basic, but how do I do the MTD4 dump to my HD and so can edit the same as the factory MAC and then record it again in the FIRMWARE of the router, in my case an Archer C50.

Thank you all for the help.