HxD tells me for for Offset e40000 that this offset is not existing. The last offset I have is 001AFFF0
Also for searching somewhat part of the MAC I haven't found anything.
Only one MAC is listed on the device with A4:2B:B0:EA:11:FA.
I guess, for all MACs I need to flash the factory image.
That's because mtd4 partition is a shortcut that points to address 0xe40000 from the base flash directly. Reading position 0x0 from mtd4 would be equal to read position 0xe40000 from base flash. So your dump file position 0x0 is in fact a dump from memory position 0xe40000.
You mean on the label or in the tplink's partition? Because after downloading your partition, there is effectively only one MAC present. I think that this base mac address is meant to be derived from for other interfaces, that's why there is only one.
No you don't have to. LEDE doesn't overwrite the specials partitions. So the tplink partition is untouched. But if you mean to find out really how the stock firmware attributes its MAC, that could be interesting. My guess is that it will be A4:2B:B0:EA:11:FA for WAN, then A4:2B:B0:EA:11:FB, then A4:2B:B0:EA:11:FC and so on.
Now with all these good informations and research, I think that it could be a good time to post a bug report and linking to this thread.
Could an owner of an Archer C5 v2 post such a bug report please? I can't do bug report as I don't own such device
Cc: @guidoa, @ssnake, @Klingon excuse me for inviting you indirectly, but it would really be appreciated if you were able to confirm Martin's findings about MAC address location in partition tplink.
Hello,
Sorry if the question is very basic, but how do I do the MTD4 dump to my HD and so can edit the same as the factory MAC and then record it again in the FIRMWARE of the router, in my case an Archer C50.
The first step is to dump your mtd4 partition on /tmp: dd if=/dev/mtd4 of=/tmp/tplink.bin
Download it to your computer (using FileZilla for instance)
Use your favourite Hex editor (I'm using HxD under Windows) to replace MAC from address in offset 0xf100 with yours, using only the hexadecimals values from the MAC printed on your label:
Are you familiar with compiling LEDE ? Because it will involve modifying the source code and compiling it, unless there are already available tools for that.
I never compiled one vs of the LEDE, so I will have a lot to study and learn to walk to get me, for this reason all information and help on the subject and welcome.
I have been researching on all the forums and websites how to do it, because the subject matter was very interesting, and I must first try to use the LEDE and finished brick my Archer C50, but how did I get it back from the dead, although not 100%, error Which I will not repeat with the new Archer C7 I bought.
Please keep a watch on this, It will be really interesting to modify accordingly using a script, and be able to make an image for TP-LINKs that reads not just the macaddress to make SSID look like factory one "TP-LINK_XXXXXX" also with your PIN (also printed on bottom label) use that as a default password too.
Meanwhile your wan mac is fixed, you can use mac address cloning for the wan interface and specify your own. This would allow you to have a working interconnected network maybe. As for the lan mac this would still be a problem since I don't think that you can specify a custom one.
Yes, I thought already about. But don't worry. It is an absolute non-critical mission in a youth club. Currently, I am running one device successfully in the network. Sure, with less coverage in the distance, but nobody cares. They are happy that there is a wireless internet access at all
as DjiPi already determined correctly from the dump, my WDS Pin is is located in mtd4 (tplink -partition, as the Archer C5 v2 does not have an art partition) on several positions. The first hit is on Hex address 0x208
root@NODE04:~# hexdump -C -s 0x208 /dev/mtd4 | head -n 1
In Hex, 32 37 30 35 30 33 38 35 is exactly the WDS Pin printed on the device label.
I have confirmed this on two other devices.
By the way, in the meantime I have found my mistake why I was unable to find my device mac address.
I have searched in HxD only in the text strings, but I had to search in the hex values instead. With this in mind, the mac was easy to find. The first hit on 0x8 was only the LAN-MAC, but there is another position which is containing the other ones.
The further positions are: 0x50138 --> A4 2B B0 EA 11 FA 0x50140 --> A4 2B B0 EA 11 FB 0x50146 --> A4 2B B0 EA 11 FC
I have flashed the stock image archer_c5v2_en-up-ver3-17-3-P1[20150130-rel33049].bin
It shows me on the status page following MACs
LAN
MAC Address: A4-2B-B0-EA-11-FA
Wireless 2.4GHz
MAC Address: A4-2B-B0-EA-11-F9
Wireless 5GHz
MAC Address: A4-2B-B0-EA-11-F8
WAN
MAC Address: A4-2B-B0-EA-11-FB
But I was not able to login into the stock firmware via SSH, it seems in the stock firmware the SSH feature is limited to a TP-Link App called 'Tether'
To bad that there was no more progress in the meantime. I have tried to open a bug by myselve, but it seems to impossible for not insiders. For my current project, I am going to look for another hardware base. Maybe also with full support of the wireless chipsets in the 5ghz band. I was fully aware that the Archer C5 was not fully supported, but it was the nearest available device.
Nevertheless, I want to say thank you to everyone helped me so far.