Hey everyone, I need some help. I'm trying to debrick my wdr4300.
Will start by describing how I bricked my wdr4300 and what I've tried so far:
I was on 22.03.0 everything was working OK but I wanted to try out an old, overclocked version of LEDE which I found here: https://github.com/gwlim/Openwrt_Firmware/tree/master/TP-Link_TL-WDR3500-3600-43XX-WM4350R
I ignored the warning thinking everything would work and now the router just turns all lights on every 10 seconds or so.
Video: https://youtu.be/9qrZjPdZ1bs
I managed to transfer latest Openwrt factory once but it seems it transfers fine but it doesn't flash. It just keeps rebooting forever.
Questions:
Where can I find the stripped version of the WDR4300 v1 firmware?
I've tried https://freifunk-firmware.de/bootcut.php but the site doesn't exist anymore
Also tried with https://freifunk-firmware.de/bootcut.php but I get "upload failed".
Also I've also tried renaming wdr4300v1_en_3_14_3_up_boot(150518).bin to wdr4300v1_tp_recovery.bin but got the same result.
I debricked this same device a few months ago with no issues.
Did I permabrick my router this time?
Any help is appreciated.
EDIT: I only managed to transfer the file succesfully only once in 30 tries.
Most of the times I get
Using dd via https://openwrt.org/toh/tp-link/tl-wdr4300_v1#back_to_original_firmware should work, but as TP-Link has changed their firmware format a couple of times in recent years (albeit probably not for the tl-wdr4300), I'm hesitant to provide further advice on this particular topic (nor do I trust the "boot" moniker in their file name, I'd always check twice with binwalk and a hexeditor; the resulting stripped image should have exactly the same byte count as OpenWrt's factory image).
If you did overwrite the original u-boot, you might have a real problem at your hand (in the sense that the overclocking happens too early - and if u-boot is already crashing, there's little chance to fix anything in-system), further debugging would involve:
serial console access, trying to see what happens and invoking the tftp upload from there (won't help if u-boot is already crashing, so chances are under 50%).
reflashing the spi-nor flash externally, which requires desoldering the soic-8 spi-nor flash chip from the router, putting it into an soic-8 clamp, reading out the existing contents (ART is crucial, don't overwrite it, back it up, always keep your own), assembling a new full-flash image, writing it to the spi-nor chip and then resoldering it into the router. This should have an >85% chance of recovery, if you do it right (in terms of assembling the full-flash image correctly, using your own uboot-env and ART, in the correct order) and don't mess up the (de-)soldering job (which is doable, but not easy - and needs proper soldering equipment).
Given the prices for working tl-wdr3600/ tl-wdr4300 (~5-15 EUR) on the used markets, even a fiver for the 3.3V USB2serial adapter is borderline, the ~10-15 EUR for soic-8 clamp and ch340, as well as the >>20 EUR for soldering equipment are definitively beyond economic reason for the device in question; even better 802.11ac wireless routers regularly hit the second hand markets for 15-25 EUR.
Thanks for the detailed answer! I think I'll just buy a used a one since I don't have the necessary tools or knowledge to access the router through serial.
I'm curious tho, why do you say it's recommended to put a switch between the router and the computer?
When you power down the router (or just reboot it), the (ethernet) link will go down as well, generally your OS deconfigures the ethernet port in that case. As the time window on boot up is rather short, your OS might not have re-established the link (and set its configured IP) before the tftp window has run out. An unmanaged switch keeps the link open at all times, as the switch won't power-cycle the PC port, while the router does, making the most out of the tftp window time span.
If you are looking for a new device, try to get something slightly better than what you had - 8 MB flash aren't exactly a lot anymore and 802.11n is showing its age as well.
I would continue working on the tftp push-button recovery (with an unmanaged switch) a few more times (keep wireshark running in parallel, hopefully you'll get a glimpse into what's happening on the wire that way - not that this really helps). If you can recover it that way, great, if not, it would most likely require the second option of external reflashing (which is indeed a bit more challenging)
Thanks. Im on Windows 11 now and interestingly enough tftp64 sends the file almost instantly now. With or without the unmanaged switch.
However as soon as I see 100% on tftp, the router blinks all lights and starts the bootlop again.
So I've decided to just throw it and recently grabbed 2 xiaomis 4A.