OpenWrt support for TP-Link Deco BE85

tesf23 · June 27, 2025, 3:18pm

I’m starting this thread to explore adding OpenWrt support for the TP-Link Deco BE85 (BE22000). The OEM firmware currently has serious issues, particularly with 2.4GHz IoT stability and MLO performance in AP mode, making it unsuitable for advanced or reliable usage.

Currently I have gained root access and here are the steps:

The default ssh port is 20001 but it's protected by password that is not known.
After tried lots of method, I found that there is a debug firmware "be85 2.0 en_1.0.14 Build 20231205 Rel. 41386_up" has telnet enabled by default, by downgrading that, you will gain access to the router.
Once you gain access to router, the config partition is in overlay and readonly, you can modify your config and then use command "saveconfig all" to persist it.
I have also tried UART method, but that is blocked by default.

Login screen:

Partition layout:

root@BE85:~# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00180000 00020000 "0:SBL1"
mtd1: 00100000 00020000 "0:MIBIB"
mtd2: 00080000 00020000 "0:BOOTCONFIG"
mtd3: 00080000 00020000 "0:BOOTCONFIG1"
mtd4: 00380000 00020000 "0:QSEE"
mtd5: 00080000 00020000 "0:DEVCFG"
mtd6: 00080000 00020000 "0:APDP"
mtd7: 00080000 00020000 "0:TME"
mtd8: 00080000 00020000 "0:RPM"
mtd9: 00080000 00020000 "0:CDT"
mtd10: 00080000 00020000 "0:APPSBLENV"
mtd11: 00180000 00020000 "0:APPSBL"
mtd12: 00200000 00020000 "0:ART"
mtd13: 00100000 00020000 "0:ETHPHYFW"
mtd14: 00080000 00020000 "secure-binary"
mtd15: 02a00000 00020000 "rootfs"
mtd16: 02a00000 00020000 "rootfs_1"
mtd17: 00900000 00020000 "factory_data"
mtd18: 01100000 00020000 "runtime_data"
mtd19: 0046c330 0001f000 "kernel"
mtd20: 01f5d000 0001f000 "ubi_rootfs"
mtd21: 005d0000 0001f000 "ubi_factory_data"
mtd22: 00d90000 0001f000 "ubi_runtime_data"

tesf23 · June 27, 2025, 3:37pm

The firmware I found from their forum: https://static.tp-link.com/upload/beta/2023/202312/20231218/be85v2_1.0.14_231205_beta.zip

You might want to download fast before they remove it.

frollic · June 27, 2025, 4:45pm

FCC photos https://fccid.io/2AXJ4BE85

brada4 · June 27, 2025, 5:26pm

Link does not work, pls post the page where you clicked it

tesf23 · June 27, 2025, 6:32pm

Apparently someone from TP-Link might saw this post and already removed it.
Here is the link:
https://1drv.ms/u/s!Au_rjq_TnVG9mYx1Uf8uu4igpXcIIw?e=dalN3q

brada4 · June 27, 2025, 10:18pm

Not what you were asked for.

kerfuffle · July 7, 2025, 12:57pm

Not the OP, but from poking around on Google, it looks like the same beta firmware link appears here, which is probably where they found it: https://community.tp-link.com/us/home/forum/topic/641586?replyId=1312124

I found that clicking the link provided by OP does not work, but copying and pasting the same link works fine. There's probably some external link detection on the tp-link firmware download site.

brada4 · July 7, 2025, 1:36pm

The problem is that in EU sites there is no firmware link, so I was looking for firmware page of somewhere else having it, then binwalk that to determine SoC. Also full kernel boot log might be telling.