OpenWrt support for TP-Link Deco M4R

For Developers
144

I went over there to ask about that exploit and @naf was kind enough to create one for the M4R too.

We're now able to flash OpenWrt to a stock Deco M4R v1 and v2 without needing any debug firmware. Tried it on one of my devices and works great.

Just follow these instructions:

  1. Download the exploit from here: OpenWrt support for Deco S4 - #103 by naf
  2. Download the initramfs version and the sysupgrade version of the current firmware from here:
    https://downloads.openwrt.org/releases/22.03.2/targets/ath79/generic/openwrt-22.03.2-ath79-generic-tplink_deco-m4r-v1-initramfs-kernel.bin
    https://downloads.openwrt.org/releases/22.03.2/targets/ath79/generic/openwrt-22.03.2-ath79-generic-tplink_deco-m4r-v1-squashfs-sysupgrade.bin
    Or check for newer versions than 22.03.2 here: https://downloads.openwrt.org/releases/
  3. Install and run a TFTP server. On Windows I use OpenTFTPServer from here: https://sourceforge.net/projects/tftp-server/
    And make sure that no antivirus software or firewall is blocking incoming TFTP requests on port 69.
  4. Rename the initramfs firmware file to "initramfs-kernel.bin" and place it into the folder of the TFTP server.
  5. Set the IP address of the wired interface of your computer to "192.168.0.2" and directly connect said interface to one of the RJ45 ports of the Deco M4R.
  6. Use a SIM tray tool or anything else thin like a toothpick to press down the reset button that is at the bottom of the M4R and keep it pressed. Now power on the M4R or power cycle it to hard-reboot it. Don't let go of the reset button until the LED turns off.
  7. Open http://192.168.0.1 on your computer.
  8. On that page choose the exploit file and then press "Upgrade". If you monitor your network traffic with task-manager you should see a blip from the exploit uploading and then a short burst of 2-3 seconds while the exploit pulls the initramfs file from the TFTP server. Meanwhile the webpage will tell you that the upgrade failed, but only because the M4R is now booting the initramfs firmware and isn't responding to the webpage anymore.
  9. The M4R should now be blinking while the initramfs firmware is booting up.
  10. Set your wired network interface to "auto" or "dhcp" or whatever it's called and wait for it to automatically get assigned an IP from the M4R. You might have to pull and replug the network cable for that to work.
  11. Go to http://192.168.1.1 and simply log in without any password.
  12. On that status page go to "System->Backup/Flash Firmware" at the top.
  13. Click on "Flash image...", select the sysupgrade file and flash it.
  14. Wait for the M4R to flash the sysupgrade and reboot and then you should have a Deco M4R with a working OpenWrt firmware flashed to it.
9 Likes