OpenWrt support for TP-Link Deco M4R

Hi pacmorales,

where did you find Deco M4 (EU) V4 firmware ? i want to download also.

Thank you !
Florin

Could be that you soft-bricked your V4 by flashing a firmware for the V2.

And if you scroll back a bit you will see that Shizmob made a firmware for the V4.

You can see the installation instructions here:https://github.com/Shizmob/openwrt/commit/e50e7f1f1145b7dbf5261c542afb8853209b810b

The newest release can be found here: https://downloads.openwrt.org/releases/23.05.2/targets/ramips/mt7621/

As per the installation instructions you're going to need the tplink_deco-m4r-v4-squashfs-factory.bin

Works like a charm bobthebuilder! Thank you for pointing me into right direction.

Anyway to fully turn off the LED disco lights at the top ?
I tried turning each led color off, but eventually the white one stays on.

There is no white LED. There is only an RGB LED which basically means that there are a red LED, a green LED and a blue LED in one clear housing.

And if you see white then that simply means that red, green and blue are all on. Just like your TV or computer display shows you white by activating the red, green and blue subpixel. Yellow is red plus green. Pink/magenta is red plus blue. Light blue/cyan is green plus blue.

If you want all three off then go to System->LED Configuration.

There click on "Add LED action". As "LED Name" you select green, red or blue for each new action you're creating. And set the trigger to "Always off (kernel: none)". Should look like this for the green LED:

image946×326 13.8 KB

And once you've Saved and Applied these new actions it should look like this:

image969×384 20.2 KB

Thank you @bobthebuilder that worked.
Last time I tried that, but I also ticked the checkbox "Default state", maybe that's why it didn't work.

Hi - I just did this and have the same issue. The router appears to be bricked. When plugging into ethernet it does not recognise it. Stuck on static Yellow light.

Did you manage to fix this? Thank you!

I followed instructions at #51 and got to the end with writing from rootfs.bin to rootfs ...

Now my router does not work anymore (v2) - It is constantly stuck on Yellow light (not flashing) and reset does not work - also recovery does not work. I tried ipconfig command when connected to laptop and default gateway is showing nothing (blank) - Is there anything I can do to recover my M4 v2 or is it completely bricked and game over? Thank you

Those are definitely instructions you can brick your device with if you get the addresses wrong.

The newest and working instructions are here: OpenWrt support for TP-Link Deco M4R - #144 by bobthebuilder

If you can't access the recovery webpage anymore then that means that you've likely overwritten (part of) the bootloader. And if that's the case then yes, your device is likely bricked.

If you've overwritten (part of) the bootloader then the only thing to get you going again would be programming the flash chip directly with a flash programmer. You would also need a flash chip dump from another M4R V2, but I guess you've got more than one?

There are inexpensive flash programmers that have clamps you can clamp directly onto the flash chip without desoldering it. For example: https://www.amazon.com/dp/B07VMPZFWH/

But I have never used one myself.

@KinteLiX Can you edit your comments with flashing instructions and add the link to my latest instruction comment? They're the first that new people find but maybe not the first instructions they should follow.

…and before blindly flashing any dump, backup, backup, backup - you really want to have your own wifi calibration data (and MAC addresses, WPS pins, serials, etc.), not those of the donor dump.

Hi All,
Many thanks to the contributors for getting this working... Their work has definitely made my network run better.
One question I have is, has anyone got OpenWrt working on the E4R?
I can't get past trying to install the exploit. I've tried deco_all_webfailsafe_faux_fw_tftp.bin and deco_m4rv1_faux_fw_tftp.bin and M4R-2.0-SP1-up-ver1-4-3-P1.20210326-rel08810.-debug.bin. None of these reach 100%.on the E4R.
I've successfully run the process for M4R's (V1 and V2), but no luck on the E4R. I've searched the forum, and google, but can't see an E4R version of the exploit.

Thanks again

Dan.

I think you skipped the part where someone needs to make a openwrt firmware image that actually supports the E4R. I see there is a thread started recently about adding support, but it doesn't appear much progress has been made.

The exploit firmware you listed are made solely to bypass the firmware signature requirements (without soldering a serial port or attaching directly to the flash chip), but it can't succeed without already having an actual working firmware image.

While you could theoretically test the deco_all_webfailsafe_faux_fw_tftp.bin exploit itself by following the exploit installation procedure up to step 6 and verifying that tftp server sees a request for an initramfs image, without a working initramfs for your device you won't see any further success.

Hello,

I'm planning on buying a 3 pack deco m4 for my home network

I have already planned every device and the setup that I'm gonna use, including the deco m4 as my access points. However my setup includes the usage of VLANs and after a bit of research the stock firmware of the m4 doesn't allow me to mess with VLANs. That's how I found this forum and thought that flashing openwrt might be a solution!

But is it good enough?
How does it perform?
Are the roaming capabilities still good? (We use android devices in the house) I've heard that android doesn't really do well with roaming
I'm planning to use these as dumb APs with ethernet backhaul

I'm still unsure if I should go with this purchase and flash openwrt as a solution for my network

Thanks!

Talking about the M4R V1 and V2:

For normal surfing you won't see any performance issues. Others have said here that the wifi bandwidth is worse than on the stock firmware. But neither I nor anyone else in my house have any problems with the wifi speed.

If you need more bandwidth then maybe look at newer devices.

Roaming isn't a problem. We all have android phones and I can walk around the property without any hickups with live connections like VoIP.

But you don't need an M4 at all. The mesh stuff is all software and once that is gone there is little difference compared to other devices with OpenWrt running on them. I've got other devices with the same cpu and wifi chips in them as the M4R V2 and they behave exactly the same. But the Archer C6 V2 for instance has 5 LAN ports instead of just 2 and is much cheaper used than the M4. Just has less flash memory, but you won't notice that if you just use them as dumb APs.

If you still want to go with the M4: keep in mind that there is no OpenWrt for the V3 yet. If you get those then you need to port them yourself or wait (maybe a very long time) until someone else does it. Only the V1, V2 and V4 currently have OpenWrt images available.

And for flashing instructions go to the very end and scroll back until you find the newest ones. Don't use the old ones that you find from going forward from the start.

If you haven't bought it yet, there would be better options to consider these days. You can get wifi6 support (mt7621a+mt7915DBDC) for just about the same amount of money (e.g. dap-x1860, covr-x1860, wsm20).

In terms of the m4r v4, the mt7613ben radio is 'not ideal', in the sense of not supporting DFS and only having quite basic support, but at the same time it's the most likely to find in stores these days - and all of them are 'only' 2x2 802.11ac/ wifi5. No - this isn't bad by itself, but the wifi6 device class mentioned above double your wireless throughput (and has better driver support than mt7613ben!) for basically no markup.

If you already own an m4r, sure go ahead - it's been paid for already after all.

What brand of android devices are connected to your network? I know samsung is an exception for bad roaming on android

I've looked into these routers and unfortunately they are hard to find for a good price in my region
Guess im sticking with buying the M4 for now, between the V2 and V4 which one should i look for?

Should I take my time an look for the v2 over v4?

Much thanks for the replies!

Can't really say. We're operating multiple APs that have a private SSID and a hotspot SSID that are bridged to different VLANs.

Our private phones are from bq and realme. But what the people using the hotspot own? No clue. I just know that most of them have android phones.

Xiaomi ax3000t might be an alternative, more pricey, but you get something quite different in return as well. There are alternatives, not quite that many in the 15-20 buck/ new range, but even rather attractive ones.

Sorry for bumping an older topic, but I've tried the instructions outlined in this threat, and I think I'm doing something wrong.

I am able to get the existing firmware into recovery mode, and access the web interface by 192.168.0.1, but when I run the exploit, the router simply ignores it and resumes booting normally.

When loading any version of the exploit (both V1 and the newer V2), it gets to about 11%, then my network interface gets disconnected, the "failed to update" message displays, and I lose all connectivity to the Deco for about 60 seconds. Then it boots normally, with the only change being that my network interfaces never receive a DHCP lease. Trying a static IP does not display any web UI, but signing into the Wi-Fi network still gets an IP as expected. Trying the Web UI results in a "firmware cannot be a lower version than current" error.

I've checked my TFTP server logs; there is no indication that the router is even sending a request. I was able to confirm that client requests were being logged.

It is running the current firmware, and is a M4R(U.S.) V1

Could TP-Link have somehow patched the firmware recovery loader? I assumed it was part of U-boot and wouldn't update.

A few things to note:

• I was able to successfully use TFTP to flash a TP-Link Archer C2, so I know the TFTP server works.
• Step 6 of the exploit says to hold the reset button until the LED turns off. I have tried holding it for several minutes, and, while the firmware recovery page is accessible, the LED never turns off.
• As soon as any exploit is loaded, the network interface is disconnected at about 11% progress, and sometimes returns in a few seconds, only to shut off again. At this point, the few times I've had the network interface reconnect to the router, I never receive an IP address. and 192.168.0.1 is unreachable.
• Since my TFTP server never logs a client request, I do not know if the exploit itself has been blocked, or if my network interface drops before the TFTP request can be sent.
• This issue seems to be on the router end; I have tried multiple versions of Linux, Windows, and macOS to see if any would work, and they all exhibit the same behavior. I have also ruled out network interfaces, since I've used a couple of different ones with the same result.

I'm not a professional programmer, but I'm curious what would be involved to block the exploit from running. I'm hoping it's just user error on my part, but I'm at my wit's end, and about to just go out and get a different set of routers instead.

Thank you in advance for any help you may offer!

New versions of OpenWrt are too big for the old exploit. You need the newest exploit from here: OpenWrt support for Deco S4 - #103 by naf

Please tell us if this fixes it for you.