OpenWrt support for TP-Link Deco M4R

Hi,
The first thing you can try is flashing a normal firmware from the TP-Link website to see if it's the router that's refusing the debug firmware.

Despite getting the router upstream, I'm not the most knowledgeable person in this forum. I don't know the inner workings of the stock firmware.

Other people have also reported issues with flashing the device (possibly with newer firmwares?). I am not sure why this happens, it could be that TP-Link somehow managed to block it.
What I do know is it can't be the bootloader at fault here because u-boot upgrades are not enabled.

If the current method doesn't work on newer firmwares, an exploit could be used. Over on the S4 forum, the person who made the PR for the router found an exploit in the bootloader which enables TFTP temporarily which then pulls and flashes a firmware without any checks.

I went over there to ask about that exploit and @naf was kind enough to create one for the M4R too.

We're now able to flash OpenWrt to a stock Deco M4R v2 without needing any debug firmware. Tried it on one of my devices and works great. (If you have a M4R v1 then this is likely working the same for you. Please try the exploit and tell us if it does indeed work for the v1 too.)

Just follow these instructions:

  1. Download the exploit from here: https://github.com/bobthebuilder4711/openwrtForDecoM4RV1V2/blob/openwrt-19.07/deco_m4r_faux_fw_tftp.bin
  2. Download the initramfs version and the sysupgrade version of the current firmware from here:
    https://downloads.openwrt.org/releases/22.03.2/targets/ath79/generic/openwrt-22.03.2-ath79-generic-tplink_deco-m4r-v1-initramfs-kernel.bin
    https://downloads.openwrt.org/releases/22.03.2/targets/ath79/generic/openwrt-22.03.2-ath79-generic-tplink_deco-m4r-v1-squashfs-sysupgrade.bin
    Or check for newer versions than 22.03.2 here: https://downloads.openwrt.org/releases/
  3. Install and run a TFTP server. On Windows I use OpenTFTPServer from here: https://sourceforge.net/projects/tftp-server/
    And make sure that no antivirus software or firewall is blocking incoming TFTP requests on port 69.
  4. Rename the initramfs firmware file to "initramfs-kernel.bin" and place it into the folder of the TFTP server.
  5. Set the IP address of the wired interface of your computer to "192.168.0.2" and directly connect said interface to one of the RJ45 ports of the Deco M4R.
  6. Use a SIM tray tool or anything else thin like a toothpick to press down the reset button that is at the bottom of the M4R and keep it pressed. Now power on the M4R or power cycle it to hard-reboot it. Don't let go of the reset button until the LED turns off.
  7. Open http://192.168.0.1 on your computer.
  8. On that page choose the exploit file and then press "Upgrade". If you monitor your network traffic with task-manager you should see a blip from the exploit uploading and then a short burst of 2-3 seconds while the exploit pulls the initramfs file from the TFTP server. Meanwhile the webpage will tell you that the upgrade failed, but only because the M4R is now booting the initramfs firmware and isn't responding to the webpage anymore.
  9. The M4R should now be blinking while the initramfs firmware is booting up.
  10. Set your wired network interface to "auto" or "dhcp" or whatever it's called and wait for it to automatically get assigned an IP from the M4R. You might have to pull and replug the network cable for that to work.
  11. Go to http://192.168.1.1 and simply log in without any password.
  12. On that status page go to "System->Backup/Flash Firmware" at the top.
  13. Click on "Flash image...", select the sysupgrade file and flash it.
  14. Wait for the M4R to flash the sysupgrade and reboot and then you should have a Deco M4R with a working OpenWrt firmware flashed to it.
5 Likes

This is great! I guess the next thing to do is to create a wiki page for the device.

I'll try it over the weekend and share my results here.

The "you" was more directed at the person finding these instructions and trying them out. But if you do have a v1 then yes, please, try it.

I wonder if it works the same for the v3.

That's awesome news but I'm still confused at how the procedure now changed from what it was previously. What is now the right method to push that firmware in a stock M4R V1?

I'm used to going thru proper wiki's for each specific devices and that endless thread confuses me a bit.

Proper work costs proper money and so far none of us had the motivation to create the wiki page for free.

I suggest you keep reading the thread. You'll find my newest instructions to flash your device eventually.

Greetings,
thank you so much for your effort! :slight_smile: What about rolling back to original TP-Link firmware? what do we have to do?

Press the reset button, power on the device, surf to the recovery webpage and flash a stock firmware you like and isn't older than the one you had before flashing OpenWrt for the first time.

OpenWrt doesn't touch the "config" partition, so the device should still have all the settings you left it with when you switched to OpenWrt.