I have a ISP branded Archer MR200 ( o2-cz), and I followed guides from
https://openwrt.org/toh/tp-link/archer_mr200 , and some forum posts.
As I want to flash stock tplink fw, I run these:
dd if=O2_latest_archer.bin of="o2.without.hearder.bin" bs=512 skip=1
dd bs=512 obs=512 skip=1 count=256 if=o2.without.hearder.bin of=ArcherMR200_bootloader.bin
now strip header from tplink fw:
dd if=tplink_latest_archer.bin of="tplink.without.hearder.bin" bs=512 skip=1
now strip bootloader:
dd bs=512 obs=512 skip=257 if=tplink.without.hearder.bin of=tplink_without_bootloader.bin
combine o2 bootloader with tplink fw:
cat ArcherMR200_bootloader.bin tplink_without_bootloader.bin > ArcherC2V1_tp_recovery.bin
And I'll flash this using TFTP right?
binwalk of my end result:
❯ binwalk ArcherC2V1_tp_recovery.bin
DECIMAL HEXADECIMAL DESCRIPTION
95648 0x175A0 U-Boot version string, "U-Boot 1.1.3 (Aug 16 2018 - 08:45:15)"
131072 0x20000 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: 3696052 bytes
1441280 0x15FE00 Squashfs filesystem,
Thanks in advance.
@gurangax sorry to spam you, but I saw you in so many posts about MR200, so I though maybe you'll have a minute for me
Is this related to openwrt somehow? If you want to install tplink firmware you may have more luck with their forums.
Hi. Yes that is correct steps. Should work.
Looks like I bricked it with that fw,
seems like router is still looking for 192.168.0.66 with arp probe in wireshark, but it does nothing after that ...
192.168.0.66 sounds like tftp recovery.
Yeah I have tftp server running in with:
sudo dnsmasq -i en8 -p 0 -z --enable-tftp --tftp-root=$PWD/tftproot/ --tftp-no-blocksize --user=i337562 --group=staff --keep-in-foreground
recovery bin in ./tftproot/
ip adress manually on en8 interface with address 192.168.0.66 and nothing happens
dnsmasq has allow all connections in firewall, that's probably best I can do, hmm, maybe I'll try setting it on windows.
Yeah, didn't help, actually the router is not looking for 192.168.0.66 with ARP, that's just how ARP works when you preset manually your IP to 192.168.0.66, so yeah, I believe it is bricked.
To truly de-brand it, wouldn't you also want the TP-Link bootloader?
Generally if the bootloader is corrupted, all the LEDs will come on and stay on at power up (rather than flashing on for a short time) and there will be no output from the serial port. If that has happened, you'll need to use a SPI programmer to rewrite bootloader directly to the flash chip.
Before writing anything to the flash chip, read it and save in a file as there is unit-specific factory data in places. Hopefully that is still there.
I read in some previous topics, that the bootloader needs to be from branded fw.
Current state is, that after start only LED that comes on is from whereever LAN is connected.
I suspect that I didn't extract the bootloader correctly, and thus it's broken now,
@gurangax could you please check my final bin if bootloader is there correctly,
I think you are the most knowledgeable around branded MR200, sorry to bother you again.
I will double check later
I checked, and found that your final bin is different from mine, assuming we used the same firmware as you provided in the links.
Here is the link to the correct final bin
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
Yeah I thought I probably didn't cut it correctly
Anyway, as I don't have any LEDs coming after power on, I guess my only option would be:
that is one option. just remember to do a firmware dump first. the last 3 partitions of the firmware is important