RE305 v3: revert oem firmware

Hi. I am trying to revert from openwrt to OEM firmware in TP-Link RE305.
I already tried general stripping method that resulted in bricking (red/blue signal led flashing / bootloop).

dd if="re305v3_eu-up-ver1-1-5-P1[20210416-rel61543].bin" of=strip.bin skip=257 bs=512
wget http://192.168.1.100:8000/strip.bin
mtd write strip.bin firmware

I have an access to UART and can do tftpboot / bootm but I have no idea how to prepare tplink firmware and what address I should flash into

You should use tplink-safeloader to create the revert image that could be flashed via OpenWrt, but for this you will need to setup an OpenWrt build environment. The command would be like this:

build_dir/host/firmware-utils/bin/tplink-safeloader -z oem-firmware.bin -o oem-sysupgrade.bin

Since you already have access via UART, I believe you can load the original OEM firmware via TFTP.

I could send original OEM firmware via TFTP. Please give me the commands sequence you mean?

tftpboot will transfer into the RAM, not into Flash. You mean transferring the oem firmware there or transferring openwrt firmware again and after booting (from ram) doing mtd write of nonstriped oem firmware into some begin address? What address?

I tried stripping with the github.io-hosted tplink-safeloader at the beginning, but the result firmware was 8MB from 7,3MB oem firmware.

I mean option "2" below (tftp to flash) in the UART console:

Please choose the operation:
   1: Load system code to SDRAM via TFTP.
   2: Load system code then write to Flash via TFTP.
   3: Boot system code via Flash (default).
   4: Entr boot command line interface.
   7: Load Boot Loader code then write to Flash via Serial.
   9: Load Boot Loader code then write to Flash via TFTP.
1 Like

Great, done!
Guide for reverting OEM firmware:

  1. Teardown the device
  2. Solder to the UART pins: GND, TX, RX. The 3V3 is not needed. The pins are individual pads on the right side of the board.
  3. Connect using eg. FT232RL, baud rate is 57600
  4. Press 2 on boot and Y to confirm
  5. Prepare the computer with tftp server (eg. tftpd64 for windows). Set static IP address of the computer to 192.168.0.184.
  6. Prepare the stripped firmware file: enter tplink website and download latest firmware. Strip it with tplink-safeloader online tool: https://argsnd.github.io/tp-link-stock-firmware-converter/index.html
  7. On terminal confirm interface IP address and type the file name of the stripped firmware image
  8. Wait for flashing and booting. The device will still remember old configuration before openwrt.
2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.