I've picked up a commerical device that is a badged and old TP-Link router/WAP.
I cannot access their web interface because it is password protected (which is fine) - because all I want to do is completely replace their firmware and configuration.
I can see from their web login prompt that it appears to be running OpenWrt - and I suspect it is from somewhere around release 14.
I managed to get it into "failsafe" mode - but telnet access prompts for a failsafe password (which is probably good for them to have done with a commercial device) which I don't know (tried some obvious ones).
It comes up on 192.168.1.1 in failsafe - and 192.168.50.1 in regular boot.
Is there a chance that tftp to the device and an upload of the factory firmware (which I have removed the "boot" header from) will work?
I have tried but am not seeing it requesting as tftp client and I did not get a response when I tried to act as a client to the device tftp server (if it has one).
If yes - would that have to be in failsafe mode or could it work during boot in "normal" mode?
Is timing critical in both?
In failsafe I have very fast flickering light and can reliably ping it for a long time.
Te device is an old TL-MR3020 V1.9 - and I don't want to say who the badged version is from (at least not at this moment in time) because I have also reached out to them to see if they will help and I do not see mentions on web about them using it.
I like the idea of having a small travel router and it only cost me around 5USD with shipping … so I am keen to try a bit more - even with the limitations especially as the commercial organisation appears to have already put OpenWrt on it.
As far as I can see, there is only one external button plus the slider. Using them I can get it into failsafe mode but I don’t think it has reset any passwords.
When in “failsafe” with a regular OpenWrt (v14) is the failsafe prompt to login coming from OpenWrt or is it some vestige of the manufacturer’s firmware?
I do realise that.
But is it (likely that) it is OpenWrt that is prompting for it (via a password being set in the configuration of OpenWrt) rather than a vestige?
In other words … if it is OpenWrt doing it then I feel that I do have a chance of getting in once I can find out if tftp is really possible when this happens.
it's probably something coming from the vendors modification of stock openwrt,
I'd expect it to disappear once you've managed to flash vanilla openwrt.
If you have to buy a new travel router, the GL Inet Mango v2 is great and cheap. There is a LAN ethernet port which can be super convenient. I've retired my old mr3020 and use this now.
Success - I now have it back to factory firmware with Linksys default password.
Serial->USB
tpl
tftpboot
erase
cp.b
bootm
All with appropriate parameters
Wireshark did not show activity so it took me a while to work out IPs to use … but “printenv” showed its IP address and where it expected to find tftp server.
I will leave it at that for a while but might still try old OpenWrt just for fun.