Review Wiki page for TP-Link W8970(B)

Talk about Documentation
1

Hello,

A few days ago I got an TD-W8970B and flashed it succesfully with OpenWrt 18.06.1 .

I was a little bit struggling with the Wiki Page of the router.
One hand there is a huge amount of information.
Other hand it seems some of the information is outdated and spread of to the 3 router types 8970/8980/9980.

Because I am new to this router and also not an OpenWrt pro (only a user for some years on 1043nd) I don't want to change the info in the Wiki (or at least not without confirmation)

What I have noticed:

  • The "danger field" with the information not to upgrade to 12.10.2013 or newer of the TP-Link firmware:
    Even if you get a router with such an antiquated FW version, there exists no factory image for this router to flash via the webinterface.
    I would delete this info.

  • Hardware Highlights:
    I have counted the Gbit ports again and again, I found only 4.
    Only if you count also the CPU port it has 5. I don't think this is correct at this point.
    Also the info about the modem is confusing:
    ADSL2+ is correct with stock FW, but with OpenWrt it is VDSL. Only I am not sure how to show this on device page ...

  • Installation without opening the case (Web Interface Hack)

    • SSID Config Injection
      I don't know what is meant by "newer firmwares".
      In my case I tested version 141008,150526 and 160808 for W8970B without success.
      Maybe someone could tell with which FW version this procedure is working on W8970(B) .
      Or maybe this works only with W8980/W9980?

    • StatPost (old)
      Opposed to the info in the wiki, with this procedure I was able to get a root shell on my W8970B with FW version 160808.

  • Installation via telnet/root shell:
    I think it is mandatory to use OpenWrt 15.05 for flashing via telnet. After this you can upgrade to 17.01/18.06.
    Something seems to have changed in partition layout of 17.01/18.06, and if you use these versions for first OpenWrt flash (via telnet, not serial) your router will brick and you need to use a serial connection to debrick.
    Maybe I am wrong, because there is the sentence: "Rumours are that with the recent OpenWrt that you need to take care that the image you write to mtd2 needs to be extended with 0xff characters to the end of the partition"
    Only, I don't wanted to test this because of "rumours", I don't wanted to have a bricked router afterwards...
    Also I would like to copy the whole "telnet procedure" to wiki of W8970. At the moment it is described only on wiki for 9980 and in the old forum.

  • Switch
    it is described the ethernet ports would act like a hub.
    To me that seems to be wrong with 18.06.

  • Specific Configuration:
    information about "VDSL.BIN" and "DSL Settings" is only for 15.05 and has changed in 17.01/18.06 .
    Not sure if there should be any information about xDSL FW and configuration at this page,
    because FW file and settings are the same for at least all Lantiq based devices.
    Only, I found no page about FW files in the Wiki (actual info only in the forum?)

Ok, now I have produced a forum post that is at least as confusing as the wiki pages for this router...
Maybe someone could confirm and/or add information (e.g. about stock FW used for Installation without opening the case) and I would change the Wiki page.

Regards
Azmuth

2 Likes
2

Probably @bobafetthotmail or someone else from the documentation team might chime in. You can also open a 'talk' page in the wiki linked to the page you'd like to edit. I don't know which of the two methods may get the relevant attention more quickly.

3

I'll also summon @tmomas as he is the man for hardware pages.

I think you are talking of this article, correct? https://openwrt.org/toh/tp-link/td-w8970_v1

The "danger field"

This might be interesting info to place below in the "Web Interface Hack", I would move it there. Drop the wrap "danger" box as it's not really very important information anymore.

Kids these days, scared by setting up a serial to flash a router. :upside_down_face:

Hardware Highlights:

yeah it's kind of obvious that this device has 4 Gbit ports and one port for ADSL cable thing.

Hardware info is loaded by this device's entry in the Table of Hardware

and this is its page/entry https://openwrt.org/toh/hwdata/tp-link/tp-link_td-w8970_v1

Edit it to correct what is wrong. For the ADSL+ / VDSL thing I would correct that too, as that is what the hardware is actually capable of and working in OpenWrt.

Installation without opening the case (Web Interface Hack)

Remove mention to "newer firmwares" and the "old" from the title, write the firmware versions you tested and the results, with a date. People will at least know what worked and what did not, at what point in time.
Don't delete things, maybe there are other versions of the firmware (in many cases there is a US and a EU version) that are susceptible to different expoits.

Installation via telnet/root shell

lol, "rumors", some people can't be serious even if their life depended on it.

This person is telling you to add hexadecimal "FF" as padding up to the size of mtd2 to the second part of the firmware image you split, and it can be done with dd the same way as you split the image file https://superuser.com/questions/274972/how-to-pad-a-file-with-ff-using-dd

I quite frankly don't know why it asks you that, but it won't hurt per-se.

Anyway, it seems strange to me that you need a specific OpenWrt version. From what i understand of installation instructions you are just splitting a firmware image over mtd1 and mtd2, and afaik OpenWrt will (on its own) erase and use mtd partitions 3, 4 and 5 too.

I'll look at the source code this evening and see if something has indeed changed or not in the partitions or sysupgrade.

Only, I don't wanted to test this because of "rumours", I don't wanted to have a bricked router afterwards...

If you have serial access with a TTL dongle (the pinout and how to reach the U-boot console is in the article under Serial) you will be able to recover from it. As long as you don't delete mtd0 (the U-boot bootloader, which is the software you will be talking to through the serial console) or mtd6 (radio firmware, necessary for wifi operation) you can do all tests you want.

The "serial install instructions" and the "serial recovery to original firmware" steps, are done through U-Boot bootloader in mtd0.

it is described the ethernet ports would act like a hub.

If you have the means to test this (i.e. set up a VLAN or use wireshark) and confirm that it's not the case, add this information after that line, something like "VLAN in switch working in 18.06"

information about "VDSL.BIN" and "DSL Settings" is only for 15.05 and has changed in 17.01/18.06 .
Not sure if there should be any information about xDSL FW and configuration at this page,
because FW file and settings are the same for at least all Lantiq based devices.

Yeah it would make more sense to have all info about Lantiq modem setup in a single article (which would just be linked if needed) and dump all the redundancy and outdated info from hardware pages.

I can't do that because I lack the hardware and the ADSL line to test it. And also because I hate modems.

If you want to do that though you're welcome.

4

afaik the "talk" functionality in the wiki was disabled as redundant, all discussions should happen through the forum. Mentioning me or tmomas with the @ will get us notified that someone needs us.

5

I wrote about the only part the people have to care about here:

If you need more WAN->LAN speed use flow offloading: How can flow-offloading be enabled on lantiq xrx200 devices?

And you probably also want to update to the latest DSL-Firmware that supports VDSL-Vectoring and runs in general better then the older preincluded version: Howto: Updating the Lantiq XRX200 devices with latest DSL vectoring firmware

6

4x LAN + 1x WAN = 5x Gbit

7

If you look closely at the images, you'll find that there is no dedicated WAN port, but only a shared WAN/LAN port. The fifth port (grey) ist the DSL port which is not ethernet but a port for the phone line (I believe RJ-11 instead of RJ-45). So, 4x Gbit ports is correct.

8

Even the OEM website states "4-Gigabit-Port Switch" -> wikidevi is wrong

9

thank you for your detailed reply, @bobafetthotmail .
I have posted some minor changes in the wiki now.

Because of the supposed change int the partition layout:
I saw some postings in the forum where flashing via telnet went wrong with 17.01/18.01.
And I thought I read something about a change in the past, but I was not able to find something about it now.
Maybe I am wrong.

there is a basic driver for xrx200 in the meantime.
Switch can be configurated via swconfig, but only some basics (VLAN).

Azmuth

10

Hi wgqoufsn,

I think I have used your howto regarding latest DSL-Firmware already at installation time :grinning:
I was only a bit lazy and used precompilded freetz binary mentioned in your link to ip-phone-forum.
Maybe this howto could be used as a start for a new wiki page about lantiq firmware? @bobafetthotmail

regards
Azmuth

11

Because of the supposed change int the partition layout:

Hm.

This is the current partition layout github.com/openwrt/openwrt/blob/master/target/linux/lantiq/files-4.14/arch/mips/boot/dts/TDW89X0.dtsi#L251

This is in chaos calmer github.com/openwrt/archive/blob/chaos_calmer/target/linux/lantiq/dts/TDW8970.dts#L169

Basically the only change is that the "dsl_fw" partition (the mtd3 I think) is removed and its space is added to the "firmware" partition. It's around 1MB of additional space.

But it should be irrelevant as dsl_fw is placed after the "firmware" partition, so nothing has changed for the bootloader, the kernel is in the same place as before.

Maybe this howto could be used as a start for a new wiki page about lantiq firmware?

Sure, but I can't test anything about DSL and modems, and a very important thing for wiki contributions is "write what you tested/did".

If you did that and it worked for you, then you can write that in the wiki.

12

I was the person who added this to the page.

When I flashed my TP-Link W8970 using cat and rebooted, the kernel worked fine, but it was unable to mount the root file system. And so the device was bricked (alas not recovered, managed to strip the pad off RX pin when solder sucking the hole from the serial interface - still need to see if i can recover it).

When discussed here on the forum, it was mentioned that you needed to pad the second partition with at least some 0xff bytes. In the past this was done with the image, but it was not done with the 18 series - hence why my machine bricked. To stop someone else doing the same, I added the rumour line to the documentation. I said rumour, because that had been told here on the forum, but I was unable to check - as my machine bricked.

0xff reference post

To my mind though, the underlying problem was writing the flash using "cat" - this is not the right tool for flashing nand. Ideally we would compile a statically linked version of mdt tools, and suggest this is copied to the router and used to flash the nand. Alas this has not been done.

I do think that using cat should be given a heavy health warning though ...

1 Like
13

Thanks for showing up here.

This is what you should have referenced in the wiki.

Yes, flashing with cat is kind of bad as it will not be able to deal with bad blocks. Although if it is flashing to /dev/mtdblockX then it is at least erasing the block before writing, but it may or may not write ECC information correctly http://linux-mtd.infradead.org/doc/general.html#L_mtdblock

The tools nanddump and nandwrite (what you should use to write on NAND, aka on /dev/mtdX ) have been added to busybox many years ago. There are binary builds of busybox (with these tools built in) available for multiple architectures from the busybox official site. (check the supported tools in the busybox by reading the .log file) https://www.busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/

I never really used them as I prefer having serial access, but that's the right tool for the job.

14

Hi;
TP-Link W8970

  • I access through Putty, ok
  • I copied to the USB (backup) /dev/mtd0 → /dev/mtd6 ok

But Now:, I am at the Point:
-- Install the OpenWrt firmware

  1. If you haven't aleady, insert the USB stick in the router (any port will do)

  2. Copy the two .image files from the USB stick to the router. Note that the first cat command terminates with “no such space left on device” .
    This is expected behaviour. The remainder is in the slice which is written.

cat /var/usbdisk/sda1/openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade.image > /dev/mtdblock1
cat /var/usbdisk/sda1/openwrt-15.05.1-lantiq-xrx200-TDW8970-sysupgrade-1.image > /dev/mtdblock2

Where do I locate the files? ".image"

But i read:
" [Rumours are that with the recent OpenWrt that you need to take care that the image you write to mtd2 needs to be extended with 0xff characters to the end of the partition]"

Openwrt .bin: "openwrt-18.06.4-lantiq-xrx200-tplink_tdw8970-squashfs-sysupgrade.bin"

(http://downloads.openwrt.org/releases/18.06.4/targets/lantiq/xrx200/openwrt-18.06.4-lantiq-xrx200-tplink_tdw8970-squashfs-sysupgrade.bin)

it´s correct this .bin?
can anybody help me?
Thank you

15

What I did was split the image into two haves (think I used "dd" for this). The first one is the same length as /dev/mtdblock1. The second one you must add 0xff characters to the end of it, to make it the same length as /dev/mtdblock2 - if you don't do this, you brick the machine - which is what I did.
Not sure which command to use to write 0xff chars to the end of a file, its not a chars you usually use. Anyone else any ideas?

16

Oh yes, and reading @bobafetthotmail , and yes good idea to download busybox to the USB as well, and using that to write to the flash, so don't use cat!

17

Another thought is sysupgrade in the main image statically linked? If so a copy of that on the USB should work.