I managed to properly brick my TP Link wr841nd v8 nicely!
Had Chaos Calmer installed and working properly for years, I figured it would be a "good idea" to try the last TP Link firmware -> bricked
Attempted to save it through serial, only the bootloader was working, somehow, I managed to brick that too and I ended up with the router having 5 lights(gear, wps, lan 1, 2 and 3) constantly on when powered on, no serial, no nothing.
Tho there's a catch, any command, such as "erase" or "cp" returns almost instantly as "success", after rebooting it's back as if I freshly installed the bootloader.
How did I flash the bootloader?
downloaded it, then ran truncate -s 4M bootloader.bin, then using flashrom
What am I missing, how can I get openwrt working on it again?
what I have at my disposal:
debian installed directly on a laptop
ch341a programmer with clip, takes a bit of fiddling, but it works
USB to TTL
serial pins soldered on to the router PCB, there's no short between the pins, I checked
Make sure your ch341a programmer and USB to TTL are both configured or modified to work at 3.3v.
I think you will first need original TP-Link recovery image loaded via bootloader.
I'm having issues with getting either tp link or openwrt on it to boot... the programmer works well, the USB to TTL works well, missing the info on how to get them on the flash to boot properly... nothing I've found on openwrt main site and forums helps my case...
Congratulations, you have overwritten your wifi calibration data, too.
Sadly this data is different from device to device.
Despite, if you need a full dump or only the last 64 kb (art partition) I can give you mine.
and now I'm getting the following, not sure how to scroll more backwards in "screen"
0x000000020000-0x000000120000 : "kernel"
0x000000120000-0x0000003e0000 : "rootfs"
0x0000003e0000-0x0000003f0000 : "config"
0x0000003f0000-0x000000400000 : "art"
->Oops: flash id 0x10215 .
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
Port Status 1c000004
ath-ehci ath-ehci.0: ATH EHCI
ath-ehci ath-ehci.0: new USB bus registered, assigned bus number 1
ehci_reset Intialize USB CONTROLLER in host mode: 13
ehci_reset Port Status 1c000000
ath-ehci ath-ehci.0: irq 3, io mem 0x1b000000
ehci_reset Intialize USB CONTROLLER in host mode: 13
ehci_reset Port Status 1c000000
ath-ehci ath-ehci.0: USB 2.0 started, EHCI 1.00
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
Ooops, why the devices couldn't been initialed?
TCP cubic registered
NET: Registered protocol family 17
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
athwdt_init: Registering WDT success
ath_otp_init: Registering OTP success
ath_clksw_init: Registering Clock Switch Interface success
List of all partitions:
1f00 128 mtdblock0 (driver?)
1f01 1024 mtdblock1 (driver?)
1f02 2816 mtdblock2 (driver?)
1f03 64 mtdblock3 (driver?)
1f04 64 mtdblock4 (driver?)
No filesystem could mount root, tried: squashfs
Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(31,2)
Here you go: https://cloud.it-neuhauser.de/s/PY3rzjaetyBG7ZH
I´ve modified the mac address at 0x1fc00 to C0:4A:00:53:E7:4A.
If you want your original mac address, use a hex editor to change it to the one from the bottom label.
worked well flashing with the clip, first attempt!
for future reference, I've been experiencing some issues with flashrom when I started on this journey, what worked for me every time was to first erase the flash and then perform the write, example
above command writes fw.bin to the flash, if you run the write command alone, it will also erase, tho in my case it mostly resulted in errors such as "your chip is in an unknown state" -- great!
