Stripping Firmware - How Much to Remove?

Thanks for taking the time, to both of you that posted.

Am I clear in understanding that you found an instruction manual that told you 0x200, correct?

My router is WR841N, I found the reference to stripping 200 blocks in the Archer 50 wiki, a totally different router.
After trying stripping other amounts that I had read about, for example the WR841N wiki says to strip the first 20200 blocks, I had nothing to loose, the router was already a paperweight. Anyway, stripping the first 200 worked.

Regarding Binwalk, you could have used a hex editor, if you knew what you were looking for.

I did use a hex editor, I used XVI32. Knowing what to look for in that hex file was the basis of this post, but it looks like there is no answer to that original question.

Recovering this router for me was a matter of me being too stubborn to quit. The value of the router is nowhere near worth the time I put into recovering it. I just have a genuine interest in this kind of thing.

I was messing around trying to get a version of OpenWRT on this as yet unsupported router. Maybe not the place to post this, but I will be infinitely helpful for anyone searching for a solution to this problem, so here it is: If your TL-WR841N v14 is in a boot loop after a botched firmware install, this is how to fix it:

  • Download the firmware file for your router from tp-link website. At this time, you can change the language of the firmware if you want, for example, my router is the TW version, with traditional Chinese interface. I downloaded the US version of the FW, now the interface is in English.

  • Rename the fw file you just downloaded to 'tp_recovery.bin'.

  • Use your hex editor to delete the first 200 blocks of the file 'tp_recovery.bin'.
    I used XVI32. From the menu; edit>blocks n chars>hexadecimal>$200>ok... edit>block delete... file>save.

  • Set the wired IP address of your computer to - this is the address that the router is looking for a TFTP server on. I found this address with wireshark (I also found that the router was looking for a file called 'tp_recovery.bin' with wireshark).

  • Use your TFTP program of choice, set it up to be on, and put the 'tp_recovery.bin' file where it needs to be.

  • Connect a LAN port of the router to your computer's Ethernet port.

  • hold the 'reset' button on the router and apply power, hold the button down for around 8 seconds. This puts the router into TFTP mode, where it will look for the recovery file on TFTP sever The file should send over TFTP from your pc and your router should now reboot and be back to working.

  • If you want to see what's going on during the recovery process, you can hook up to the routers serial port. This isn't required, but I just like to see what's going on during the process.

1 Like