Well, it really depends on a particular version of firmware.
But SSH should be available.
GPL sources show that flash size is luckily still 8MB.
Don't know about RAM though.
SoC looks the same too.
It's showing up via web admin at 192.168.0.254, but it gets connection refused for ssh. Is there a "secret" port or a "secret" MAC I need to spoof or a secret username I need to use? Would be happy to try.
Its best to use serial connection,that way you can capture bootlog fully.
TP Link most likely has special password for ssh.
Can you try with root/5up
he probably can't because he's getting connection refused as opposed to an actual shell
If you port scan however you will see it open which leads me to believe you need a specific address mac
Well then as always preffered serial is best solution
device immediately refuses connection on port 22 regardless of ssh root@192.168.0.254 or ssh admin@192.168.0.254
As I said, serial connection is out for me, just getting it open and soldering stuff is a non-starter given level of equipment I have available and small children around, plus it sounds moderately destructive getting the case open and this is supposed to be an actual travel-router with case all intact etc... 
sorry
willing to try further nondestructive stuff though.
Here is stock firmware for v1 and v2, is it possible to learn anything by comparing binaries? maybe using "strings" or whatnot. Undoubtedly the v2 hardware is probably different, but maybe not in ways that matter.
http://static.tp-link.com/res/down/soft/TL-WR810N(US)_V1_151119.zip
http://static.tp-link.com/TL-WR810N(US)_V2_160509_1474506175401q.zip
port scan reveals only ports 80, 1900, and 49152 are open ssh -p 49152 doesn't work for either root or admin
if I telnet to port 49152 it doesn't say anything and doesn't reply to either ? or hello or help
Binaries really cant tell much.
Only GPL sources can,so far I have been able to confirm that SoC and flash are still the same.
Without serial it is risky testing anything since if it does not boot or work properly you have no way to see whats wrong
If I have i available where I am ill buy it and do serial.
based on watching its network activity over wireshark, the 49152 port is where it serves some xml files for wps / wifi alliance garbage. It broadcasts NOTIFY messages using SSDP protocol over UDP when it boots, coming from this port.
if I ask for http://192.168.0.254:49152/wps_device.xml it gives me some apparently useless garbage. so that's a dead end.
if ssh requires a particular ip source address I could probably test that reasonably easily, some shell script that just loops over all the source IPs in the subnet 192.168.0.0/24 and tries to ssh ?? but if it requires a particular mac address spoof then forget it. It appears to hand out ip addresses via dhcp starting at .100 or so, so I probably only have to try the first 100. Is that worthwhile? any history of that kind of such a thing working?
EDIT:
Well I can say that using the TFTP method it asks for the file wr810nv1_tp_recovery.bin and it downloads it, but it doesn't actually flash it, appears to just discard it then boots into stock.
I guess I was taking a bit of a risk, but my guess is now that it is checking something like a region code or a special set of bytes in the file as per @amaurynieto suggestion
Also, I just signed in to discourse today, so it's maxed out the number of replies I can post on my first day, so that's why I'm editing here.
EDIT again: still can't post more replies for 8 hours.... sigh
Hold the reset button while plugging it in, then let go after a few seconds, it tries to contact 192.168.0.66 via TFTP and requests the file with the name wr810nv1_tp_recovery.bin then downloads it, after a few seconds it doesn't flash and just boots into its existing firmware. I suspect this is due to whatever region code thing causes the error when you upload the firmware on the web console.
@amaurynieto yes I'm sure serial log would be helpful, but I do think you're on to something when you say that the 1 line region code fix is probably needed. I don't have a LEDE build environment and have never done a build, so I imagine this is several hours of foodling around. Perhaps someone with a build environment already set up can apply the appropriate change and build it?
Hey. How did you get it into tftp mode? I think the only solution at this point is a serial log to see exactly what's going on.
I'm now allowed to post more, not sure if you saw the edited note above about how to get it to TFTP. What is time frame for you to try buying one and getting serial console? I have high hopes that just the region code fix would let it flash and run. With the SoC and flash the same, it seems most things would be likely to work. The stock firmware doesn't even ask for a different version number from the original v1 in its TFTP request.
I'll build one for you later today
Looks like the v1 had a USB port, and v2 doesn't: http://www.tp-link.com/us/products/details/TL-WR810N.html#ReviewHeader
If that's the only problem, and like the original poster said the GPL build sources are the same for all the major bits (SoC, RAM, Flash, and Ethernet and Wifi both built into SoC) and nothing about memory addresses or the like showing up different in that diff listed above: https://www.diffchecker.com/sF35cPuK
what's the chance this thing would boot properly? Is the lack of usb controller likely to be a showstopper? I'd imagine that the kernel would just not find any usb controller, and therefore not do anything about USB, but would the boot process hang if there were no usb controller that was expected to be there? Seems unlikely to me, but I don't know much about the boot process on LEDE.
USB wont pose a problem because even if it registered in mach file if it is not found there will just be a warning in bootlog.
Commit to support 810N v2 is in pep2k-s staging tree,so it should be merged soon
https://git.lede-project.org/?p=lede/pepe2k/staging.git;a=commit;h=996eb5eb9c575a489d0f1c1bd7e7c7990768c0f0
2 Likes
That's awesome, once its merged does it just start showing up in the snapshots automatically? Perhaps @pepe2k can post something here when it gets merged.
Yes,it will be probably merged today and tomorrow it will appear in snapshots if merged
