Hello! adschm on GitHub needs the MAC address assignment for our model to wrap things up. Unfortunately I bricked my device while trying to revert to the stock firmware and won't be able to attach serial soon due to time constrains.
Can someone else provide him the table?
Their original message:
@Borromini yes sure, yet as "The only and important difference between v1 & v3 is in flash memory
layout, so pls don't interchange these 2 builds!" I was hoping something similar would happen.
How can I check the hardware is the same? Visual inspection? serial connection?
Both would be good, yes, check boot log for pointers on flash and RAM, flash layout, but a physical look at the innards never hurts (if you can open it without voiding the warranty).
Even flash memory layout changes can brick your device, if you were to overwrite e.g. radio callibration data etc.
I wouldn't recommend. The RE305 v3 stock firmware image (.bin) size is about ~7MB, while the RE305 v4 stock firmware image size is about ~2.5MB (less than a half).
This might be an indication that they are different hardwares.
I just ordered one RE305 to replace a RE200 (with the expectation I could run OpenWRT on it since OpenWRT on RE200 is broken).
It will arrive next week, hopefully it will be a v3. If it is a v4 I will be very disappointed since there is no OpenWRT support to v4 yet. If it is a v4 and it is easy to take it apart, I will try to find out which hardware v4 has.
I just received my RE305 v3 today. Below are the MAC addresses from the stock firmware (I've redacted one portion for privacy reasons but I believe it is sufficient for understanding the MAC addresses order). I will post this information at github as well:
Hey cheers for getting this through. I'm having an issue with mesh networking where my speeds are halved even though router (archer C7) and extender are right beside me.
Is there any way to restore original tp-link firmware. I've tried TFPT on 192.168.0.66 and 192.168.1.66 with no luck but TFTP seems to work with the Archer C7. Wireshark is also not picking up anything
I'm hoping to revisit this over the xmas hols but for the moment I just need the Onemesh back up and running until then. Any help would be appreciated
Cheers
A possible tentative solution is to prepare the stock firmware file to be flashed via OpenWRT. This should be done via tplink-safeloader utility which needs to be built form OpenWRT source code. You can see more details about how to do this in the RE200 revert to stock firmware at https://openwrt.org/toh/tp-link/re200#back_to_stock_v2_v3_v4
However if you are not familiar with building OpenWRT this might not be simple. Even doing this notice that there might be issues with versioning in the stock firmware that may prevent it being installed.
Anyway, if you are willing to try this revert ant accept the risk for soft bricking your device (requiring an UART physical connection to restore it), I have this "stock revert" firmware image I prepared sometime ago for the RE305v3. I've never tested it, but if you want to take the risk let me know and I can share it with you.
Can you please clarify what these images are? I flashed image openwrt-ramips-mt76x8-tplink_re305-v3-squashfs-factory.bin to my RE305-v3 device through the web interface and it appears to have flashed OK but upon reboot it was no longer reachable on anything except ssh on default IP 192.168.1.1. I connected to it via ssh and a netstat showed there were no ports open on 80 or 443 and the /web directory was competely empty.
I'm now about to solder a serial adaptor to it and try and recover it. Did I get it completely wrong, I thought the images above are a working dd-wrt firmware for the RE305-v3. What gives?
Thanks for the clarification guys. I obviously totally misunderstood what this firmware was all about. I expected an image that had web functionality out of the box (even if still under development) and could be used as a replacement for the OEM TP-Link firmware. I don't have a dev environment setup and I'm unsure how to get Luci installed, hence why I hoped that there would be a firmware image with Luci web baked in.
The reason I had to solder up the serial is that I may have messed up the boot while experimenting with firmwares The good thing is that I can now use serial to bring up the device with TFTP and initramfs images and recover it.
I'm now trying to figure out how to restore the original OEM firmware version 1.1.1 (so that it leaves me the option to upgrade to a later version through the web) but whatever I do it's a dead end. The OEM kernel starts to boot but the filesystem is mising and it kernel panics. I'm not sure how the OEM firmware image is mangled before it is flashed, the OEM firmware is not accepted by sysupdate as is or after removing it's header and running sysupdate -F or mtd write leads to a kernel with no filesystem and kernel panic.In hindsight I should have dumped the entire EEPROM chip before flashing anything so I have a full backup, oh well, live and learn. I'll keep banging on for a while and see what I can do.
FYI I managed to successfully revert back to OEM firmware on my v3 after flashing ddwrt firmware. It wasn't an easy journey but it's doable. After reverting, it still had my old configuration saved (old SSID/password/settings) presumably because they are stored on a separate partition that had not been reflashed.
The process I came up to revert was this. I downloaded TP Link OEM firmware v1.1.1 and extracted the kernel and the squashfs from it (the offsets and lengths of these are listed in the header inside the firmware file in human readable form). I then reassembled these two into a new file such as the kernel is at offset 0 and squashfs starts at offset 0x100000 and in between the end of the kernel and start of squashfs the file is padded with 0xff
Next I tftpbooted the device with an initramfs-kernel and uploaded the prepared file to /tmp then used "mtd write <filename> firmware" to flash it. Rebooted and the repeater now run OEM firmware 1.1.1 with all my old settings. I didn't see any errors when watching the serial boot log.
I then went into the firmware upgrade page and it showed firmware version was 2.0.0 so trying to flash OEM firmware 1.1.5 failed as expected. Rebooted and dropped into u-boot menu (you need to have serial soldered to the board for this). The software version is stored in flash at offset 0x7c4208 as ascii string "soft_ver:2.0.0" so I used "spi write 7c4211 31" to modify "2.0.0" to "1.0.0" however upon rebooting and going into the firmware upgrade for some reason it showed firmware version 0.0.0 (I suspect there may be a checksum of the flash area that invalidated the data). Regardless with version 0.0.0 the OEM upgrade through the Web to version 1.1.5 succeded.
Do you mean the kernel isn't even starting to load at all, or it starts and then freezes because it can't find a filesystem? You may have somehow flashed a bad firmware.
When you turn on the RE305 with serial connected press 4 as it starts up to drop into the u-boot menu
type "tftpboot 82000000 openwrt-ramips-mt76x8-tplink_re305-v3-initramfs-kernel.bin" and the serial port should show ####### progress as the image downloads. Then type "bootm" to boot it.
Once you have that in /tmp you can flash it with "sysupgrade openwrt-ramips-mt76x8-tplink_re305-v3-squashfs-sysupgrade.bin"
Hope this helps. Alternativley you can try my instructions above to revert to OEM firmware.
Word of caution, when in u-boot menu DO.NOT.USE. "erase" command, it will wipe the flash including u-boot and your device becomes a brick, you will need to use special hardware to re-write your flash chip! Ask me how I know that and how much fun I had desoldering the flash chip from the board to get it back to working ,)
I have mapped out the entire FLASH layout of an OEM RE305-v3 so in priciple you could start with a fully erased chip and return back to a fully functional device. There is just one small area I need assistance with. Can someone please run this command and send me the output. Thanks in advace
The good thing is that I can now use serial to bring up the device with TFTP and initramfs images and recover it.