Is it possible to flash openwrt via tftp without opening the device?
Excellent question, i got one as a backup. would be nice to have bridge mode in it.
Is anyone else experiencing very poor wifi signal on both 2.4 and 5 antennas or it's just me
I'm using the last snapshot.
1 Like
Most definite +1 from me here.
I was considering buying another device as a backup, and for further development ; the first one is already installed at its final destination. However after some stress-testing I'm having second thoughts.
LTE is fine, seems stable and easily reaches 40+mbit in area where latest android/apple phones have same speeds as well.
2.4g wifi is more or less usable, devices stay connected over multiple-day periods without issues, however max speeds seem a bit worse off. Best I've managed was 25-30mbit from wifi client to internet, while speedtest on the router itself reached 40mbit easily.
Now 5g wifi looks like a dealbreaker right now... DFS channels (52-144) are pretty much unusable, according to logread the hostapd goes from DFS straight to DISABLED without any error message or delay. It should wait 60s according to default config, but apparently DFS-CAC-START breaks off within <1s (it's urban area, I'm not aware of any radar activity anywhere in the vicinity, or even another 5g wifi using those channels from all my scans).
Non-DFS channels are "only" half-way dead - the low-range (channels 36-48) are in conflict with another AP at the location and they are way too underpowered ; I can barely get a client to connect to it, and it breaks off under very light loads. I've had a bit more success in high-range, specifically 80mhz on channel 149. Device stayed connected even under loadtest, but speedtest did not exceed 17-18mbit (right before and after that a direct speedtest reached 38+mbit and a 2.4g client managed 22mbit, so wifi was surely the bottleneck).
I'm quite disappointed the openwrt routers based on WG3526 are no longer available on amazon ; those had some amazing hardware and antennas for everything. I bought one some months ago - openwrt worked straight out of the box, both LTE and Wifi 2.4/5 are great, same price range as mr600 ... overall a lot more stable device. Should have ordered more of them 
Anyway my mr600 is now fixed in its place (which will soon be 100s of km from my usual place) and needs to stay as stable as possible, so unless I decide to get another one there won't be much activity from me here I'm afraid.
1 Like
Thanks for your info but I just want to know is it gonna be fixed or it's gonna be like this forever...
Is there anyway to revert back to the original firmware ? @relghuar
I've used the option "1" and if I'm flashing original stock firmware it says "Bad magic number"
And flashing the same tplink image through sysupgrade doesn't work...
I had to open mine
Yes there is, I've done it at least once myself, although it's not totally straightforward.
You need to unpack the .bin file from tp-link zip package, and then extract kernel and rootfs images from there, ideally as a single image which can then be flashed from openwrt (that you can boot directly from u-boot using command line, see earlier posts).
Command I used to get firmware.bin out was simple, should work just fine for you as that still seems to be latest version, at least from german site - just MAKE SURE you have the V2 hardware of course! (https://www.tp-link.com/de/support/download/archer-mr600/v2/#Firmware):
dd if="Archer_MR600v2_1.6.0_0.9.1_[220105-rel58321]_up_boot_Release_2022-01-05_16.41.23.bin" of=firmware.bin bs=$((0x100)) skip=$((0x202)) count=$((0xfa00))
Now you can simply upload that firmware.bin into the openwrt-booted router (via scp for example) and use mtd command to write it directly to "firmware" partition, something like this:
mtd write firmware.bin firmware
A simple reboot afterwards should boot stock firmware.
PS: I'm pretty sure there should be a way to upload and flash that firmware.bin directly from u-boot command line, but I have no way to test it anymore so I won't speculate on the required procedure 
Someone with easy access to serial console and an hour or two to kill should be able to find out easily.
2 Likes
You're a life saver, Thank you !
Everybody and their neighbors here seem to have successfully booted their Archer MR600 v2 with OpenWrt, and here I am with LZMA ERROR 1 when I'm trying to do so.
I've tried openwrt-22.03.3-ath79-generic-openmesh_mr600-v2-initramfs-kernel.bin and openwrt-ramips-mt7621-tplink_mr600-v2-eu-initramfs-kernel.bin with various load addresses, 0x81001000, 0x80001000, 0x80060000 and even the weird 0x0c00000 that the official OpenWrt page about mr600 mentions.
Whatever attempt I try ends up with an LZMA ERROR 1.
I am 100% sure it is an Archer MR600 Ver 2.0.
Found the right address thanks to this post [Solved] Uboot - Not enough buffer for decompression LZMA ERROR 1 - #29 by numero53
tftp 0x80a00000 openwrt.bin did the trick.
1 Like
Your method works like a charm, it actually helped me unbrick the device from a saveenv. Now I use it to toy with 2021's firmware squashfs, only to see if there are security issues in there.
This Makefile made my life easier, HTH anyone:
BS = $(shell printf "%d" 0x100)
SKIP = $(shell printf "%d" 0x202)
FW = "Archer_MR600v2_1.3.0_0.9.1_[210208-rel61056]_up_boot_Release_2021-02-08_17.06.35.bin"
TARGET = "outcast:tmp/"
MODFW = "Archer_iMil.bin"
all: copy
firmware:
dd if=${FW} of=firmware.bin bs=${BS} skip=${SKIP}
uboot:
dd if=firmware.bin of=${MODFW} bs=1 count=2097152
squash: uboot
rm -f modified_squashfs.img
mksquashfs squashfs_extract modified_squashfs.img -comp xz -no-fragments
glue: squash
cat modified_squashfs.img >> ${MODFW}
copy: glue
scp ${MODFW} ${TARGET}
echo "press 4 at u-boot to get to the prompt, then"
echo "setenv ipaddr 192.168.1.11"
echo "setenv serverip 192.168.1.15"
echo "tftp 0x80a00000 openwrt.bin; bootm"
The machine I build on is not the machine with the serial plugged in, hence the scp.
On the remote serial machine, openwrt.bin is a kernel+initrd snapshot.
1 Like
Hi! Sorry for stepping in like this :} But from the discussion above I have not understood if we need serial access to the device in order to flash OpenWrt on the MR600, or if it can be done via LAN.
check this: https://github.com/openwrt/openwrt/pull/10887
I just signed up to the forums to say the guides here are very helpful, it lead to my first time soldering.
Was going to solder pins but realised the pictures showing the serial pinout were taken from the side with the heat sinks removed. No space on the back for pins unless I cut a large-ish hole so I got creative with the cable installation:
I also wrote a small script to give the signal bars some functionality. I have a non-flashed MR600 to compare and believe the strength is determined by RSSI, however the script can be adapted for any values returned by UQMI signal info. Put the script in a non-temp folder and add it as a scheduled task. I set mine to run every 2 minutes:
#!/bin/ash
RSSI=$(uqmi -d /dev/cdc-wdm0 --get-signal-info | grep rssi | grep -Eo '[0-9]+')
STRENGTH=0
if [[ $RSSI -le "95" ]]; then
STRENGTH=1
fi
if [[ $RSSI -le "85" ]]; then
STRENGTH=2
fi
if [[ $RSSI -le "75" ]]; then
STRENGTH=3
fi
i=1
while [[ $i -le 3 ]]; do
if [[ $STRENGTH -ge $i ]]; then
echo default-on > /sys/class/leds/white:signal$i/trigger
else
echo none > /sys/class/leds/white:signal$i/trigger
fi
i=$((i + 1))
done
UQMI does seem to timeout returning info after a while, it seems the device gets busy with a "failed to connect to service" message, the data connection continues to works fine though.
The grafana dashboard is coming along nicely too when UQMI isn't timing out...
hi there
have a question and want to use ch341 programmer: to get rid off isps firmware and load the oryginal tplinks one would it be something like for unbricking the mr200 v1 ? anyone tried or have some ideas?
-
Export your Router's configuration by doing dd if=MR600_dump.bin of=Configurations.bin bs=64k count=3 skip=125
-
Cut the header from the oryginal mr600v2 tplinks firmware by doing dd if=stock.bin of=stock_NoHeader.bin bs=512 skip=1
-
Export boot + router firmware from the file by doing dd if=stock_NoHeader.bin of=stock_BootFW_nomodem.bin bs=64k count=125
-
Merge boot + router firmware with your Router Configuration by doing cat stock_BootFW_nomodem.bin Configurations.bin > Firmware.bin
would this be worth trying ?
I might take a look at implementing support for MR600v1 soonish.
Opening it to get to the serial port was annoying tbh 
it's on the bottom of the board and there is a silver plastic hinge or something clamping together top and bottom part of the case that was annoying to get out. (I bend it with the top part of the case first, so I might not be able to get it back in)
Atleast others will be able to install fw through tftp instead.
3 Likes
can confirm, it is still broken
currently the line to edit is 570
then run (to add luci and support for the lte module)
make image PROFILE="tplink_mr600-v2-eu" PACKAGES="luci luci-proto-qmi"
and flash the image
thank you @relghuar for your work!
saved me alot of time
