Unfortunately I have hit a roadblock, for some reason my Malta Debian-Mips VM is getting a exec format error while trying to chroot into stock firmware.
Perhaps @frollic could give it a shot straight on the device without having to go through all the virtualization jargen?
Here is the extracted squashfs which I have compressed to a tar.gz for easy sharing
Although, following the guide I linked above, you can use the crypto.lua already on your stock firmware to decrypt the backup, enable ssh and renecrypt it.
This is mtd6 from OpenWrt, I assume? If you modified those bytes with "3.0.3" to contain "1.1.0" before converting back to stock, you should have the correct version number again when running stock.
Once you have confirmed that you can properly revert after fixing the version number, you could try other version numbers to see what the firmware checks for to verify it can support the features broken with "3.0.3". Does "1.1.9" work? What about "1.9.9"? We could update the safeloader tool to have a higher version than the latest available stock, while still maintaining the option to go back and use the original FW with full functionality.
Note that going from stock to OpenWrt with "1.1.9" and back to stock would be a thing a user can only do once! As soon as stock thinks it is already at version 1.1.9, I don't think it will let you upgrade to OpenWrt again.
That was my plan, but I need to figure out how to dd the 11 bytes of data
correctly to /dev/mtd6, seek= doesn't seem to be enough, since it appears
to cut off the rest of the file (I tried it on a mtd6 dump file).
Since I discovered it the hard way, I also need to figure out (the syntax) how to mtd write the old dump back
The OpenWrt release number is indeed 23.05 (or whatever future version), but that's not the version that is reported to the stock firmware in the OpenWrt factory image.
TP-Link has a bit of flash storage carved out to store release info: a version number, a build date, a build number. Any images provided for upgrading the device (vendor or OpenWrt) must also contain this bit of data with release info.
On upgrade, the stock FW will replace the stored version info with the one from the upgrade image.
OpenWrt factory images currently pretend to be a TP-Link image with version 3.0.3. It could pretend to be any version, such as 1.1.9 or 0.1.2, but the firmware apparently refuses to install images with lower version numbers.
The "3.0.3 problem" arises because because OpenWrt doesn't otherwise care or know about this bit of release info. When reverting from OpenWrt back to stock, only the 'runtime data' is installed again, but the release info is left untouched. So that's how you end up with a firmware expecting to be v1.y.z, but seeing 3.0.3 stored in its release info.
While installing openwrt i am assuming this bit gets checked again, but since with a patch it will be lets say 1.1.9, I have reverted once, so its 1.1.9 and on trying to install openwrt again it will fail because the part which checks for the versions says that both images are the same, is that right?
Would users be able to look at the patch, incrementally change it to whatever highest version we find that doesnt have anything broken?
Edit - Q2, Can we not do what was suggested a little up, that we change the version to let's say 1.0.0 while on openwrt with ssh access, install stock, then if need be we can reinstall openwrt.
They do not pretend to be 3.0.3
It's read as 23.05.3 when you flash back to stock.
I've yet to read of anyone who has flashed from master SNAPSHOT to Stock firmware, and the number in brackets differs on different ax23s.
root@OpenWrt:/tmp# dd of=/tmp/a if=/dev/mtd6 skip=198673 count=11 bs=1
11+0 records in
11+0 records out
root@OpenWrt:/tmp# cat /tmp/a
1.1.0 Build
root@OpenWrt:/tmp#
I'm not entirely sure how the version is read, keep in mind I wrote 1.1.0 to the mtd, but it came out as 1.0.0 in the stock fw.
I did if from an initramfs, but I see no reason why it wouldn't work from within vanilla openwrt.
You'll however need to install kmod-mtd-rw 1st, then insmod it. root@OpenWrt:/tmp# insmod mtd-rw.ko i_want_a_brick=1
This applies to the initramfs too.
Could you perhaps give it a go with sysupgrade file of stock? Initramfs should be the same information functionality but I have 0 idea how openwrt and embedded devices work...
Edit- Do the US and the EU versions have similar flash layouts aswell? I know it says identical on the wiki, is that hardware wise?