Tp-link AX23 wrong firmware version number after reverting

frollic · June 14, 2024, 11:34am

no idea, someone with an US device with openwrt installed, or serial and an initramfs booted, would have to check.

CrackedPotato · June 14, 2024, 11:35am

The skip= block count, you got that how?

I'll install tonight if you confirm about the process I mentioned?

frollic · June 14, 2024, 11:40am

I used xxd to convert the dumps it into a somewhat readable format.
Then compared the mtds where I didn't expect any big differances, and got lucky

CrackedPotato · June 14, 2024, 11:50am

@Nihilokrat

Hey mate! Do you have any US devices on hand?

frollic · June 14, 2024, 12:13pm

OK,

started from here, with TP-Link's EU 1.20 v1.1.0 installed.

Flashed openwrt-23.05.3-ramips-mt7621-tplink_archer-ax23-v1-squashfs-factory.img:

root@OpenWrt:/# ubus call system board
{
        "kernel": "5.15.150",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "TP-Link Archer AX23 v1",
        "board_name": "tplink,archer-ax23-v1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"
        }
}

root@OpenWrt:/tmp# dd of=/tmp/a if=/dev/mtd6 skip=198673 count=11 bs=1
11+0 records in
11+0 records out
root@OpenWrt:/tmp# cat /tmp/a
3.0.3
ildroot@OpenWrt:/tmp# vi /tmp/a
3.0.3
^@^@ild
~
~
root@OpenWrt:/tmp# opkg update
....
root@OpenWrt:/tmp# opkg install kmod-mtd-rw
....
root@OpenWrt:/tmp# insmod mtd-rw.ko i_want_a_brick=1
[  526.669415] mtd-rw: mtd0: setting writeable flag
[  526.674217] mtd-rw: mtd5: setting writeable flag
[  526.678816] mtd-rw: mtd6: setting writeable flag
[  526.683451] mtd-rw: mtd7: setting writeable flag
root@OpenWrt:/tmp#
root@OpenWrt:/tmp# echo "1.1.0 Build" > /tmp/vers.ion
root@OpenWrt:/tmp# dd if=/tmp/vers.ion of=/dev/mtd6 seek=198673 count=11 bs=1 conv=notrunc
11+0 records in
11+0 records out
root@OpenWrt:/tmp#
root@OpenWrt:/tmp# rm a
root@OpenWrt:/tmp# dd of=/tmp/a if=/dev/mtd6 skip=198673 count=11 bs=1
11+0 records in
11+0 records out
root@OpenWrt:/tmp# cat a
1.0.0ildroot@OpenWrt:/tmp#

I see there's still something fishy with my dd when replacing the version.

Used https://argsnd.github.io/tp-link-stock-firmware-converter/index.html to convert the AX23_eu_jp_kr_ru-up-ver1-1-0-P1[20230725-rel56344]_2023-07-25_15.41.43.bin to a sysupgrade image, and flashed it with keep parameters unchecked, and force checked.

Aaaaand, voila!

flashed the TP-Link upgrade file once again, to get the version right.

hecatae · June 14, 2024, 12:17pm

can you put 1.0.10 as the firmware version?
I've been assuming it read the zero from .05, but it may only be reading the 3 from 23 and the 03 from the last part of 23.05.03, and then formatting that as 3.0.3

frollic · June 14, 2024, 12:20pm

I can,

but as you can see, there's something with the dd command (and I suck at dd)...

I thought I was writing

echo "1.1.0 Build" > /tmp/vers.ion

but it comes back as

root@OpenWrt:/tmp# dd of=/tmp/a if=/dev/mtd6 skip=198673 count=11 bs=1
11+0 records in
11+0 records out
root@OpenWrt:/tmp# cat a
1.0.0ildroot@OpenWrt:/tmp#

CrackedPotato · June 14, 2024, 12:30pm

Any updates on this?

frollic · June 14, 2024, 12:32pm

Not going to flash all available FWs out there, and even if I did, there's no guarantee a device coming from that region would behave the same way as the EU unit I own, running an IN firmware.

hecatae · June 14, 2024, 1:00pm

There are radio differences and @frollic may risk damaging their wifi radios flashing firmware that is not for their region, so I agree with @frollic

CrackedPotato · June 14, 2024, 1:08pm

Right, that was stupid of me to ask.

I am assuming that would definitely mean a difference in the block count.

I guess I'll hold out till the safe loader patch

Nihilokrat · June 14, 2024, 1:09pm

Negative, only EU.

CrackedPotato · June 14, 2024, 1:12pm

Awww, thanks for checking anyways!

frollic · June 14, 2024, 1:12pm

you could try to reproduce my findings, assuming you're running openwrt.

@bugenwilla, @smakib01 do you still own the AX23 ?

CrackedPotato · June 14, 2024, 1:23pm

The location of this string would be the same on a openwrt device aswell, right? Since the safe loader is the only one touching it?

captainfall · June 14, 2024, 1:23pm

Can someone water the process down.
Thank you guys for your efforts

CrackedPotato · June 14, 2024, 1:24pm

What region of the AX23 do you own?

Look at frollics detailed instructions above.

frollic · June 14, 2024, 1:26pm

the no guts, no glory version:

root@OpenWrt:/tmp# opkg update
root@OpenWrt:/tmp# opkg install kmod-mtd-rw
root@OpenWrt:/tmp# insmod mtd-rw.ko i_want_a_brick=1
root@OpenWrt:/tmp# echo "1.1.0 Build" > /tmp/vers.ion
root@OpenWrt:/tmp# dd if=/tmp/vers.ion of=/dev/mtd6 seek=198673 count=11 bs=1 conv=notrunc

short enough for you ?

captainfall · June 14, 2024, 1:29pm

Where do i enter this? I use EU version

frollic · June 14, 2024, 1:30pm

https://openwrt.org/docs/guide-quick-start/sshadministration

I used the EU version too.