Tplink Archer c2 web update

For Developers
1

Hello everyone, I ran into problematic firmware of this router through the web, firmware accepts but does not boot-I get lzma error. Utility for the firmware spoils several bytes

всем привет, я столкнулся с проблеммой прошивки этого роутера через web ,прошивку принимает но не грузится -получаю lzma error .Утилита для прошивки портит несколько байт

  1. T:\USRTMP\damp_factory0703.bin: ‎4 194 304 байты
  2. T:\work_dump.bin: ‎4 194 304 байты
    Offsets: хекс.

4023C: 00 26
4023D: 00 11
4023E: 00 A8
4023F: 01 6A

4 отличия найдено.

Summary

define Device/ArcherC2
DTS := ArcherC2
SUPPORTED_DEVICES := c2
KERNEL := $(KERNEL_DTB)
KERNEL_INITRAMFS := $(KERNEL_DTB) | tplink-header ArcherC2 -c
IMAGE/factory.bin := append-kernel | tplink-header ArcherC2
IMAGE/sysupgrade.bin := append-kernel | tplink-header ArcherC2 -j -s | append-metadata
IMAGES += factory.bin
DEVICE_TITLE := TP-Link ArcherC2
endef
TARGET_DEVICES += ArcherC2

2

i didnt know that tplink archer c2 was supported.

3

archer C2 support repository https://github.com/sunsky13122156/LEDE-Archer-C2

4

Since this is a third party firmware image, you should adress your questions to the developer of this specific image.

5

Hello, I understand that this is not the official port lede, but it's problematic with the firmware via the web is also available for archer c20 and c50

6

I don't understand what you are trying to say.

7

so you need help developing firmware for this particular device? Unfortunately i dont have one in order to assist you with this, the best thing you can do is find someone whom has created the firmware for that particular device and talk to them, because they have the device to help troubleshoot it.

8

A post was split to a new topic: Archer C2: Dropping frame due to full tx queue

9

Sorry for necrobumping, but i have the same problem.

So what @leks is saying is that firmware gets corrupted(4 bytes overwritten) when updated from Tplinks original web ui, simmilar as on Archer C20i.

I verified it via wireshark(that correct data is being transfered) and directly reading the data from eeprom(diff flashed fw vs uploaded fw) via CH341A that firmware is getting corrupted at eeprom address 0x04023c - 0x04023f (corresponds to .img address 0x02023c - 0x02023f)
Here is diff from broken and working flash image:

< 00040230: bf6d 5dd4 f6a4 e162 7e47 adca 0000 0002  .m]....b~G......
---
> 00040230: bf6d 5dd4 f6a4 e162 7e47 adca 49a9 79fd  .m]....b~G..I.y.

"49 a9 79 fd" gets overwritten with "00 00 00 02" in my case, and "26 11 A8 6A" gets overwritten with "00 00 00 01" in the case of @leks
I think rewritten value is hardware version of the board.

That is causing LZMA error(confirmed by trying to decompress both corrupted and uncorrupted LZMA dumps via LzmaDecode.c from Archer C2 orig. source code) when trying to boot the image after flashing, router get stuck in boot loop, effectively bricking the router

LZMA ERROR 1 (LZMA_RESULT_DATA_ERROR) - must RESET board to recover

I tried to reverse engineer original ELF binaries(mainly httpd and libcmm.so) to find the cause(something must be triggering it as it doesnt happen to original firmware updates from tplink) but i failed so far.
My best guess is uncomplete tplink-header.

If anyone can assist me with finding the cause of corruption i would be very grateful!

Thank you!

PS. I think finding the cause of this would lead to being able to update to openwrt from original tplinks firmware(probbably on other tplinks routers too) from web ui instead tftp, meaning easier update for everyone.