Trying to add support for the tplink RE655v2

MartinS · February 1, 2022, 4:51pm

Hello everyone,

I recently got myself a TP-Link RE655 the stock firmware is quite crap and there is no support in openwrt for it. (yet hopefully).

The hardware seams to be mostly the same as the RE650 so I based my changes on the commit that added support for that one. Here is my attempt: https://github.com/mschaf/openwrt/commit/4898dfb190dbcac3c9378b8907ef0c103c287cbd.
OpenWRT build fine, so I tried booting the initramfs image via tftp from sdram.
Unfortuantly this fails with Uncompressing Kernel Image ... LZMA ERROR 1 - must RESET board to recover and bricks the device (Stuck on Starting kernel ... in the next boot)

I also tried flashing the factory.bin image via tftp and the web interface, tftp fails with the same error as the initramfs one and via the webinterface shows also an error and does not flash.

Now I don´t know how to proceed, so any help would be appreciated.

Log from trying to boot from ram:

Please choose the operation: 
   1: Load system code to SDRAM via TFTP. 
   2: Load system code then write to Flash via TFTP. 
   3: Boot system code via Flash (default).
   4: Entr boot command line interface.
   7: Load Boot Loader code then write to Flash via Serial. 
   9: Load Boot Loader code then write to Flash via TFTP. 

You choosed 1

 0 

   
1: System Load Linux to SDRAM via TFTP. 
 Please Input new ones /or Ctrl-C to discard
	Input device IP (192.168.0.254) ==:192.168.0.254
	Input server IP (192.168.0.1) ==:192.168.0.100
	Input Linux Kernel filename () ==:kernel.bin

 NetTxPacket = 0x87FE5C00 

 KSEG1ADDR(NetTxPacket) = 0xA7FE5C00 

 NetLoop,call eth_halt ! 

 NetLoop,call eth_init ! 
Trying Eth0 (10/100-M)

 Waitting for RX_DMA_BUSY status Start... done


 ETH_STATE_ACTIVE!! 
TFTP from server 192.168.0.100; our IP address is 192.168.0.254
Filename 'kernel.bin'.

 TIMEOUT_COUNT=10,Load address: 0x80a00000
Loading: Got ARP REPLY, set server/gtwy eth addr (3c:7c:3f:4b:72:1f)
Got it
#################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #################################################################
	 #########
done
Bytes transferred = 6035019 (5c164b hex)
LoadAddr=80a00000 NetBootFileXferSize= 005c164b
Erasing SPI Flash...
.
Writing to SPI Flash...

done
Automatic boot of image at addr 0x80A00000 ...
## Booting image at 80a00000 ...
text base: 80001000
entry point: 80001000
   Uncompressing Kernel Image ... LZMA ERROR 1 - must RESET board to recover

Some specs:

CPU: MT7621A
RAM: 128MB
Flash: EN25QH64 8MB
Wifi: 2x MT7615N

Stock flash dump:

https://drive.google.com/file/d/1gaGq57fmy94aucVhymIJYJx5se1Y6fpE/view?usp=sharing

Board pictures:

Be careful when opening, there is exposed mains voltage.

The serial pins are in the middle of the board and marked. The cables can be nicely run out through the wholes on the side.

OEM Bootlog:

Drops right into a root shell, some diagnostic commands run at the bottom.

Mijzelf · February 1, 2022, 6:22pm

MartinS · February 1, 2022, 7:21pm

Thanks, loading at a later address worked. I used tftpboot 0x8100000 and bootm 0x81000000.

I also could flash the image to flash from luci.

MartinS · February 1, 2022, 9:23pm

Next I need to figure out the flash partitions.
Certain partitions like fs-uboot and radio must align with the ones in the stock firmware, right?

So far I have

# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00800000 00010000 "ALL"
mtd1: 00020000 00010000 "fs-uboot"
mtd2: 00330000 00010000 "os-image"
mtd3: 00470000 00010000 "file-system"
mtd4: 00010000 00010000 "radio"

which gives me the sizes, but how do I find the offsets?
I tried `cat /sys/class/mtd/mtd*/offset``but I guess the stock kernel is too old for that.

jdwl1o1 · February 2, 2022, 12:29am

The bootlog of the stock firmware will provide additional details of the flash layout.

dzej · June 22, 2023, 7:17am

Hey there! any luck with the openwrt for the re655 v2? this stock firmware is piece of garbage. i'd like to flash mine.. hit me up if You found a way to upgrade it through the tplinks webui - thanks:)