Unbricking wdr4300 v1.7

Okay, end of a frustrating eight hours trying to get this to work.

Device was working up until I entered a 255.255.255.255 broadcast address for its LAN IP. This seems to be causing a DOS type of issue where I can't get control anymore.

I can get into failsafe mode, (press reset when star is medium blinking) but when I do, pings return 88% packet loss. Sometimes I am able to telnet in, and once I even managed to issue a firstboot && reboot now comand, because it did reboot. However, it continues to be bricked. I was hoping this would reset the network settings.

I can get into TFTP download mode (press reset, then power on), but the device continuously asks for the file:

Aug 16 16:54:33 michalk-desktop in.tftpd[22218]: RRQ from 192.168.0.86 filename wdr4300v1_tp_recovery.bin
Aug 16 16:54:43 michalk-desktop in.tftpd[22221]: RRQ from 192.168.0.86 filename wdr4300v1_tp_recovery.bin
Aug 16 16:54:59 michalk-desktop in.tftpd[22232]: RRQ from 192.168.0.86 filename wdr4300v1_tp_recovery.bin
Aug 16 16:55:04 michalk-desktop in.tftpd[22236]: RRQ from 192.168.0.86 filename wdr4300v1_tp_recovery.bin
Aug 16 16:55:09 michalk-desktop in.tftpd[22254]: RRQ from 192.168.0.86 filename wdr4300v1_tp_recovery.bin
Aug 16 16:55:14 michalk-desktop in.tftpd[22259]: RRQ from 192.168.0.86 filename wdr4300v1_tp_recovery.bin
Aug 16 16:55:24 michalk-desktop in.tftpd[22289]: RRQ from 192.168.0.86 filename wdr4300v1_tp_recovery.bin

I am at a loss as to where to go from here. I've tried multiple TPlink images, as well as a couple of WRT factory images:
openwrt-19.07.8-ath79-generic-tplink_tl-wdr4300-v1-squashfs-factory.bin
wdr4300v1_en_us_3_14_3_up_boot(151104).bin

the stock firmware mustn't be one with boot in the file name.

whats currently installed on the device ? openwrt or stock FW ?

I have been running OpenWRT on the device for years. I do not know which version. I have followed those TFTP instructions, and the only thing I don't have that's in the documentation is the file they use in the example. Not sure where to get this:

publish a firmware image via tftp: `cp openwrt-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin /srv/tftp/wdr4300v1_tp_recovery.bin

If OpenWrt still boots, allow OpenWrt to boot up fully (star blinks fast, then slow, then steady on) then press reset button hold for more than 5 seconds, then release. All the lights should blink out and it will reboot to defaults.

Recent versions accept CIDR notation (e.g 192.168.1.1/24) which implicitly sets up netmask and broadcast.

Thanks, but holding reset for up to one minute doesn't change any LED behavior.
After bootup, I get solid power, solid star, blinky ETH on port1. Quick presses don't do anything either.

Is there a WPS button? Sometimes OpenWrt reset is attached to a different button.

Yes, it's labeled WPS/reset.

It's been a while since I had to recover my tl-wdr4300 (partially because it's no longer in daily service), but rev 1.7 and your tftp traces show that it should have the push-button tftp recovery, which has always worked reliably for me. Adding a simple, unmanaged, switch between the to-be-recovered router and your client hosting the tftpd is very much recommended, as it reduces the time necessary for link training and avoids ifdown events on your client. An OpenWrt factory image can be used as-is for this recovery (just rename it and serve it under the specified IP from your tftpd, make sure that your client's firewall rules allow these tftp transfers). TP-Link OEM firmware images can only be used for recovering if they don't contain a bootloader in front of the actual firmware (kernel+rootfs), this means they don't include the string 'boot' in their filename and have exactly the same size as OpenWrt's factory images (of not, you must strip off the bootloader). Trying to flash an OEM image with embedded bootloader will brick the device, permanently overwrite the wifi calibration data (non-recoverable) and may affect uboot-env (and the hardware IDs used for verifying uploaded recovery images). Serial console access would come in handy at this point, but chances are high that your device's wireless capabilities have already been permanently shot.

I bricked a WNDR4300v2 by installing OpenWRT. I managed to unbrick it by using nmrpflash. My notes on unbricking included in the bug report might help you. https://bugs.openwrt.org/index.php?do=details&task_id=3853

The TL-WDR4300 is a TP-Link device, not Netgear. Recovering it involves invoking a tftp client inside the router's bootloader (by keeping the reset button pressed while powering it on) to make it pull the factory image from a tftp server reachable under the specified IP address, this is exactly the other way round than on Netgear devices (where you push the recovery image with a tftp client from your computer to a tftp server running from your router's bootloader). Accordingly nmrpflash isn't an option here either.

1 Like

Thanks. Yeah, I did attempt to flash with the bootloader. To add insult, I put my serial dongle on the power pin, and something popped. The serial dongle doesn't work, and the device doesn't request firmware images either. Throwing it in the trash.

That's a bit sad, but considering the hardware damage that already occured (via the serial console attempts) and the age of the device and its remaining resale value (you can get working second hand ones around 15 EUR/ USD), that's probably the only sensible choice.

--
These devices are plagued by failing power supplies after a couple of years of contiunous service, which might have caused the original problems.

1 Like

I have been researching the toh_available database, and it looks out of date. Do you have a good solid recommendation on OpenWRT hardware?

That depends a lot on what you're looking for in terms of WAN speed, additional features (VPN, SQM, adblocking, are VLAN configurations wanted), wireless capabilities, performance in general.

In general there are a couple of options that can be recommended in general:

  • ath79+qca9880-br4a <-- wifi5
    while very similar to your tl-wdr4300, I would not really recommend buying these ath79 devices new, but there may still be convincing offers available.
  • mt7621a+mt7615e <-- wifi5
  • ipq40xx+qca40xx <-- wifi5
  • ipq806x+qca998x <-- wifi5
  • mt7622bv+mt7915e (maybe mt7621a+mt7915e) <-- wifi6

roughly in ascending performance and price ranges. With some patience and persistence there are often good offers available on the second hand market

Thanks. I just put in an order for a Linksys AC2200.

Why do you think the ToH is out of date?

For hardware recommendations please use the Hardware Questions and Recommendations category.

I used it to find some products on Amazon, and, well, I'm not an expert on the chip nomenclature, thinking newer chips were incrementally labeled and better than a lower numbered chip. So, I'd find one on Amazon, that's not on toh, then a lower one on toh and not on Amazon.

Hey guys, where can I find the stripped version of the WDR4300 v1 firmware?
I've tried https://freifunk-firmware.de/bootcut.php but the site doesn't exist anymore
Also tried with https://freifunk-firmware.de/bootcut.php but I get "upload failed".

Any help is appreciated.
EDIT: Will add some details on how I bricked my wdr4300 and what I've tried so far:
I was on 22.03.0 everything was working OK but I wanted to try out an old, overclocked version of LEDE which I found here: https://github.com/gwlim/Openwrt_Firmware/tree/master/TP-Link_TL-WDR3500-3600-43XX-WM4350R
I ignored the warning thinking everything would work and now the router just turns all lights on every 15 seconds or so. I managed to transfer latest Openwrt factory once but it seems it transfers fine but it doesn't flash. It just keeps rebooting forever.
Also I've also tried renaming wdr4300v1_en_3_14_3_up_boot(150518).bin to wdr4300v1_tp_recovery.bin but got the same result.
I debricked this same device a few months ago with no issues.
Did I permabrick my router this time?
Any help is appreciated.

EDIT: I only managed to transfer the file succesfully only once in 30 tries.
Most of the times I get

Ack block 6261 ignored (received twice)
TIMEOUT waiting for Ack block 6262

And the connection gets killed.