I bricked my WDR-3600 using the tl-wdr3600-v1-squashfs-sysupgrade.bin instead of tl-wdr3600-v1-squashfs-factory.bin. I am away from home and cannot use ttl to connect and flash again. Apparently, the device is booting. I hope to use tftp boot, but howto?
apt-get install --reinstall tftpd-hpa tftp-hpa
In /etc/defaut/tftpd-hpa
TFTP_OPTIONS="--secure -v"
Then I can read the log in /var/log/syslog
tftpd works.
It might not work if your previous TP-Link stock firmware was not up-to-date enought to already include the TFTP recovery procedure. In that case only TTL will do AFAIK.
By the way, I wonder wether this might be a vulnerability.
Anybody with physical access to a router can unplug, replug to a TFTP server and install a fresh distribution. Or if you are in a company, just connect to a RJ-45 plug, turn off the electricity and you might be able to break in the system ... All this could be automated with an attack software or a malware targeting all TP-Link devices around the planet.
Is this a message sent by bootloader or is it embedded in hardware?
Can bootloaded be replaced with Coreboot/uboot?
uboot-mod is highly interesting ... It is not protected, but still a good starting point to hack. How do I automate installation from LEDE? OpenWRT claims to have u-boot-upgrade. Is it included in LEDE?
=================================================================
DISCLAIMER: you are using this script at your own risk!
The author of U-Boot modification and this script takes
no responsibility for any of the results of using them.
Updating U-Boot is a very dangerous operation
and may damage your device! You have been warned!
=================================================================
Are you sure you want to continue (type 'yes' or 'no')? yes
[ ok ] Found U-Boot image file: u-boot_mod__tp-link_tl-wdr3600__20170510__git_master-0c183583.bin
Do you want to use this file (type 'yes' or 'no')? yes
[ ok ] MD5 checksum of new U-Boot image file is correct
[ ok ] Backup of /dev/mtd0 successfully created
Do you want to store backup in /etc/u-boot_mod/backup/ (recommended, type 'yes' or 'no')? yes
[ ok ] Backup of /dev/mtd0 successfully copied to /etc/u-boot_mod/backup/
[ ok ] New U-Boot image successfully combined with backup file
[info] New U-Boot image is ready to be written into FLASH
Are you sure you want to continue (type 'yes' or 'no')? yes
[erro] FATAL ERROR: could not write new U-Boot image into FLASH
[erro] DO NOT RESET YOUR DEVICE NOW AND TRY AGAIN!