TP-Link WR740N v4 Int and v5 int are different in 3 aspects:
- Missing the on/off switch in V5. The construction of the PCB is much lighter, and much more intolerant to high/low voltages
- The LAN ports are turned upside down, with the RJ clip up.
- The reset button is no longer a pin hole
Apart from this everything else is the same.
Now about the firmware.
V5 have some more pluses over the V4. It have a page showing username/password fields, and dropbear running on port 22. However having dropbear does not mean that one is able to login to console session.
The username and the password are the same as the one which the user should input on the login page (default is admin/admin), however the PTYs are mistaken:
The reply from the dropbear is as follows:
PTY allocation request failed on channel 0
shell request failed on channel 0
If you modify the firmware and add telnet server, you'll be able to gain shell access by using username root and password sohoadmin. No worries about the free space. the original firmware is around 2MB large.
Flashing from Stock V5 to Stock V4 and vice versa could be made from the console, or from the httpd application.
If you're using the httpd app, then the header of the firmware you want to write should contains 3 fields:
- hardware version, found on offset 0x40 and contains 07400005 for V5 and 07400004 for V4
- firmware version, found on offset 0x44 and contains 00000001 aways
- firmware checksum, found on offset 0x4C checked by httpd and by bootloader.
As you can see if you are running the stock bootloader you're no go without a correct checksum.
This issue is resolved by two means:
- custom bootloader - try pepe2k one's. I am using it since a long time and it is very good peace of software
- checksum calculator
In order to gain access to the bootloader you might try to flash DD-WRT and then to rewrite the mtd0 with the pepe2k one's. However do not forget to make a backup.
If you're using checksum calculator, it is straight forward process. Change the HW version and you'll have a new strings inside the firmware file and a new checksum as well.
Then you might proceed with the flashing via httpd