Hi everybody,
I want to hack into my TP-LINK modem, just to get some practice before hacking into some other modems I have at home.
What I want to do is dump the contents of its flash memory, modify it, and then put the modified contents into the flash.
After a lot of research on the web, I found the best way to do this is to find a serial port on the PCB, solder wires to the port, and connect those wires to some db-25 or db-9 connector.
Then connect the cable to the pc and boot the modem; This should make me able to access the bootloader ( CFE on broadcom based systems ) menu or something like that...
But I have no idea of HOW to find the actual serial port on the PCB... How it's done ? And after that, how am I supposed to know which pins is what on the PCB ? Which is TX, RX, GND, 3.3v ?
I also thought about some JTAG action, but I only have 3 connections on the PCB labeled TPx : TP1, TP3V1 TP3V2.
Here's a picture of the PCB of the modem :
http://postimage.org/image/68f32nsd3/
Below the left of the big yellow thing at the top, the are 4 pins labeled J2... do you think that's the Serial Port ? And if it is, how can I know which is which ?
I'd really appreciate some help on the matter, and maybe some insight on how you guys find this stuff, so I can do it myself next time.
I found this :
http://wiki.openwrt.org/toh/tp-link/td-w8960n?s[]=tp&s[]=link&s[]=td
Useful, I'm almost sure what I thought was the serial is the serial, but I still don't know how to properly connect it to my computer and be able to see the boot process and/or take control of the CPE.
(Last edited by ectod on 16 Aug 2012, 18:31)