I will first repeat your steps and see what I can find.
Topic: Support for TP-Link Archer C2600
The content of this topic has been archived between 29 Mar 2018 and 6 May 2018. Unfortunately there are posts – most likely complete pages – missing.
Page 2 of 49
The ssh server is likely present for the purposes of the smartphone app associated with the stock firmware, as described here.
http://forum.tp-link.com/showthread.php … hrough-ssh
I agree that the AP148 has very similar hardware.
Here are the snapshots should you feel the urge.
There's at least a model check + checksum in the bootloader before flashing of course.
The stock firmware header does not look like one of the existing standard tp-link firmware headers.
I tried extracting and repacking the squashfs root using firmware-mod-kit in order to enable ssh. Though I was able to repack the firmware, I don't think the checksum in the header was updated, and the bootloader would not flash it.
The uboot code in the gpl tarball from tp-link's site seems like it could be what is actually running on the router, so it's probably possible to make sense of that to understand where the checksum is supposed to be in the header.
Funny enough the gpl tarball actually contains a fully working build system (for qualcomm+tp-link-modified openwrt 12.09, which is also what the stock firmware is running underneath), but the resulting images are only for Beeliner reference boards and don't seem flashable to the c2600 as-is.
(in the stock firmware ssh login is disabled simply by a configuration switch in the dropbear config file. The only functionality which I can get working is tunnelling, but there don't seem to be any additional open ports behind the ssh tunnel as compared to the lan interface. I've confirmed that the tp-link tether app for android is connecting to the ssh daemon, but of course the subsequent traffic is encrypted, so I can't see what it's doing. It's possible that it's just interacting with the web server with some appropriate api through the tunnel.)
I also have been sifting the GPL code. Perhaps modifying this code is the safest and easiest starting point on which to build a working firmware.
Managed to get terminal access to the running stock firmware.
(By unpacking the squashfs root, modifying the dropbear configuration, repacking the squashfs root, padding/splicing back together and editing the md5sum in the header)
The format of the header btw is
firmware size (4bytes)
md5sum (16 bytes)
<data>
The md5sum is computed by concatenating <md5key> with <data>
where <md5key> is the 16 byte hex value:
7A 2B 15 ED 9B 98 59 6D E5 04 AB 44 AC 2A 9F 4E
(obtained from the uboot code in the gpl tarball)
Let me know what output I should dump from the running firmware.
In case anyone else wants to flash it (working on my router, but no guarantees as always), the modified firmware is here (can be flashed through the web interface even)
https://www.dropbox.com/s/i0qpam73dx03t … d.bin?dl=0
(Last edited by bendavid on 1 Dec 2015, 11:52)
I flashed your firmware but I am unable to ssh into the router. I tried root/admin and my gui login details without success. Did you set a default password?
Mmm, can't remember now if I changed the web GUI password first. In any case the webgui password does not work over SSH but rather root/admin or admin/admin
@bendavid
Great news! How about "dmesg", "lsmod", "cat /proc/mtd", "cat /proc/cpuinfo", "ip li", "ps" 
BusyBox v1.19.4 (2015-08-28 18:30:21 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
MM NM MMMMMMM M M
$MMMMM MMMMM MMMMMMMMMMM MMM MMM
MMMMMMMM MM MMMMM. MMMMM:MMMMMM: MMMM MMMMM
MMMM= MMMMMM MMM MMMM MMMMM MMMM MMMMMM MMMM MMMMM'
MMMM= MMMMM MMMM MM MMMMM MMMM MMMM MMMMNMMMMM
MMMM= MMMM MMMMM MMMMM MMMM MMMM MMMMMMMM
MMMM= MMMM MMMMMM MMMMM MMMM MMMM MMMMMMMMM
MMMM= MMMM MMMMM, NMMMMMMMM MMMM MMMM MMMMMMMMMMM
MMMM= MMMM MMMMMM MMMMMMMM MMMM MMMM MMMM MMMMMM
MMMM= MMMM MM MMMM MMMM MMMM MMMM MMMM MMMM
MMMM$ ,MMMMM MMMMM MMMM MMM MMMM MMMMM MMMM MMMM
MMMMMMM: MMMMMMM M MMMMMMMMMMMM MMMMMMM MMMMMMM
MMMMMM MMMMN M MMMMMMMMM MMMM MMMM
MMMM M MMMMMMM M M
M
---------------------------------------------------------------
For those about to rock... (IPQ806X.LN, unknown)
---------------------------------------------------------------
admin@Archer C2600:/root$ dmesg
916151] +HWT
[ 65.920806] CE_recv_buf_enqueue 809 Populate last entry 512 for CE 5
[ 65.926148] CE_recv_buf_enqueue 818 CE 5 wi 511 dest_ptr 0x58703040 nbytes 0 recv_ctxt 0xd95d5b40
[ 65.935395] Target:db29c800 HTC Service:0x0001, ULpipe:0 DLpipe:1 id:0 Ready
[ 65.942018] -HWT
[ 65.943861]
[ 65.943892] <=== cfg max peer id 1056 ====>
[ 65.949609] Target:db29c800 HTC Service:0x0300, ULpipe:4 DLpipe:5 id:1 Ready
[ 65.957232] HTC Service:0x0300 ep:1 TX flow control disabled
[ 65.963823] CE_pkt_dl_len_set CE 4 Pkt download length 64
[ 65.968447] ol_txrx_pdev_attach: 1424 tx desc's allocated ; range starts from d6e90000
[ 65.976663] Target:db29c800 HTC Service:0x0100, ULpipe:3 DLpipe:2 id:2 Ready
[ 65.983130] HTC Service:0x0100 ep:2 TX flow control disabled
[ 65.989690] wmi_service_ready_event_rx: WMI UNIFIED SERVICE READY event
[ 65.995532] num_rf_chain : 00000004
[ 65.999000] ht_cap_info: : 0000085b
[ 66.002467] vht_cap_info : 339b79b2
[ 66.005966] vht_supp_mcs : 0000ffea
[ 66.009403] ol_ath_service_ready_event: tt_support: 1
[ 66.014464] Peer Caching Enabled ; num_peers = 528, num_active_peers = 66 num_tids = 132, num_vdevs = 16
[ 66.023930] idx 0 req 1 num_units 0 num_unit_info 2 unit size 1296 actual units 529
[ 66.032114] idx 1 req 2 num_units 1 num_unit_info 4 unit size 256 actual units 67
[ 66.039393] idx 2 req 3 num_units 1 num_unit_info 4 unit size 1024 actual units 67
[ 66.047141] idx 3 req 4 num_units 1 num_unit_info 4 unit size 4096 actual units 67
[ 66.054982] idx 4 req 6 num_units 35 num_unit_info 0 unit size 3072 actual units 35
[ 66.062667] idx 5 req 7 num_units 1 num_unit_info 0 unit size 6144 actual units 1
[ 66.070290] idx 6 req 5 num_units 0 num_unit_info 2 unit size 1628 actual units 529
[ 66.078475] chunk 0 len 685584 requested ,ptr 0x57d00000
[ 66.083536] chunk 1 len 17152 requested ,ptr 0x57c08000
[ 66.088940] chunk 2 len 68608 requested ,ptr 0x57c40000
[ 66.094314] chunk 3 len 274432 requested ,ptr 0x57c80000
[ 66.099781] chunk 4 len 107520 requested ,ptr 0x57c60000
[ 66.105248] chunk 5 len 6144 requested ,ptr 0x589e8000
[ 66.110527] chunk 6 len 861212 requested ,ptr 0x57e00000
[ 66.168915] wmi_ready_event_rx: WMI UNIFIED READY event
[ 66.173320] ol_ath_connect_htc() WMI is ready
[ 66.177663] ol_ath_set_host_app_area TODO
[ 66.181661] target uses HTT version 2.1; host uses 2.1
[ 66.190846] ol_ath_attach() connect HTC.
[ 66.193876] ol_regdmn_start: reg-domain param: regdmn=0, countryName=, wModeSelect=FFFFFFFF, netBand=FFFFFFFF, extendedChanMode=0.
[ 66.205592] ol_regdmn_init_channels: !avail mode 0x680c (0x2) flags 0x2150
[ 66.212402] ol_regdmn_init_channels: !avail mode 0x680c (0x1) flags 0x140
[ 66.219212] ol_regdmn_init_channels: !avail mode 0x680c (0x20) flags 0xd0
[ 66.225960] ol_regdmn_init_channels: !avail mode 0x680c (0x40) flags 0x150
[ 66.232802] ol_regdmn_init_channels: !avail mode 0x680c (0x1000) flags 0x10100
[ 66.240049] ol_regdmn_init_channels: !avail mode 0x680c (0x8000) flags 0x20100
[ 66.247235] ol_regdmn_init_channels: !avail mode 0x680c (0x10000) flags 0x40100
[ 66.254545] ol_regdmn_init_channels: !avail mode 0x680c (0x20000) flags 0x100100
[ 66.261980] ol_regdmn_init_channels: !avail mode 0x680c (0x40000) flags 0x200100
[ 66.269290] ol_regdmn_init_channels: !avail mode 0x680c (0x80000) flags 0x400100
[ 66.276663] ol_regdmn_init_channels: !avail mode 0x680c (0x100000) flags 0x800100
[ 66.284223] ol_ath_phyerr_attach: called
[ 66.288066] OL Resmgr Init-ed
[ 66.291002] ieee80211_bsteering_attach: Band steering initialized
[ 66.298500] ol_if_spectral_setup
[ 66.300718] SPECTRAL : get_capability not registered
[ 66.305685] HAL_CAP_PHYDIAG : Capable
[ 66.309309] SPECTRAL : Need to fix the capablity check for RADAR (spectral_attach : 231)
[ 66.317400] SPECTRAL : get_capability not registered
[ 66.322305] HAL_CAP_RADAR : Capable
[ 66.325991] SPECTRAL : Need to fix the capablity check for SPECTRAL
[ 66.325991] (spectral_attach : 236)
[ 66.335801] SPECTRAL : get_capability not registered
[ 66.340737] HAL_CAP_SPECTRAL_SCAN : Capable
[ 66.344923] SPECTRAL : get_tsf64 not registered
[ 66.349390] spectral_init_netlink 65 NULL SKB
[ 66.353764] Green-AP : Green-AP : Attached
[ 66.353764]
[ 66.359356] Green-AP : Attached
[ 66.362417] rate power table override is only supported for AR98XX
[ 66.368697] ieee80211com_init_netlink: Socket already created d9630c00
[ 66.375132] ol_if_dfs_setup: called
[ 66.378662] ol_if_dfs_attach: called; ptr=d74d5984, radar_info=da979bc8
[ 66.385504] ol_ath_rtt_meas_report_attach: called
[ 66.390096] ol_ath_attach() UMAC attach .
[ 66.394064] ol_if_dfs_configure: called
[ 66.397844] ol_if_dfs_configure: FCC domain
[ 66.401999] ol_if_dfs_disable: called
[ 66.405716] ol_ath_attach: Calling ol_if_dfs_configure
[ 66.410777]
[ 66.410777] BURSTING enabled by default
[ 66.416307] osif_wrap_attach:400 osif wrap attached
[ 66.421024] osif_wrap_devt_init:361 osif wrap dev table init done
[ 66.427116] Wrap Attached: Wrap_com =db243800 ic->ic_wrap_com=db243800 &wrap_com->wc_devt=db243800
[ 66.436238] __ol_ath_attach: init tx/rx TODO
[ 66.440456] __ol_ath_attach: needed_headroom reservation 44
[ 66.446516] ol_ath_thermal_mitigation_attach: ++
[ 66.450671] ol_ath_thermal_mitigation_attach: --
[ 66.548484] Initializing Pktlogs for 11ac
[ 66.551483] Initializing Pktlogs for 11ac
[ 66.607122] __sa_init_module
[ 66.914495] [wifi1] FWLOG: [67475] WAL_DBGID_TX_AC_BUFFER_SET ( 0x3, 0x1e, 0x518, 0x518, 0x0 )
[ 66.922086] [wifi1] FWLOG: [67475] WAL_DBGID_TX_AC_BUFFER_SET ( 0x12, 0x1e, 0x518, 0x518, 0x0 )
[ 66.930740] [wifi1] FWLOG: [67475] WAL_DBGID_TX_AC_BUFFER_SET ( 0x45, 0x1e, 0x518, 0x518, 0x0 )
[ 66.939425] [wifi1] FWLOG: [67475] WAL_DBGID_TX_AC_BUFFER_SET ( 0x67, 0x1e, 0x518, 0x518, 0x0 )
[ 67.112246] [ol_ath_iw_setcountry][1641] *p=55, *(p+1)=53
[ 67.116682] isCountryCodeValid: EEPROM regdomain 0x0
[ 67.121587] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x2) flags 0x2150
[ 67.128803] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x4) flags 0xa0
[ 67.135613] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x8) flags 0xc0
[ 67.142330] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x20) flags 0xd0
[ 67.149359] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x40) flags 0x150
[ 67.156357] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x800) flags 0x10080
[ 67.163605] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x2000) flags 0x20080
[ 67.171009] ol_regdmn_init_channels: !avail mode 0x1f9001 (0x4000) flags 0x40080
[ 67.178412] Add VHT80 channel: 5210
[ 67.181818] Add VHT80 channel: 5290
[ 67.185317] Add VHT80 channel: 5530
[ 67.188753] Add VHT80 channel: 5610
[ 67.192221] Add VHT80 channel: 5690
[ 67.195720] Add VHT80 channel: 5775
[ 67.199187] Skipping VHT80 channel 5825
[ 67.226679] set TXBF_SND_PERIOD: value 100 wmi_status 0
[ 67.287785] ath_ioctl: SIOC80211IFCREATE CALLED
[ 67.291346] wmi_unified_vdev_create_send: ID = 0 Type = 1, Subtype = 0 VAP Addr = f4:f2:6d:37:b8:b4:
[ 67.302343] __ieee80211_smart_ant_init: Smart Antenna is not supported
[ 67.308028] Enabling SG bit for the vap ath0 features 4000
[ 67.313495] Enabling TSO bit for the vap ath0 features 4000
[ 67.319181] Enabling LRO bit for the vap ath0 features 4000
[ 67.324835] VAP device ath0 created osifp: (db29bc80) os_if: (d6adc000)
[ 67.360137] WARNING: Fragmentation with HT mode NOT ALLOWED!!
[ 67.392721] ME Pool succesfully initialized vaddr - d6400000 paddr - 0
[ 67.392721] num_elems = 10424 buf_size - 64 pool_size = 708832
[ 67.404154] Enable MCAST_TO_UCAST
[ 67.437050] su bfee 1 mu bfee 0 su bfer 1 mu bfer 1 impl bf 0 sounding dim 3
[ 67.452264]
[ 67.452264] DES SSID SET=
[ 67.458356]
[ 67.458356] DES SSID SET=TP-LINK_B8B5_5G
[ 68.023648] ieee80211_ioctl_siwmode: imr.ifm_active=66176, new mode=3, valid=1
[ 68.103905] DEVICE IS DOWN ifname=ath0
[ 68.106747] DEVICE IS DOWN ifname=ath0
[ 68.295501] [ol_ath_iw_setcountry][1641] *p=55, *(p+1)=53
[ 68.299968] isCountryCodeValid: EEPROM regdomain 0x0
[ 68.305029] ol_regdmn_init_channels: !avail mode 0x680c (0x2) flags 0x2150
[ 68.311683] ol_regdmn_init_channels: !avail mode 0x680c (0x1) flags 0x140
[ 68.318494] ol_regdmn_init_channels: !avail mode 0x680c (0x20) flags 0xd0
[ 68.325335] [wifi0] FWLOG: [69596] WAL_DBGID_SECURITY_ENCR_EN ( )
[ 68.331365] [wifi0] FWLOG: [69596] WAL_DBGID_SECURITY_MCAST_KEY_SET ( ol_regdmn_init_channels: !avail mode 0x680c (0x40) flags 0x150
[ 68.343298] ol_regdmn_init_channels: !avail mode 0x680c (0x1000) flags 0x10100
[ 68.350515] 0x1ol_regdmn_init_channels: !avail mode 0x680c (0x8000) flags 0x20100
[ 68.350702] ol_regdmn_init_channels: !avail mode 0x680c (0x10000) flags 0x40100
[ 68.350734] ol_regdmn_init_channels: !avail mode 0x680c (0x20000) flags 0x100100
[ 68.350734] ol_regdmn_init_channels: !avail mode 0x680c (0x40000) flags 0x200100
[ 68.350734] ol_regdmn_init_channels: !avail mode 0x680c (0x80000) flags 0x400100
[ 68.350734] ol_regdmn_init_channels: !avail mode 0x680c (0x100000) flags 0x800100
[ 68.374226] set TXBF_SND_PERIOD: value 100 wmi_status 0
[ 68.392002] ath_ioctl: SIOC80211IFCREATE CALLED
[ 68.392033] wmi_unified_vdev_create_send: ID = 0 Type = 1, Subtype = 0 VAP Addr = f4:f2:6d:37:b8:b5:
[ 68.392314] __ieee80211_smart_ant_init: Smart Antenna is not supported
[ 68.392346] Enabling SG bit for the vap ath1 features 4000
[ 68.392346] Enabling TSO bit for the vap ath1 features 4000
[ 68.392346] Enabling LRO bit for the vap ath1 features 4000
[ 68.392346] VAP device ath1 created osifp: (de13d480) os_if: (d8414000)
[ 68.429459] WARNING: Fragmentation with HT mode NOT ALLOWED!!
[ 68.449953] )
[ 68.459075] ME Pool succesfully initialized vaddr - d6600000 paddr - 0
[ 68.459106] num_elems = 10424 buf_size - 64 pool_size = 708832
[ 68.471009] Enable MCAST_TO_UCAST
[ 68.510434] su bfee 1 mu bfee 0 su bfer 1 mu bfer 1 impl bf 0 sounding dim 3
[ 68.525960]
[ 68.525960] DES SSID SET=
[ 68.532052]
[ 68.532052] DES SSID SET=TP-LINK_B8B5
[ 68.673695] ieee80211_ioctl_siwmode: imr.ifm_active=131712, new mode=3, valid=1
[ 68.723867] DEVICE IS DOWN ifname=ath1
[ 68.726710] DEVICE IS DOWN ifname=ath1
[ 68.873352] device ath0 entered promiscuous mode
[ 68.883099] OL vap_stop +
[ 68.884786] wmi_unified_vdev_stop_send for vap 0 (d9500000)
[ 68.890253] OL vap_stop -
[ 68.890284] STOPPED EVENT for vap 0 (d9500000)
[ 68.919462] [wifi1] FWLOG: [70212] WAL_DBGID_SECURITY_ENCR_EN ( )
[ 68.924617] [wifi1]
[ 68.925148] br-lan: port 2(ath0) entered forwarding state
[ 68.925179] br-lan: port 2(ath0) entered forwarding state
[ 68.925554] 8021q: adding VLAN 0 to HW filter on device ath0
[ 68.930740] device ath1 entered promiscuous mode
[ 68.937519] OL vap_stop +
[ 68.937550] wmi_unified_vdev_stop_send for vap 0 (daf40000)
[ 68.937550] OL vap_stop -
[ 68.959200] STOPPED EVENT for vap 0 (daf40000)
[ 68.963042] FWLOG: [70212] WAL_DBGID_SECURITY_MCAST_KEY_SET (
[ 68.965010] br-lan: port 3(ath1) entered forwarding state
[ 68.965010] br-lan: port 3(ath1) entered forwarding state
[ 68.965042] 8021q: adding VLAN 0 to HW filter on device ath1
[ 68.985629] 0x1 )
[ 69.325117] [wifi0] FWLOG: [70313] WAL channel change freq=5180, mode=0 flags=0 rx_ok=1 tx_ok=1
[ 69.332771] [wifi0] FWLOG: [70626] WAL channel change freq=5200, mode=0 flags=0 rx_ok=1 tx_ok=1
[ 69.922055] [wifi1] FWLOG: [70336] WAL channel change freq=2412, mode=1 flags=0 rx_ok=1 tx_ok=1
[ 69.929771] [wifi1] FWLOG: [70649] WAL channel change freq=2417, mode=1 flags=0 rx_ok=1 tx_ok=1
[ 69.938425] [wifi1] FWLOG: [70962] WAL channel change freq=2422, mode=1 flags=0 rx_ok=1 tx_ok=1
[ 69.947141] [wifi1] FWLOG: [71276] WAL channel change freq=2427, mode=1 flags=0 rx_ok=1 tx_ok=1
[ 70.327272] [wifi0] FWLOG: [70939] WAL channel change freq=5220, mode=0 flags=0 rx_ok=1 tx_ok=1
[ 70.335238] [wifi0] FWLOG: [71252] WAL channel change freq=5240, mode=0 flags=0 rx_ok=1 tx_ok=1
[ 70.343580] [wifi0] FWLOG: [71566] WAL channel change freq=5745, mode=0 flags=0 rx_ok=1 tx_ok=1
[ 70.924648] [wifi1] FWLOG: [71588] WAL channel change freq=2432, mode=1 flags=0 rx_ok=1 tx_ok=1
[ 70.932364] [wifi1] FWLOG: [71901] WAL channel change freq=2437, mode=1 flags=0 rx_ok=1 tx_ok=1
[ 70.940987] [wifi1] FWLOG: [72214] WAL channel change freq=2442, mode=1 flags=0 rx_ok=1 tx_ok=1
[ 71.329397] [wifi0] FWLOG: [71879] WAL channel change freq=5765, mode=0 flags=0 rx_ok=1 tx_ok=1
[ 71.337082] [wifi0] FWLOG: [72192] WAL channel change freq=5785, mode=0 flags=0 rx_ok=1 tx_ok=1
[ 71.345766] [wifi0] FWLOG: [72506] WAL channel change freq=5805, mode=0 flags=0 rx_ok=1 tx_ok=1
[ 71.684005] OL vap_start +
[ 71.685660] wmi_unified_vdev_start_send for vap 0 (d9500000)
[ 71.691408] OL vap_start -
[ 71.927210] [wifi1] FWLOG: [72527] WAL channel change freq=2447, mode=1 flags=0 rx_ok=1 tx_ok=1
[ 71.934895] [wifi1] FWLOG: [72840] WAL channel change freq=2452, mode=1 flags=0 rx_ok=1 tx_ok=1
[ 71.943548] [wifi1] FWLOG: [73153] WAL channel change freq=2457, mode=1 flags=0 rx_ok=1 tx_ok=1
[ 72.032552] ol_vdev_start_resp_ev for vap 0 (d9500000)
[ 72.036644] ol_ath_vap_join: join operation is only for STA/IBSS mode
[ 72.043080] ol_ath_wmm_update:
[ 72.046173] su bfee 1 mu bfee 0 su bfer 1 mu bfer 1 impl bf 0 sounding dim 3
[ 72.053139] wmi_unified_vdev_up_send for vap 0 (d9500000)
[ 72.058512] __ieee80211_smart_ant_init: Smart Antenna is not supported
[ 72.065104] Notification to UMAC VAP layer
[ 72.331583] [wifi0] FWLOG: [72819] WAL channel change freq=5825, mode=0 flags=0 rx_ok=1 tx_ok=1
[ 72.336332] mlme_create_infra_bss : Overriding HT40 channel with HT20 channel
[ 72.336363] OL vap_start +
[ 72.336363] wmi_unified_vdev_start_send for vap 0 (daf40000)
[ 72.336363] OL vap_start -
[ 72.357888] [wifi0] FWLOG: [73174] vap-0 VDEV_MGR_VDEV_START ( 0x1671, 0x2, 0x0, 0x0 )
[ 72.365354] [wifi0] FWLOG: [73174] WAL channel change freq=5745, mode=10 flags=0 rx_ok=1 tx_ok=1
[ 72.374133] [wifi0] FWLOG: [73515] VDEV_MGR_HP_START_TIME ( 0x0, 0x1671, 0x10cc000 )
[ 72.381849] [wifi0] FWLOG: [73515] RESMGR_OCS_GEN_PERIODIC_NOA ( 0x1 )
[ 72.388659] [wifi0] FWLOG: [73515] RESMGR_OCS_GEN_PERIODIC_NOA ( 0x0 )
[ 72.395157] [wifi0] FWLOG: [73515] VDEV_MGR_AP_TBTT_CONFIG ( 0x0, 0x1671, 0x0, 0x0 )
[ 72.747766] ol_vdev_start_resp_ev for vap 0 (daf40000)
[ 72.751890] ol_ath_vap_join: join operation is only for STA/IBSS mode
[ 72.758294] ol_ath_wmm_update:
[ 72.761418] su bfee 1 mu bfee 0 su bfer 1 mu bfer 1 impl bf 0 sounding dim 3
[ 72.768384] wmi_unified_vdev_up_send for vap 0 (daf40000)
[ 72.773758] __ieee80211_smart_ant_init: Smart Antenna is not supported
[ 72.780349] Notification to UMAC VAP layer
[ 72.929803] [wifi1] FWLOG: [73467] WAL channel change freq=2462, mode=1 flags=0 rx_ok=1 tx_ok=1
[ 72.937800] [wifi1] FWLOG: [73821] vap-0 VDEV_MGR_VDEV_START ( 0x96c, 0x2, 0x0, 0x0 )
[ 72.945267] [wifi1] FWLOG: [73821] WAL channel change freq=2412, mode=5 flags=0 rx_ok=1 tx_ok=1
[ 72.954451] [wifi1] FWLOG: [74227] VDEV_MGR_HP_START_TIME ( 0x0, 0x96c, 0x659001 )
[ 72.961512] [wifi1] FWLOG: [74227] RESMGR_OCS_GEN_PERIODIC_NOA ( 0x1 )
[ 72.968041] [wifi1] FWLOG: [74227] RESMGR_OCS_GEN_PERIODIC_NOA ( 0x0 )
[ 72.974570] [wifi1] FWLOG: [74227] VDEV_MGR_AP_TBTT_CONFIG ( 0x0, 0x96c, 0x0, 0x0 )
admin@Archer C2600:/root$ lsmod
Module Size Used by Tainted: P
smart_antenna 29311 0
ath_pktlog 14069 0
button_hotplug 2767 0
NetUSB 154423 0
GPL_NetUSB 4298 1 NetUSB
umac 1705557 2 smart_antenna,ath_pktlog
ath_dev 315473 2 ath_pktlog,umac
hst_tx99 8202 2 umac,ath_dev
ath_spectral 28329 2 umac,ath_dev
ath_dfs 51422 1 umac
ath_rate_atheros 37155 3 ath_pktlog,umac,ath_dev
ath_hal 588790 5 ath_pktlog,umac,ath_dev,hst_tx99,ath_rate_atheros
adf 12046 4 umac,ath_dev,hst_tx99,ath_hal
asf 6101 6 ath_pktlog,umac,ath_dev,ath_spectral,ath_dfs,ath_hal
domain_dns 2677 0
domain_libs 1293 1 domain_dns
fuse 53853 0
usb_storage 35138 0
leds_gpio 1686 0
gpio_keys 5417 0
ecm 1749958 0
qca_nss_tunipip6 1292 0
qca_nss_tun6rd 4552 0
dwc3_ipq 14814 0
ledtrig_usbdev 2276 0
xt_mark2prio 663 0
nf_conntrack_netlink 15102 0
ip6t_REJECT 2929 2
ip6t_rt 4201 0
ip6t_hbh 2771 0
ip6t_mh 1129 0
ip6t_ipv6header 1045 0
ip6t_frag 2925 0
ip6t_eui64 723 0
ip6t_ah 2281 0
ip6table_raw 661 1
ip6_queue 3961 0
ip6table_mangle 903 1
ip6table_filter 695 1
ip6_tables 9392 7 ip6t_rt,ip6t_hbh,ip6t_frag,ip6t_ah,ip6table_raw,ip6table_mangle,ip6table_filter
nf_conntrack_ipv6 6020 3
nf_defrag_ipv6 7047 1 nf_conntrack_ipv6
nfnetlink 2149 1 nf_conntrack_netlink
ipt_TRIGGER 1894 0
nf_nat_rtsp 3891 0
nf_conntrack_rtsp 5817 1 nf_nat_rtsp
xt_httphost 1303 0
xt_app 691 0
nf_nat_tftp 494 0
nf_conntrack_tftp 2822 1 nf_nat_tftp
nf_nat_snmp_basic 6835 0
nf_conntrack_snmp 701 1 nf_nat_snmp_basic
nf_nat_sip 5000 0
nf_conntrack_sip 15585 1 nf_nat_sip
nf_nat_pptp 2775 0
nf_conntrack_pptp 6200 1 nf_nat_pptp
nf_nat_h323 6086 0
nf_conntrack_h323 38668 1 nf_nat_h323
nf_nat_proto_gre 1440 1 nf_nat_pptp
nf_conntrack_proto_gre 4086 1 nf_conntrack_pptp
nf_nat_amanda 666 0
nf_conntrack_amanda 1541 1 nf_nat_amanda
nf_conntrack_broadcast 794 1 nf_conntrack_snmp
nf_nat_irc 1099 0
nf_conntrack_irc 2984 1 nf_nat_irc
nf_nat_ftp 1369 0
nf_conntrack_ftp 6986 1 nf_nat_ftp
xt_iprange 2037 0
xt_HL 1317 0
xt_hl 879 0
xt_ecn 1333 0
ipt_ECN 1301 0
xt_CLASSIFY 601 0
xt_time 1459 0
xt_tcpmss 955 0
xt_statistic 862 0
xt_mark 705 0
xt_length 758 0
xt_DSCP 1483 0
xt_dscp 1127 0
xt_quota 810 0
xt_pkttype 624 0
xt_physdev 1357 2
xt_owner 742 0
compat_xtables 1709 0
ipt_REDIRECT 1115 0
ipt_NETMAP 1087 0
ipt_MASQUERADE 1564 1
iptable_nat 3262 1
nf_nat 12487 15 ipt_TRIGGER,nf_nat_rtsp,nf_conntrack_rtsp,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_h323,nf_nat_proto_gre,nf_nat_amanda,nf_nat_irc,nf_nat_ftp,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,iptable_nat
xt_recent 5643 0
xt_helper 897 0
xt_connmark 1249 0
xt_connbytes 1338 0
pptp 13644 0
l2tp_ppp 13125 0
pppoe 8946 1 ecm
xt_conntrack 2393 6
xt_CT 2457 0
xt_NOTRACK 620 0
iptable_raw 711 1
xt_state 786 0
nf_conntrack_ipv4 6459 6 iptable_nat,nf_nat
nf_defrag_ipv4 817 1 nf_conntrack_ipv4
nf_conntrack 52552 36 ecm,nf_conntrack_netlink,nf_conntrack_ipv6,ipt_TRIGGER,nf_nat_rtsp,nf_conntrack_rtsp,nf_nat_tftp,nf_conntrack_tftp,nf_nat_snmp_basic,nf_conntrack_snmp,nf_nat_sip,nf_conntrack_sip,nf_nat_pptp,nf_conntrack_pptp,nf_nat_h323,nf_conntrack_h323,nf_conntrack_proto_gre,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_broadcast,nf_nat_irc,nf_conntrack_irc,nf_nat_ftp,nf_conntrack_ftp,xt_DSCP,ipt_MASQUERADE,iptable_nat,nf_nat,xt_helper,xt_connmark,xt_connbytes,xt_conntrack,xt_CT,xt_NOTRACK,xt_state,nf_conntrack_ipv4
ehci_hcd 57476 0
xhci_hcd 94431 0
dwc3 38987 1 dwc3_ipq
udc_core 5309 1 dwc3
sd_mod 23172 0
pppox 1220 3 pptp,l2tp_ppp,pppoe
ipt_REJECT 1639 2
xt_TCPMSS 2461 0
xt_comment 512 0
xt_multiport 1929 1
xt_mac 656 0
xt_limit 1066 2
iptable_mangle 869 1
iptable_filter 745 1
ip_tables 9980 4 iptable_nat,iptable_raw,iptable_mangle,iptable_filter
xt_tcpudp 2397 6
x_tables 10703 57 xt_mark2prio,ip6t_REJECT,ip6t_rt,ip6t_hbh,ip6t_mh,ip6t_ipv6header,ip6t_frag,ip6t_eui64,ip6t_ah,ip6table_raw,ip6table_mangle,ip6table_filter,ip6_tables,ipt_TRIGGER,xt_httphost,xt_app,xt_iprange,xt_HL,xt_hl,xt_ecn,ipt_ECN,xt_CLASSIFY,xt_time,xt_tcpmss,xt_statistic,xt_mark,xt_length,xt_DSCP,xt_dscp,xt_quota,xt_pkttype,xt_physdev,xt_owner,compat_xtables,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,iptable_nat,xt_recent,xt_helper,xt_connmark,xt_connbytes,xt_conntrack,xt_CT,xt_NOTRACK,iptable_raw,xt_state,ipt_REJECT,xt_TCPMSS,xt_comment,xt_multiport,xt_mac,xt_limit,iptable_mangle,iptable_filter,ip_tables,xt_tcpudp
msdos 5497 0
bonding 90382 1 ecm
ip_gre 12390 0
gre 1167 2 pptp,ip_gre
qca_nss_macsec 54729 0
qca_nss_qdisc 29173 0
sit 9420 1 qca_nss_tun6rd
qca_nss_drv 166460 5 umac,ecm,qca_nss_tunipip6,qca_nss_tun6rd,qca_nss_qdisc
l2tp_netlink 6197 1 l2tp_ppp
l2tp_core 12041 2 l2tp_ppp,l2tp_netlink
ip6_tunnel 10637 1 qca_nss_tunipip6
qca_nss_gmac 52395 2 qca_nss_macsec,qca_nss_drv
ppp_mppe 5042 0
tunnel6 1516 1 ip6_tunnel
tunnel4 1669 1 sit
snd_pcm_oss 30599 0
snd_mixer_oss 11435 1 snd_pcm_oss
snd_pcm 55264 1 snd_pcm_oss
snd_timer 14143 1 snd_pcm
snd_rawmidi 14179 0
snd_seq_device 3979 1 snd_rawmidi
snd_hwdep 4493 0
snd_page_alloc 4329 1 snd_pcm
snd 35701 7 snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer,snd_rawmidi,snd_seq_device,snd_hwdep
soundcore 3758 1 snd
ppp_async 5878 0
ppp_generic 22013 8 ecm,pptp,l2tp_ppp,pppoe,pppox,qca_nss_drv,ppp_mppe,ppp_async
slhc 3983 1 ppp_generic
vfat 7771 0
fat 40384 2 msdos,vfat
ntfs 78887 0
hfsplus 68488 0
hfs 37512 0
raid1 23989 0
raid0 8047 0
linear 2980 0
md_mod 88535 3 raid1,raid0,linear
statistics 159834 1 ecm
nls_iso8859_1 2931 0
nls_cp437 4463 0
usbcore 134250 6 GPL_NetUSB,usb_storage,ledtrig_usbdev,ehci_hcd,xhci_hcd
usb_common 515 2 udc_core,usbcore
ts_fsm 2623 0
ts_bm 1479 0
ts_kmp 1235 5
crc_ccitt 984 1 ppp_async
ipv6 237002 34 ecm,ip6t_REJECT,ip6_queue,ip6table_mangle,nf_conntrack_ipv6,nf_defrag_ipv6,ip_gre,sit,ip6_tunnel,tunnel6
qca_ssdk 748718 0
sha1_generic 1453 0
ecb 1446 0
arc4 893 0
liblog 1114 1 xt_app
thfsplus 73052 0
tntfs 363023 0
texfat 160682 0
tfat 157602 0
admin@Archer C2600:/root$ cat /proc/mtd
dev: size erasesize name
mtd0: 00040000 00010000 "ART"
mtd1: 01b00000 00010000 "rootfs"
admin@Archer C2600:/root$ cat /proc/cpuinfo
Processor : ARMv7 Processor rev 0 (v7l)
processor : 0
BogoMIPS : 12.55
processor : 1
BogoMIPS : 12.55
Features : swp half thumb fastmult vfp edsp neon vfpv3 tls vfpv4
CPU implementer : 0x51
CPU architecture: 7
CPU variant : 0x2
CPU part : 0x04d
CPU revision : 0
Hardware : Qualcomm Atheros AP148 reference board
Revision : 0000
Serial : 0000000000000000
admin@Archer C2600:/root$ ip li
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000
link/ether f4:f2:6d:37:b8:b6 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br-lan state UP mode DEFAULT qlen 1000
link/ether f4:f2:6d:37:b8:b5 brd ff:ff:ff:ff:ff:ff
4: ip6tnl0: <NOARP> mtu 1452 qdisc noop state DOWN mode DEFAULT
link/tunnel6 :: brd ::
5: qca-nss-dev0: <> mtu 0 qdisc noop state DOWN mode DEFAULT
link/generic
6: qca-nss-dev1: <> mtu 0 qdisc noop state DOWN mode DEFAULT
link/generic
7: qca-nss-dev2: <> mtu 0 qdisc noop state DOWN mode DEFAULT
link/generic
8: qca-nss-dev3: <> mtu 0 qdisc noop state DOWN mode DEFAULT
link/generic
9: sit0: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT
link/sit 0.0.0.0 brd 0.0.0.0
10: gre0: <NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT
link/gre 0.0.0.0 brd 0.0.0.0
11: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN mode DEFAULT
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
12: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether f4:f2:6d:37:b8:b5 brd ff:ff:ff:ff:ff:ff
13: wifi0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 539
link/ieee802.11 f4:f2:6d:37:b8:b4 brd ff:ff:ff:ff:ff:ff
14: wifi1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 539
link/ieee802.11 f4:f2:6d:37:b8:b5 brd ff:ff:ff:ff:ff:ff
15: ath0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br-lan state UNKNOWN mode DEFAULT qlen 1000
link/ether f4:f2:6d:37:b8:b4 brd ff:ff:ff:ff:ff:ff
16: ath1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br-lan state UNKNOWN mode DEFAULT qlen 1000
link/ether f4:f2:6d:37:b8:b5 brd ff:ff:ff:ff:ff:ff
admin@Archer C2600:/root$ ps
PID USER VSZ STAT COMMAND
1 root 1420 S init
2 root 0 SW [kthreadd]
3 root 0 SW [ksoftirqd/0]
4 root 0 SW [kworker/0:0]
5 root 0 SW [kworker/u:0]
6 root 0 SW [migration/0]
7 root 0 SW [migration/1]
8 root 0 SW [kworker/1:0]
9 root 0 SW [ksoftirqd/1]
10 root 0 SW< [khelper]
11 root 0 SW [kworker/u:1]
31 root 0 SW [kworker/0:1]
110 root 0 SW [irq/202-msmdata]
252 root 0 SW [sync_supers]
254 root 0 SW [bdi-default]
255 root 0 SW< [crypto]
257 root 0 SW< [kblockd]
262 root 0 SW< [ata_sff]
266 root 0 SW< [spi_qsd.5]
269 root 0 SW [msm-spi-thread]
368 root 0 SW< [modem_notifier]
370 root 0 SW< [smd_channel_clo]
371 root 0 SW< [smsm_cb_wq]
396 root 0 SW< [qmi]
425 root 0 SW< [nmea]
427 root 0 SW< [rpcrouter]
443 root 0 SW [kswapd0]
486 root 0 SW [fsnotify_mark]
509 root 0 SW< [smux_notify_wq]
510 root 0 SW< [smux_tx_wq]
511 root 0 SW< [smux_rx_wq]
512 root 0 SW< [smux_loopback_w]
518 root 0 SW< [k_hsuart]
530 root 0 SW [scsi_eh_0]
533 root 0 SW [kworker/u:2]
546 root 0 SW [mtdblock0]
551 root 0 SW [mtdblock1]
615 root 0 SW< [iewq]
616 root 0 DW [kinteractiveup]
619 root 0 SW< [msm-cpufreq]
620 root 0 SW [kworker/1:1]
623 root 0 SW< [rq_stats]
629 root 0 SW< [deferwq]
1082 root 1448 S {rcS} /bin/sh /etc/init.d/rcS S boot
1083 root 1420 S init
1085 root 1412 S logger -s -p 6 -t sysinit
1119 root 0 SW [khubd]
1124 root 0 SW< [md]
1156 root 0 SW< [gmac_workqueue]
1161 root 0 SW< [nss_freq_queue]
1191 root 0 SW< [bond0]
1399 root 1180 S /usr/sbin/logd -C 128
1402 root 1408 S /sbin/klogd
1429 root 1228 S /sbin/hotplug2 --override --persistent --set-rules-file /etc/hotplug2.rules --set-coldplug-cmd /sbin/udevtrigger --max-children 1
1430 root 860 S /sbin/hotplug2 --override --persistent --set-rules-file /etc/hotplug2-usb.rules --set-coldplug-cmd /sbin/udevtrigger --max-children 1
1439 root 900 S /sbin/ubusd
1455 root 3176 S /usr/bin/ledctrl
1839 root 1372 S /sbin/netifd
2082 root 0 SW [kworker/0:2]
2131 root 1416 S udhcpc -p /var/run/udhcpc-eth0.pid -s /lib/netifd/dhcp.script -O 33 -O 121 -O 249 -f -R -a -t 0 -i eth0 -H Archer_C2600 -V MSFT 5.0 -C -B
2400 root 1408 S /usr/bin/client_mgmt
2691 root 1332 S /usr/sbin/imbd
2820 nobody 1020 S /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf
2981 root 10108 S /usr/sbin/minidlnad -f /tmp/minidlna.conf -P /var/run/minidlnad.pid
3255 root 3092 S /usr/sbin/smbd -D
3257 root 3100 S /usr/sbin/nmbd -D
3300 root 1528 S {dnsproxy_deamon} /bin/sh /usr/lib/dnsproxy/dnsproxy_deamon.sh
3473 root 1420 S /usr/sbin/crond -c /etc/crontabs -l 5
3479 root 1456 S {S50factory_sett} /bin/sh /etc/rc.common /etc/rc.d/S50factory_settings_reset boot
3480 root 1056 S /usr/bin/factory_settings_reset
3531 guest 2284 S proftpd: (accepting connections)
3547 daemon 1984 S slpd -r /var/slp.reg -c /var/slp.conf
3551 root 1004 S /usr/sbin/sysmond
3553 root 1456 S {S50tmpServer} /bin/sh /etc/rc.common /etc/rc.d/S50tmpServer boot
3557 root 1016 S /usr/sbin/tsched
3560 root 5532 S /usr/bin/tmpServer
3594 root 1100 S /usr/sbin/uhttpd -f -h /www -r Archer C2600 -x /cgi-bin -t 60 -T 30 -A 1 -n 3 -p 0.0.0.0:80
3625 root 1460 S /usr/sbin/dbus-daemon --system
3690 root 1492 S /usr/sbin/dropbear -P /var/run/dropbear.1.pid -p 22 -L -C
3742 nobody 1844 S avahi-daemon: running [ArcherC2600.local]
3784 root 0 SW [ telnetDBGD ]
3785 root 0 SW [ acktelnetDBGD ]
3796 root 0 SW [NU UDP]
3797 root 0 SW [NU TCP]
4355 root 1324 S /usr/sbin/tfstats
4359 root 3376 S /usr/sbin/dosd
4363 root 1392 S tddp
4392 root 1404 S /sbin/watchdog -t 5 /dev/watchdog
4396 root 1416 S /usr/sbin/ntpd -n -p time.nist.gov -p time-nw.nist.gov -p time-a.nist.gov -p time-b.nist.gov
4497 root 888 S /usr/bin/switch_led
4513 root 5100 S < /usr/sbin/thermald -c /etc/thermal/ipq-thermald-8064.conf
5064 root 1432 S hostapd -P /var/run/wifi-ath0.pid -B /var/run/hostapd-ath0.conf -e /var/run/entropy-ath0.bin
5066 root 1056 S hostapd_cli -i ath0 -P /var/run/hostapd_cli-ath0.pid -a /lib/wifi/tplink-update-uci -p /var/run/hostapd-wifi0 -B
5154 root 1428 S hostapd -P /var/run/wifi-ath1.pid -B /var/run/hostapd-ath1.conf -e /var/run/entropy-ath1.bin
5156 root 1056 S hostapd_cli -i ath1 -P /var/run/hostapd_cli-ath1.pid -a /lib/wifi/tplink-update-uci -p /var/run/hostapd-wifi1 -B
5701 root 2312 S /usr/sbin/dropbear -P /var/run/dropbear.1.pid -p 22 -L -C
5738 admin 1424 S -ash
5940 root 1408 S sleep 30
5953 admin 1412 R ps
admin@Archer C2600:/root$ Is the stock firmware based on OpenWrt? I wonder if it's possible to sysupgrade or flash the AP148 image somehow from there.
Hardware : Qualcomm Atheros AP148 reference boardYes, the Qualcomm SDK on which the stock firmware is based is apparently a modified openwrt 12.09.
Major changes I'm aware of in the qualcomm SDK with respect to openwrt 12.09 are
1) Proprietary wireless driver
2) Kernel patches + additional modules to support the tcp-ip offload in the IPQ806x (this is also related to the qca-nss devices)
Then tp-link has heavily customized the web interface and a few other things on top.
Probably this includes modifications to sysupgrade to check headers/product info/etc, assuming this is what they are calling from the firmware upgrade in their own web interface. Will take a closer a look.
I managed to get ssh access using @bendavid firmware, but I needed to perform a factory reset after installing it. Can't install anything via opkg though.
One thing I realized (while playing with sysupgrade) is that apparently with this configuration one always ends up logged in as "admin" user rather than root.
Will see about enabling proper root login.
(btw sysupgrade with AP148 factory images complains about failed product check as expected, but with the -F option looks like it would have proceeded aside from the fact that I was not root)
Updated firmware with further fixed dropbear configuration so that root login works. Have also edited /etc/shadow to set a default password of "admin" for the root account.
https://www.dropbox.com/s/9jplakzrr906n … d.bin?dl=0
(very likely the tp-link tether app will not work with this firmware, since it changes the behaviour of the ssh daemon and how logins are mapped to local accounts, essential restoring the default/sane behaviour whereas there was some custom option set before which was doing something different)
(Last edited by bendavid on 2 Dec 2015, 22:57)
Would it be good to split this into a separate thread for the C2600 to keep it dedicated to that model?
Thanks for the investigation work. I was hoping the router would get openWRT support (and hence why I went for a pure ATH chipset solution).
Also, with regards to the custom wireless driver, is really just a backported version of the ath10k driver? that is the one needed for this newer chip, but wouldn't have been around in 12.09 time frame.
I think qualcomm anyways maintains a separate closed source driver in parallel to whatever they are contributing upstream. Some of the code may even be in common between the two.
I believe that ath10k will now or soon support the QCA9980 wireless chips in this router (but let's see what happens once we get a running snapshot)
Up to the forum mods if they want to change the thread name or whatnot. Will continue the discussion here unless told otherwise.
FWIW, a brute force attempt to flash the AP148 factory images is not successful:
root@Archer C2600:/tmp# sysupgrade -n -F openwrt-ipq806x-AP148-squashfs-nand-factory.ubi
openwrt-ipq806x-AP148-squashfs-nand-factory.ubi is not a valid FIT image
Image check 'platform_check_image' failed but --force given - will update anyway!
Sending TERM to remaining processes ... rcS logger logd klogd hotplug2 hotplug2 ubusd ledctrl sleep netifd client_mgmt imbd dnsmasq minidlnad smbd nmbd dnsproxy_deamon crond S50factory_sett factory_setting proftpd slpd sysmond S50tmpServer tmpServer tsched uhttpd dbus-daemon avahi-daemon tfstats dosd ntpd switch_led thermald
Sending KILL to remaining processes ... lock client_mgmt imbd uhttpd
Switching to ramdisk...
Performing system upgrade...
dumpimage: Bad Magic Number: "openwrt-ipq806x-AP148-squashfs-nand-factory.ubi" is no valid image
dumpimage: Bad Magic Number: "openwrt-ipq806x-AP148-squashfs-nand-factory.ubi" is no valid image
ash: can't create /sys/devices/platform/msm_nand/boot_layout: nonexistent directory
Upgrade completed
Rebooting system...I successfully installed @bendavid's ssh_root firmware, but the /etc/opkg.conf relies on packages that no longer (if ever?) exist. Cannot install anything without it. Specifically
http://downloads.openwrt.org/attitude_a … c/packages
I can't find any ipq806x packages in 12.09
Further update. The image format is very similar to the tp-link CPE510, and it looks like it can be easily supported with minimal modifications to tplink-safeloader
(I'm able to build flashable images from scratch already, though nothing which actually boots yet.)
Will submit patches for tplink-safeloader soon (but may need some help to get usage of it properly integrated into target/linux/ipq806x/image/Makefile)
Then unless the current issue is trivial it may indeed be quite difficult to debug issues booting the kernel/rootfs from the AP148 build without a serial console...
bendavid wrote:
Further update. The image format is very similar to the tp-link CPE510, and it looks like it can be easily supported with minimal modifications to tplink-safeloader
(I'm able to build flashable images from scratch already, though nothing which actually boots yet.)Will submit patches for tplink-safeloader soon (but may need some help to get usage of it properly integrated into target/linux/ipq806x/image/Makefile)
Then unless the current issue is trivial it may indeed be quite difficult to debug issues booting the kernel/rootfs from the AP148 build without a serial console...
It's probably more likely that there needs to be a custom target for the router, rather than a reference board one (just like the R7500).
\Archer C2600_GPL_V1\Archer_C2600_v1_GPL\openwrt\qca\src\u-boot\tools\default_image.c has the code to verify the headers.
The gave the whole uboot code, so it should contain everything needed to generate a bootable image.
Edit: just looked up the magic number -- it's the same for the openwrt code as it is in the C2600 tarball. So, it seems like the image file isn't valid.
Edit 2: Or more correctly, the changes TP Link made are on top of the AP148 reference board code (based on the provided SSH logs), which they seemed to have modified for the router. Hence why the default ap148 image is crashing.
Edit 3: Apparently the Archer C9 uses the same firmware format, but the C7v2 and C3200 don't. I'm surprised the C3200 doesn't as it's a newer product as well.
(Last edited by TeutonJon78 on 4 Dec 2015, 09:49)
Any suggestions how to check in particular for possible needed modifications to the device tree as compared to the ap148 would be welcome.
I was looking for a tarball for the AP148, but didn't find one. I'm also building the GPL image to see what that actually spit out at the end.
Regarding the image generation code, DD-WRT working C9 firmware, so the code for that generation could be forked from there. They generate an initial flash file to use coming from factory (which has the same header format stock and we use) and then a normal dd-wrt flash file for upgrading.
You'd think that since the firmware is already based on openWRT, that TP-Link would:
1) be using a newer version than AA (seriously?)
2) release the code in a way that makes building a clean openWRT easier. They generally seem to support alternate firmwares, but they sure don't make it easy.
(Last edited by TeutonJon78 on 4 Dec 2015, 19:08)
I have the image generation working already with small modifications (adding partition table and strings for c2600) to tplink-safeloader in the openwrt firmware tools.
Just need to get it integrated into the Makefile to make it automatic during the build.
The bigger problem is that when so flashing the kernel+rootfs from the AP148 legacy sysupgrade tarball (https://downloads.openwrt.org/snapshots … pgrade.tar)
the router doesn't boot. (or at least neither LED's or network are working)
Of course the proper way to proceed would be to set up a working serial console to debug, but have not done that yet.
Sorry, posts 51 to 50 are missing from our archive.
Page 2 of 49