OpenWrt Forum Archive

Topic: TP-Link confirms Wifi freedom is dead-

The content of this topic has been archived on 10 Apr 2018. Unfortunately there are posts – most likely complete pages – missing.

Have TP Link made any official comment?

Quoting richbhanover from the other thread:

richbhanover wrote:

New TP-Link Routers now appear all to be locked down as of February 2016. The following chat occurred on the TP-Link support line (Camille is the support rep):

Camille09:13:25 pm wait one moment please
Thanks for your waiting, right now only these products has limitation on
firmware: Archer C7 V2 Archer C1900 V1 Touch P5 V1 Archer C2600 V1 Archer
C3200 V1 Archer C2 V1 Archer C5 V2 Archer C8 V1 Archer C9 V1 TL-WR841N V11
TL-WDR3500 V1 TL-WR940N V3.0 TL-WR1043ND V3.0 TL-WR710N(USA) TL-WR841N V9.0
and all products will also limite firmware in the future.

   Adam Longwill09:26:19 pm Wow. Thank you. I'm impressed with your digging
And this limitation is due to FCC rule clarifications in 2015?
And not some other reason

Camille09:28:15 pm Right, due to FCC

The full chat is at http://ml.ninux.org/pipermail/battlemes … 04379.html

As much as this sucks, credit where credit is due: they're being honest and straightforward, and helpful in identifying affected hardware (based on this chat, which of course could be due to the individual responding to the chat). I would have expected any vendor to spew out some nonsensical marketing garbage about "security", as if it's better to lock customers to their rarely updated firmwares, with plenty of vulnerabilities that will never be fixed.

tapper wrote:
iasimov wrote:

Tp link? the url is to slashdot, citing an anonymous source and a email.

provide tplink url or change the title of the thread.

NO!

If you look at the link in post 7 you will see that some of the biggest names in third party router firmware are involved EG Christopher Waid, of ThinkPenguin, Dave Taht, of BufferBloat, Eric Schultz, Josh Gay of the FSF, and more.

Take it easy little girl.

Then the title should be "Biggest names (for tapper forum user) confirm this or that" but NOT TP-Link.

There's no a single one officlal confirmation in tplink website, so the thread title is deceitful.

Provide a url in tplink website or change the title of thread. A anonymous email is not a "confirmation" of a big company like Tp-Link.

tapper wrote:

For the tplink routers best work around i have found at the mo is to flash to ddwrt then flash to a old tplink firmware and then flash to openwrt. I have dun this so i no it works on a c7.

TP-Link stripped firmware's are here:
http://www.friedzombie.com/tplink-stripped-firmware/

Does it work on routers with recent crypto-locked firmware ?
If we have dd-wrt we have mtd and that's the end of the game

At least the archer C2600 V1 and V1.1 do not have any particular "lock".  There's a trivial MD5 hash, with the necessary magic number available from TP-Link's own GPL tarballs.  Building firmware with that kind of "signature" is already supported by https://dev.openwrt.org/browser/trunk/t … feloader.c

But maybe some of the routers have a more serious protection...

Hi,

bolvan wrote:
tapper wrote:

For the tplink routers best work around i have found at the mo is to flash to ddwrt then flash to a old tplink firmware and then flash to openwrt. I have dun this so i no it works on a c7.

TP-Link stripped firmware's are here:
http://www.friedzombie.com/tplink-stripped-firmware/

Does it work on routers with recent crypto-locked firmware ?
If we have dd-wrt we have mtd and that's the end of the game

As chance would have it, I just ordered another TP-Link TL-WDR3600 v.1 for an ongoing project.  Then I read about the locked/signed firmware problem.

Router arrived this afternoon with US firmware TL-WDR3600_V1_151104_US.zip pre-installed.  Tried to flash OpenWRT DD/trunk -factory.bin file build r48631 for this model.  I got the famous 18005 error.

So I used the exact solution given above by tapper.  Worked like a charm smile

1.) You'll need to flash factory-to-ddwrt-us.bin (note the "-us") for your make/model from a recent dd-wrt build.

2.) Then flash the correct webrevert firmware for your make/model (an example is wdr3600v1_webrevert.bin) from the dd-wrt forum Atheros thread here:

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=85237

There are webreverts for a variety of Atheros router makes/models, so use the appropriate one!!!

[[2a.) The webrevert is old firmware so as a precaution I flashed up to wdr3600v1_en_3_14_3_up_boot(150518).bin which is the last unsigned/unlocked firmware I know of.  I'm guessing this is unnecessary.  YMMV.]]

3.) Then you can flash the OpenWRT -factory.bin to install OpenWRT.

It's all relatively painless.  HTH.

Clemmitt

cmsigler wrote:

Hi,

bolvan wrote:
tapper wrote:

For the tplink routers best work around i have found at the mo is to flash to ddwrt then flash to a old tplink firmware and then flash to openwrt. I have dun this so i no it works on a c7.

TP-Link stripped firmware's are here:
http://www.friedzombie.com/tplink-stripped-firmware/

Does it work on routers with recent crypto-locked firmware ?
If we have dd-wrt we have mtd and that's the end of the game

As chance would have it, I just ordered another TP-Link TL-WDR3600 v.1 for an ongoing project.  Then I read about the locked/signed firmware problem.

Router arrived this afternoon with US firmware TL-WDR3600_V1_151104_US.zip pre-installed.  Tried to flash OpenWRT DD/trunk -factory.bin file build r48631 for this model.  I got the famous 18005 error.

So I used the exact solution given above by tapper.  Worked like a charm smile

1.) You'll need to flash factory-to-ddwrt-us.bin (note the "-us") for your make/model from a recent dd-wrt build.

2.) Then flash the correct webrevert firmware for your make/model (an example is wdr3600v1_webrevert.bin) from the dd-wrt forum Atheros thread here:

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=85237

There are webreverts for a variety of Atheros router makes/models, so use the appropriate one!!!

[[2a.) The webrevert is old firmware so as a precaution I flashed up to wdr3600v1_en_3_14_3_up_boot(150518).bin which is the last unsigned/unlocked firmware I know of.  I'm guessing this is unnecessary.  YMMV.]]

3.) Then you can flash the OpenWRT -factory.bin to install OpenWRT.

It's all relatively painless.  HTH.

Clemmitt

Then there is no lock.

If TP-Link or any other company wants to avoid install third party firmwares it's easy make it with RSA signed firmware and there is no way to break a RSA sign.

So please, stop spreading false rumors and provide officials urls when talk about big companies.

(Last edited by iasimov on 22 Feb 2016, 14:38)

iasimov wrote:

Then there is no lock.

So please, stop spreading false rumors and provide officials urls when talk about big companies.

Unless I and others are mistaken, there are no TP-Link "official URLs" documenting this change.  Why would they post them?  However, access within the US to www.tp-link.com is automatically redirected to www.tp-link.us now.  For what possible reason would they publicly disclose this so-called "lock down" of firmware flashing?  You're demanding an official answer which makes no sense for TP-Link to acknowledge.

First, I'm *not* an expert and am fairly new to OpenWRT.  Still it's obvious to me that you argue over semantics:

- No, the routers aren't unbreakably locked by cryptographically signed firmware.  You are correct.

- Yes, the firmware has been modified so that non-US firmware and previous versions of firmware which aren't specifically for the US can't be loaded without the 18005 error message.

Clemmitt

Hello,

Can I get clarification on the TP-Link firmware lock?   I assume the website firmware upgrade option does not work (short of the dd-wrt work around).  Does the tftp method work?  Does the serial method work?   My interest is primarily the 841's and 3600's but I think it would be helpful if the TOH was updated with what methods do not work....or what methods will.

Thanks for your time,

Donald

(Last edited by sailor_ca on 26 Feb 2016, 19:14)

@iasimov

iasimov wrote:

So please, stop spreading false rumors and provide officials urls when talk about big companies.

RIGHT HERE with your official TP-Link URL.  Your move, buddy.

Clemmitt

Too bad news,there are two many ways to lock it,like activation through a TP-LINK server,RSA signed firmware...

Just so yall know I have contacted support to put in a trouble ticket to r & d to get and contact with me because my $300 bad ass spec archer c3200 is bad ass paper weight. I have told them if they don't want to make this easy I will unlock it myself and show everybody how to do it. Then farther more I also requested the source code file witch I have for this router but I'm currently trying to get my Linux box up to do all the editing for it. It is going to take me day based on the extraction in windows to find where they block third party support I might send it DD-WRT for there support but we will see what they say when  the contact me. The tech support lady said they would get back to me on Monday 20170220 to find out more info about the lock out of third party software but for now I'm going to have a good and drunk weekend and start the project next weekend. Ill let yall know a update from tplink r&d to see if they will help with this or I'm going to tell them I want my money back even though ive had it for more then 90 days and I'm going to go get the Linksys wrt320acm

The discussion might have continued from here.