Greetings,

I have a workaround to flash OpenWRT on locked down TP-Link firmware.  It took me a lot of time, research, and trial and error but it is possible to flash any of these routers.  Of particular interest to me is flashing OpenWRT on an TP-Link Archer C3200.  If anyone could point me in the right direction of an image to try i'll be happy to give it a go.  However, I cant publicly post how to flash the locked down firmware because then they would possibly close this opened doorway

If there is firmware available i'll be happy to give it a try because i'm retiring my C3200 due to issues with it's stock firmware and horrible wifi connectivity for 5.4 Ghz devices.  The stock firmware is the worst ive ever seen.  I will be happy to share how to flash almost any of their new locked down us model routers through a secure channel but the knowledge cant be made directly public or tp-link would have no choice but to fix it.

Thanks,

HashLux

P.S. My method bypasses their firmware signature verification which is how it is possible.

(Last edited by HashLux on 23 Aug 2016, 05:40)

US only or CN too? just got the unsupported device similar to TL-WR810N so i tried changing HWID of WR810N image but still got 18005 when trying to flash. another problem there is no official firmware yet released either..

But can they? Of course they can fix the exploit. But If it is in one of their publicly available signed firmwares--which is kind of the point--then they would have to disallow firmware downgrades, even to signed versions. I'm not sure if they can actually do that willy-nilly without alienating a good chunk of their customer base ... once again.

Other than that, there is a point to be made to keep exploits under wraps as long as there are others that exist, to pull them out of the drawer once every other exploit has been closed.

Hi,

This sounds good

Got a crappy c3200 and agreed with you about the stock firmware...

I can do some tests as I have an hardware available !

Hi Hashlux

I'm interested in getting OpenWRT onto my TD-W9980 router, but still to this day I haven't managed it because of the need to use a serial connection etc...

How can I contact you to discuss this, as I see no private message feature on these boards.

Thanks...

Is this a TPL specific vulnerability or can it be applied to other manufacturers with the same lockdown method?

i am interested. can i have the method please.

Hello "HashLux",

I am very interested in giving it a try.
Indeed the only things needed are:
1) the way to do it;
2) a compatible firmware

More than glad to be a sidekick and try it too.

Looking forward,

Has anyone successfully managed to install OpenWRT on TP Link Archer C3200?

I am very interested too!