Unlocking firmware 3.16.9

Firmware 3.16.9 has a different check mechanism than other versions and doesn't allow anything to be flashed (error 18005).

A firmware must have this string at address 0x120 in order to be flashed: "00000000;45550000;"

This can be added using a hex editor. Checksum must be recalculated using mktplinkfw tool in the image builder after editing. There's a thread in the forums about that

Download openwrt-15.05.1-ar71xx-generic-tl-wa701nd-v2-squashfs-factory.bin
Open it in a hex editor. Look at offset 0x40. There should be the following bytes: 08 41 00 08. Modify to: 09 41 00 05
Get mktplinkfw.c, md5.c and md5.h. Compile the tool: gcc -Os mktplinkfw.c md5.c -o mktplinkfw.
Run: ./mktplinkfw -i *-factory.bin
Look for the expected MD5Sum1: expected : e5 67 34 4d 04 99 20 60 f5 76 c6 04 15 81 ab f8
Open the hex editor again, go to offset 0x4c, and copy the MD5 above (it should span from offset 0x4c to offset 0x5b).
Go and upload the resulting file to firmware upgrade (in TP-Link web-interface). Good luck.