[WLANware] Flashing a old TP-Link 5210g with OpenWrt via VxKiller
Saverio Proto
zioproto at gmail.com
Wed Apr 30 11:30:17 CEST 2014
Hello all,
I am having fun with a old device, but I got stuck and I need some help.
my goal: I am trying to flash a TP-Link wa5210g to OpenWrt from the
web interface
http://luebeck.freifunk.net/wiki/wa5210g
http://wiki.openwrt.org/toh/tp-link/tl-wa5210g
I have successfully booted a OpenWrt Image, but I had to remove the
flash chip and flash it with the Bus Pirate. Soldering and unsoldering
is not for everyone, so I wanted to make it possible from the web
interface.
After a lot of testing and research on the Internet I am sure of the
following facts:
1) The original TP-Link firmware has a 20bytes header. The first 4
bytes are the lenght of the firmware. The remaining 16 bytes should be
a md5 digest.
2) the web interface will make you flash only files smaller than 1179648 bytes
3) At position 0x43c in the original firmware you find two bytes 0x52 0x10
this is the version number 5210
If the web interface do not find this expected two bytes, on the
serial console you will read:
tftp: firmware version check failed
4) The web interface checks the md5 in the header, if is not correct
on the serial console you will read:
tftp: md5 checksum is not correct!
For a similar device the problem is already solved:
http://wiki.openwrt.org/toh/tp-link/tl-wr542g
But I cannot find anywhere the source code of vxkiller. The Vxkiller I
downloaded is not accepted from my device.
If I find what is the input for calculation of the md5 in the header
we have a working OpenWrt on this device. The bootloader I used is
Microredboot from the DD-WRT project.
please if you have any info let me know :)
thanks
Saverio
More information about the WLANware
mailing list