Reflashing the SamKnows TP Link Router
SamKnows;is a global Broadband Quality Monitoring service. They are funded by a number of national regulatory bodies, including the FCC and OfCom, and are to all intents unaffiliated. On sign-up, they will ship a heavily customised;OpenWRT, mainly for its rich collection of addons and customisability. It might be a little harder to get to grips with than Tomato or dd-wrt, but I fell the additional functionality makes it worthwhile. A build of;OpenWRT 15.05 (Chaos Calmer);exists for the provided router, a TP-Link TL-WDR3600 (N600), so downloading that is where I began.
Once downloaded, I renamed to ‘tplink.bin’ and left it in an accessible directory on my laptop. I then configured my laptop to a static address (192.168.1.2), and connected it directly to one of the LAN ports on the WDR3600. It is possible to set the SamKnows firmware into ‘failsafe’ mode, which sets the IP to 192.168.1.1 and exposes a telnet port with no password. This is achieved by powering the unit off, then powering back up… all of the LEDs will light up after a couple of seconds, and once they do, repeatedly pressing the Reset/WPS button on the back will eventually cause the little ‘sun’ LED, second from the left to start to flash rapidly… once this happens you are in failsafe and can log in.
The login and re-flash session was captured, and looks like this:
[email protected]:~$ telnet 192.168.1.1 Trying 192.168.1.1… Connected to 192.168.1.1. Escape character is ‘^]’.
=== IMPORTANT ============================ Use ‘passwd’ to set your login password this will disable telnet and enable SSH ——————————————
BusyBox v1.19.4 (2015-02-03 17:28:09 GMT) built-in shell (ash) Enter ‘help’ for a list of built-in commands.
; ; ; ; ; ; ; ; ; ; ;_
;___ __ _ _ __ ___ ;| | ;; ;___ ;;__ ; ;_____ _____
/ __|/ _
| '_ _ \| | / / ‘_ \ / _ \ \ /\ / / |
\__ \ (| | | | | | | ;< ;| | | | () \ V V /\__
|/\_,|| || ||| \_\_| ||\/ \_/\_/ |/ P E R F O R M A N C E M O N I T O R I N G
OS: OpenWRT Attitude Adjustment, r35093
SW: WDR3600 Build
root@(none):/# root@(none):/# mount_root /sbin/mount_root: line 1: pi_include: not found /sbin/mount_root: line 1: pi_include: not found /sbin/mount_root: line 1: set_jffs_mp: not found /sbin/mount_root: line 1: determine_root_device: not found /sbin/mount_root: line 1: can’t create /.extroot.md5sum: Read-only file system switching to jffs2 root@(none):/# passwd Changing password for root New password: Retype password: Password for root changed by root root@(none):/# cd /tmp root@(none):/tmp# scp [email protected]:~/tplink.bin /tmp
Host ‘192.168.1.2’ is not in the trusted hosts file. (fingerprint md5 99:32:6a:72:db:26:03:a2:a5:42:ff:a6:9c:b8:6c:e8) Do you want to continue connecting? (y/n) y
Login for [email protected] Password: You have logged in using cached account information. Some network services will be unavailable.
Press Enter to Continue. tplink.bin 100% 7936KB 2.6MB/s 00:03 root@(none):/tmp# mtd -r write /tmp/tplink.bin firmware Unlocking firmware …
Writing from /tmp/tplink.bin to firmware … [w]
Rebooting … Connection closed by foreign host. [email protected]:~$ telnet 192.168.1.1 Trying 192.168.1.1… Connected to 192.168.1.1. Escape character is ‘^]’. === IMPORTANT ============================ Use ‘passwd’ to set your login password this will disable telnet and enable SSH ——————————————
BusyBox v1.23.2 (2016-01-02 18:01:44 CET) built-in shell (ash)
_______ ________ __ | |.—–.—–.—–.| | | |.—-.| |_ | - || _ | -| || | | || _|| _| |_____|| |_||||____||| |____|
|__| W I R E L E S S F R E E D O M
CHAOS CALMER (15.05.1, r48532)
- 1 1⁄2 oz Gin Shake with a glassful
- 1⁄4 oz Triple Sec of broken ice and pour
- 3⁄4 oz Lime Juice unstrained into a goblet.
- 1 1⁄2 oz Orange Juice
- 1 tsp. Grenadine Syrup —————————————————– [email protected]:/#
At this point, OpenWRT is installed. The web UI, LuCI, can be accessed by pointing a browser at;http://192.168.1.1/ The password will need to be set on first login, or the router will start-up in ‘initialised’ mode every time.