[PATCH 4/6] ath79: support for TP-Link EAP245 v1
Sander Vanheule
sander at svanheule.net
Tue Oct 20 04:44:33 EDT 2020
TP-Link EAP245 v1 is an AC1750 (802.11ac Wave-1) ceiling mount access point.
Device specifications:
* SoC: QCA9563 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n, 3x3
* Wireless 5Ghz (QCA9880): a/n/ac, 3x3
* Ethernet (AR8033): 1× 1GbE, 802.3at PoE
Flashing instructions:
* Upgrade the device to firmware v1.4.0 if necessary
* Exploit the user management page in the web interface to start telnetd
by changing the username to `;/usr/sbin/telnetd -l/bin/sh&`.
* Immediately change the malformed username back to something valid
(e.g. 'admin') to make ssh work again.
* Use the root shell via telnet to make /tmp world writeable (chmod 777)
* Extract /usr/bin/uclited from the device via ssh and apply the binary
patch listed below. The patch is required to prevent `uclited -u` in
the last step from crashing.
* Copy the patched uclited programme back to the device at /tmp/uclited
(via ssh)
* Upload the factory image to /tmp/upgrade.bin (via ssh)
* Run `chmod +x /tmp/uclited && /tmp/uclited -u` to install OpenWrt.
--- xxd uclited
+++ xxd uclited-patched
@@ -53796,7 +53796,7 @@
000d2240: 8c44 0000 0320 f809 0000 0000 8fbc 0010 .D... ..........
000d2250: 8fa6 0a4c 02c0 2821 8f82 87b8 0000 0000 ...L..(!........
-000d2260: 8c44 0000 0c13 45e0 27a7 0018 8fbc 0010 .D....E.'.......
+000d2260: 8c44 0000 2402 0000 0000 0000 8fbc 0010 .D..$...........
000d2270: 1040 001d 0000 1821 8f99 8374 3c04 0058 . at .....!...t<..X
000d2280: 3c05 0056 2484 a898 24a5 9a30 0320 f809 <..V$...$..0. ..
Debricking:
* Serial port can be soldered on PCB J3 (1: TXD, 2: RXD, 3: GND, 4: VCC)
* Bridge unpopulated resistors R225 (TXD) and R237 (RXD).
Do NOT bridge R230.
* Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via the LuCI web interface
setenv ipaddr 192.168.1.1 # default, change as required
setenv serverip 192.168.1.10 # default, change as required
tftp 0x80800000 initramfs.bin
bootelf $fileaddr
Tested on the EAP245 v1 running the latest firmware (v1.4.0). The binary
patch might not apply to uclited from other firmware versions.
EAP245 v1 device support was originally developed and maintained by
Julien Dusser out-of-tree. This patch and "ath79: prepare for 1-port
TP-Link EAP2x5 devices" are based on that work.
Signed-off-by: Sander Vanheule <sander at svanheule.net>
---
.../ath79/dts/qca9563_tplink_eap245-v1.dts | 44 +++++++++++++++++++
.../generic/base-files/etc/board.d/02_network | 1 +
.../etc/hotplug.d/firmware/11-ath10k-caldata | 11 ++---
target/linux/ath79/image/generic-tp-link.mk | 11 +++++
tools/firmware-utils/src/tplink-safeloader.c | 26 +++++++++++
5 files changed, 88 insertions(+), 5 deletions(-)
create mode 100644 target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts
diff --git a/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts b/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts
new file mode 100644
index 0000000000..3da450192c
--- /dev/null
+++ b/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts
@@ -0,0 +1,44 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "qca9563_tplink_eap2x5-1port.dtsi"
+
+/ {
+ compatible = "tplink,eap245-v1", "qca,qca9563";
+ model = "TP-Link EAP245 v1";
+
+ aliases {
+ led-boot = &led_status_green;
+ led-failsafe = &led_status_amber;
+ led-running = &led_status_green;
+ led-upgrade = &led_status_amber;
+ };
+
+ leds {
+ compatible = "gpio-leds";
+
+ led_status_green: status_green {
+ label = "green:status";
+ gpios = <&gpio 7 GPIO_ACTIVE_HIGH>;
+ default-state = "on";
+ };
+
+ led_status_amber: status_amber {
+ label = "amber:status";
+ gpios = <&gpio 9 GPIO_ACTIVE_HIGH>;
+ };
+
+ led_status_red: status_red {
+ label = "red:status";
+ gpios = <&gpio 1 GPIO_ACTIVE_HIGH>;
+ };
+ };
+
+ gpio-export {
+ compatible = "gpio-export";
+ led_enable {
+ gpio-export,name = "leds:enable";
+ gpio-export,output = <1>;
+ gpios = <&gpio 5 GPIO_ACTIVE_HIGH>;
+ };
+ };
+};
diff --git a/target/linux/ath79/generic/base-files/etc/board.d/02_network b/target/linux/ath79/generic/base-files/etc/board.d/02_network
index a587cfac96..483866eeb8 100755
--- a/target/linux/ath79/generic/base-files/etc/board.d/02_network
+++ b/target/linux/ath79/generic/base-files/etc/board.d/02_network
@@ -47,6 +47,7 @@ ath79_setup_interfaces()
tplink,cpe510-v3|\
tplink,cpe610-v1|\
tplink,cpe610-v2|\
+ tplink,eap245-v1|\
tplink,re350k-v1|\
tplink,re355-v1|\
tplink,re450-v1|\
diff --git a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata
index 25e864ba72..6a91e3d410 100644
--- a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata
+++ b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata
@@ -119,6 +119,12 @@ case "$FIRMWARE" in
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary romfs 0xf100) +2)
;;
+ tplink,eap245-v1|\
+ tplink,re450-v2|\
+ tplink,re450-v3)
+ caldata_extract "art" 0x5000 0x844
+ ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary info 0x8) +1)
+ ;;
tplink,re350k-v1)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary info 0x8) +2)
@@ -128,11 +134,6 @@ case "$FIRMWARE" in
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(cat /sys/class/net/eth0/address) -2)
;;
- tplink,re450-v2|\
- tplink,re450-v3)
- caldata_extract "art" 0x5000 0x844
- ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary info 0x8) +1)
- ;;
tplink,tl-wpa8630-v1)
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary u-boot 0x0fc00) +1)
diff --git a/target/linux/ath79/image/generic-tp-link.mk b/target/linux/ath79/image/generic-tp-link.mk
index 7979dda786..c704d99c98 100644
--- a/target/linux/ath79/image/generic-tp-link.mk
+++ b/target/linux/ath79/image/generic-tp-link.mk
@@ -382,6 +382,17 @@ define Device/tplink_eap225-wall-v2
endef
TARGET_DEVICES += tplink_eap225-wall-v2
+define Device/tplink_eap245-v1
+ $(Device/tplink-eap2x5)
+ SOC := qca9563
+ IMAGE_SIZE := 13824k
+ DEVICE_MODEL := EAP245
+ DEVICE_VARIANT := v1
+ DEVICE_PACKAGES := kmod-ath10k-ct ath10k-firmware-qca988x-ct
+ TPLINK_BOARD_ID := EAP245-V1
+endef
+TARGET_DEVICES += tplink_eap245-v1
+
define Device/tplink_eap245-v3
$(Device/tplink-eap2x5)
SOC := qca9563
diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c
index 22427a67e5..2657b2c928 100644
--- a/tools/firmware-utils/src/tplink-safeloader.c
+++ b/tools/firmware-utils/src/tplink-safeloader.c
@@ -1327,6 +1327,32 @@ static struct device_info boards[] = {
.last_sysupgrade_partition = "file-system"
},
+ /** Firmware layout for the EAP245 v1 */
+ {
+ .id = "EAP245-V1",
+ .support_list =
+ "SupportList:\r\n"
+ "EAP245(TP-LINK|UN|AC1750-D):1.0\r\n",
+ .support_trail = '\xff',
+ .soft_ver = NULL,
+
+ .partitions = {
+ {"fs-uboot", 0x00000, 0x20000},
+ {"partition-table", 0x20000, 0x02000},
+ {"default-mac", 0x30000, 0x01000},
+ {"support-list", 0x31000, 0x00100},
+ {"product-info", 0x31100, 0x00400},
+ {"soft-version", 0x32000, 0x00100},
+ {"firmware", 0x40000, 0xd80000},
+ {"user-config", 0xdc0000, 0x30000},
+ {"radio", 0xff0000, 0x10000},
+ {NULL, 0, 0}
+ },
+
+ .first_sysupgrade_partition = "os-image",
+ .last_sysupgrade_partition = "file-system"
+ },
+
/** Firmware layout for the EAP245 v3 */
{
.id = "EAP245-V3",
--
2.26.2
More information about the openwrt-devel
mailing list