[PATCH] ath79: add support for TP-Link EAP225 v1

Sander Vanheule sander at svanheule.net
Sat Sep 25 01:27:17 PDT 2021


TP-Link EAP225 v1 is an AC1200 (802.11ac Wave-1) ceiling mount access point.

Device specifications:
* SoC: QCA9563 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n, 2x2
* Wireless 5Ghz (QCA9882): a/n/ac, 2x2
* Ethernet (AR8033): 1× 1GbE, 802.3at PoE

Flashing instructions:
* Upgrade the device to firmware v1.4.0 if necessary
* Exploit the user management page in the web interface to start telnetd
  by changing the username to `;/usr/sbin/telnetd -l/bin/sh&`.
* Immediately change the malformed username back to something valid
  (e.g. 'admin') to make ssh work again.
* Use the root shell via telnet to make /tmp world writeable (chmod 777)
* Extract /usr/bin/uclited from the device via ssh and apply the binary
  patch listed below. The patch is required to prevent `uclited -u` in
  the last step from crashing.
* Copy the patched uclited programme back to the device at /tmp/uclited
  (via ssh)
* Upload the factory image to /tmp/upgrade.bin (via ssh)
* Run `chmod +x /tmp/uclited && /tmp/uclited -u` to install OpenWrt.

uclited patching:
    --- xxd uclited
    +++ xxd uclited-patched
    @@ -53811,7 +53811,7 @@
     000d2330: 8c44 0000 0320 f809 0000 0000 8fbc 0010  .D... ..........
     000d2340: 8fa6 0a4c 02c0 2821 8f82 87c4 0000 0000  ...L..(!........
    -000d2350: 8c44 0000 0c13 461c 27a7 0018 8fbc 0010  .D....F.'.......
    +000d2350: 8c44 0000 2402 0000 0000 0000 8fbc 0010  .D..$...........
     000d2360: 1040 001d 0000 1821 8f99 8378 3c04 0058  . at .....!...x<..X
     000d2370: 3c05 0056 2484 ad68 24a5 9f00 0320 f809  <..V$..h$.... ..

To make sure the correct file is patched, the following MD5 checksums
should match the unpatched and patched files:
    4bd74183c23859c897ed77e8566b84de  uclited
    4107104024a2e0aeaf6395ed30adccae  uclited-patched

Debricking:
* Serial port can be soldered on unpopulated 4-pin header
  (1: TXD, 2: RXD, 3: GND, 4: VCC)
    * Bridge unpopulated resistors running from pins 1 (TXD) and 2 (RXD).
      Do NOT bridge the pull-down for pin 2, running parallel to the
      header.
    * Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via the LuCI web interface
    setenv ipaddr 192.168.1.1 # default, change as required
    setenv serverip 192.168.1.10 # default, change as required
    tftp 0x80800000 initramfs.bin
    bootelf $fileaddr

Tested by forum user KernelMaker.

Signed-off-by: Sander Vanheule <sander at svanheule.net>
---
 .../ath79/dts/qca9563_tplink_eap225-v1.dts    | 44 +++++++++++++++++++
 .../generic/base-files/etc/board.d/02_network |  1 +
 .../etc/hotplug.d/firmware/11-ath10k-caldata  |  1 +
 target/linux/ath79/image/generic-tp-link.mk   | 11 +++++
 tools/firmware-utils/src/tplink-safeloader.c  | 26 +++++++++++
 5 files changed, 83 insertions(+)
 create mode 100644 target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts

diff --git a/target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts b/target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts
new file mode 100644
index 000000000000..7ffdf6f772c5
--- /dev/null
+++ b/target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts
@@ -0,0 +1,44 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "qca9563_tplink_eap2x5-1port.dtsi"
+
+/ {
+	compatible = "tplink,eap225-v1", "qca,qca9563";
+	model = "TP-Link EAP225 v1";
+
+	aliases {
+		led-boot = &led_status_green;
+		led-failsafe = &led_status_amber;
+		led-running = &led_status_green;
+		led-upgrade = &led_status_amber;
+	};
+
+	leds {
+		compatible = "gpio-leds";
+
+		led_status_green: status_green {
+			label = "green:status";
+			gpios = <&gpio 7 GPIO_ACTIVE_HIGH>;
+			default-state = "on";
+		};
+
+		led_status_amber: status_amber {
+			label = "amber:status";
+			gpios = <&gpio 9 GPIO_ACTIVE_HIGH>;
+		};
+
+		led_status_red: status_red {
+			label = "red:status";
+			gpios = <&gpio 1 GPIO_ACTIVE_HIGH>;
+		};
+	};
+
+	gpio-export {
+		compatible = "gpio-export";
+		led_enable {
+			gpio-export,name = "leds:enable";
+			gpio-export,output = <1>;
+			gpios = <&gpio 5 GPIO_ACTIVE_HIGH>;
+		};
+	};
+};
diff --git a/target/linux/ath79/generic/base-files/etc/board.d/02_network b/target/linux/ath79/generic/base-files/etc/board.d/02_network
index e2c6f9feac19..d7e7f45f8490 100644
--- a/target/linux/ath79/generic/base-files/etc/board.d/02_network
+++ b/target/linux/ath79/generic/base-files/etc/board.d/02_network
@@ -64,6 +64,7 @@ ath79_setup_interfaces()
 	tplink,cpe610-v1|\
 	tplink,cpe610-v2|\
 	tplink,eap225-outdoor-v1|\
+	tplink,eap225-v1|\
 	tplink,eap225-v3|\
 	tplink,eap245-v1|\
 	tplink,re350k-v1|\
diff --git a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata
index 5ba1a7a8ffad..79db3e61471e 100644
--- a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata
+++ b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata
@@ -140,6 +140,7 @@ case "$FIRMWARE" in
 		caldata_extract "art" 0x5000 0x844
 		ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary romfs 0xf100) 2)
 		;;
+	tplink,eap225-v1|\
 	tplink,eap245-v1|\
 	tplink,re450-v2|\
 	tplink,re450-v3|\
diff --git a/target/linux/ath79/image/generic-tp-link.mk b/target/linux/ath79/image/generic-tp-link.mk
index b6755fe5478a..f135a52aabbe 100644
--- a/target/linux/ath79/image/generic-tp-link.mk
+++ b/target/linux/ath79/image/generic-tp-link.mk
@@ -382,6 +382,17 @@ define Device/tplink_eap225-outdoor-v1
 endef
 TARGET_DEVICES += tplink_eap225-outdoor-v1
 
+define Device/tplink_eap225-v1
+  $(Device/tplink-eap2x5)
+  SOC := qca9563
+  IMAGE_SIZE := 13824k
+  DEVICE_MODEL := EAP225
+  DEVICE_VARIANT := v1
+  DEVICE_PACKAGES := kmod-ath10k-ct ath10k-firmware-qca988x-ct
+  TPLINK_BOARD_ID := EAP225-V1
+endef
+TARGET_DEVICES += tplink_eap225-v1
+
 define Device/tplink_eap225-v3
   $(Device/tplink-eap2x5)
   SOC := qca9563
diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c
index b20d1fdd30e0..d2d466f7b117 100644
--- a/tools/firmware-utils/src/tplink-safeloader.c
+++ b/tools/firmware-utils/src/tplink-safeloader.c
@@ -1495,6 +1495,32 @@ static struct device_info boards[] = {
 		.last_sysupgrade_partition = "file-system"
 	},
 
+	/** Firmware layout for the EAP225 v1 */
+	{
+		.id     = "EAP225-V1",
+		.support_list =
+			"SupportList:\r\n"
+			"EAP225(TP-LINK|UN|AC1200-D):1.0\r\n",
+		.part_trail = PART_TRAIL_NONE,
+		.soft_ver = SOFT_VER_DEFAULT,
+
+		.partitions = {
+			{"fs-uboot", 0x00000, 0x20000},
+			{"partition-table", 0x20000, 0x02000},
+			{"default-mac", 0x30000, 0x01000},
+			{"support-list", 0x31000, 0x00100},
+			{"product-info", 0x31100, 0x00400},
+			{"soft-version", 0x32000, 0x00100},
+			{"firmware", 0x40000, 0xd80000},
+			{"user-config", 0xdc0000, 0x30000},
+			{"radio", 0xff0000, 0x10000},
+			{NULL, 0, 0}
+		},
+
+		.first_sysupgrade_partition = "os-image",
+		.last_sysupgrade_partition = "file-system"
+	},
+
 	/** Firmware layout for the EAP225 v3 */
 	{
 		.id     = "EAP225-V3",
-- 
2.31.1




More information about the openwrt-devel mailing list