[PATCH] ath79: add support for TP-Link EAP225 v1
Sander Vanheule
sander at svanheule.net
Sat Sep 25 01:27:17 PDT 2021
TP-Link EAP225 v1 is an AC1200 (802.11ac Wave-1) ceiling mount access point.
Device specifications:
* SoC: QCA9563 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n, 2x2
* Wireless 5Ghz (QCA9882): a/n/ac, 2x2
* Ethernet (AR8033): 1× 1GbE, 802.3at PoE
Flashing instructions:
* Upgrade the device to firmware v1.4.0 if necessary
* Exploit the user management page in the web interface to start telnetd
by changing the username to `;/usr/sbin/telnetd -l/bin/sh&`.
* Immediately change the malformed username back to something valid
(e.g. 'admin') to make ssh work again.
* Use the root shell via telnet to make /tmp world writeable (chmod 777)
* Extract /usr/bin/uclited from the device via ssh and apply the binary
patch listed below. The patch is required to prevent `uclited -u` in
the last step from crashing.
* Copy the patched uclited programme back to the device at /tmp/uclited
(via ssh)
* Upload the factory image to /tmp/upgrade.bin (via ssh)
* Run `chmod +x /tmp/uclited && /tmp/uclited -u` to install OpenWrt.
uclited patching:
--- xxd uclited
+++ xxd uclited-patched
@@ -53811,7 +53811,7 @@
000d2330: 8c44 0000 0320 f809 0000 0000 8fbc 0010 .D... ..........
000d2340: 8fa6 0a4c 02c0 2821 8f82 87c4 0000 0000 ...L..(!........
-000d2350: 8c44 0000 0c13 461c 27a7 0018 8fbc 0010 .D....F.'.......
+000d2350: 8c44 0000 2402 0000 0000 0000 8fbc 0010 .D..$...........
000d2360: 1040 001d 0000 1821 8f99 8378 3c04 0058 . at .....!...x<..X
000d2370: 3c05 0056 2484 ad68 24a5 9f00 0320 f809 <..V$..h$.... ..
To make sure the correct file is patched, the following MD5 checksums
should match the unpatched and patched files:
4bd74183c23859c897ed77e8566b84de uclited
4107104024a2e0aeaf6395ed30adccae uclited-patched
Debricking:
* Serial port can be soldered on unpopulated 4-pin header
(1: TXD, 2: RXD, 3: GND, 4: VCC)
* Bridge unpopulated resistors running from pins 1 (TXD) and 2 (RXD).
Do NOT bridge the pull-down for pin 2, running parallel to the
header.
* Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via the LuCI web interface
setenv ipaddr 192.168.1.1 # default, change as required
setenv serverip 192.168.1.10 # default, change as required
tftp 0x80800000 initramfs.bin
bootelf $fileaddr
Tested by forum user KernelMaker.
Signed-off-by: Sander Vanheule <sander at svanheule.net>
---
.../ath79/dts/qca9563_tplink_eap225-v1.dts | 44 +++++++++++++++++++
.../generic/base-files/etc/board.d/02_network | 1 +
.../etc/hotplug.d/firmware/11-ath10k-caldata | 1 +
target/linux/ath79/image/generic-tp-link.mk | 11 +++++
tools/firmware-utils/src/tplink-safeloader.c | 26 +++++++++++
5 files changed, 83 insertions(+)
create mode 100644 target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts
diff --git a/target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts b/target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts
new file mode 100644
index 000000000000..7ffdf6f772c5
--- /dev/null
+++ b/target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts
@@ -0,0 +1,44 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "qca9563_tplink_eap2x5-1port.dtsi"
+
+/ {
+ compatible = "tplink,eap225-v1", "qca,qca9563";
+ model = "TP-Link EAP225 v1";
+
+ aliases {
+ led-boot = &led_status_green;
+ led-failsafe = &led_status_amber;
+ led-running = &led_status_green;
+ led-upgrade = &led_status_amber;
+ };
+
+ leds {
+ compatible = "gpio-leds";
+
+ led_status_green: status_green {
+ label = "green:status";
+ gpios = <&gpio 7 GPIO_ACTIVE_HIGH>;
+ default-state = "on";
+ };
+
+ led_status_amber: status_amber {
+ label = "amber:status";
+ gpios = <&gpio 9 GPIO_ACTIVE_HIGH>;
+ };
+
+ led_status_red: status_red {
+ label = "red:status";
+ gpios = <&gpio 1 GPIO_ACTIVE_HIGH>;
+ };
+ };
+
+ gpio-export {
+ compatible = "gpio-export";
+ led_enable {
+ gpio-export,name = "leds:enable";
+ gpio-export,output = <1>;
+ gpios = <&gpio 5 GPIO_ACTIVE_HIGH>;
+ };
+ };
+};
diff --git a/target/linux/ath79/generic/base-files/etc/board.d/02_network b/target/linux/ath79/generic/base-files/etc/board.d/02_network
index e2c6f9feac19..d7e7f45f8490 100644
--- a/target/linux/ath79/generic/base-files/etc/board.d/02_network
+++ b/target/linux/ath79/generic/base-files/etc/board.d/02_network
@@ -64,6 +64,7 @@ ath79_setup_interfaces()
tplink,cpe610-v1|\
tplink,cpe610-v2|\
tplink,eap225-outdoor-v1|\
+ tplink,eap225-v1|\
tplink,eap225-v3|\
tplink,eap245-v1|\
tplink,re350k-v1|\
diff --git a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata
index 5ba1a7a8ffad..79db3e61471e 100644
--- a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata
+++ b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata
@@ -140,6 +140,7 @@ case "$FIRMWARE" in
caldata_extract "art" 0x5000 0x844
ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary romfs 0xf100) 2)
;;
+ tplink,eap225-v1|\
tplink,eap245-v1|\
tplink,re450-v2|\
tplink,re450-v3|\
diff --git a/target/linux/ath79/image/generic-tp-link.mk b/target/linux/ath79/image/generic-tp-link.mk
index b6755fe5478a..f135a52aabbe 100644
--- a/target/linux/ath79/image/generic-tp-link.mk
+++ b/target/linux/ath79/image/generic-tp-link.mk
@@ -382,6 +382,17 @@ define Device/tplink_eap225-outdoor-v1
endef
TARGET_DEVICES += tplink_eap225-outdoor-v1
+define Device/tplink_eap225-v1
+ $(Device/tplink-eap2x5)
+ SOC := qca9563
+ IMAGE_SIZE := 13824k
+ DEVICE_MODEL := EAP225
+ DEVICE_VARIANT := v1
+ DEVICE_PACKAGES := kmod-ath10k-ct ath10k-firmware-qca988x-ct
+ TPLINK_BOARD_ID := EAP225-V1
+endef
+TARGET_DEVICES += tplink_eap225-v1
+
define Device/tplink_eap225-v3
$(Device/tplink-eap2x5)
SOC := qca9563
diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c
index b20d1fdd30e0..d2d466f7b117 100644
--- a/tools/firmware-utils/src/tplink-safeloader.c
+++ b/tools/firmware-utils/src/tplink-safeloader.c
@@ -1495,6 +1495,32 @@ static struct device_info boards[] = {
.last_sysupgrade_partition = "file-system"
},
+ /** Firmware layout for the EAP225 v1 */
+ {
+ .id = "EAP225-V1",
+ .support_list =
+ "SupportList:\r\n"
+ "EAP225(TP-LINK|UN|AC1200-D):1.0\r\n",
+ .part_trail = PART_TRAIL_NONE,
+ .soft_ver = SOFT_VER_DEFAULT,
+
+ .partitions = {
+ {"fs-uboot", 0x00000, 0x20000},
+ {"partition-table", 0x20000, 0x02000},
+ {"default-mac", 0x30000, 0x01000},
+ {"support-list", 0x31000, 0x00100},
+ {"product-info", 0x31100, 0x00400},
+ {"soft-version", 0x32000, 0x00100},
+ {"firmware", 0x40000, 0xd80000},
+ {"user-config", 0xdc0000, 0x30000},
+ {"radio", 0xff0000, 0x10000},
+ {NULL, 0, 0}
+ },
+
+ .first_sysupgrade_partition = "os-image",
+ .last_sysupgrade_partition = "file-system"
+ },
+
/** Firmware layout for the EAP225 v3 */
{
.id = "EAP225-V3",
--
2.31.1
More information about the openwrt-devel
mailing list