How to Flash Chip of a Router With a Programmer | TP-Link Router Repair & MAC address change

How to Flash Chip of a Router With a Programmer | TP-Link Router Repair & MAC address change


Hi, guys, welcome to electrical projects channel. In this video, I’ll show you all you need
to know how to unsolder flash memory of a router and flash it. You may ask why to do it at all. Well, for most of the people the main reason
is to repair not working router after wrong or unsuccessful flashing, but here is my reason,
well, all this experimenting started when I decided to update the firmware of my router,
I went to tp-link website and download the latest firmware for my router. Changelog claimed improved stability and bug
fixes, so I didn’t care about a small warning that I only will be able to upgrade to the
EU firmware after this, but my thoughts at that time ware why do I want to go back to
an old firmware version anyway? Well, I downloaded it and flashed it successfully. But actually, I’ve not noticed any improved
stability, but instead, I’ve noticed that very important for me feature called “antenna
alignment” was removed. I was angry, and I even called TP-Link tech
support, but they politely said that it is impossible to go back to an older firmware
and that they cannot help. And when I tried to flash an older firmware
I’ve just got an error, I was really angry at TP-Link, I really don’t know why they
do it. Well, after a little bit of reading on the
internet I’ve chosen a very radical way, but at the same time it is a very simple way
for me, I’ve bought a cheap 4$ programmer, and decided to program the chip. For most people, it will be not very reasonable
to buy a programmer just to flash a chip one single time. But since I wanted to experiment, and learn
new things, I’ve decided to buy it. Basically, with such programmer, it is always
possible to restore a router if the hardware of the router is still alive. Well, Let me show what you need to do in order
to flash a router with such programmer. Well first, of course, we need to disassemble
the router and here you can see the actual chip that stores the firmware. It is 32 Mbits, which equals 4 Mbytes of memory. But in order to flash it, we need to unsolder
it from the main PCB. It will not be very easy since I am going
to use just a soldering iron. Well let’s add some liquid flux, some solder, and now, we need to quickly heat up one side and another. And here it goes, now let’s clean it. Now it is clean. Here is the chip. The programmer comes with this PCB adapter
for the chip, and I suppose to solder the chip directly to it, but since it is not easy
to unsolder the chip using just a soldering iron, I’ve decided to use wires. Now, we just need to solder wires in the correct
order. Like this. Now, let’s put this adapter in the programmer
and let’s flash the chip. Now, let’s talk about flashing. First let’s click on detect, the program
should recognize the chip, now let’s choose what’s written on the chip. And now goes very important thing before flashing. Let’s create a back up file. Click on “read” button and wait. It is a very important step because inside
the chip is stored unique information like MAC addresses and WPS pin and you may need
this data later. So, you need to read the chip and save the
data. Now when the reading is complete, let’s
click on save button, name the file, and choose to save as type bin file, and click save. Now, with this bin file, you can always restore
everything as it was before flashing. Now when we have the backup file we can erase
the chip, to do so click on Erase button and wait. Now let’s read the chip just to be sure
that the chip is amply. Well as you can see the erasing was successful
and the chip is empty. And now you probably think that I am going
to download a firmware bin file from TP-Link website and flash into the chip, but no, it
doesn’t work like that, and if I do that the router simply will not boot. Actually, to make the router work I need to
flash into the chip what is called “a full dump”. A ‘full dump’ is a bin file that was red
by a programmer from the chip of another router. It is the same bin file as we just created
by saving the data from the chip, but we need such file from another router. And you may ask “but where do I get such
file?” Well, the answer simple, try to find it on
the internet. That’s what I did,
I found on some forum the ‘full dump’ for my model of the router and now am going
to flash it. To flash the ‘full dump’ file, let’s
click on open, choose appropriate bin file and click write. And now let’s wait until the flashing is
complete. Now after flashing is successful let’s start
soldering. Well, here I am also going to use wires because
if my flashing is not successful it will not be easy to unsolder the chip again. Now the wires are soldered. A little bit of cleaning. Now let’s solder the chip. And Now let’s test it. And the router is working, and I have an older
version of the firmware without any locks. An interesting thing that I also have the
new MAC address. Well after successful flashing I’ve really
licked the ability to flash this chip with any firmware that I want,
so, I decided to make this chip easily accessible. I am going to build my own adapter for the
chip. This adapter will be accessible outside of
the routers housing. Let’s solder the wires. Now, a little bit of cleaning. Now let’s fixate this socket for the chip
to the routers housing, I am going to use a screw. now Let’s Pull the wires through the holes And Now, let’s unsolder older wires and solder new. And like always a little bit of cleaning. After soldering is finished, let’s assemble
the router. Now, let’s make an adapter for the chip. I am using DIP8 socket. Let’s solder wires to the socket,
Let’s bend wires, and cut them appropriately and now let’s solder the chip to the wires. And That is how it looks all together. And now let’s test it. And It works! But it’s not all, the last thing that I
want to show, is how to change MAC address of the router. To change MAC address let’s put the chip
in the programmer. Now, let’s click on detect, and choose the
chip. Now click on the Read button and wait. And now in order to change MAC address we
need to go to address 0001FC00 and here you can see the MAC address of the router, let’s
change it to something else. Now after MAC is changed, it is important
to click on Erase button and wait. After erasing is finished let’s click on
write button and wait until the flashing iscomplete. Now am going to put the chip in the socket
of the router and we’ll see what we have. And check this out guys, is it not cool? Now, you definitely will not forget the MAC address of your router And that is all for today, like this video,
subscribe to my channel, and thanks for watching. See you next time.

39 thoughts to “How to Flash Chip of a Router With a Programmer | TP-Link Router Repair & MAC address change”

  1. Hi, guys, why do TP-Link lock their firmware from downgrade? any idea? It seems like only EU firmware has such lock.

  2. I've changed MAC address to 00-11-22-33-44-55 🙂 you can see it at 09:16, it is the most fun thing that I did using a programmer.

  3. I bricked my router and this is the only way i find to restore it… but I can't find a full dump for TP Link WDR3600 v1.5 router… what could I do? I get on serial console a lot of processing and in the end:
    Kernel panic – not syncing: No working init found. Try passing init= option to kernel. See Linux Documentation/init.txt for guidance.
    i flashed the wrong file, sysupgrade instead of factory… what can i do?

    PD: the ethernet ports don't work… 🙁

  4. Your tutorial is great. (And this what i was actually for). But with not use the serial port to flash the firmware ?

  5. Btw, yesterday i tried to find a firmware for exactly the same programmer (CH341). Since my final solution is not very good, can you tell me if you know a website where to download a firmware for the programmer ? Thank you.

  6. Update: Now, I am happily using OpenWRT with W25Q128FVSIG chip, I upgraded the router's chip from 4MB to 16MB. OpenWRT is much more stable and offers a lot of functionality. And In case I break the firmware I can restore everything with the setting and installed packets in a matter of minutes because the chip is outside, and I have a full dump. Cheers!

  7. A question: beside 0×0001FC00, do you also have the mac address in 0×003E0130, for a 4mb flash memory ? If yes, is this address relevant or is it only the first address that matters ?

  8. Hi i have same model router. I bircked it. wa701nd v2
    I bought a USB UART converter and tried to flash firmware. But not working.

    What i did?
    My original firmwware is about 4mb and when i flash it gives big file uncompressed.

    So what i did?

    1) i found stripped version of wa701nd v2.

    2) Also i learned that from 00000000 hex to 00020200 is bootloader so i deleted 0000000 to 00020200 and i prepared a 3,840mb clean firmware.

    3) also there is a tool http://www.chrysocome.net/dd
    in windows with this tools the boodloader section can be delete. COMMAND: dd if=ori.bin of=mod.bin skip=257 bs=512 (Windows/CD)

    When i flashed original, stripped firmware the router not working.
    There is no admin login page.
    3 led On= power, device is working gear led, and lan led.

    Can you send me full dump file?
    İf i send that file from putty with serial connection, can it work?

    this is my topic:
    https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1136583#1136583

    Thanks

  9. Good practice is to read the firmware twice, compare the two to ensure you got a reliable read and if so, then continue.

  10. i want just changing mac adress of router using that methode can i change it with same dump file and without changing anything just mac adress numbers ? please reply need your help

  11. i changed mac and serial number of technicolor td5341 and it didnt work i will buy your same type of router and test same thing you did in video

  12. changing mac adress done successfully with tp link access point its easy like on video but when i tried to do that in tp link wireless router it didnt work please find a solution for us

  13. You don't need to unsolder it to flash it just use a clip: https://fr.farnell.com/pomona/5250/pince-de-test-soic-soj-8-contacts/dp/2406243

  14. Dude, you can use a tftp flash to revert to your old firmware. Its much easy. Why took so much pera?

Leave a Reply

Your email address will not be published. Required fields are marked *