From 0f6b6aab2bc9d34b5d516ddf38fb14e8c5d029db Mon Sep 17 00:00:00 2001 From: Sander Vanheule Date: Mon, 22 Nov 2021 20:59:06 +0100 Subject: [PATCH] ath79: add support for TP-Link EAP225 v1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit TP-Link EAP225 v1 is an AC1200 (802.11ac Wave-1) ceiling mount access point. Device specifications: * SoC: QCA9563 @ 775MHz * RAM: 128MiB DDR2 * Flash: 16MiB SPI-NOR * Wireless 2.4GHz (SoC): b/g/n, 2x2 * Wireless 5Ghz (QCA9882): a/n/ac, 2x2 * Ethernet (AR8033): 1× 1GbE, 802.3at PoE Flashing instructions: * Ensure the device is upgraded to firmware v1.4.0 * Exploit the user management page in the web interface to start telnetd by changing the username to `;/usr/sbin/telnetd -l/bin/sh&`. * Immediately change the malformed username back to something valid (e.g. 'admin') to make ssh work again. * Use the root shell via telnet to make /tmp world writeable (chmod 777) * Extract /usr/bin/uclited from the device via ssh and apply the binary patch listed below. The patch is required to prevent `uclited -u` in the last step from crashing. * Copy the patched uclited binary back to the device at /tmp/uclited (via ssh) * Upload the factory image to /tmp/upgrade.bin (via ssh) * Run `chmod +x /tmp/uclited && /tmp/uclited -u` to install OpenWrt. uclited patching: --- xxd uclited +++ xxd uclited-patched @@ -53811,7 +53811,7 @@ 000d2330: 8c44 0000 0320 f809 0000 0000 8fbc 0010 .D... .......... 000d2340: 8fa6 0a4c 02c0 2821 8f82 87c4 0000 0000 ...L..(!........ -000d2350: 8c44 0000 0c13 461c 27a7 0018 8fbc 0010 .D....F.'....... +000d2350: 8c44 0000 2402 0000 0000 0000 8fbc 0010 .D..$........... 000d2360: 1040 001d 0000 1821 8f99 8378 3c04 0058 .@.....!...x<..X 000d2370: 3c05 0056 2484 ad68 24a5 9f00 0320 f809 <..V$..h$.... .. To make sure the correct file is patched, the following MD5 checksums should match the unpatched and patched files: 4bd74183c23859c897ed77e8566b84de uclited 4107104024a2e0aeaf6395ed30adccae uclited-patched Debricking: * Serial port can be soldered on unpopulated 4-pin header (1: TXD, 2: RXD, 3: GND, 4: VCC) * Bridge unpopulated resistors running from pins 1 (TXD) and 2 (RXD). Do NOT bridge the pull-down for pin 2, running parallel to the header. * Use 3.3V, 115200 baud, 8n1 * Interrupt bootloader by holding CTRL+B during boot * tftp initramfs to flash via the LuCI web interface setenv ipaddr 192.168.1.1 # default, change as required setenv serverip 192.168.1.10 # default, change as required tftp 0x80800000 initramfs.bin bootelf $fileaddr Tested by forum user KernelMaker. Link: https://forum.openwrt.org/t/eap225-v1-firmware/87116 Signed-off-by: Sander Vanheule --- .../ath79/dts/qca9563_tplink_eap225-v1.dts | 51 +++++++++++++++++++ .../generic/base-files/etc/board.d/02_network | 1 + .../etc/hotplug.d/firmware/11-ath10k-caldata | 1 + target/linux/ath79/image/generic-tp-link.mk | 11 ++++ 4 files changed, 64 insertions(+) create mode 100644 target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts diff --git a/target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts b/target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts new file mode 100644 index 000000000000..20fd55b409e4 --- /dev/null +++ b/target/linux/ath79/dts/qca9563_tplink_eap225-v1.dts @@ -0,0 +1,51 @@ +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT + +#include +#include "qca9563_tplink_eap2x5-1port.dtsi" + +/ { + compatible = "tplink,eap225-v1", "qca,qca9563"; + model = "TP-Link EAP225 v1"; + + aliases { + led-boot = &led_status_green; + led-failsafe = &led_status_amber; + led-running = &led_status_green; + led-upgrade = &led_status_amber; + }; + + leds { + compatible = "gpio-leds"; + + led_status_green: led-0 { + label = "green:status"; + color = ; + function = LED_FUNCTION_STATUS; + gpios = <&gpio 7 GPIO_ACTIVE_HIGH>; + default-state = "on"; + }; + + led_status_amber: led-1 { + label = "amber:status"; + color = ; + function = LED_FUNCTION_STATUS; + gpios = <&gpio 9 GPIO_ACTIVE_HIGH>; + }; + + led_status_red: led-2 { + label = "red:status"; + color = ; + function = LED_FUNCTION_STATUS; + gpios = <&gpio 1 GPIO_ACTIVE_HIGH>; + }; + }; + + gpio-export { + compatible = "gpio-export"; + led_enable { + gpio-export,name = "leds:enable"; + gpio-export,output = <1>; + gpios = <&gpio 5 GPIO_ACTIVE_HIGH>; + }; + }; +}; diff --git a/target/linux/ath79/generic/base-files/etc/board.d/02_network b/target/linux/ath79/generic/base-files/etc/board.d/02_network index 8c09932bd7e7..11e8d59058ae 100644 --- a/target/linux/ath79/generic/base-files/etc/board.d/02_network +++ b/target/linux/ath79/generic/base-files/etc/board.d/02_network @@ -65,6 +65,7 @@ ath79_setup_interfaces() tplink,cpe610-v2|\ tplink,cpe710-v1|\ tplink,eap225-outdoor-v1|\ + tplink,eap225-v1|\ tplink,eap225-v3|\ tplink,eap245-v1|\ tplink,re350k-v1|\ diff --git a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata index 1d02da863991..829d04203666 100644 --- a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata +++ b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata @@ -139,6 +139,7 @@ case "$FIRMWARE" in caldata_extract "art" 0x5000 0x844 ath10k_patch_mac $(macaddr_add $(mtd_get_mac_binary romfs 0xf100) 2) ;; + tplink,eap225-v1|\ tplink,eap245-v1|\ tplink,re450-v2|\ tplink,re450-v3|\ diff --git a/target/linux/ath79/image/generic-tp-link.mk b/target/linux/ath79/image/generic-tp-link.mk index 363be289c659..ac01767fcc84 100644 --- a/target/linux/ath79/image/generic-tp-link.mk +++ b/target/linux/ath79/image/generic-tp-link.mk @@ -393,6 +393,17 @@ define Device/tplink_eap225-outdoor-v1 endef TARGET_DEVICES += tplink_eap225-outdoor-v1 +define Device/tplink_eap225-v1 + $(Device/tplink-eap2x5) + SOC := qca9563 + IMAGE_SIZE := 13824k + DEVICE_MODEL := EAP225 + DEVICE_VARIANT := v1 + DEVICE_PACKAGES := kmod-ath10k-ct ath10k-firmware-qca988x-ct + TPLINK_BOARD_ID := EAP225-V1 +endef +TARGET_DEVICES += tplink_eap225-v1 + define Device/tplink_eap225-v3 $(Device/tplink-eap2x5) SOC := qca9563 -- 2.30.2