CPE220 V2 Safeloader Password and firmware Recovery process

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

CPE220 V2 Safeloader Password and firmware Recovery process

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
CPE220 V2 Safeloader Password and firmware Recovery process
CPE220 V2 Safeloader Password and firmware Recovery process
2018-08-22 00:58:50

Hi,

 

What is the password for the Safeloader Menu for the CPE220 V2 and what is the process to recover it using a Serial Cable?

This is assuming the device has been flashed with Openwrt or DD-WRT or a similar firmware.

 

I do not have one but have been asked the process.

 

 

 

  0      
  0      
#1
Options
15 Reply
Re:CPE220 V2 Safeloader Password and firmware Recovery process
2018-08-22 05:20:25

apcameron wrote

What is the password for the Safeloader Menu for the CPE220 V2 and what is the process to recover it using a Serial Cable?

This is assuming the device has been flashed with Openwrt or DD-WRT or a similar firmware. 

 

See this thread in the old forum, it describes the recovery process for the Pharos devices. For the safeloader password it was admin when I tried it last. But expect problems with early versions of OpenWRT, which can't be recovered from.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options
Re:Re:CPE220 V2 Safeloader Password and firmware Recovery process
2018-08-23 00:38:45

When following the standard TFTPD method this it what the messages look like in the TFTPD Log

Connection received from 192.168.0.254 on port 4011 
Read request for file <recovery.bin>. Mode octet 
OACK: <timeout=5,blksize=512,> 
Using local port 49447 [
<recovery.bin>: sent 9643 blks, 4936747 bytes in 2 s. 0 blk resent 
Connection received from 192.168.0.254 on port 3164 
Read request for file <vmlinuz>. Mode octet 
File <vmlinuz> : error 2 in system call CreateFile The system cannot find the file specified

  0  
  0  
#3
Options
Re: CPE220 V2 Safeloader Password and firmware Recovery process
2018-08-23 01:14:10 - last edited 2018-08-23 01:25:16

apcameron wrote

When following the standard TFTPD method this it what the messages look like in the TFTPD Log

 

...
File <vmlinuz> : error 2 in system call CreateFile The system cannot find the file specified

 

Did you read the thread I linked to? Quote from post #14 there:

 

The request for vmlinuz seems to come from the OpenWRT linux loader or a modified environment setting in the SafeLoader.

 

 

Maybe you can manage to get a full dump of the firmware from another CPE220 and use the brute force method of copying it into the partitions of the bricked CPE (if you still can boot into OpenWRT). I have only a CPE210 v1, so I can't provide the correct image for CPE220 v2.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#4
Options
Re:Re: CPE220 V2 Safeloader Password and firmware Recovery process
2018-08-24 15:20:04 - last edited 2018-08-24 15:37:59

this is exactly why I don't take the risk to patch none of my tp link devices with Openwrt or DD-WRT firmware because there is always a risk

if I ever want to try or learn I will do it with an old device first, just in case something goes wrong

I understand about extra features or whatever benefit you might get by using any of those open firmware but is too much a risk

not to mentioned if you ever want to revert back to stock firmware

I read that the method should be straight forward but only if there is no problem and everything is working fine

but once the device is experiencing problems it might be a bit too difficult

since I don't want to brick my nice and beautiful tp link devices, I stayed away from those firmware

but I had configure routers with that firmware in the past, I don't know how much it has changed because that was a few years ago

I understand if the perosn wants to get rid of tp link old green GUI and the device doesn't have support for the new GUI

but the new GUI is beautiful

all my devices are running the new GUI because all my devices are new

also some of my customes devices were able to update from the old greeen GUI to the new GUI

because they had support for the new GUI

I honestly don't see any reason why change the firmware unless the person want to unlock some extra feature

but honestly I got everything I need with the stock firmware

at least my device will work better than having a bricked device

  0  
  0  
#5
Options
Re:Re:Re: CPE220 V2 Safeloader Password and firmware Recovery process
2018-08-24 15:30:47

I've got the same problem with the CPE210. I put OpenWRT on it and wanted to go back to the stock firmware. When I flashed the stock firmware, it got bricked.

 

I tried to recover it with TFTPD64 and with serial connection, but no success. It always asks for a file called vmlinuz. 

 

Serial output:

 

"

TP-LINK SafeLoader (Build time: Jun 12 2015 - 09:49:53)
CPU: 560MHz AHB: 225MHz DDR: 64MB
Performing LED check..  PASS
Press CTRL+B to enter SafeLoader: 1
Flash Manufacturer: Unknown(0xc8)
Flash Device ID: Unknown(0x4017)
Data flash init failed.
open user-config failed.
open user-config failed.

enet0 port4 up

TFTP server address is 192.168.0.100; our address is 192.168.0.254
Get filename 'recovery.bin'.

TFTP error: Starting again.
faddr is 0x0, fsize is 0x0
reserved is 0x83832c86, load_reserved_size is 0x0
WARNING: Data loaded outside of the reserved load area, memory corruption may occur.
##Warning: File is unidentiable. Try downloading

TFTP server address is 192.168.0.100; our address is 192.168.0.254
Get filename 'vmlinuz'.

TFTP error: Starting again.
faddr is 0x0, fsize is 0x0
reserved is 0x83832206, load_reserved_size is 0x0
WARNING: Data loaded outside of the reserved load area, memory corruption may occur.
##ERROR: Can't download image.
 

"

 

Why does it say open "user-config failed." even when I try to enter the password ?

 

  0  
  0  
#6
Options
Re:Re:Re:Re: CPE220 V2 Safeloader Password and firmware Recovery process
2018-08-24 15:42:03 - last edited 2018-08-24 15:43:53

well recently I tried to upgrade my device firmware that I always upgrade with out any problem and this time it refuses to upgrade

but after I disable the adblocker the device started to flash the firmware

 

a few days ago i flashed the WBS210 firware with CPE610 firmware

so I'm sure that firmware will also work with CPE210

try with that firmware to see if you are able to bring your device back to stock firmware

  0  
  0  
#7
Options
Re:Re:Re:Re:Re: CPE220 V2 Safeloader Password and firmware Recovery process
2018-08-24 15:52:09
I tried it with that fimrware, no success. Still asks for some kind of vmlinuz
  0  
  0  
#8
Options
Re:Re:Re: CPE220 V2 Safeloader Password and firmware Recovery process
2018-08-24 17:42:37 - last edited 2018-08-24 17:48:32

antoniooninato wrote

this is exactly why I don't take the risk to patch none of my tp link devices with Openwrt or DD-WRT firmware because there is always a risk

if I ever want to try or learn I will do it with an old device first, just in case something goes wrong

 

Actually, the desaster with OpenWRT on CPEs is the first of this kind in 12 years, where I did flash more than 2.800 devices (Linksys WRT54G, WRT160NL, Buffalo WZR-HP300G/NH, Netgear WNDR3800/4300, TP-Link WDR4300, TP-Link Archer C7, UniFi AP etc.) with almost all OpenWRT versions from early White Russian up to LEDE 17.01 for production use in the field and also back to the stock firmware from the vendor.

 

So, it's clearly the guy who did the port to CPE to blame, but not OpenWRT. Only thing the OpenWRT devel team is to blame for is to still list the CPE as a supported device on their website.

 

In case of CPEs I agree with you: IMHO, OpenWRT does not have any advantage compared with TP-Link's Pharos functionality. Thus, I prefer to leave CPEs untouched, too. But with most SOHO routers, such as for example the Archer C7 it's a completely different matter: on those platforms I prefer OpenWRT over the stock firmware.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#9
Options
Re:Re:Re:Re: CPE220 V2 Safeloader Password and firmware Recovery process
2018-08-24 20:21:46 - last edited 2018-08-24 20:29:29

excellent response

 

fair enough

 

I also agreed with you there yes there is some advantage with custom firmware specially on routers that have very limited functionalty or basic options

I had some routers that were compatible with those custom firmware and I thought about flashing them a few times but I decided not to

but I do understand what you're saying I think that user rush to make the CPE port

also not all routers are supported, in some cases just a few version of a router is supported

while a different version of the same router is not supported

some people even try to force the flash in unsupported hardware or flash the wrong version

 

I will only attempt to flash and old model first then when I learn and master the process 

I might try to patch other models

but I will do it only if some one asked me to flash their router or if someone has a router with a stock firmware that is a complete disaster.

I hate to set up routers with horrendous GUI, is better to work with things that you feel comfortable and you completely master and understand

 

as a right now i only have many new tp links routers that i would not dare to try flash

but i will check the list of supported devices later to see what i can get

i always like to learn new stuff to expand the knowlegde

 

i don't mind ruining an old router

laugh

in case the flash fails

  0  
  0  
#10
Options
Re:Re:Re:Re:Re: CPE220 V2 Safeloader Password and firmware Recovery process
2018-08-24 21:13:33 - last edited 2018-08-24 21:16:01

antoniooninato wrote

I will only attempt to flash and old model first then when I learn and master the process 

 

Good attitude! That's how I do it, too.

 

What's more, Pharos APs are devices for a very specific purpose, as are Omada EAPs. That's why I wouldn't flash OpenWRT on those devices.

 

SOHO WiFi routers are multi-purpose all-in-one devices (router, firewall, WiFi AP, DNS/DHCP server etc. pp.) and on such devices OpenWRT just rocks, b/c it opens the world of Linux tools for embedded systems.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  1  
  1  
#11
Options