en
ru
2 / 4

Posts: May 2016

  1. May 17, 2016 Fixing TP-LINK login

    TP-LINK broke settings import after firmware update. Actually it was broken for quite some time (at least since 2014 according to some forums), but I've only just encountered this problem on my WDR3600 router. I don't update router firmware frequently. The breaking change was they stopped storing admin login passwords in plain text and switched to some hash sum instead (which is probably a good thing). As a result people are no longer able to login into their routers anymore after backing up and restoring their configs.

    One possible solution is resetting router to factory defaults and repeating setup from memory or from some web UI screenshots conveniently taken beforehand. I had no such screenshots and the option to reconfigure various port-forwarding and IP-binding rules wasn't very attractive.

    After some googling around I've learned that backed up config is actually more or less a text file encrypted with symmetric cypher (DES-ECB). Fortunately other people already done the research needed to decode it. Decoded config (backed up using older firmware) consists of ~1300 key-value pairs and looks like this:

    lan_ip 192.168.8.200
lan_msk 255.255.255.0
...
lgn_ousr admin
lgn_opswd admin
lgn_usr **********
lgn_pwd **********
...

    To encode it back to a form consumable by the router you need to prepend the file by its MD5 sum and to pad with null bytes to the next 8 byte boundary (before encoding it using the same cypher). I've made a helpful script to automate encoding/decoding process:

    ( tlrecode.sh )

    To restore router login using this script you need to:

    • back up config before firmware update;
    • reset to hardware defaults after the update (if you tried importing the backed up settings and are unable to log in);
    • change login/password to the desired ones and back up the new config;
    • decode both configs with tlrecode.sh config.bin config.txt && tlrecode.sh config-new.bin config-new.txt;
    • update the old config, replacing lgn_ lines with the ones from the new config;
    • encode the updated config with tlrecode.sh -e config.txt config-updated.bin;
    • restore router settings using config-updated.bin.

    After update process finishes you should be able to login with your desired credentials.