Hello,
Recently I have noticed that the TP-Link Router model Archer C50 (V6) has a UART Pinout and wanted to see what it would happen if I connected to it.
<–DISCLAIMER: I AM A NERD DOING NERD THINGS, NOT A PROFESSIONAL–>
Here is the router with the lid removed:
Warning the plastic clips absolutely suck to open with a spudger I suggest a metal one, it will scratch up the plastic though.
Once inside, here is a look at the pins of interest:
As you can see, a row of 4 pin, typical sign of UART on routers and other embedded devices.
Now, probing the pins to guestimate what pins are what, from left to right they are TX(3.3V) RX GND 3.3V
With my multimeter I found a ground point at the WI-FI Button at the top right of the PCB on the prior picture, I could see 3.3V that fluctuated on a fresh reboot indicating it was sending data, I saw nothing on the next pin so it could be ground but, know the first PIN was TX the logical conclusion is that this grounded pin was the RX pin, following that ground, then steady 3.3v with no fluctuation.
I was originally going to use a Raspberry Pi 3B as it has 3.3v UART, but unfortunately it had died, so I settled on an Arduino, this is where I could have made a BAD MISTAKE! The Arduino is a 5V device on it’s UART, lucky in this case the TP-Link C50 v6 appears to be 5V tolerant, which is not the case for all serial devices!
If you want to use an Arduino as a serial UART to USB adapter, you need to connect the reset pin to the ground pin (My White cable)
You may notice that my TX is to TX and my RX is to RX and that is an Arduino quirk, indeed this is by design! TX on the Arduino is really the RX and the RX is really the TX! It’s talking from an outward perspective!!!
As for what should be on the Arduino, NOTHING! Leave a blank sketch!
When booting the router, nothing would happen, probably bugging out from the 5V TX so I unplugged my (BLUE) GND pin and the router would boot, then quickly plugging in the blue GND cable I would see serial communication on my COM port at 115200 BAUD (normal for routers).
We can see it’s using UBOOT normal for routers, meaning we can see a partition table as part of the boot sequence.
Here is that partition table, perhaps in future we can break into some of these such as the “config” partition and have some fun!
Definitely a Linux/Unix device, after some digging I found it was BusyBox, Fairly common.
I also found an instance of dropbear (SSH Server) on port 22 with an RSA, curious what this could be used for.
And this is the end of my adventure for now, Possibly more updates on the TP-Link in future!
Thanks for reading,
Thomas aka Tproc.
No responses yet