So I tore apart my Archer VR1600v

No big post. Because of the interest in reverse engineering these things I ripped mine apart and took some photos. So I’m sharing those here.

The only thing of note I can mention here is the 4 unpopulated pads that look suspiciously like a serial or UART header.

I had intended to raid this, but I can’t seem to locate my serial/UART adaptor and I killed my RPi with some careless power drilling. So, no firmware break and enter for you unfortunately.

Let me know if you manage to take a peek though.

Otherwise, here’s the world’s shittiest teardown for you.

1 screw under the serial number sticker, 2 in the back of the thing. Then it’s all poptabs from there. I’ve got 2 of these and didn’t intend on putting this back together, so I just grabbed a screw driver and pried it open with all the care this locked down piece of “just good enough for our customers ” hardware deserves. It’s never getting it’s case back after the things I did to it.

No flash rom to tap into here, it’s a Broadcom system on chip it seems. I couldn’t find a data sheet in the 3 mins I spent looking, but even if I did I would have started with that sus looking port to the bottom right of the heatsink footprint.

If there’s something similar on the version 2, I dare say that’s out way in to getting some juicy config or a firmware dump.

Pro tip: if you hold the WPS button down on power up, some TP-Link hardware boots into a maintenance or flash mode. So might be worth a shot.

Anyway have fun.

2 comments on “So I tore apart my Archer VR1600vAdd yours →

Leave a Reply

Your email address will not be published. Required fields are marked *