TP-Link EAP245 v1

Under Construction!
This page is currently under construction. You can edit the article to help completing it.

Please feel free to contribute and improve the guide.

Device specifications

TP-Link EAP245 v1 is an AC1750 (802.11ac Wave-1) ceiling mount access point.

  • SoC: QCA9563 @ 775MHz
  • RAM: 128MiB DDR2
  • Flash: 16MiB SPI-NOR
  • Wireless 2.4GHz (SoC): b/g/n, 3×3
  • Wireless 5Ghz (QCA9880): a/n/ac, 3×3
  • Ethernet (AR8033): 1× 1GbE, 802.3at PoE

Supported Versions

Hardware Highlights

Flashing instructions

The initial source of this page is the relevant https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=b11ad48764404d6eefc01b5acf9e54c9f6f00973.
Please note fnt__1, as modern Linux distros try to avoid you from connecting to legacy ssh servers with outdated authentication methods, which is what dropbear-ssh from the device offers.

Recipe

  1. Upgrade the device to stock firmware v1.4.0 if necessary (as of 2025 v.1.4.0 is the latest firmware released by the vendor)
  2. Exploit the user management page in the web interface to start telnet server telnetd by changing the username to: ;/usr/sbin/telnetd -l/bin/sh&
  3. Immediately change the malformed username back to admin to make ssh work again.
  4. From your workstation client, use the root shell via telnet (telnet <device-ip>) to make /tmp writeable to any user:
    chmod 777 /tmp -R
  5. Extract /usr/bin/uclited from the device via ssh and apply the binary patch listed below. The patch is required to prevent uclited -u in the last step from crashing.
    ssh -oPubkeyAcceptedAlgorithms=+ssh-rsa -oHostKeyAlgorithms=ssh-rsa -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@<device-ip> “dd if=/usr/bin/uclited” > uclited 1)
  6. make a copy of uclited to uclited-patched and apply the binary patch:
    cp uclited uclited-patched
  7. After patching, copy the patched uclited programme back to the device to /tmp/uclited using ssh:
    ssh -oPubkeyAcceptedAlgorithms=+ssh-rsa -o HostKeyAlgorithms=ssh-rsa -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@device-ip “dd of=/tmp/uclited” < uclited-patched
  8. Upload the factory image to /tmp/upgrade.bin (via ssh):\\ssh -oPubkeyAcceptedAlgorithms=+ssh-rsa -o HostKeyAlgorithms=ssh-rsa -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@device-ip “dd of=/tmp/upgrade.bin” < ~/Downloads/openwrt-ath79-generic-tplink_eap225-v1-squashfs-factory.bin (adjust the path to image.bin file as necessary)
  9. Now, go back to the telnet session, make the patched uclited binary executable and run it to install OpenWRT:
    chmod +x /tmp/uclited && /tmp/uclited -u

Wifi issues

At least one user has experienced slowdowns with the default ath10k CT firmware. This was most often noticeable as the wifi speed dropping after the access point was running for a few hours. A reboot would restore full speed until a few hours had passed. Switching from the default -ct firmware has resolved this. To change the firmware you can do the following:

  • Login as root via SSH on 192.168.1.1, then enter the following commands:
opkg update
opkg remove kmod-ath10k-ct
opkg remove ath10k-firmware-qca988x-ct
opkg install kmod-ath10k
opkg install ath10k-firmware-qca988x

Then reboot your access point.

1)
This guide has been tested under GNU Linux. Modern distributions try to prevent you from connecting to an outdated and insecure ssh server as the AP device provides. You need to find a workaround to make your operating system connect to an old ssh server. On modern Fedora, you have to enable a legacy crypto policy be executing: sudo update-crypto-policies --set LEGACY. Do not forgot to switch this back to DEFAULT after you have flashed the openwrt image to the AP device.
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2025/07/15 13:08
  • by crdaley