Hacking TP-Link WR1043ND Part 1

This is a series of blog post detailing about how to hack the TP-Link WR1043ND to maximize its potential.
I will try to be as noob friendly as possible.
My Mods are in no way original, it is just a collection of existing mods combined into a few articles for easy instructional reading.
Special Thanks to the guys @ OpenWRT who made this possible.

The hacks done are as follows:

1. Upgrade the Internal DDR RAM from 32MB to 64MB.
2. Upgrading the firmware from TP-Link Stock Firmware to OpenWRT.
3. Accessing/Operating OpenWRT from Shell Commands
4. Configuring and Tweaking the Router for Maximium Performance. Please Read 3 first.

First of all why mod a router?

• To make it do more for less because a router is actually an embedded system which can do more running Open Firmware rather than suffer the limitations imposed by stock firmware. After installing OpenWRT you will be able to install packages to make the router perform more tasks than ever.
• To get better performance. Most manufacturers do not actually tweak the router performance much, rather they prefer to prettify the routers so they can sell more instead of making it do better at what it is supposed to do because most consumers are stupid.
• Get latest updates. When running stock firmware, updates are pretty much at the mercy of manufacturers, compared to running open firmware like OpenWRT you get new updates every time there is a new release.
• Learn more. You get to learn more about Linux and other stuff you never knew before and that itself is priceless.

Why you do not want to mod a router:

• Firstly it voids warranty, it is possible that during the course of modding you may damage the router if you made a mistake hence it doesn't make sense for the manufacturer to pay for your mistake.
• It is tedious and costly if you do not have the tools or the patience or brains.

The Router

The Router in question is the TP-Link WR1043ND.
Why TP-Link WR1043ND out of so many OpenWRT supported routers?

1. It is cheap. If you check the market for routers you will find it selling for a low cost. I bought it for SGD$75. Do the conversion and you will be convinced.
2. It is powerful. Again if you check the market you will find the next cheapest Gigabit Router priced at more than SGD$100. In the WR1043ND you will find lots of flash memory for installing OpenWRT as well. The 3 Antennas it possess further increase the Wireless Performance. It also contain a USB Port for expanded possibilities (FileSharing anybody?).
3. It is Stable. Because of reason 1) and 2) many hardware hackers have bought and modified this router and OpenWRT to suit it, so it runs incredibly stable on OpenWRT.

TP-Link is a Network Device Manufacturer from China but being objective, I am not concern about branding. I don't get anything useful out of branding, rather I am more concern with the performance I can get for a low cost. Moreover it is a excellent product specification wise.

Information about the MIPS24KC Core SKU

The Specification:

The Core

CPU = Atheros AR9132-BC1E rev 2
MIPS Architecture Rev = MIPS 24Kc V7.4
ASEs implemented = mips16 (code-compression support only)
CPU Speed = 400MHz
Advance High Performance Bus (AHB) = 200MHZ
Instruction cache = 64kB, VIPT, 4-way, linesize 32 bytes
Data cache = 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
Flash Type = Serial
Flash Chip = 25P64V6P 99AJAV5 MYS722
Flash Size = 8MB
RAM Size = 32MB
RAM Bus = 400MHZ
RAM Chip = Zentel A3S56D40FTP
Switch = Realtek RTL8366RG A1G17A2 GA05B
Ethernet Port Count = Gigabit LAN and WAN Ports
Power = 12V/1.5A
USB = 1 USB 2.0 Port

The Radio

Wireless Radio = Atheros AR9103 3x3 MIMO
Channel Width = 20MHZ or 40MHZ
Antenna Connector Type = 3dBi Detachable RP-SMA Omni Directional Antenna X 3
Wireless Standard = IEEE 802.11b/g/n 
WiFi Operating Frequency = 2.4~2.4835GHz (Single Band)
 802.11n = up to 300Mbps
 802.11g = 6, 9, 12, 18, 24, 36, 48, 54Mbps
 802.11b = 1, 2, 5.5, 11Mbps

Part 1: Upgrading the DDR RAM

Upgrading the DDR RAM requires soldering, if you are not good at this you can skip this section.
 
Tools required:

1. Soldering Iron
2. Solder (Try to get good quality ones poor quality ones have very little flux hence difficult to solder)
3. Soldering Flux
4. Way to Desolder SMT Component ( I used ChipQuik, simple fast, easy, and clean )
5. Desoldering Wick
6. Dexterous Hands
7. Magnifying Lens
8. Tweezer 
9. Isopropyl Alcohol for Cleaning also known as Rubbing Alcohol in Pharmacies
10. Compatible DDR RAM IC (TSOP 66, 66 pins and 16bit Data Width, Check the DataSheet to be sure)

List Of Known Compatible RAM IC:
Hynix HY5DU121622DTP-D43
Infineon HYB25D512160B

a) Dissembling The Router

1. Turn off the Power and Unplug all cables. This is common sense.
2. Unscrew the Antennas, this is to prevent obstruction of soldering activity later.
3. Ground yourself, depending on where you are, electrostatic charges can accumulated on your body and its discharge may damage sensitive electrical equipment.
4. Remove the 2 Rubber Feet at the back of the router. The exposed screws are circled in Red.
5. Pull the lid up from the back so the router lid is angled as shown below.
6. Using a Flat Head Screw Driver, slide the tip into the slit exposed in front and give it a gentle twist and the cover should come off. Do it for both sides.                                                                                                           
7. You should see the exposed board as shown. The DRAM to be desoldered is shown below boxed in Red                                                                                                                                                        

b)SMT Desoldering the DRAM

1. Ensure the tip of the Soldering Iron is clean, otherwise you will have a hard time soldering.
2. Spread some soldering flux along on the legs of the DRAM using a tweezer.
3. Next, I melt the ChipQuik on the legs of the IC using the soldering Iron. ChipQuik is a low temperature solder which means it remains in liquid state at warm temperatures therefore it is easy to remove it.
4. Make sure ChipQuik fuses with the legs of the RAM. Do not apply heat directly to ChipQuik or the legs or the DRAM or the Board using the soldering Iron. The trick is to touch the ChipQuik, melt it, spread it on the legs and remove the soldering Iron. This is to lessen the likelyhood of damaging the DRAM by excessive heating. Do this quickly repeatedly until the ChipQuik fuses with the legs of the DRAM. Do this for BOTH sides of the legs on the DRAM.
5. When the ChipQuik fuses with all the legs of the DRAM, gently but firmly nudge the DRAM to dislodge it from the solder pads using a tweezer while ChipQuik is still fluid. If it doesn't budge repeat 3) and try again until it dislodges. Remove the DRAM.
6. After it dislodges use a desoldering wick dip with some flux and put it on the remaining ChipQuik left on the board. You do not have to use desoldering wick on big pieces of ChipQuik you can pluck it off the green board when it cools.
7. Heat the soldering wick with the soldering Iron and it should absorb the ChipQuik like a sponge with water.
8. Clean the Soldering Pad using the method in 7.
9. At the end you should be left with a 66 clean soldering pads ready accept a new IC.
10. If you are still not sure what to do after reading this watch some youtube videos on SMT Soldering it will give you a better picture on SMT Soldering.

c) Soldering on the new DRAM

1. You should have the DRAM IC upgrade ready as shown. 
2. Apply some Flux on the Soldering Pad.
3. Align the Pins of the New DRAM with the Soldering Pads. Notice there is a Black Circle on the DRAM. You need to match the Orientation of the DRAM with the Router Circuit Board diagram printed on the board.
4. Make sure the legs are aligned on BOTH Side of the soldering pads. Apply Flux on the DRAM legs.
5. Dip the tip of the Soldering Iron with some solder and spread it on the legs.
6. Gently spread the solder on the legs using the Soldering Iron. Touch the solder, gently drag along the legs and release, repeat until all the legs are covered. If solder is stucked between 2 or more legs, apply more flux on the stucked solder and repeat Step 6 again.
7. Make sure the solder do not short the legs of the DRAM.
8. Examine the Legs using a Magnifying Lens to make sure no shorting occurs. Make sure every leg of the DRAM gets some solder. If you have too much solder remove the excess out using the soldering wick.
9. Clean the Router Board and the DRAM using clean cloth dipped in Isopropyl Alcohol (Rubbing Alcohol) 
10. Again If you are still not sure what to do after reading this watch some youtube videos on SMT Soldering it will give you a better picture on SMT Soldering.

Let the Router Board Dry (Alcohol evaporate quickly) turn on the power. Your Router should boot up just fine.
Unlike BroadCom MIPS routers most Atheros MIPS router do not need modification of the NVRAM to fully initialize the Memory.

Note that different Routers contain different memory. TSOP 66 is used by DDR Memory and has 66 Pins.
The other common memory found is TSOP 54 which has 54 pins but TSOP 54 has low Storage Density hence it is unlikely to find a compatible DRAM to upgrade to.

Extra Tips: If you feel your router is overheating this is a solution: