Try to hack TP Link M5250

M5250 is a MiFi device which has a built in 3G modem and a WiFi module.

M5250

A beautiful device as it is, it’s function is quite limited. It only can spread your 3G network, no port forwarding, no DDNS, no VPN. But it costs ~500RMB!! Fuck it! However, there is a way to extent your router’s ability—flash openwrt firmware. Unfortunately, M5250 does not have an offically supported openwrt firmware. So I tried to figure out the chipset of M5250 and see whether it is possible to port openwrt to the device. There are few information about M5250 on the internet, making it quite difficult to get things done. However I found that TP Link has a M5 serie of products, including M5250. There’s more information about M5250’s brother M5350, so I just googled M5350 instead as they have similar chipsets. M5350 has a OLED display while M5250 just has three LEDs indicating device’s status. The first figure below is M5350, the other is M5360. They have exactlly the same chips and boards. The only difference is battery volume. M5350M5360 From a post on openrouter.info, an inside picture was shown, saying M5350 uses Qualcomm MDM8200A as CPU, and RTR6285 as 3G modem. But memory(RAM) and ROM info is still unknown. So I first googled Qualcomm MDM8200A and found a spec file about it. It seems that the chip uses multi-architecture processing units. The pdf file says the MDM8200A device integrates four processors:

    • Industry standard ARM926EJ-S 256 MHz embedded microprocessor subsystem
    • QDSP6_1 core (600 MHz) for WCDMA modem firmware
    • QDSP6_2 core (600 MHz) for protocol stack and other software (including peripheral
    • support)
    • QDSP4000™ core (122 MHz) for GSM modem firmware

Things are getting complicate. I am not a hardware level hacker, it’s far beyond my power. I also googled using openwrt and M5250 or M5350 as key words, nothing useful found. I did a teardown of my own M5250, and found a slight difference compared to M5350. M5250 uses ESMT as memory chip while M5350 uses 3DA98(I don’t know what’s that, cannot google it).

That’s all I can do, I guess. Come on geeks! Hack it ASAP!

Update 01/11/2014: Find the WiFi chip of M5250. It’s Qualcomm WCN1314!

2 thoughts on “Try to hack TP Link M5250

    1. bearboybearboy Post author

      Got nothing >.< seems that this device is not popular. I can't find a console or any bootinfo.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *