The tool binwalk is the industry standard for firmware analysis.

The most transparent method for firmware acquisition is the official support website.

For security researchers aiming to analyze TP-Link firmware, the following methodology is standard:

Older TP-Link firmware releases often lacked robust cryptographic signing of the firmware image. While the firmware might be encrypted, if the device does not verify a digital signature (RSA/ECDSA) from the vendor before flashing, an attacker who can intercept the update process could substitute the encrypted image with a maliciously crafted, encrypted image (if the encryption scheme is known or weak).