Recently I found a good deal on a refurbished WRT54G2 wireless access point / router. I had been looking for a straight WRT54G, but at $25.72, including free shipping, I had to bite at this little refurbished unit.
** Please Read **
Now before going any farther I would like to point out that what is involved may result in voiding of any warranty and support from the manufacturer. You may also "brick" your new toy, i.e. you will break it to the point of requiring a soldering iron to fix it. I wasn't worried about this, but you might be. Please consider this before continuing.
** End Please Read **
For those of you that are not familiar with dd-wrt, open-wrt, or even Tomato, let me explain.
These are projects that have been developed to replace the current operating system (OS) from the manufacturer with a Linux based system. Giving you more control and flexibility with your hardware. For those that think the original system is better then a possible replacement with Linux, I would like to point out that the existing system is already Linux based.
In order to do this the Firmware must be replaced through a process known as flashing. What this entails doing is taking a binary image, transferring it to the device and then having the device rewrite the firmware with this new image. The process itself is automated and the worst part is transferring the image(s).
So first we have to obtain the images. Go to the project of your choice and see if your hardware is supported. I found out fairly quickly that there was a design change with the WRT54G2. Linksys, now owned by Cisco, had changed the OS image since the WRT54G.
The original plan had been to use Tomato. Unfortunately these changes prevented that. Fortunately I was able to use dd-wrt.
A quick look at dd-wrt and I was able to locate the specific instructions and links to the appropriate images. In this case I had actually had to get several different images and a specialized tool.
Images used, in order of use:
VxWorks Prep
http://www.dd-wrt.com/routerdb/de/download.php?file=395
VxWorks Killer
http://www.dd-wrt.com/routerdb/de/download.php?file=393
Micro Generic Image
http://www.dd-wrt.com/routerdb/de/download.php?file=282
Micro Image with sshd
ftp://dd-wrt.com/others/eko/V24_TNG/svn11650/dd-wrt.v24-11650_NEWD_micro-plus_ssh.bin
And one very specific tool for the tftp transfer
http://www.dd-wrt.com/dd-wrtv2/downloads/others/tornado/Linux_Linksys_Tftp/linksys-tftp.tar.bz2
** Please note that the tool I used was from redsands directly. It is the same tool however.
Once these have been downloaded we need to build the modified tftp tool. The reason that we have to use the modified tool is because Linksys modified tftp to require a password as an argument. This still boggles my mind since tftp was never meant to require any authentication and is completely done through clear text.
Since the tool is nicely packaged in a tar ball we simply need to untar it:
$ tar -xvjpf linksys-tftp.tar.bz2
linksys-tftp-1.2.1/
linksys-tftp-1.2.1/tftp.h
linksys-tftp-1.2.1/Makefile
linksys-tftp-1.2.1/main.c
linksys-tftp-1.2.1/tftp.c
linksys-tftp-1.2.1/tftpsubs.c
linksys-tftp-1.2.1/README
$
Now we will change into the linksys-tftp-1.2.1 directory:
$ cd linksys-tftp-1.2.1/
$
A quick use of ls will reveal that we have several files:
$ ls
main.c Makefile README tftp.c tftp.h tftpsubs.c
$
Be sure to read the README for any recent notices and changes in the instructions. This is a C program so make sure that you have GCC installed and available.
Next we need to use the command make to build the binaries:
$ make
...output omitted...
$
Once this is done we have the tool for transferring the images over a modified tftp session to the device.
Next make sure that you have a WIRED connection to the device. We don't want the connection to get garbled part way through transmission. Make sure that the computers IP address is 192.168.1.10 with a net mask of 255.255.255.0 and NOT dynamically assigned. The wap/router is going to be 192.168.1.1.
Also ensure that if you have a firewall set that it is not going to block a successful transmission. The default firewall on a Fedora 10 installation will. Please be sure to make the appropriate adjustments.
run ./linksys-tftp
$ ./linksys-tftp
TJ Shelton redsand [at] redsand.net
Mike Lynn abaddon [at] 802.11ninja.net
Linksys TFTP Client for *BSD/Linux The Firmware gets sexier
Modified Berkeley TFTP client Release: !(@) 1.2.1 (10/01/03)
linksys-tftp>
At this point we need to go ahead and establish a conection:
linksys-tftp> connect 192.168.1.1
linksys-tftp>
And finally we are going to put up the image:
linksys-tftp> put ../VxWorksPrep-G2V1.bin password
Replace password with whatever your password is. The default is admin. Again this is being sent as plain text and you should consider it a temporary password to be replaced later on.
Once the transmission is done the router will automatically begin a flash and reboot. This can take up to three minutes. Once it is completed with the prep image we are going to use the kill image. Again it is automatically going to reboot and we are going to have to wait for it to finish. Once that is done you can put in the dd-wrt image.
When I did this I first did the dd-wrt image that was generic and then followed with the other image since the first one was less then desirable. It should be possible to skip the first dd-wrt image. I have not done that and will not guarantee any results.
Be sure to change your password over a secure connection. Probably the best way to do this to first establish an ssh port forwarding session:
$ ssh -L 8080:192.168.1.1:80 root@192.168.1.1
DD-WRT v24-sp2 micro (c) 2009 NewMedia-NET GmbH
Release: 02/18/09 (SVN revision: 11650)
root@192.168.1.1's password:
==========================================================
...snip...
BusyBox v1.13.2 (2009-02-18 17:58:33 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.
root@DD-WRT:~#
Now simply open up a browser and point it to http://localhost:8080.
Now we have a secure connection for administration. One downside I have noticed with dd-wrt is the lack of a secure connection. This is a great way to ensure the security for your administrative password.
And that is it. Configure it to your hearts content and enjoy your new dd-wrt router!
** Please Read **
Now before going any farther I would like to point out that what is involved may result in voiding of any warranty and support from the manufacturer. You may also "brick" your new toy, i.e. you will break it to the point of requiring a soldering iron to fix it. I wasn't worried about this, but you might be. Please consider this before continuing.
** End Please Read **
For those of you that are not familiar with dd-wrt, open-wrt, or even Tomato, let me explain.
These are projects that have been developed to replace the current operating system (OS) from the manufacturer with a Linux based system. Giving you more control and flexibility with your hardware. For those that think the original system is better then a possible replacement with Linux, I would like to point out that the existing system is already Linux based.
In order to do this the Firmware must be replaced through a process known as flashing. What this entails doing is taking a binary image, transferring it to the device and then having the device rewrite the firmware with this new image. The process itself is automated and the worst part is transferring the image(s).
So first we have to obtain the images. Go to the project of your choice and see if your hardware is supported. I found out fairly quickly that there was a design change with the WRT54G2. Linksys, now owned by Cisco, had changed the OS image since the WRT54G.
The original plan had been to use Tomato. Unfortunately these changes prevented that. Fortunately I was able to use dd-wrt.
A quick look at dd-wrt and I was able to locate the specific instructions and links to the appropriate images. In this case I had actually had to get several different images and a specialized tool.
Images used, in order of use:
VxWorks Prep
http://www.dd-wrt.com/routerdb/de/download.php?file=395
VxWorks Killer
http://www.dd-wrt.com/routerdb/de/download.php?file=393
Micro Generic Image
http://www.dd-wrt.com/routerdb/de/download.php?file=282
Micro Image with sshd
ftp://dd-wrt.com/others/eko/V24_TNG/svn11650/dd-wrt.v24-11650_NEWD_micro-plus_ssh.bin
And one very specific tool for the tftp transfer
http://www.dd-wrt.com/dd-wrtv2/downloads/others/tornado/Linux_Linksys_Tftp/linksys-tftp.tar.bz2
** Please note that the tool I used was from redsands directly. It is the same tool however.
Once these have been downloaded we need to build the modified tftp tool. The reason that we have to use the modified tool is because Linksys modified tftp to require a password as an argument. This still boggles my mind since tftp was never meant to require any authentication and is completely done through clear text.
Since the tool is nicely packaged in a tar ball we simply need to untar it:
$ tar -xvjpf linksys-tftp.tar.bz2
linksys-tftp-1.2.1/
linksys-tftp-1.2.1/tftp.h
linksys-tftp-1.2.1/Makefile
linksys-tftp-1.2.1/main.c
linksys-tftp-1.2.1/tftp.c
linksys-tftp-1.2.1/tftpsubs.c
linksys-tftp-1.2.1/README
$
Now we will change into the linksys-tftp-1.2.1 directory:
$ cd linksys-tftp-1.2.1/
$
A quick use of ls will reveal that we have several files:
$ ls
main.c Makefile README tftp.c tftp.h tftpsubs.c
$
Be sure to read the README for any recent notices and changes in the instructions. This is a C program so make sure that you have GCC installed and available.
Next we need to use the command make to build the binaries:
$ make
...output omitted...
$
Once this is done we have the tool for transferring the images over a modified tftp session to the device.
Next make sure that you have a WIRED connection to the device. We don't want the connection to get garbled part way through transmission. Make sure that the computers IP address is 192.168.1.10 with a net mask of 255.255.255.0 and NOT dynamically assigned. The wap/router is going to be 192.168.1.1.
Also ensure that if you have a firewall set that it is not going to block a successful transmission. The default firewall on a Fedora 10 installation will. Please be sure to make the appropriate adjustments.
run ./linksys-tftp
$ ./linksys-tftp
TJ Shelton redsand [at] redsand.net
Mike Lynn abaddon [at] 802.11ninja.net
Linksys TFTP Client for *BSD/Linux The Firmware gets sexier
Modified Berkeley TFTP client Release: !(@) 1.2.1 (10/01/03)
linksys-tftp>
At this point we need to go ahead and establish a conection:
linksys-tftp> connect 192.168.1.1
linksys-tftp>
And finally we are going to put up the image:
linksys-tftp> put ../VxWorksPrep-G2V1.bin password
Replace password with whatever your password is. The default is admin. Again this is being sent as plain text and you should consider it a temporary password to be replaced later on.
Once the transmission is done the router will automatically begin a flash and reboot. This can take up to three minutes. Once it is completed with the prep image we are going to use the kill image. Again it is automatically going to reboot and we are going to have to wait for it to finish. Once that is done you can put in the dd-wrt image.
When I did this I first did the dd-wrt image that was generic and then followed with the other image since the first one was less then desirable. It should be possible to skip the first dd-wrt image. I have not done that and will not guarantee any results.
Be sure to change your password over a secure connection. Probably the best way to do this to first establish an ssh port forwarding session:
$ ssh -L 8080:192.168.1.1:80 root@192.168.1.1
DD-WRT v24-sp2 micro (c) 2009 NewMedia-NET GmbH
Release: 02/18/09 (SVN revision: 11650)
root@192.168.1.1's password:
==========================================================
...snip...
BusyBox v1.13.2 (2009-02-18 17:58:33 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.
root@DD-WRT:~#
Now simply open up a browser and point it to http://localhost:8080.
Now we have a secure connection for administration. One downside I have noticed with dd-wrt is the lack of a secure connection. This is a great way to ensure the security for your administrative password.
And that is it. Configure it to your hearts content and enjoy your new dd-wrt router!
