posted
10/06/10
By Fredrik "DXter" Jonsson
Last night, me and my dear friend Jonas Ländin talked yesterday at Second Wednesday at LabCenter, Stockholm.
The topic for the evening was “Homebrew software in embedded devices” and I really had a blast during the show! We showed and explained how third party firmware’s such as DD-WRT, OpenWRT and Tomato work and what you can do with them. We also went through topics such as software hacking, hardware hacking, firmware exploitation, debricking (through software and hardware), etc, etc… If anyone want any of my homemade scripts that I used yesterday for boot loader root shell access or debricking, please send me an e-mail and I will be happy to share them with you.
First of all I really want to thank Jonas who did the session together with me. You did a great job pal!
I want to thank everybody that came to see us! I hope you enjoyed the evening just as much as we did. 
I also want to give big thanks to my dear friend and mentor Hasain who was kind enough to give me a ride with him back home to Västerås after the show was over. Thank you a lot my friend! You saved me a lot of time and effort!
And thank you everybody who watched the live stream at http://www.labcenter.se/live. That includes my beautiful girlfriend Eva, my partner in crime Dalle and my future colleague Claudia. 
Once again, thanks a lot everybody!
// Fredrik “DXter” Jonsson
posted
28/11/09
By Fredrik "DXter" Jonsson
I have now been running all my networks at home through a DIR-600 that has been acting as my edge firewall for a couple of weeks now. Everything has been running very smooth and without any problems at all. I have never had a need to reboot the device for any reason at all, but I had to turn it off for two weeks ago for a short time since my girlfriend and I were changing power cables in the living room. And since I preconfigured the device before I replaced my good, old WRT54GL, the affecting downtime was only about 1-2 minutes.
The flash processes of the devices was also very easy since there is a device specific DD-WRT image that you upload through the web GUI just like upgrading the original firmware with a newer version. During the flash process, I was quite surprised by a cool feature that I noticed.
Usually when you change the firmware of a device from the vendors firmware to a homebrew version, like DD-WRT, you really want to erase the previous configuration. Otherwise you can really mess up your device if DD-WRT tries to parse or load the configuration that is created by the previous firmware. This is usually done by doing a factory reset of the device or by clearing out the NVRAM with the command: “erase nvram & reboot” in a console through Telnet/SSH/Serial. But with the device specific image for DIR-600, the NVRAM is cleared during the flash process and I already have a “clean” device the first time it boots.
The first thing I noticed was the absence of VLAN support. 
Notice that there is no VLAN tab under Setup.
Due to this, I had to redesign my network a little bit. I usually use VLAN’s to separate my networks in different segments. But now since I didn’t have VLAN configuration available in my edge firewall, I had to use iptables between my networks to secure them from each other. The benefit of using VLAN’s instead of a firewall is that there is no firewall between the networks that can be exploited. But since this is on my inside, I guess that it is good enough (for now).
I was very confused by the absence of the VLAN tab. If I look at my NAS (that i also running DD-WRT) I can clearly see the VLAN tab under Setup.
My WRT-600N is running DD-WRT with VLAN support. (Yes, I am a true master of paint. )
This was very strange to me, but I accepted the sad fact that there was no VLAN support in DIR-600. Time passed, but some days ago I wanted to investigate the thing a little bit more. I started by checking the URL to the VLAN configuration of the my NAS device, which is http://192.168.85.253/Vlan.asp. It was a long shot, but I decided to try what happens if I try to load the Vlan.asp page on my DIR-600 using it’s IP instead of my NAS-device. The result is this:
It was a great surprise to see the “hidden” VLAN configuration in DIR-600. Please note that VLAN tab is still missing!
I haven’t tried the VLAN settings yet (since of my reconfiguration, but I will try it soon), but I think that we can assume that they are working. So what is my final conclusion of my little experiment? Well, I must say that I am happy to confirm to you that with the DD-WRT firmware on the DIR-600, I have a wonderful D-Link router. (And if you are curious enough, you can actually have VLAN support as well. ) And since D-Link now provides home brewers with SDK’s for their products, I think that they understand that other people are apparently better than they are in building firmware’s for their own devices. It has been a really fun trip with the DIR-600, but right now I really miss my dear WRT54GL that is hiding in my closet that will come back into service any day now.
Is anyone interesting in buying a used DIR-600 that is loaded with DD-WRT? It is actually a D-Link router that absolutely rocks! 
// Fredrik “DXter” Jonsson
posted
17/11/09
By Fredrik "DXter" Jonsson
D-Link will release a new access point called DAP-1360 in December. Nothing mind-blowing about that, all hardware vendors release new products now and then. The cool thing with DAP-1360 is that it is running Linux (i.e GPL firmware) and D-Link is also providing a SDK (on request) for home brewers to be able to make their own firmware’s for it.
Personally, I guess that there will be ports of OpenWRT and DD-WRT for this unit in a very near future. The only ting I actually miss in the specifications (ftp://ftp.dlink.eu/datasheets/DAP-1360.pdf) for the device is support for Power over Ethernet, but I guess that you can’t have everything sometimes.
I really salute D-Link for this initiative and I hope that we will see a D-Link box with the same wonderful hardware (and firmware support) as Linksys WRT54GL!
DAP-1360, an alternative for WRT54GL in the near future?
// Fredrik “DXter” Jonsson
posted
06/11/09
By Fredrik "DXter" Jonsson
When I was a young network technician, (back in the days when I was like 16-17), I just loved D-Link’s business products. Everybody knows that the (cheap) consumer products from D-Link works like crap. But I was a huge fan of the D-Link DFL series back in 2003. My own firewall that I had at home at that point of time was a DFL-700, that was a regular D-Link box, BUT was shipped with firmware from Clavister. (Clavister software underneath with D-Link web GUI on top). Even today, I can actually miss it sometimes in a nostalgicall way.
My theory regarding the crappy D-Link consumer products during the last years has been this:
“The device (hardware) is not the problem. It’s “only” the stock firmware that has some serious issues…”
Until this day, I have never had a chance to prove my theory as a fact. But now, I have finally ordered a D-Link DIR-600 just for the purpose of evaluating the hardware (not the stock firmware!). DIR-600 is actually supported by DD-WRT and what I will do with it, is to flash it with DD-WRT and actually use it as my primary firewall at home, protecting all of my networks (including DMZ)! I will have all my devices traffic flow through this firewall and do some serious tests with it regarding many facts, such as throughput, functionality and reliability (nothing that the original firmware can provide).
I will let this test go for at least two weeks and I will post the result here to share with you guys. What do you think is the problem? The hardware or the software?
// Fredrik “DXter” Jonsson
posted
20/10/09
By Fredrik "DXter" Jonsson
My dear pal Jonas Ländin has always been a very big fan of DD-WRT and has been using it for a very long time. For people not familiar with DD-WRT, it is a homebrew Linux based firmware that provides a big number of premium class features (such as HotSpot functionality, VPN, SIP, QoS, SSH, Content Filtering, Access Restrictions, VLAN and 802.1x support, etc…) for a big number of home consumer routers.
Since my own Cisco based network at home, a.k.a “The GhostZone”, had grown too big and needed to get smaller since my girlfriend moved in to my place, I decided to give DD-WRT a chance and try to shut down all my Cisco devices (firewalls, routers, switches, accesspoints, etc…) and try to replace everything with a DD-WRT based network.
However, for some time ago, I accidentally (yes, its true 
) bricked a Linksys WRT54GL router during the flash process. The router got bricked, meaning it was dead. No ping, no web interface, no DHCP server active, NOTHING!
I was afraid that I might have bricked my new WRT54GL, making it useless. But to my great surprise, using powerful tools like Nmap and Google, I found out that the WRT54GL has a TFTP service running during the boot procedure!
So what I found out after some investigation on the web, was that the WRT54GL “always” has a TFTP service running for a few seconds during the boot procedure of the router on the address 192.168.1.1 (regardless of IP-configuration), BEFORE the configuration loads to RAM from NVRAM.
After finding some very useful documentation at the website for Tomato (another homebrew firmware), I managed to create the following script to restore my router. This requires a firmware file with the necessary TFTP headers in the file. The Linksys original firmware or device specific DD-WRT firmware works just fine.
What the script does:
1. The script but the computers LAN connection to a static IP.
2. Puts environmental variables for the script.
3. Try to ping the router and initialize the TFTP transfer if possible. (WRT54GL’s normal TTL when using ping is 64. During the boot procedure, the TTL should be 100 from the WRT54GL to indicate that the TFTP service is running.)
4. Put the computer back to DHCP.
This script needs administrative privileges since it is changing IP settings (system wide settings). Another thing to remember is that it is using Windows built-in TFTP client, which is installed in XP, but needs to be installed as a feature in Windows Vista and above.
netsh int ipv4 set address "Local Area Connection" static 192.168.1.10 255.255.255.0 192.168.1.1
set FIND=%WINDIR%\command\find.exe
if exist %FIND% goto PING
set FIND=%WINDIR%\system32\find.exe
if exist %FIND% goto PING
set FIND=find
ING
ping -n 1 -w 50 192.168.1.1 | %FIND% "TTL="
if errorlevel 1 goto PING
tftp -i 192.168.1.1 put c:\firmware.bin
if errorlevel 1 goto PING
netsh int ipv4 set address "Local Area Connection" dhcp
1. Save the script above text in a .bat file.
2. Save the firmware you want to c:\firmware.bin.
3. Connect the network cable from your computer to one the WRT54GL LAN ports.
4. Run the script in an elevated prompt (right click -> run as admin).
5. Power on the router.
6. Wait 1-5 minutes.
7. Do a factory reset.
8. Congratulations! You now have a working WRT54GL!
![Linksys_wrt54gl_front_mini[1]](http://poweradmin.se/blog/wp-content/uploads/Linksys_wrt54gl_front_mini1_thumb.jpg "Linksys_wrt54gl_front_mini[1]")
Not a very good looking box, but it is still a real beauty when it comes to functionality provided by the DD-WRT firmware!
// Fredrik “DXter” Jonsson
P.S I have noticed that this process works on ALL Linksys routers that I have got my hands on so far. Another thing I can confess is that I have bought a number of bricked routers on Ebay and made them come alive again like Frankenstein. D.S
![Linksys_wrt54gl_front_mini[1]](http://poweradmin.se/blog/wp-content/uploads/Linksys_wrt54gl_front_mini1.jpg "Linksys_wrt54gl_front_mini[1]")
