Category: OpenWrt

ASUS WL-500GP v2: flash firmware using CFE

I had a bricked router Asus WL500GP v2, luckily the CFE bootloader was still reachable through serial port. After setup a TFTP server and downloaded the appropriate upgraded firmware from OpenWrt, the CFE command was:

flash -noheader 192.168.1.100:openwrt.trx flash1.trx

where:

  • flash1.trx is the destination flash (and not flash0.trx as I saw in some tutorials)
  • 192.168.1.100 is the TFTP server IP
  • openwrt.trx is the firmware image
  • -no header is that option to override header verification

Trasform your DSL modem Netgear DG834GT into a featured router with OpenWrt

This tutorial will explain how to transform a Netgear DG834GT into a fully featured router based on OpenWrt.

DG834GT specific wiki: http://wiki.openwrt.org/toh/netgear/dg834gt#configuring.wireless

The latest release Attitude Adjustment requests too many resources, especially RAM, with the result of getting an unstable firmware and an incredible slowly Luci web interface. The previous release Backfire is strongly recommended.

 

Getting the sources

Checkout the Backfire repository

svn co svn://svn.openwrt.org/openwrt/branches/backfire
cd backfire

You can check the currently installed revision with:

svn info

Option: if u are just recompiling and want to update the repository:

svn update

 

Updating Feeds

./scripts/feeds update -a

Make all downloaded packages available in the menuconfig

./scripts/feeds install -a

We have to produce a general purpose configuration of the build system including a check of dependencies and prerequisites for the build environment. In case of any missing dependencies install them and run again.

make defconfig

On Xubuntu 13.04, for instance, I had to install some missing dependencies:

sudo apt-get install gawk libncurses5-dev

 

Before compiling

Now we are ready to define the target and all the optional modules we want to include in the image, but be sure not to exceed the limit of 4Mb for the flash memory. Consider a limit of about 3.8Mb, if you flash a bigger image you will delete the CFE bootloader and brick the modem.

make menuconfig

Main configuration

Target System (Broadcom BCM947xx/953xx [2.4]) ---> (X) Broadcom BCM63xx
Target Profile (Generic, Broadcom WiFi (default)) ==> (X) Atheros WiFi (default)

To get a working wifi in the past I add the include the package atk-9th but, as far as I can see, it is not necessary anymore and the default kmod-madwifi package is enough to get the wifi working but with a limited RF power of 10mW max.

I found out, instead, that installing the package kmod-ath5k you can get more options concerning the RF power, ranging from 1mW to 500mW.

Kernel modules ---> Wireless Drivers ---> kmod-ath5k

and deselect the default module:

Kernel modules ---> Wireless Drivers  ---> kmod-madwifi........................ Driver for Atheros wireless chipsets

Install Luci, the web interface which is written in Lua and unfortunately is very slow.

LuCI ---> 1. Collections ---> <*> luci

Then add any application you need for your needs, for instance:

LuCI  ---> 3. Applications ---> 
 <*> luci-app-ddns........................... Dynamic DNS configuration module
 <*> luci-app-wol................................ LuCI Support for Wake-on-LAN
 <*> luci-app-qos..................... Quality of Service configuration module

Disable the making of the image using jffs2 since it is not needed because the final size will be too big to fit the flash. Deselect:

Target Images ---> [ ] jffs2

in order to have only

Target Images ---> [*] squashfs (NEW) enabled

Option: Install Nano as alternative editor

Utilities ---> Editors ---> <*> nano........................... An enhanced clone of the Pico text editor (NEW)

Option: it is possible to add an USB 1.1 port with some hardware modifications, check it out here http://wiki.openwrt.org/toh/netgear/dg834gt#configuring.wireless

I have successfully added the USB port so that I have to add the support for USB device for storage (unfortunately no webcam support cause no enough room on flash). Be careful because you will reach the flash size limit.

Kernel modules ---> USB Support --->
 <*> kmod-usb-core............................................ Support for USB
 <*> kmod-usb-ohci............................... Support for OHCI controllers
 <*> kmod-usb-storage..................................... USB Storage support

Enable which filesystems we desire to have, the package EXT4 also support EXT2 and Ext3. VFAT needs also the right codepages for your country, I am using the default locale so that I need the CodePage-437 and Iso-8859-1.

Kernel modules ---> Filesystems --->
 <*> kmod-fs-ext4..................................... EXT4 filesystem support
 <*> kmod-fs-vfat..................................... VFAT filesystem support
 <*> kmod-nls-cp437...................... Codepage 437 (United States, Canada)
 <*> kmod-nls-iso8859-1...... ISO 8859-1 (Latin 1; Western European Languages)

Install the Luci Samba module:

LuCI ---> Applications ---> <*> luci-app-samba.................... Network Shares - Samba SMB/CIFS module

Option: disable DebugFS, deselect:

Global build settings ---> [ ] Compile the kernel with Debug FileSystem enabled (NEW)

Save the configuration and exit.

 

Network configuration

We are going to create two VLAN in order to share WAN and LAN on the same switch ports. We want the WAN on port 0 (labeled LAN4 on the case) and LAN available on port 1, 2, 3 of the switch (labeled instead LAN3, LAN2, LAN1).

The default configuration is quite simple

cat /target/linux/brcm63xx/base-files/etc/config
# Copyright (C) 2008 OpenWrt.org

config interface loopback
        option ifname   lo
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0

config interface lan
        option type     bridge
        option ifname   eth1
        option proto    static
        option ipaddr   192.168.1.1
        option netmask  255.255.255.0
        option nat      1

config interface wan
        option ifname    eth0
        option proto    dhcp

 

Then edit (and save) the file in order to create the desired VLANs:

# Working on Netgear DG834GT
#
# WAN = VLAN1 = switch port0
# LAN = VLAN0 = switch port1,2,3
# unused        switch port4 
# cpu           switch port5

config 'switch' 'eth1'
option 'enable' '1'
option 'enable_vlan' '1'
option 'reset' '1'

config 'switch_vlan' 'vlan0'
option 'vlan' '0'
option 'device' 'eth1'
option 'ports' '1 2 3 5*'

config 'switch_vlan' 'vlan1'
option 'vlan' '1'
option 'device' 'eth1'
option 'ports' '0 5t'

config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'

config 'interface' 'lan'
option 'type' 'bridge'
option 'ifname' 'eth1.0'
option 'proto' 'static'
option 'ipaddr' '192.168.2.1'
option 'netmask' '255.255.255.0'
option 'nat' '1'

config 'interface' 'wan'
option 'ifname' 'eth1.1'
option 'proto' 'dhcp'

 

If you need a fixed WAN configuration you might edit it like this:

config 'interface' 'wan'
option 'ifname' 'eth1.1'
option 'proto' 'static'
option 'netmask' '255.255.255.0'
option 'ipaddr' '192.168.2.10'
option 'gateway' '192.168.2.254'
option 'dns' '192.168.2.254'

 

Ready to compile

To optimize and speed up the compilation, it can be distributed all over the CPU cores with the -j option. To know how many cores your CPU has:

cat cpuinfo | grep processor

Then start to compile, my CPU has 4 cores:

make -j 4

If you need to reduce the CPU usage you can use ionice:

http://wiki.openwrt.org/doc/howto/build#building.on.multi-core.cpu

After a successful build, the fresh built image can be found as:

/bin/brcm63xx/openwrt-DG834GT_DG834PN-squashfs-cfe.bin

Flash the image using the embedded CFE bootloader.

 

 

CFE Bootloader dump with OpenWrt

It is always a good idea to dump the original CFE bootloader of your router because playing too much you might brick it. For instance when you flash a new image firmware, CFE doesn’t check the image size before flashing and if the size exceeds its flash size, the CFE bootloader will be corrupted.

MTD blocks list

Connect to your router using the serial port or through telnet or ssh.

First of all check which MTD block cointains the CFE bootloader. Here I am using a D-Link DSL-2640B, but this guide, broadly speaking, should work on all routers.

cat /proc/mtd

dev: size erasesize name
 mtd0: 00010000 00002000 "CFE"
 mtd1: 000dff00 00010000 "kernel"
 mtd2: 00300000 00010000 "rootfs"
 mtd3: 00090000 00010000 "rootfs_data"
 mtd4: 00010000 00010000 "nvram"
 mtd5: 003e0000 00010000 "linux"

Dump the bootloader

The CFE bootloader is contained in block0, dump it with dd

dd if=/dev/mtdblock0 of=/tmp/cfedump.bin

128+0 records in
128+0 records out

We can check our personal settings written at the beginning

hexdump -C -s 1200 -n 1000 cfedump.bin

000004b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000004e0  43 46 45 31 43 46 45 31  00 00 00 00 00 00 00 00  |CFE1CFE1........|
000004f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000500  10 00 02 ac 00 00 00 00  43 46 45 31 43 46 45 31  |........CFE1CFE1|
00000510  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000570  63 66 65 2d 76 01 00 25  0a 02 00 00 00 00 00 00  |cfe-v..%........|
00000580  00 00 00 04 65 3d 31 39  32 2e 31 36 38 2e 32 2e  |....e=192.168.2.|
00000590  33 36 20 68 3d 31 39 32  2e 31 36 38 2e 32 2e 37  |36 h=192.168.2.7|
000005a0  31 20 67 3d 31 39 32 2e  31 36 38 2e 32 2e 32 32  |1 g=192.168.2.22|
000005b0  30 20 72 3d 66 20 66 3d  76 6d 6c 69 6e 75 78 20  |0 r=f f=vmlinux |
000005c0  69 3d 62 63 6d 39 36 33  78 78 5f 66 73 5f 6b 65  |i=bcm963xx_fs_ke|
000005d0  72 6e 65 6c 20 64 3d 34  20 70 3d 30 20 00 00 00  |rnel d=4 p=0 ...|
000005e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000680  00 00 00 00 44 2d 34 50  2d 57 00 00 00 00 00 00  |....D-4P-W......|
00000690  00 00 00 00 00 00 00 01  00 00 00 00 00 00 00 18  |................|
000006a0  00 21 91 1a aa 14 00 00  b1 0f 4d 44 00 00 00 00  |.!........MD....|
000006b0  00 00 00 30 00 00 00 00  00 00 00 00 00 00 00 00  |...0............|
000006c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

MIPS CPUs are big endian so the dump file will be with the same endiannes. In case you have to restore the CFE remember to convert it to the appropriate endiannes, in fact the majority of JTAG flash utilities work with little endian only.

Copy locally the image

Before using scp you must have your root password set. If not you can set it easily with

passwd

Then from your local computer

scp root@192.168.2.36:/tmp/cfedump.bin .

 

OpenWrt D-Link DSL-2640B

I was given a D-Link DSL-2640B router for which I decided to change the firmware in order to enable several options not available on the original one, for instance the possibility to modify the wifi RF power and having an OpenVPN server.

Following are the basic steps to compile OpenWrt Backfire branch. I also tried previously the latest Attitude Adjustment release but I experienced an embarrassing slow speed and a recurring instability of LuCI web interface.

For additional information about this router: http://wiki.openwrt.org/toh/d-link/dsl-2640u

Get the sources

svn co svn://svn.openwrt.org/openwrt/branches/backfire
cd backfire

Install and update all the packages

./scripts/feeds update -a
./scripts/feeds install -a

Launch the configuration menu and set the appropriate options

make menuconfig

Main configuration

Target System (Broadcom BCM947xx/953xx [2.4]) ---> (X) Broadcom BCM63xx
Target Profile (Broadcom WiFi (default))  ---> (X) Broadcom WiFi (default)

Disable the jffs2 image since we will use only squashfs

deselect Target Images ---> [ ] jffs2

in order to have only [*] squashfs (NEW) enabled

Reduce the image size (optional)

Global build settings  --->
check                       [*] Remove ipkg/opkg status data files in final image
uncheck                     [ ] Compile the kernel with Debug FileSystem enabled
check                       [*] Strip unnecessary exports from the kernel image

Enable LuCI and the applications you might need

LuCI  --->  1. Collections  ---> <*> luci
            3. Applications ---> <*> luci-app-ddns........................... Dynamic DNS configuration module
                                 <*> luci-app-openvpn................................ LuCI Support for OpenVPN
                                 <*> luci-app-qos..................... Quality of Service configuration module
                                 <*> luci-app-wol................................ LuCI Support for Wake-on-LAN

Utilities  ---> Editors  ---> <*> nano........................... An enhanced clone of the Pico text editor

Exit and save

Custom configuration (optional)

In some cases, you may want to have a custom image that has been pre-configured. If so, place your custom files in <buildroot dir>/files/

For example, I prefer to have already specified the physical WAN and LAN ports in the network settings. Two VLANs are then defined, WAN is assigned to ethernet connector #4.

mkdir -p /files/etc/config/
touch /files/etc/config/network

This is my network file content

config 'switch' 'eth1'
 option 'enable' '1'
 option 'enable_vlan' '1'
 option 'reset' '1'
config 'switch_vlan' 'vlan0'
 option 'vlan' '0'
 option 'device' 'eth1'
 option 'ports' '1 2 3 5*'
config 'switch_vlan' 'vlan1'
 option 'vlan' '1'
 option 'device' 'eth1'
 option 'ports' '0 5t'
config 'interface' 'loopback'
 option 'ifname' 'lo'
 option 'proto' 'static'
 option 'ipaddr' '127.0.0.1'
 option 'netmask' '255.0.0.0'
config 'interface' 'lan'
 option 'type' 'bridge'
 option 'ifname' 'eth1.0'
 option 'nat' '1'
 option 'proto' 'static'
 option 'netmask' '255.255.255.0'
 option 'ipaddr' '192.168.2.100'
config 'interface' 'wan'
 option 'ifname' 'eth1.1'
 option 'proto' 'static'
 option 'netmask' '255.255.255.0'
 option 'ipaddr' '192.168.1.10'
 option 'gateway' '192.168.1.2'
 option 'dns' '192.168.1.2'

Build the image

The build process can be accelerated by running multiple concurrent job processes using the -j option, be careful because sometimes it may fail (it happened to me with Attitude Adjustment). On my multicore i7 cpu will be

make -j 8

The image will be found in /bin/bcrm63xx/openwrt-DSL2640B-squashfs-cfe.bin

I usually flash the image using the CFE bootloader through the serial port (available in the back of the router), remember to check the image size which must not be greater than approx 4MByte otherwise it will corrupt the bootloader bricking the router.

 

WordPress Themes