Hi!

Does anyone was able to build custom firmware?

I've tried to build one using broadcom/linksys tools. I've tried to add some files, repack, build trx and when notice ASUS has added some trailer to the end of cramfs image. It's 64 bytes long for an older firmware version and 3324 bytes for the new one. I've added 3324 bytes one and was able to upload custom firmware to router. Unfortunatly it does not start. Then I've used Asus firmware restoration tool to bring it back to boot. I've not verified yet what's wrong... Any thoughts?

Regards.

Isn't all the firmware under the GPL-license, don't we have any rights to get all the sources from asus?

Originally posted by Snigel
Isn't all the firmware under the GPL-license, don't we have any rights to get all the sources from asus?

yes as noted in other messages of me, my contactperson at Asus Taiwan did not respond yet to this issue.

it would be very interresting when we would be able to build our own customized firmwares

i still can't do anything with the gpl source from linksys. because i don't have any linux box running anymore (except my wl500g offcourse :P)

it's a pitty that others did not follow linksys yet (asus, buffalo, gemtek, dell, microsoft)

I think that there must be something bigger we can contact and send against asus. There are people that stands for the GPL and those talked to Linksys, we need to inform them about what Asus is doing.

Originally posted by vdovikin
Hi!

Does anyone was able to build custom firmware?

I've tried to build one using broadcom/linksys tools. I've tried to add some files, repack, build trx and when notice ASUS has added some trailer to the end of cramfs image. It's 64 bytes long for an older firmware version and 3324 bytes for the new one. I've added 3324 bytes one and was able to upload custom firmware to router. Unfortunatly it does not start. Then I've used Asus firmware restoration tool to bring it back to boot. I've not verified yet what's wrong... Any thoughts?

Regards.

did the device not boot
or was it blinking (firmware failure) ???

if i'm not wrong the linksys is using some other chips onboard. i have to check this out

I don't know what exactly happen. But I'm was unable to access it. Some leds flashing...
Yes, WRT54G hardware differs, so I've used the original ASUS kernel & rootfs with minor modifications.
Either way I will try again...

Finally I was able to make the bootable firmware. I'm was able to add one executable that is needed for me (aprox 56k in size) and have modified the boot sequence to launch the init file from the usb drive if one found (/mnt/usbfs/init).
So for now my wl500g launches telnetd at startup and alters the firewall settings to drop requests to telnet from the outside.
So it's possible, but I still can't inject telnetd to the rootfs - maybe just a size or the align issue...

Originally posted by vdovikin
Finally I was able to make the bootable firmware. I'm was able to add one executable that is needed for me (aprox 56k in size) and have modified the boot sequence to launch the init file from the usb drive if one found (/mnt/usbfs/init).
So for now my wl500g launches telnetd at startup and alters the firewall settings to drop requests to telnet from the outside.
So it's possible, but I still can't inject telnetd to the rootfs - maybe just a size or the align issue...

like.. SEND IT TO ME! ;) please mail it to forum@chupa.nl size doesn't matter, i'll give it a place at this site

and maybe you could build a custom firmware for now, that only launches the init file from usb drive, without the executable you needed.

then it would be possible to rebuild almost the whole wl500g at your usb disk. functions could be added for support of 2+ printers etc..
i don't know how much fast the broadcom chip is.. but if it's very fast then we would be able to build a mysql+php and apache at it.

thanks for this breakthrough! :)

could you also describe here, or in the mail how to build a new firmware? it's time for me te reinstall a linux box i think :)

very interesting! listing...

I've sent the firmware to forum@chupa.nl, waiting for Antiloop to make it available.


If you want to try this firmware (but it's your own risk) - please be sure to reboot wl500g before the upgrade. It's possible that your router will not reboot automatically after the firmware upgrade is complete and you will get "connection refused" from your browser. Don't worry - just turn power off and then on. This is probably an ASUS issue... If your pwr led start flashing - the firmware does not work for your, and you will need to run Firmware restoration tool. If your router does not bootup and pwr led not flashing - do the following: poweroff it, press the RESTORE key on the back, and turn power on. Release the power key as soon as pwr led start flashing - you can run firmware restoration.

This firmware contains the telnetd & the following things from
busybox-1.0pre5:

/bin/date
/bin/dd
/usr/bin/free
/usr/bin/head
/sbin/insmod
/bin/login
/bin/netstat
/usr/bin/nslookup
/usr/bin/passwd
/usr/bin/sort
/usr/bin/strings
/usr/bin/tail
/usr/bin/tee
/usr/sbin/telnetd
/usr/bin/time
/usr/bin/top
/usr/bin/uniq
/bin/watch
/usr/bin/wget

The required are: login, passwd, telnetd, insmod. Other tools are just my preference. ;-)

During the boot this new firmware will initialize passwd&group files, which is needed for login/telnetd. You will be able to telnet to your box using the 'admin' as login name, and password you've set for the web interface. The telnetd security: this firmware will block all access to telnetd from the WAN port, if you have the same setting for the web access.

This firmware has also an ability to execute arbitrary commands during the boot. You just need to put such a commands (all prefixed with bootCmd) to the nvram. Something like this:

nvram set bootCmd0="/usr/sbin/wl -i eth2 txpwr 50"
nvram set bootCmd1="/mnt/usbfs/init"

Also you need to commit this using

nvram commit

Then just reboot your wl500g, and check /tmp/bootCmd.log for the output messages if any.

I will post patches/instructions for building the firmware later.

Regards,
Oleg.

i've succesfully upgraded the firmware, no problems till now
ps. i had to manual reset the router, as described.
ps2. do a cold reboot (ie. poweroff), if you run out of memory your upgrade could fail.
mostly the /tmp/ stays active even when warm reboot

the new firmware can be found at:
http://files.wl500g.info/asus/wl500g/firmware/customized/

and downloaded at:
http://files.wl500g.info/asus/wl500g/firmware/customized/wg01060503_WL500g_en_custom1.trx

i've copied a piece of my log:
Jan 1 01:00:19 dhcp client: lease is lost
Jan 1 01:00:19 passwd[361]: password for `admin' changed by user `admin'
Jan 1 01:00:19 alarm: UDP connection access to 1.2.3.4:68 from 213.46.108.65:67
Jan 1 01:00:19 alarm: UDP connection access to 1.2.3.4:68 from 213.46.108.65:67
Jan 1 01:00:20 alarm: TCP connection access to 1.2.3.4:1742 from 207.46.107.69:1863
Jan 1 01:00:21 dhcp client: bound IP address 1.2.3.4 from server 1.2.3.5
Jan 1 01:00:26 alarm: TCP connection access to 1.2.3.4:1758 from 62.58.50.10:110
Dec 29 01:40:53 NTP client: time is synchronized to 131.107.1.10
Dec 29 01:41:38 alarm: TCP connection access to 1.2.3.4:113 from 217.67.235.13:60547
Dec 29 01:42:11 login[836]: root login on `pts/0'

this is from the first boot after firmware upgrade.

Does http://my.router/Main_AdmStatus_Content.asp still work?
Another question: does http://my.router/Main_AdmStatus_Content.asp work on firmware 1.6.5.3?thanks!

Originally posted by chase
Does http://my.router/Main_AdmStatus_Content.asp still work?
Another question: does http://my.router/Main_AdmStatus_Content.asp work on firmware 1.6.5.3?thanks!

yes / yes

Vdovikin, Antiloop, thanks a lot!!! An excellent work! ;)

call me stupid but is there a practical use for this firmware? Or is it simply training for some future enhancement like special server modes, vpn or else? Why should i telnet to my router - just to look around on the system and to understand how it works?

Yes, these features are for advanced users, who needs more precise control on the hardware (e.g. to change the default settings for wlan card), firewall settings, establishing vpn tunnels, solving the network problems and so on. This requires linux knowledge.
If you don't need this, just don't use it. There are no new features available via the regular web interface.

It works perfectly (except the fact that the WLAN settings are now set to '1Mb/s to 11Mb/s', but it is still working in 54Mb/s mode).

Looking in the conf files, i have understood how to properly activate the anonymous login on the FTP server :
- disable the anonymous login
- create an anonymous account, password: * and rights are Read Only

By the way, i have asked this request to the asus support team and i am still waiting for an answer....

Ark, I've not touch anything inside the firmware in regard to wireless stuff, so it's probably 1.6.5.3 issue and not a fault of mine. ;-)

I have one question regarding the custom firmware.
Is there any command in the telnet session that i can use to edit files on the router? Couldn't find one when i was playing around

You can find the link to newest complete Busybox compiled by Oleg in that thread: http://wl500g.info/showthread.php?s=&threadid=92 There's also VI editor included...

I am thinking about some useful things which would be nice to have implemented in next release of customized firmware. What do you think about that? Would somebody of our Linux/Firmware gurus be able to do it? ;)

1) wl.o module to be replaced by wl_apsta.o from Linksys WRT-54G 1.42.3 (or later). The newer wl_apsta.o module allows to put the WL-500b/g module into Client mode.
2) adding option for web folder location change so the web folder could be moved to USB flash disk - it would allow us to start working on configuration web pages design change (to create some additional configuration buttons / boxes in the web configurator). The released on-board flash space would be an advantage.
3) serial port emulation on parallel port - it would be really nice to have something like serial port on WL-500b/g (I am afraid the tip from Linksys forum for UART assembly does not apply to WL-500b/g). I would like to connect a mobile phone to WL-500b and try to setup a GPRS connection to Internet provider. An additional driver for USB<->RS232 converter would be also nice but AFAIK there are many chipsets for that purpose... And I don't plan to use parallel port for any shared printer.
4) OV511 webcam driver update with current version 1.61 I still can't make my Creative Labs WebCam III USB working in monitoring mode. The newer drivers are available here: http://alpha.dyndns.org/ov511/ . Unfortunately I am too stupid to compile it and update my WL-500b. :(

Originally posted by Technik
I am thinking about ...

2) adding option for web folder location change so the web folder could be moved to USB flash disk - it would allow us to start working on configuration web pages design change (to create some additional configuration buttons / boxes in the web configurator). The released on-board flash space would be an advantage.


Telnet to my.router (well yours!)
CD to the dir that contains your index.asp CD /mnt/usbfs/whatever
Kill the HTTPD task
killall httpd
Restart HTTPD
httpd

Note: some of the configuration web pages seem to use relative paths to the configuration utilities/scripts/enviroment vars and don't work if you simply copy the entire web dir!

Originally posted by Oleg
nvram set bootCmd0="/usr/sbin/wl -i eth2 txpwr 50"
nvram set bootCmd1="/mnt/usbfs/init"

Also you need to commit this using

nvram commit

Then just reboot your wl500g, and check /tmp/bootCmd.log for the output messages if any.

Oleg, I am trying to extend the PATH and LD_LIBRARY_PATH via the nvram method but no luck. Is there a way to extend the path (without compiling new firmware)?
greetings Marco

If you need this for telnet sessions - try restarting telnet daemon right in the bootCmd after setting needed variables. Or you can launch alternative telnetd on different port for testing. As seems current firmware does not setup the PATH & LD_LIBRARY_PATH in any way.
The other way is to generate /etc/profile which is read by shell during the invocation. Seems this is the most preferable way. You can do this with the same nvram commands or copy it right from the USB flash.

Regards,
Oleg.

Originally posted by Oleg
If you need this for telnet sessions - try restarting telnet daemon right in the bootCmd after setting needed variables. Or you can launch alternative telnetd on different port for testing. As seems current firmware does not setup the PATH & LD_LIBRARY_PATH in any way.
The other way is to generate /etc/profile which is read by shell during the invocation. Seems this is the most preferable way. You can do this with the same nvram commands or copy it right from the USB flash.

Thank you Oleg, the latter method worked flawlessly!

Greetings Marco

Hi, just wondering if someone is also interested in creating of customized firmware with support for traffic shaping, QoS features and SSH. I am no Linux guru, just someone who knows how to compile things. If somebody likes to help, I would really appreciate it ;) I will try to play around with own firmware and see what will come up.
Have fun everyone and thanks Oleg !

I m looking for the same functions in thw new firmware.....

and what about rddtool?

I just realized that the watchdog program has its configureation hard-coded into the binary . This will be a problem for anyone wanting to make significant changes to the way the router runs. For example, you can't disable the HTTP server. :eek:

Watchdog is not a big problem - the functionality could be easily recoded. Mostly it contains
1) checker for the processes which is need to be run (from /etc/watchdog.conf) - once any of this dies it will call usb-eject and reboot the router
2) ntpclient
3) firewall refreshing stuff based on the current time (it is calling /init/firewall.refresh)
4) reset to defaults functionality - provided by signal handler (signal are sent by splink_led module)

Most of this stuff not needed at all.

The big problem is the printing - too much code required...

Originally posted by Oleg

4) reset to defaults functionality - provided by signal handler (signal are sent by splink_led module)

Most of this stuff not needed at all.


I agree that most is not needed. Could you explain #4, though? How does the splink_led module cause a reset, and what triggers it?

After some experimentation, I decided to avoid watchdog entirely. The one thing that it does that I want but can't figure out is how to use call the NTP client program so that the "date" command give local, not UTC time.

splink_led enables interrupt from the gpio line where the reset button attached (if you do cat /proc/interrupts you will see RTD on the irq2 - this one is created by splink_led). Also it has interface - /dev/led4 which is in fact not a led driver but a way for registering user space process (watchdog) to which splink_led should send the signal once the button is pressed. But this wierd functionality can be easily be done without any interrupts handlers - there is a posibility to read the gpio line states from within user space using /dev/gpio/gpioin (if I recall the things correctly). Also there is no need to use kernel module for driving leds also, everything already provided by broadcom in the kernel.

As for ntp - I've just noticed that actually there is ntpclient which do all the things - watchdog just drives the firewall, and this also can be done using ipt_time. As for local/utc time - you should set TZ variable for this to work. See my /etc/profile for details.

Regards,
Oleg.