36
Haxk20
318d

Well one thing that became obvious today is that companies that make wifi routers really dont want you flashing other firmware on it.

For example i got a new router cause it was time.
Ofc fully compatible with OpenWRT. The thing tho ? The GUI flashing process accepts only encrypted binaries. And surprise we as customers cant encrypt it like they do.

So the next thing that comes to mind instantly is UART. They cant break that right ? Well turns out they can. They just disallow key inputs from console. So you cant make the damn device load into TFTP mode.

And D-Link has this lovely recovery utility that accepts unencrypted firmware. EZ way to flash it right ? WRONG. The garbage doesnt load second time after you load it once in 1 boot. And even if you get it to start loading the firmware. It wont really flash it.

Luckily there was an exploit :)
And joining via telnet and enabling http server on PC and wget-ting the binary from there. And flashing.

Honestly now. I pay money for this garbage. I own the hardware. Let me do what i want with it.

At least it runs kernel 5.10 now and is super fast :) Worth the trouble honestly

(Should be noted im not new to flashing firmware on routers. But this is the first one that really didnt want me to flash it. Like nuking my freaking UART access ? Taking it too fucking far)

Comments
  • 12
    Luckily people document the flashing process so I can just check which router is easy to flash before I buy it. :)
  • 12
    " I own the hardware. Let me do what i want with it." - 120% agreement. MY device, MY decision.

    i guess it's mostly protection against overzealous lawyers, if someone does Bad Stuff(tm) with custom-flashed hardware - but then again, knife manufacturers don't get sued if someone stabs someone...
  • 3
    Never had problems on Asus, Linksys, or MikroTik routers. Other brands I tried were just exponentially crappier, so no surprise they'll make everything to lock you in.
  • 3
    @electrineer The point is we shouldnt need to check that kind of stuff. We should not be UART locked out. I get signing firmware. I would do it as well. But UART ? Really ? Thats just asshole move on OEM side.
  • 1
    @tosensei Smartphones. Take example there.

    A chip that runs is controlling the rest so they do crap. If they do. It shuts them down. For real.

    Can be a pain in the ass when you writting drivers for the thing and it shuts down but well yea :)
  • 0
    @Haxk20

    I think you need to look into very specific corners of the market these days for hardware that gives you some freedom.

    For a homebrew WiFi router, I'd use a Raspberry Pi Compute Module, which is low power ARM, but can have up to 8GB ram and has a PCIex slot which can be fitted with a Linux-friendly high end WiFi card with antenna connectors.
  • 0
    @tosensei can't bar hardware features from you then sell you subscription so that their software allows it later

    I mean in reality probably what is happening is snooping related or special interest groups buddying up. Why allow you to flash their software off when your ISP can just sell you another modem/router, pretending that will fix your "problem"? You also can't AdBlock for the whole household. In the 90s ISPs tried to charge $$$ for "running a server" at home except, you had to self report that you were doing so... Lol
Add Comment