Post on 23-Dec-2015
JAILBREAKING SOHO ROUTERS
Dennis Little @ CPLUG | 2010 Aug 10
Thank you!
Jim Capp @ Anteil - Asus router loan for demoshttp://www.Anteil.com
Open source programming& integration
Asterisk digital voice solutions
Customer Relationship Management software
Thank you!
tapestry technologies, LLC – food sponsorhttp://TapestryTech.com
Expertise: DoD STIG (Security Technical Implementation
Guide)
Security Training
Technology Management Partner – full-service technology acquisition, integration and management services
Terms
Firmware – “a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices” – Wikipedia.org
TFTP – trivial file transfer protocol; used to load firmware to a lot of routers/devices with little RAM
JTAG – troubleshooting port useful for fixing “bricked” (ie: corrupted) devices, converter required
Alternative firmware – WHY? Extend functionality beyond stock
firmware
OpenVPN – server and client endpoint
Advanced QoS – service, MAC and port-based
VLAN
SSH server
Alternative Firmware – WHY?
Advanced wireless functionality – AP, client bridge, repeater, WDS
SIP proxy
More advanced port-forwarding and triggering (origination lock-out)
Network traffic graphing
Alternative Firmware – WHY?
Dynamic DNS – sane updates
Hotspot portal / captive portal
Transmit power control / boost (don’t burn out!)
Site survey & Rx/Tx antenna selection
Compatible Hardware
Demo of 3 different models in this talk
Wireless-G router: WRT54G (v1.1) – WRT54GL is a known good candidate, regardless of version
Wireless-G access point: EOC-1650 – requires activation of DD-WRT (~$30 US)
Wireless-N router: Asus RT-N16
WRT54G / WRT54GL
~$60 shipped, hard to find in brick and mortar
1 WAN, 4 LAN Not all versions of WRT54G are compatible! WRT54GL v1.0 / 1.1 compatible BCM5352 – 200 MHz RAM: 16MB FLASH: 4MB 100 mW max (?)
Senao / Engenius EOC-1650
~$50 shipped, hard to find brick and mortar Wireless AP with internal 7dBi panel and 5
dBi external SMA omni antenna (selectable), 300’ PoE injector included, 200 mW max radio
Requires purchase of DD-WRT Professional Atheros AR2315 – 180 Mhz RAM: 32MB Flash: 8MB
Asus RT-N16
~$95 shipped Wireless N router 1 WAN, 4 LAN, 2 USB BCM4718A – 500 MHz RAM: 128 MB Flash: 32 MB
Alternative Firmware
We will cover: Tomato
http://www.PolarCloud.com/tomato
OpenWRT http://www.OpenWRT.org
DD-WRT http://www.dd-wrt.com
Alternative Firmware
Also available…
FreeWRT http://www.FreeWRT.org“meant to be an appliance development kit (ADK) especially designed for embedded system developers and advanced users.”
Tomato – PolarCloud.com
Simple replacement for Linksys, Buffalo, BCMxxx
Extends Linksys WRT54GL GPL firmware
License ? – author’s permission?
Simpler of the 3 with some powerful features
Linksys WRT54G v1-4, GS v1.-4, GL, Buffalo G54/G54s, Asus WL500G
OpenWRT – OpenWRT.org
GPL license
Latest version: Backfire (v10.03)
Very large HCL (hardware compatibility list)
Perhaps a bit more complicated, as many functions as command-line only
DD-WRT – DD-WRT.com
Nice HCL database search and compatibility
Lots of functionality, 99% GUI-driven
Controversial - “GPL”; does not follow GPL 100%, accusations of stolen code, encrypted GUI code
Commercial version available
HCL – Am I compatible?
Tomatohttp://www.polarcloud.com/tomatofaq
OpenWRThttp://wiki.openwrt.org/toh/start
DD-WRThttp://www.dd-wrt.com/site/support/router-database
Demo Time!
GUI of Tomato, OpenWRT and DD-WRT