Save WiFi: Act Now To Save WiFi From The FCC

Right now, the FCC is considering a proposal to require device manufacturers to implement security restricting the flashing of firmware. We posted something about this a few days ago, but completely missed out on a call to action. Contrary to conventional wisdom, we live under a system of participatory government, and there is still time to convince the FCC this regulation would stifle innovation, make us less secure, and set back innovation in the United States decades.

The folks at ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and other have put together the SaveWiFi campaign ( capture, real link is at this overloaded server) providing you instructions on how to submit a formal complaint to the FCC regarding this proposed rule.

Under the rule proposed by the FCC, devices with radios may be required to prevent modifications to firmware. All devices operating in the 5GHz WiFi spectrum will be forced to implement security features to ensure the radios cannot be modified. While prohibiting the modification of transmitters has been a mainstay of FCC regulation for 80 years, the law of unintended consequences will inevitably show up in full force: because of the incredible integration of electronic devices, this proposed regulation may apply to everything from WiFi routers to cell phones. The proposed regulation would specifically ban router firmwares such as DD-WRT, and may go so far as to include custom firmware on your Android smartphone.

A lot is on the line. The freedom to modify devices you own is a concern, but the proposed rules prohibiting new device firmware would do much more damage. The economic impact would be dire, the security implications would be extreme, and emergency preparedness would be greatly hindered by the proposed restrictions on router firmware. The FCC is taking complaints and suggestions until September 8th.

Even if you’re not living under the jurisdiction of the FCC, consider this: manufacturers of routers and other WiFi equipment will not be selling two version of hardware, one to the US and another to the rest of the world. What the FCC regulates affects the entire world, and this proposed rule would do us all a disservice. Even if you’re not in the US, tell your second favorite websites to cover this: neither Ars Technica nor Wired have posted anything on the FCC’s proposed rule, and even boingboing is conspicuously silent on the issue. You may submit a comment until September 8th here.

FCC Introduces Rules Banning WiFi Router Firmware Modification

For years we have been graced by cheap consumer electronics that are able to be upgraded through unofficial means. Your Nintendo DS is able to run unsigned code, your old XBox was a capable server for its time, your Android smartphone can be made better with CyanogenMod, and your wireless router could be expanded far beyond what it was originally designed to do thanks to the efforts of open source firmware creators. Now, this may change. In a proposed rule from the US Federal Communications Commission, devices with radios may be required to prevent modifications to firmware.

The proposed rule only affects devices operating in the U-NII bands; the portion of the spectrum used for 5GHz WiFi, and the proposed rule only affects the radios inside these devices. Like all government regulations, the law of unintended consequences rears its ugly head, and the proposed rules effectively ban Open Source router firmware.

The rules require all relevant devices to implement software security to ensure the radios of devices operating in this band cannot be modified. Because of the economics of cheap routers, nearly every router is designed around a System on Chip – a CPU and radio in a single package. Banning the modification of one inevitably bans the modification of the other, and eliminates the possibility of installing proven Open Source firmware on any device.

Modifying DD-WRT’s protected GUI


[Craig] is always keeping busy by deconstructing and poking around in various firmware images. This time around he has taken on the task of modifying the DD-WRT package, a popular replacement firmware for SOHO routers.

While the firmware is released under the GPL, [Craig] cites that it’s pretty difficult to build from source. Instead, he says that the typical course of action is to extract files from the firmware image, alter them, then reconstruct the image. This works for most things, but the DD-WRT GUI files are protected in order to prevent modification.

Since the phrase “you are not allowed to do that” doesn’t exist in his vocabulary, [Craig] set out to see if he could make his way around the protections and change the GUI code. It took quite a bit of digging around using IDA Pro and readelf, but he was eventually able to extract, tweak, then reinsert individual pages back into the firmware image.

The process is pretty time consuming, so he put together a tool called webdecomp that automates the extraction and rebuilding of DD-WRT’s web page file. If you’re interested in rocking a custom Hackaday-branded router interface like the one shown above, be sure to swing by his site and grab a copy of webdecomp.

Reverse engineering VxWorks (which replaces Linux on newer routers)

The Linksys router seen about is a WRT54G version 1. It famously runs Linux and was the source of much hacking back in the heyday, leading to popular alternative firmware packages such as DD-WRT and Tomato. But the company went away from a Linux-based firmware starting with version 8 of the hardware. Now they are using a proprietary Real Time Operating System called VxWorks.

[Craig] recently put together a reverse engineering guide for WRT54Gv8 and newer routers. His approach is purely firmware based since he doesn’t actually own a router that runs VxWorks. A bit of poking around in the hex dump lets him identify different parts of the files, leading to an ELF header that really starts to unlock the secrets within. From there he carries out a rather lengthy process of accurately disassembling the code into something that makes sense. The tool of choice used for this is IDA Pro diassembler and debugger. We weren’t previously familiar with it, but having seen what it can do we’re quite impressed.

[Image via Wikimedia Commons]

Solar powered WiFi repeater

For all those times you need to broadcast your own access point where there’s no outlet [Larry] shows us how to make a solar-powered hotspot. He started by slapping a solar panel on the lid of a cigar box and attaching it to five rechargeable AA batteries inside. These power the mainboard from a router which is the perfect size to friction fit in the opening. It has been flashed with a copy of DD-WRT, and set to scan for open WiFi connections. When it finds one it connects and rebroadcasts its own WiFi signal to the surrounding area. He leaves it in the back window of his car and uses it to get on the net during lunch.

WiFi AP gets antenna augmentation

Feeling bad that his access point was being made fun of by models with beefier external antennas, [Customer Service] decided to do something about it. After cracking open the Asus wl-330ge he found it would be quite easy to add a connector. This access point has two internal antennas that are quite small and use a spring connection to the signal and ground pads on the PCB. Those pads are fairly large and separated, making it easy to solder the connections. Scavenging an antenna connector from an older device, [Customer Service] soldered it in place and drilled a mounting hole in the plastic case. After flashing DD-WRT firmware he’s now got everything he wants from the little guy.

Power cycling a problematic modem

[Gigawatts] struggled against a shoddy Internet connection for quite some time. Changing modems, having the line serviced, and spending far too much time on the phone didn’t do any good. In fact, the only thing that fixed the problem was power cycling the modem once it stopped responding. His solution was to automate the power cycling process. He added a cron task to his router which is running DD-WRT, a favorite firmware alternative for hacked routers. The script monitored the WAN connection and when it went down it would toggle one of the serial port pins. He whipped up an outlet box with a relay in it and used that serial pin to cut the power going to the modem. A workaround yes, but it was the only thing that brought an end to his frustration.