The Linksys router seen about is a WRT54G version 1. It famously runs Linux and was the source of much hacking back in the heyday, leading to popular alternative firmware packages such as DD-WRT and Tomato. But the company went away from a Linux-based firmware starting with version 8 of the hardware. Now they are using a proprietary Real Time Operating System called VxWorks.
[Craig] recently put together a reverse engineering guide for WRT54Gv8 and newer routers. His approach is purely firmware based since he doesn’t actually own a router that runs VxWorks. A bit of poking around in the hex dump lets him identify different parts of the files, leading to an ELF header that really starts to unlock the secrets within. From there he carries out a rather lengthy process of accurately disassembling the code into something that makes sense. The tool of choice used for this is IDA Pro diassembler and debugger. We weren’t previously familiar with it, but having seen what it can do we’re quite impressed.
[Image via Wikimedia Commons]
IDA has been the de facto standard for reverse engineering since decades. Shame on you ;)
Someone familiar with reverse engineering of virtually any code, yet unfamiliar with IDA ? That’s strange ;)
please just buy the GL version it has linux on it and shows the manufactur that we care about what they put on the routers
Agreed. Then again, how much software reverse engineering do we do here? Not much when it comes to coding a ‘duino.
@blub Great idea if your laptop and gear are from the stone age. I use N wireless for high speeds and 1000bt for my network. the 10 year old GL version is so out of date it cant do any of that.
The GL version is great for the poor and the luddites, but for any real speeds at home or the office you need newer hardware, and nothing is available.
@blub
There are much better routers that accept linux firmware. I have a netgear wndr3700, expensive but extremely powerful.
i got one and flashed it just to make my tv stand and any thing that hooks up via Ethernet wireless.
I wish there was a “day pass” license for IDA Pro. I would pay $30 for this privilege, but I can’t really justify $500+ for a tool I might use once or twice a year for personal projects.
Color me ignorant, but Linux in its own right isn’t hard real time, so a router would have to have a RT-kernel underneath to do the timing sensitive bits anyways, or throw enough hardware at it that the Linux kernel would be able to always keep up.
So, isn’t it actually counter-productive to run Linux on top because it just takes more processing power for what 99.99% of the users don’t really care for anyways?
“Color me ignorant”.
Not today, maybe tomorrow. Consider that I don’t have to tell you about your heart beat. I may say something to tell you how horrible a person you are however that would be a reflection of something similar to a DDOS attack. Overclocking to pick up the workload on how to respond with a snazy comeback, try to punch me in the face or run away.
Consider that we talk a common language be it Sanskrit, Ancient Sumerian or Latin. We agree on a set meaning of high level words to communicate ideas.
I imagine breathing in Morse code would be tiresome. In this instance using Linux to call ASM instructions is preferable. Sending Morse of your WPA-2 implementation would force you to realize you are breathing manually.
If you can’t afford IDA there are alternatives. Embedded gear is usually either ARM or MIPS and recstudio can do that for free. Version 4 beta is out and does quite well ,even decompiles.
http://www.backerstreet.com/rec/rec.htm
Is there any good FOSS wifi router sofware that runs on x86 Linux?
A good number of people have personal NAS or even a firewall like smoothwall. Seems to me that instead of using a router like this you could just add a wifi card to your server or firewall and have one less device to worry about. You might even save a little power if you are running the server or firewall anyway.
never use a decompiler to document code..especially the ones in IDA..
it’s more productive to trace and comment code, xrefs also help.
x86 bios reversing is done the same deflate->?decrypt->trace&document. ARM is actually easier than x86 when it comes to bios/real-mode.
Remember the Hacker Ethic. It’s doesn’t always need to be better to be a proof of concept. It’s just a different way of doing things. Sometimes it works better, sometimes not. The important thing is.. There IS a different way to do things.
Take the Narrow road. It may not be as fast, but the views are better and at the end is a much nicer place.
dd-wrt has a package that runs on x86 linux and works fantastic
http://www.dd-wrt.com/wiki/index.php/X86
lwatcdr: there is astaro which is good but needs 1gb of ram to run smooth, it has stuff like bgp and thrunking built in so its is likely to be overpowered. On the other hand a debian box with shorewall runs smoothly with 256m or less. it it harder but more fun! :D
cgimark: Thanks. I just grabbed REC, and while it does MIPS (handy for this project) it doesn’t do ARM. Promising though, next time I have to do work with x86.
Nice – good to see IDA Pro getting coverage. the dogs bollocks as far as debug and reverse engineering ASM goes.
OpenWRT is much better than ddwrt, speciallly on x86. It has tons of packages (very similar to debian), and a nice web interface.
Tomato is the BEST of the BEST!!!
http://www.linksysinfo.org/forums/forumdisplay.php?f=160
Cheers!!!
Awesome!
Hey I have 8 years of VxWorks experience if anyone needs any help with this. I work for a really BIG company that uses VxWorks all the time. Let me know if I can be of any use! -Justin
@fartface Check the list of supported hardware on the OpenWRT site. e.g. Buffalo WZR GN300HP has 4+1GbE ports, N, USB, 32MB flash, 64MB RAM, etc.
NetGear also has a nice router with OpenWRT support.
I have a v 1 running DDRT.
With some good aftermarket antennas and a hacked heatsink/fan I have the power cranked to 80%.
Now if I could only figure out a way to boost the power from my network card(my soup can helps but doesn’t increase my transmitting power)
Being at the “End of the line” for DSL in my area the only way some of my neighbors can get online is through my connection which I leave open for their use.
Any one know of a good hackable wireless cards, or at least one with a good pwr output?
You know that VxWorks is the O/S that runs the Mitel SX200, SX2000 and 3300 PABXs?
A handy command from the rudimentary shell is lkup, e.g.
lkup “fred”
will lookup any command or symbolic link that contains ‘fred’