Embed Size (px)
Citation preview
This ‘LCARS’ like slide theme was just a choice on Google docs.
It’s not a statement on Star Trek vs Star Wars.
If pressed, my thoughts on Star Trek vs Star Wars are as follows...
Dislcaimer
An introduction to OpenWRT
Installing Perl
Smoking CPAN
You all go home and brick your routers
Overview
Linux distroAimed at IP routers and Access Points
Originated from Linksys’s infamous WRT54G
Started 2004Kernel is kept parallel to mainline
Lot’s goes upstream, wifi related especially, but no sense in mainlining code for quirks in just one modem model
Release names are alcoholic beverages
OpenWRT in a nutshell
Userland is ash, uClibc and BusyBox with lots of Lua scripts
opkg package suite
Unified Config. Interface (UCI)Configures everything in one place - /etc/configUse vim, and/or CLI and GUI toolsEasy to backup/migrate all your config!
OpenWRT in a nutshell (cont.)
Similar Projects/ProductsDD-WRTSome devices require a licensehttp://www.dd-wrt.com
Tomato FirmwareBased on HyperWRThttp://advancedtomato.com
LibreCMCOpenWRT minus binary blobshttp://librecmc.org
Quick Start
Buy a compatible router
Find & download the correct image file
Then install it...
Flash the firmware via “upgrade”
Log in for the first timeThe router/AP hands out IP’s via DHCP by default
Watch out for that!
Telnet (yes, telnet) to 192.168.1.1 to log in as root
Set root’s password with ‘passwd’ and telnet will be automatically and forever disabled
Log back in as root via ssh
Now you can do stuff!
See also http://wiki.openwrt.org/toh/start
That’s it!
Ok, let’s dive in deeper...
SoC - System on a Chip. The CPU + whatever is on the same die
PCB - Printed Circuit Board
TTL - Transistor-Transistor Logic. Serial done differently is all you need to know
Pin Headers (header) - Pins you can attach too on the PCB. Sometimes you have to solder them on.
JTAG - Colloquialism for the TTL headers on the modems PCB
Important Terms
From: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=431294
Router Structure 101
Like Router, but without the Switch bit
Access Point Structure 101
From: https://wiki.openwrt.org/doc/techref/internal.layout
Router Structure 202
On embedded devices a “bootloader” initializes the hardware then loads the kernel. Bootloader->Kernel
Contrast to the PC with BIOS->Grub->KernelDas U-Boot (GPL) is the most common IMOIt has lots of nice features, especially for recoveryVendors tend to mess with the bootloader
Arbitrary kernel size limitsMagic values need to be present in the kernelRequire some exotic firmware formatDon’t support ELF
See also http://wiki.openwrt.org/doc/techref/bootloader
The Bootloader
Most modems and routers are the MIPS architecture, as opposed to x86 or AMD64
“Microprocessor without Interlocked Pipeline Stages”Good performance/cost/power ratiosRISC, simple instructions, frequently studied in
Universities (I had to write a mips VM)Manufacturers make various changes for whatever
reason, which results in lots of “sub” architecturesOpenWRT also supports ARM, PowerPC and x86’s
See https://dev.openwrt.org/wiki/platforms
Let’s learn about Architectures
Let’s learn about flashRouters have flash rather than HDD, which serves the same purposeWhen flash directly attached to the SoC, OpenWRT calls it “raw flash”When there is a chip between the SoC and the flash (like an SSD or
USB), OpenWRT calls this a “Flash Translation Layer”Older routers usually have NOR flashNewer routers have NAND flashNAND can tolerate errors, though Linux still can’tLinux and hence OpenWRT, utilize raw flash via the “Memory Technology
Device” layer and a special purpose FSMore flash is always good, you can install more stuff!
You will likely want to use one of OpenWRT two main flash formats, SquashFS or JFFS2
See also http://wiki.openwrt.org/doc/techref/flash.layoutSee also http://wiki.openwrt.org/doc/techref/filesystems
SquashFS is a read-only LZMA compressed file system.
In this image type, OpenWRT stores the system in SquashFS partition, then uses a JFFS2 partition to
overlay changes
JFFS2 is r/w and also LZMA compressed, but SquashFS is 20-30% smaller.
Includes wear leveling and Journalling. This OpenWRT image type just has one partition
SquashFS vs JFFS2
+less space+failsafe recovery- read only- uses more space
over time
SquashFS JFFS2
+r/w, journaling and wear leveling
+compression saves space
- … but actual space usage difficult to estimate before writing files
- no failsafe recovery
SquashFS is a good choice for beginners as you can “factory reset”.
So let’s just plan to download a SquashFS image once you’ve picked out a router as your first victim.
Which we will do now...
So… SquashFS or JFFS2?
Firstly:Throw away all your preconceptions about “good” and “bad” router brands.They are all just a SoC + RAM + Flash on a PCB mounted inside a plastic case.Who cares how woeful the vendor firmware is, it won’t be on there for long!Don’t spend extra $ on the same SoC
Picking a Router / AP device
A compatible Router or APLinksys WRT54G is too old now. Avoid it.
Netgear & TP-Link are readily available in Australia.
Check compatibility BEFORE you buy! There’s no consistency with compatibility at all. Even between model revisions! Netgear WNR3500Lv1 is a good choice. Alas
you’ll need to order online or via eBay.
If listed as supported on OpenWRT wiki, it’s supported
If listed as absolutely no chance (i.e. due to SoC or low flash), it’s not supported
Anything in between it may be supported via nightlies
Search their forums, their change log and commit history
Don’t be offput by nightliesCheck BEFORE you buy
A compatible Router or AP (cont.)
OpenWRT ships nightly builds and “stable” releasesNightlies will support the latest and greatestMajor stable releases seem to be roughly annual, with
minor updates in betweenStable release version numbers are the year and month
of issue. (An additional third number indicates a service or interim release from that branch)
LUCI web interface isn’t included in nightlies (not a huge loss)
I’ve had as much success with nightly builds as with stable, so no need to be sheepish
Naturally, YMMV
Nightlies, what?
Netgear WNR3500L v1
Ubiquiti UniFi AP’s
TP-Link TL-WR703N, TL-WDR3500/3600
See also:wiki.openwrt.org/toh/buyerguide
Suggested Devices
Yes, OpenWRT runs on Raspberry Pi!
A, B, B+, B2 all supported
WiFi + 2nd NIC via USB
(Miserable performance IMO)
See also http://wiki.openwrt.org/toh/raspberry_pi
What about Raspberry Pi?
Older modems might not be able to sustain ‘modern’ (NBN, Cable, FTTN) speeds LAN to WAN, irrespective of the port connection speed
The original Linksys WRT54G could only manage 30mbps LAN2WAN
I also recommend making any serious use of the built in switch, they usually suck.
Note!
99.9% OpenWRT has no ADSL support
Traverse Technologies has a Geode (x86!) based dual ADSL modem with fully FOSS ADSL. A little pricy but only just outside impulse buy IMO.
www.traverse.com.au
ADSL?
Netgear released a GPL driver in their code drop for their VEVG2500 device. It uses the Lantiq VR9 SoC and was only released in France?
Good news! the TP-W8970 & TP-W8980 use the same SoC
Supports both VDSL and ADSL2+ !
ADSL? (cont.)
You’re mostly out of luck, cable modems tend to run eCos and have fun getting source
Get a cable modem with bridge mode, connect to it an IP router with OpenWRT
Optus (and Telstra?) currently only ship NATing modems, so you’ll have to head to eBay.
Far be it for me to EVER recommend Cisco Products. But for Optus I do recommend the Cisco DPQ3212 if you can find it. It’s DOCSIS 3.0 for 100mbps+.
Cable? (DOCSIS)
Buy a set of Torx Screwdrivers from Jaycar or online
Alas you can’t really just buy 1
You’ll need these to open up your modem when...
Torx Screwdrivers
...you inevitable brick your modem. Not a big deal
Modems usually have a 3.3v TTL console header inside
Purchase a USB Serial to TTL off of eBay for a few dollars
Buy the cheapest you can findLinux supports w/ in kernel driver,
Windows not so muchI recommend moulded with floating
pin sockets as pictured
Also available are pure PCB, or actual RS232 to TTL converters
USB Serial to TTL
More on installation...
Use web interface for “upgrade”
The Ubiquiti UniFi AP’s can be upgraded via scp+ssh, as can many other devices
Some devices require a special intermediate image which is either signed or somehow breaks out of vendor lock in
Refer to the OpenWRT Wiki page for your modem!
… or via CLI
Other modems you will need to attach your TTL cable and get into the bootloader
Yet other modems will allow you to hold the reset button and put them into a “brain load” mode
From either of the above, you can then feed in an OpenWRT image via tftp. Good times.
...or via serial and/or tftp
Bricking isn’t a big deal (I 99% promise)If you brick your router due to config, with
SquashFS you can just “factory reset” back to vanilla OpenWRT
Reminder: back up /etc/configIf you brick during upgrade:
“Failsafe” reload is a common function of U-Boot devices. Hold down reset, power on, then tftp upload firmware
Otherwise you will need to use your TTL cable...
Rescuing your bricked router
Sometimes needed to loadOften needed to de-brickCarelessness can release the magic black smoke inside
the chips. No magic = no modem. be careful
Unlike in movies, the colors of the TTL wires are basically random
If you have 4 wires, attach to USB and use a volt-meter to determine which one is +5V
Mark it clearlyPlugging it to your device will almost certainly release the
genie. So don’t plug it to your device.
Connecting your TTL Cable
If you’re lucky the pins are labeled or documented on online (i.e. OpenWRT wiki)
Some online reference may tell you the BAUD rate. Set that in your terminal software. Else start with 19200 or 38400
I like cu and gtkterm. minicom not so much. putty has great serial support too
Turn on your modem, and try the different wires on each pin until you get something meaningful on your screen
Mark that pin as “out” on the pcb and “rx” on the wire
Repeat for “in” / “tx” - mash keys and look for screen changes
The remaining wire & pin is ground. Mark that too
I suggest you take a photo for good measure ---->
Optionally, make it a permanent fixture by drilling a small hole in the case and feeding the cable through, then tying a small knot in the cable on the inside to secure it. Maybe use a glue gun too
Connecting your TTL Cable (cont.)
Doing stuff via TTL
When you boot the device, you will see it POST and boot. If it’s bricked you will see some of that
For Atheros, BIOS is usually ‘Das U-Boot’You can set an IP (or DHCP) then pull a tftp
file to boot. Something like:
setenv ipaddr 192.168.0.1setenv serverip 192.168.0.10setenv bootargs 'board=WNDR3700'tftpboot 80800000 openwrt-fixed.outbootm
Now What? On to Perl
Micro Perl Smoker, B.O.M.
TP-Link TL-WR703N (not the 702!!)A USB thumb driveA Linux machineToo much spare time
Just get it from eBay
Generally it will come from Asia with a transformer unsuited to our Australian wall sockets… but it’s just micro-USB (like on most Android phones)
Acquire TL703N
Get the “Chaos Calmer” stable release from: http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/
You’ll want the 703n...factory.bin fileRevisions prior to 1.7, just use the GUI to
flash1.7 is a pain
Flash TL703N
Copy and paste non-english menus to Google translate. Or guess from the URL.
Flash TL703N (cont.)
For version 1.7, follow the steps on https://wiki.openwrt.org/toh/tp-link/tl-wr703n
Basically, you will split the openwrt image into two pieces using ‘dd’. Set up a tftp server. Then exploit a bug in the web interface to download and overwrite the vendor firmware… using curl.
It’s actually not too bad!
Flash TL703N (cont.)
Plug your Linux PC via Ethernet to the TL703N
Get an IP via DHCPTelnet to 192.168.1.1Use ‘passwd’ to set a password (telnet is
now disabled and ssh enabled)Logout, then ssh [email protected], configure WiFi as a clientSee also https://wiki.openwrt.org/doc/howto/firstlogin
Follow first install steps
Insert drive to your linux PCfdisk /dev/sdXset to type 83mkfs.ext4 /dev/sdX1remove thumbdrive
Format your thumb drive
The TL703N doesn’t have enough space, so we pack a custom image without PPP and plus usb+ext4
Pack not compile - OpenWRT provides nice tools for this purpose
Image Generate (was Image Builder)Learn more
https://wiki.openwrt.org/doc/howto/obtain.firmware.generate
Pack a custom OpenWRT image
cd ~; mkdir openwrt; cd openwrtwget https://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/OpenWrt-ImageBuilder-15.05-ar71xx-generic.Linux-x86_64.tar.bz2tar -xvjf OpenWrt-ImageBuilder-15.05-ar71xx-generic.Linux-x86_64.tar.bz2make image PROFILE=TLWR703 PACKAGES="blkid block-mount kmod-fs-ext4 kmod-usb2 kmod-usb-uhci kmod-usb-ohci kmod-usb-storage -ppp -kmod-ppp -ppp-mod-pppoe -kmod-pppoe -kmod-pppox"cd bin/71xxscp *sysupgrade.bin [email protected]:/tmp/ssh [email protected] /tmpsysupgrade *bin
… thats it!
Packing Steps
There still isn’t enough space. So we set the root to the external drive (ExtRoot). First plug in the USB drive, then:ssh [email protected] /dev/sda1 /mnt ; tar -C /overlay -cvf - . | tar -C /mnt -xf - ; umount /mntecho -e "config 'global'\n\toption anon_swap '0'\n\toption anon_mount '1'\n\toption auto_swap '1'\n\toption auto_mount '1'\n\toption delay_root '5'\n\toption check_fs '0'\n\nconfig 'mount'\n\toption target '/'\n\toption enabled '1'\n\toption device '/dev/sda1'\n" > /etc/config/fstab# read more at https://wiki.openwrt.org/doc/uci/fstab
reboot# if something seems fishy, it’s safe to start up the TL703N without the usb, and it will fallback to the onboard flash
Make system ExtRoot
root@MiniOpenWrt:~# df -hFilesystem Size Used Available Use% Mounted onrootfs 3.6G 7.7M 3.4G 0% //dev/root 2.3M 2.3M 0 100% /romtmpfs 14.0M 68.0K 14.0M 0% /tmp/dev/sda1 3.6G 7.7M 3.4G 0% /overlayoverlayfs:/overlay 3.6G 7.7M 3.4G 0% /tmpfs 512.0K 0 512.0K 0% /dev/dev/mtdblock3 640.0K 244.0K 396.0K 38% /mnt/mtdblock3
Hooray we have more space!
Trivia:OpenWRT breaks core perl up into very small pieces… infact, ridiculously so.
However, this means you can be very frugal with the tiny space you have available.
# Note the double >>echo -e "src/gz chaos_calmer_base http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/base\nsrc/gz chaos_calmer_packages http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages\nsrc/gz chaos_calmer_routing http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/routing\nsrc/gz chaos_calmer_management http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/management\n" >> /etc/opkg.conf
opkg updateopkg install perl perlbase-cpan perlbase-unicore perlbase-dynaloader perlbase-term perlbase-perlio perlbase-if perlbase-universal perlbase-getopt# optionally...opkg install screen wget
# things are looking good!
Install a Perl
perl -MCPAN -e shell> install CPAN::Reporter
##### OH GNOES KILLED!!!!! #####
dmesg | tail -5# [160707.320000] Out of memory: Kill process 3501 (perl) score 529 or sacrifice child# [160707.330000] Killed process 3501 (perl) total-vm:19836kB, anon-rss:15568kB, file-rss:80kB
Not surprising really...> egrep 'Swap|^Mem' /proc/meminfoMemTotal: 28740 kBMemFree: 13472 kBMemAvailable: 15580 kBSwapCached: 0 kBSwapTotal: 0 kBSwapFree: 0 kB
Install a CPAN Smoker...
# its like windows all over againdd if=/dev/zero of=/swapfile bs=1M count=1024# because hax00rschmod 600 /swapfilemkswap /swapfile# that url again https://wiki.openwrt.org/doc/uci/fstabecho -e “\nconfig ‘swap’\noption device ‘/swapfile’\n”swapon /swapfile
# win! - note: swap on a USB thumb drive will thrash it> grep Swap /proc/meminfoSwapCached: 0 kBSwapTotal: 524284 kBSwapFree: 524284 kB
Quick, add a swap file
perl -MCPAN -e shell> install CPAN::Reporter
# wait a long long time
##### OH GNOES KILLED!!!!! #####
dmesg | tail -5# [160707.320000] Out of memory: Kill process 3501 (perl) score 529 or sacrifice child# [160707.330000] Killed process 3501 (perl) total-vm:19836kB, anon-rss:15568kB, file-rss:80kB
And now the dramatic, unexpected twist!
Try CPAN again
I haven’t solved why OOM keeps killing it!
I suspect:/tmp (tmpfs) is chewing up “RAM”Whilst perl is also chewing up “RAM”
I will need a bigger USB stick or several USB
sticks on a USB hub to experiment further.
Questions?
http://www.linux-magazine.com/Online/Features/The-One-Watt-Server
http://www.openwrt.org
Others?
Useful links
