Flashing the WiFi router from the D-Link dd-wrt firmware from under Linux.
It became the poor admin hang the router from D-Link, model DIR-400.
And the admin began to look for ways to solve the problem.
Googling half an hour came across a firmware from dd-wrt.com.
I looked at its capabilities, was delighted, and began to look for manuals - how can I fill this firmware (because the standard flasher, the guys from D-Link wrote, is not suitable).
Found a manual for uploading firmware via DBG-console. But the trouble is that the manual for Windows users is designed, but there is no Windows at hand, only Linux is righteous ...
Anyway. Understood admin. Details - under the cut.
The products from D-Link have such an interesting feature - when you turn on the piece of iron in the power grid, the bootloader for 2 seconds (the default value) raises the telnet server on port 9000.
If you have time to log in and send the '^ C' piece of iron for 2 seconds, the boot process will stop and we will get access to the engineering console, in which you can do all sorts of interesting things - for example, upload the unofficial linux-based firmware. Let's get started
')
I will make a reservation right away - I pulled the power of the router 20 times, with pauses 10-20 seconds, until I could get the piece of iron to give me the engineering console. In principle, it is safe - just wait until the router is fully loaded, and the power can be pulled out again.
Another nuance is that the linux version of telnet refuses to send '^ C' at all by pressing Ctrl-C at the moment of connection, we had to turn on the mosk - send not one character but two, something like this: press Ctrl and press V first, then C, release Ctrl.
And yet - do not be afraid to be sealed in the engineering console, all teams are validated, the console simply will not allow you to be sealed.
First we need a tftp server.
We put who as best he can (I used yum):
By default, tftp is pulled from xinetd, therefore you need to edit /etc/xinetd.d/tftp a bit: set the disable = no parameter and edit the root directory of the server to taste (default is / tftpboot /, I haven't changed it).
Do not forget to restart xinetd.
Next, go here: dd-wrt.com/dd-wrtv3/dd-wrt/downloads.html
Down there is something like a file manager, go to the /stable/dd-wrt.v24 SP1 / Consumer / Dlink / DIR-400 directory and download the linux.bin and dir400-firmware.bin files to the / tftpboot / directory (well, or what You changed it there in the config).
We pull out all Ethernet cables from the experimental router, disconnect all WiFi clients, plug into one of the LAN ports of the piece of hardware.
We assign a static IP 192.168.0.2 to our machine, a router - 192.168.0.1.
Further actions require concentration.
We type in the console
We pull out the power from the router, wait a couple of seconds, stick in the power, count up to three, press Enter ...
Next comes my telnet session transcript, the fat that I entered in the console is bold, italics are my comments.
Everything, after the reboot, the router will be available on IP 192.168.1.1 via http and telnet (later it will be possible to enable SSH) with full Linux unut :)
A small caveat: you first need to log into the router via http and set the username and password - only then it will be possible to get to the router via telnet.
And the admin began to look for ways to solve the problem.
Googling half an hour came across a firmware from dd-wrt.com.
I looked at its capabilities, was delighted, and began to look for manuals - how can I fill this firmware (because the standard flasher, the guys from D-Link wrote, is not suitable).
Found a manual for uploading firmware via DBG-console. But the trouble is that the manual for Windows users is designed, but there is no Windows at hand, only Linux is righteous ...
Anyway. Understood admin. Details - under the cut.
Dbg-console
The products from D-Link have such an interesting feature - when you turn on the piece of iron in the power grid, the bootloader for 2 seconds (the default value) raises the telnet server on port 9000.
If you have time to log in and send the '^ C' piece of iron for 2 seconds, the boot process will stop and we will get access to the engineering console, in which you can do all sorts of interesting things - for example, upload the unofficial linux-based firmware. Let's get started
')
Training
A bit of theory:
I will make a reservation right away - I pulled the power of the router 20 times, with pauses 10-20 seconds, until I could get the piece of iron to give me the engineering console. In principle, it is safe - just wait until the router is fully loaded, and the power can be pulled out again.
Another nuance is that the linux version of telnet refuses to send '^ C' at all by pressing Ctrl-C at the moment of connection, we had to turn on the mosk - send not one character but two, something like this: press Ctrl and press V first, then C, release Ctrl.
And yet - do not be afraid to be sealed in the engineering console, all teams are validated, the console simply will not allow you to be sealed.
Let's start the practice:
First we need a tftp server.
We put who as best he can (I used yum):
yum -y intall tftp-serverBy default, tftp is pulled from xinetd, therefore you need to edit /etc/xinetd.d/tftp a bit: set the disable = no parameter and edit the root directory of the server to taste (default is / tftpboot /, I haven't changed it).
Do not forget to restart xinetd.
Next, go here: dd-wrt.com/dd-wrtv3/dd-wrt/downloads.html
Down there is something like a file manager, go to the /stable/dd-wrt.v24 SP1 / Consumer / Dlink / DIR-400 directory and download the linux.bin and dir400-firmware.bin files to the / tftpboot / directory (well, or what You changed it there in the config).
We pull out all Ethernet cables from the experimental router, disconnect all WiFi clients, plug into one of the LAN ports of the piece of hardware.
We assign a static IP 192.168.0.2 to our machine, a router - 192.168.0.1.
Getting fun
Further actions require concentration.
We type in the console
telnet 192.168.0.1 9000 (Enter not yet press, just type to save time - remember about 2 seconds?)We pull out the power from the router, wait a couple of seconds, stick in the power, count up to three, press Enter ...
Next comes my telnet session transcript, the fat that I entered in the console is bold, italics are my comments.
[root@localhost ~]# telnet 192.168.0.1 9000
Trying 192.168.0.1... ( Ctrl V C, )
^C
Connected to 192.168.0.1.
Escape character is '^]'.
^C ( Ctrl-VC)
RedBoot> RedBoot> ^C
^C ( )
RedBoot> ( Ctrl-C, ...)
RedBoot>
RedBoot> ip_address -l 192.168.0.1/24 -h 192.168.0.2 ( IP , tftp- 0.2)
IP: 192.168.0.1/255.255.255.0, Gateway: 0.0.0.0
Default server: 192.168.0.2
RedBoot> fis init ( )
About to initialize [format] FLASH image system - continue (y/n)? y ( y - , )
*** Initialize FLASH Image System
And a descriptor for the configuration data size = 10000
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
RedBoot> load -r -b 0x80041000 linux.bin ( - , tftp )
Using default protocol (TFTP)
Raw file loaded 0x80041000-0x803bafff, assumed entry at 0x80041000
RedBoot> fis create linux ( :) )
... Erase from 0xbfc40000-0xbffba000: ........................................................
... Program from 0x80041000-0x803bb000 at 0xbfc40000: ........................................................
prog_ok
flash_addr = 0xbfc40000
mem_addr = 0x80041000
entry_addr = 0x80041000
length = 0x37a000
img_size = 0x37a000
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
RedBoot> fconfig ( , . .)
Run script at boot: true (Enter)
Boot script:
.. fis load -l vmlinux.bin.l7
.. go
Enter script, terminate with empty line
>> fis load -l linux
>> exec
>> (Enter)
Boot script timeout (1000ms resolution): 2 ( - telnet ^C :) , )
Use BOOTP for network configuration: false (Enter)
Gateway IP address: ( Enter , , - )
Local IP address: 192.168.0.1 (Enter)
Local IP address mask: 255.255.255.0 (Enter)
Default server IP address: 192.168.0.100 (Enter)
Console baud rate: 9600 (Enter)
GDB connection port: 9000 (Enter)
Force console for special debug messages: false (Enter)
Network debug at boot time: false (Enter)
Update RedBoot non-volatile configuration - continue (y/n)? y
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
RedBoot> reset ( )Everything, after the reboot, the router will be available on IP 192.168.1.1 via http and telnet (later it will be possible to enable SSH) with full Linux unut :)
A small caveat: you first need to log into the router via http and set the username and password - only then it will be possible to get to the router via telnet.
Source: https://habr.com/ru/post/51085/
All Articles