JAILBREAKING THE SOHO ROUTER - Keycruncher.com

equableunalaskaΑσφάλεια

9 Δεκ 2013 (πριν από 3 χρόνια και 8 μήνες)

115 εμφανίσεις

JAILBREAKING SOHO
ROUTERS

Dennis Little @ CPLUG | 2010 Aug 10

Thank you!


Jim Capp @ Anteil
-

Asus router loan for demos

http://www.Anteil.com



Open source programming?& integration



Asterisk digital voice solutions



Customer Relationship Management software



Thank you!


tapestry technologies, LLC


food sponsor

http://TapestryTech.com



Expertise:


DoD STIG (Security Technical Implementation Guide)



Security Training



Technology Management Partner


full
-
service technology
acquisition, integration and management services



Terms


Firmware


“a term often used to denote the fixed,
usually rather small, programs and/or data
structures that internally control various electronic
devices”


Wikipedia.org



TFTP


trivial file transfer protocol; used to load
firmware to a lot of routers/devices with little RAM



JTAG


troubleshooting port useful for fixing
“bricked” (ie: corrupted) devices, converter required


Alternative firmware


WHY?


Extend functionality beyond stock firmware



OpenVPN


server and client endpoint



Advanced QoS


service, MAC and port
-
based



VLAN



SSH server


Alternative Firmware


WHY?


Advanced wireless functionality


AP, client
bridge, repeater, WDS



SIP proxy



More advanced port
-
forwarding and triggering
(origination lock
-
out)



Network traffic graphing


Alternative Firmware


WHY?


Dynamic DNS


sane updates




Hotspot portal / captive portal



Transmit power control / boost (don’t burn out!)



Site survey & Rx/Tx antenna selection




Compatible Hardware


Demo of 3 different models in this talk



Wireless
-
G router: WRT54G (v1.1)


WRT54GL is a
known good candidate, regardless of version



Wireless
-
G access point: EOC
-
1650


requires
activation of DD
-
WRT (~$30 US)



Wireless
-
N router: Asus RT
-
N16

WRT54G / WRT54GL


~$60 shipped, hard to find in brick and mortar


1 WAN, 4 LAN


Not all versions of WRT54G are compatible!


WRT54GL v1.0 / 1.1 compatible


BCM5352


200 MHz


RAM: 16MB


FLASH: 4MB


100 mW max (?)




Senao / Engenius EOC
-
1650


~$50 shipped, hard to find brick and mortar


Wireless AP with internal 7dBi panel and 5 dBi
external SMA omni antenna (selectable), 300’ PoE
injector included, 200 mW max radio


Requires purchase of DD
-
WRT Professional


Atheros AR2315


180 Mhz


RAM: 32MB


Flash: 8MB






Asus RT
-
N16


~$95 shipped


Wireless N router


1 WAN, 4 LAN, 2 USB


BCM4718A


500 MHz


RAM: 128 MB


Flash: 32 MB


Alternative Firmware


We will cover:


Tomato


http://www.PolarCloud.com/tomato



OpenWRT


http://www.OpenWRT.org



DD
-
WRT


http://www.dd
-
wrt.com

Alternative Firmware


Also available…



FreeWRT http://www.FreeWRT.org

“meant to be an appliance development kit (ADK)
especially designed for embedded system developers
and advanced users.”


Tomato


PolarCloud.com


Simple replacement for Linksys, Buffalo, BCMxxx



Extends Linksys WRT54GL GPL firmware



License ?


author’s permission?



Simpler of the 3 with some powerful features



Linksys WRT54G v1
-
4, GS v1.
-
4, GL, Buffalo
G54/G54s, Asus WL500G



OpenWRT


OpenWRT.org


GPL license



Latest version: Backfire (v10.03)



Very large HCL (hardware compatibility list)



Perhaps a bit more complicated, as many functions
as command
-
line only



DD
-
WRT


DD
-
WRT.com


Nice HCL database search and compatibility



Lots of functionality, 99% GUI
-
driven



Controversial
-

“GPL”; does not follow GPL 100%,
accusations of stolen code, encrypted GUI code



Commercial version available


HCL


Am I compatible?


Tomato

?http://www.polarcloud.com/tomatofaq



OpenWRT

?http://wiki.openwrt.org/toh/start



DD
-
WRT?

http://www.dd
-
wrt.com/site/support/router
-
database

Demo Time!





GUI of Tomato, OpenWRT and DD
-
WRT