Saturday, August 11, 2007

WRT54GL and Kamikazi

Yesterday was definitely NOT "my day". I ended up: chasing escaped dogs (not mine), blowing out the porch light, splitting the crotch in a pair of dress pants, stepped in dog poop, and arriving at work to find that the A/C had quit. To top it off, a coworker and I managed to semi-brick a pair of WRT54GLs late yesterday by trying to install OpenWRT Kamikazi on them. (Hey, nobody reads ALL of the docs!) (For those that don't know, Kamikazi doesn't work on the GLs yet.)

In any case, after a number of failed attempts to reflash the APs, we gave up and went home. This morning, reading deep within the docs, I discovered the following method for pushing WhiteRussian RC6 on top of Kamikazi:

  1. Grab openwrt-brcm-2.4-squashfs.trx from the OpenWRT site. It is a generic firmware for just about any Broadcom chip set-based AP.
  2. Assuming that you have a Linux box, put that file in the root directory of your web server. I also changed the name of the file to openwrt.trx (for simplicity.
  3. Boot the AP into failsafe mode (Press either the front or back reset buttons after the DMZ LED lights up. Hold it in until the DMZ light starts flashing.)
  4. Telnet to (your box has to be within the 192.168.1.x IP range). Note: it may do nothing for a moment. This is because the AP is attempting to perform a DNS lookup, for which there is none. Just let it be. The DNS query will time out and the command prompt will show up.
  5. Run the following command: "wget -O - | mtd -e linux -r write - linux" (without the quotes and use the IP for your box). Again, it will stall while the AP attempts to do a DNS lookup. Let it be, it will start moving again. Once the file is fully downloaded, DON'T DO ANYTHING!!. The AP will write the firmware to memory and then reboot itself. It'll be safe to use once the power light stops flashing and the DMZ light goes out.
  6. Point a browser at to be sure it's working. Click on Status (or one of the other options). It should prompt you to enter a new password for root.
  7. Click on the "System" link at the top to take you to the System Settings page. Change boot_wait to "Enabled". Click "Save Changes". Click "Apply Changes". (You may want to SSH or Telnet into the box to verify that the boot_wait is enabled (Use "nvram show|grep boot").
  8. Not to jinx things, but it may be a good idea to re-reflash the firmware with a dedicated version of OpenWRT, using the TFTP method.

After that, it's up to you. Visit the OpenWRT Wiki for ideas.

Thanks to whoever it was that added the trick to the OpenWRT's Installing - OpenWrt page. Jon Dowland, maybe?