router mod project: 2019

Thursday, August 15, 2019

Updating Boot loader of your Router:: more robust boot loader!!

For Atheros or QCA/Atheros based routers the Boot loader is uboot. For Broadcom(cpu) based routers boot loader is CFE!!

Please note most people do not need to update their boot loader, as it got no functional purpose for them. But professional router technician or Network Professionals it's a must. What can be achieved with updated and more robust boot loaders,

1. Can update or change MAC or Hardware address of the router in hand.
2. You got httpd server embedded in them to flash openwrt or dd-wrt or update firmware with a more convenient web interface.
3. In some routers(older) if flash chip changed to 8 or 16 MB the older u-boot do not identify the new size of the chip, which is not intended result!!
4. If flash chip changed to 8 or 16 MB chip then need to re-flash ART partition to the end of the newly installed flash chip with web interface, which is more convenient.
5. Overclock the router cpu to extract more power from the router!!
6. Some users report some routers u-boot got backdoors!!, though I cannot confirm it!!

Flashing u-Boot could potentially brick your router. please have serial console, or JTAG set up before hand to recover from any mistake or bad flash. Also an external flash programmer may also be necessary.

But before proceeding further, you must know the SoC or CPU of your router. As one must install boot loader specifically build for that SoC. Here I'm interested in low cost qca953x based routers, which are Tp-link tl840v2 or v3, tl841v8/v9/v10/v11 or v12, tl850n/re etc Routers. But if you know the processor or cpu then you can do similar things to other routers with other or more powerful SoC's. Also There are potetially 100's of cheap routers that use qca9531(with usb)/9533 processors that can use this mod!!

To Flash u-boot you need a working tftp server in your computer. Connection must be made with your router from the computer directly with a UTP cable. First try connect with the WAN port of your router if not then try any of the LAN port starting from the LAN1 port.

If you need help setup tftp server and how to go about connecting your router with your computer/pc, please follow the page containing "Flashing router with serial port...." here,

Flashing Router via Serial Port:: This is the Preferred way to flash Firmware of any router

In fact Flashing u-boot of a router with serial port/console is the same or similar.

First connect the Serial to USB converter such as cp2102 from your pc to the routers serial port and turn the router on. Then in the console window, check the environment variables containing the memory location of your "memory load address", with the command "printenv" and find something like below sent to your screen/monitor,

u-boot> printenv
bootargs=console=ttyS0,115200 root=31:02 rootfstype=squashfs init=/sbin/init mt)
bootcmd=bootm 0x9F020000
bootdelay=1
baudrate=115200
autoload=no
loadaddr=0x80800000
uboot_name=u-boot.bin
uboot_addr=0x9F000000
ethaddr=FC:05:6B:C2:34:CE
ethact=eth0
bootfile=firmware.bin
serverip=192.168.100.100
netmask=255.255.255.0
ipaddr=192.168.100.10

In above we have set our serverip i.e. our computer's ip and ipaddr of the router with following command,

set serverip 192.168.100.100
set ipaddr 192.168.100.10

Note, in our computer we have set it's ip address to 192.168.100.100 with netmask 255.255.255.0 and gateway as 192.168.100.10, Above all process described in here : Flashing router with serial port

Now about u-boot, It resides in the First 0x20000 (128KB) of your flash memory chip. So make sure your intended u-boot binary image is 128kb or less in size. If your u-boot size is 0x1ec00(123 KB), you must copy nearest multiple of 64KB in size, for us it's 2x64=128KB!!(0x20000)

Now, copy a compatible image/bin u-boot file to your tftp server directory,
If you are flashing a tl840/841 qca9533(cpu) based router it should be something like this,
u-boot_mod__tp-link_tl-wr841n_v9__20181017__git_master-7a540a78.bin (For qca9533-al3a)
u-boot_mod__tp-link_tl-wr841n_v10__20180223__git_master-7a540a78.bin(For qca9533-bl3a)
u-boot_mod__tp-link_tl-wr841n_v11__20180223__git_master-7a540a78.bin( same above)

rename above file to something small like u-boot-new.bin and copy to tftp server directory.

Now ping your server i.e. your computer from existing u-boot with ping 192.168.100.100, if says server exists or ping successful then use the following commands,

1. copy tftp image from your tftp server of computer 192.168.100.100 to your routers ram with the following command,

ap123> tftpboot 0x80800000 uboot-new.bin
eth1 link down
Using eth0 device
TFTP from server 192.168.100.100; our IP address is 192.168.100.10
Filename 'uboot-new.bin'.
Load address: 0x80800000
Loading: #########################
done
Bytes transferred = 125952 (1ec00 hex)

ap123>

2. Now erase the first 0x20000 KiB of flash space. U-boot address is given in the 'printenv' command, so we erase,

ap123> erase 0x9F000000 +0x20000

First 0x0 last 0x1 sector size 0x10000
Erased 2 sectors

ap123>

3. Now your router do not have a bootloader, do not POWER DOWN the device/router. Copy the flash image with following command to flash chip,

ap123> cp.b 0x80800000 0x9F000000 0x20000

Copy to Flash... write addr: 9f000000
done

If everything looks ok, then do,

4. ap123> reset

This will reset the board and boot new bootloader!!

If you are upgrading a 2 mb or 4 mb flash chip to 8MB or 16MB flash chip. The process is simple.
1. First flash/install openwrt in the old chip, with original u-boot.
2. Backup u-boot and ART with openwrt with mtd or dd command see "Flashing with serial port page".
3. Flash u-boot to new Flash chip with an external programmer, can be done with ch341a or tl866ii programmer or others i.e. a respberry pie!!
4. Solder new chip to router and boot up to new u-boot.
5. Flash openwrt or your chosen os/firmware.
6. Flash ART from web interface of the pepe2k u-boot or use serial console just like flashing u-boot or openwrt or ddwrt etc.

We shall try posting CFE upload at a later date.

Friday, August 9, 2019

Bad Wan port : Do not throw away the router!! :: Solve Problem by using other ports as WAN

After using routers constantly, I had many friends throw their routers away as They got only one WAN port and that went bad. So no way to connect to ISP media converter or switch or router for internet connectivity!!

For any router WAN port is just like any other ports on the back of their router. Though the wan port is wired differently(internally) but it is really like any other lan ports on the back of the router. In reality anyone can use any of the LAN ports as wan and still use the router as if nothing has happened!!

To use the router we must install Openwrt as the vendor provided router software is configured to use only the WAN port as wan and Router vendor like TP-Link lock their CLI access with passcodes so that users cannot fiddle with their default settings. If can access router CLI(Command line Interface) with a serial port i.e. serial interface access can be had then routers default software can also be USED, but not possible, as they will not tell u their passcode!! So we need to install OPENWRT and do it that way, even with their GUI i.e. LUCI web interface.

After Installing Openwrt with Luci anyone can use anyone of the LAN ports as wan. Here I'm using one friends Tp-link 840n v2 router as example, as this router got A Bad Wan port. Also the First lan port is BAD too ( in the SoC!! -Hardware). So We must use the Three Lan ports only!! Below image shows the Bad wan and 1st. lan port(port adjacent to wan port). We Now set the 2nd lan port as wan and rest are lan ports.

Now Logon to LUCI Web Interface(Starts with 192.168.1.1, First boot!!) of Openwrt and we go to switch settings from Network->Switch menu and setup one extra vlan for the WAN port only as shown below,

Here in above image, Our Newly created VLAN 2 got CPU-tagged, LAN1-off(Bad), LAN2-Untagged(using here in vlan2) and rest off i.e. LAN3-off, LAN4-off, LAN3 & LAN4 are not used in VLAN2

Changed VLAN1 as shown too, CPU-tagged, LAN1-off(Bad), LAN2-off(not using in vlan1), LAN3-untagged, LAN4-untagged, So LAN3 AND LAN4 are used in VLAN1 switch.

Now we go to Netwok-> Interfaces menu and add a 'WAN2' interface tagging wan6 along with this wan2(eth0.2) instead of existing wan port(eth1). Now we also disable wan(eth1) port which is bad!!

In above image we only Change WAN2 interface to tag eth0.2 interface which is VLAN2 that we created earlier, so eth0.1 is the br-lan and eth0.2 now our new WAN PORT.

Now connect your ISP cable modem or fiber media converter or lan switch and configure as per your ISP, mine here connected to upstream with a fixed ip/static ip address.

Please also make sure ipv6 interface now attached with eth0.2 instead of eth1 by default as shown below,

Also make sure firewall adds this new wan to its wan list(it should automatically), check firewall settings in WAN6.

So, Now Network->Interfaces should look like below,

LAN--->br-lan, WAN--->eth1(Stopped), WAN2--->eth0.2(Our new wan), WAN6--->eth0.2(was eth1)

For Wan6 one might need to set "Client ID to send when requesting DHCP" and/or "Override MAC Address" to the MAC Address of your router i.e. The MAC/Hardware address shown in LAN or WAN and in the Back sticker of your router. See Menu Network->Interfaces->Wan6(or edit wan6)->Advanced Settings. You only do this if your wan/wan6 do not work/connect.

Alternatively if you got CLI access i.e. serial or SSH or telnet, you can directly change the /etc/config/network file and be done with it!!

Warning: If you change or delete this vlan0.2 without proper precaution, you will not be able to access this router as it is getting wan and lan from the same set of ports that the cpu considers same/similar LAN ports. If you change auto configured wan6 to disabled wan port instead of wan2 that we created, then you won't hv any problem connecting your pc/computer to anyone of the good lan ports!!

Note: for a copy of tplink firmware or openwrt for tplink basic routers, please see my previous post.

For Routers Using ecos firmware i.e. tenda with broadcom chip or Tomato for broadcom or for DDWRT you can change the vlan settings from the cli(command line interface) of the router. First need to login to router via putty(Windows) use protocol telnet or ssh, for linux you can use both from the Terminal.
Issue command,
1. nvram show | grep vlan.*ports , will show,
vlan1ports= 0 1 2 3 4 5* (Assuming a 5 port router)
vlan2ports= 4 5 or vlan2ports= 4 5*
Here 5* being CPU Port 0 1 2 3 are LAN Ports and Port 4 is the Wan port.
Now change this to use Lan port 3 as wan,
2. nvram set vlan1ports="0 1 2 5*"
3. nvram set vlan2ports="3 4 5*" or "3 4 5" (depending on router model)
Now make sure everything as u wanted and issue,
4. nvram show | grep vlan.*ports and it should show,
vlan1ports= 0 1 2 5*
vlan2ports= 3 4 5 or 3 4 5* (depending on router model)
Now issue command,
5. nvram commit , returns,
commit...Done or something like that.
now issue
6. reboot, router reboots with new vlan settings, check in gui to make sure if it's what was intended.

Special Note on nvram command : In some routers ecos firmware is stripped down to extreme and grep command not included(tenda f3). In this cases to view the ports one should use command as below,
1. nvram show vlan1ports , output,
CLI> nvram show vlan1ports
vlan1ports=1 2 3 4 5*
2. nvram show vlan2ports
CLI> nvram show vlan2ports
vlan2ports=2 5
or
CLI> nvram show vlan2p
vlan2ports=2 5
or for all ports,
3. nvram show vlan , output is,
CLI> nvram show vlan
vlan2ports=2 5
vlan2hwname=et0
vlan1hwname=et0
vlan1ports=1 2 3 4 5*

Above is given to enable one to understand about how to use nvram commands with some low cost routers!!

Sunday, August 4, 2019

Router Firmware/OS Files for Different Routers