What it is

OpenWrt is described as a Linux distribution for embedded devices.

Instead of trying to create a single, static firmware, OpenWrt provides a fully writable file system with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developer, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.

-http://www.openwrt.org/

What it has

Functional Linux system

• Common system tools (BusyBox)
• Multiple Linux kernels
• Package management system
• Writable file system

Functional router out-of-the-box

• NAT (Network Address Translation)
• DHCP
• DNS forwarding
• Web server

Failsafe recovery mode

Discussed later

Development tools

Discussed later

Getting it

Prebuilt firmware image

1. Determine platform, Manufacturer / Model / Version
2. Verify support
   http://oldwiki.openwrt.org/TableOfHardware.html
3. Select release
   • White Russian (stable)
   • Kamikaze (development)
4. New install (from OEM firmware)
   • .bin file (has OEM headers )
5. Upgrade (OpenWrt already installed)
   • .trx file (no headers)
6. Download appropriate file
   http://downloads.openwrt.org/

Build your own

Discussed later

Installing it

From OEM firmware

• Varies (follow manufacturer's instructions)
• Probably a web interface
• Usually requires admin login
• Often requires vendor specific headers (.bin file)

From boot-loader

• Tftp interface
• Boot_Wait usually configurable
• Useful for disaster recovery

From OpenWrt

• Web interface or Command lin
• Upload file (usually scp)
• Flash device (#mtd write linux)
• Reboot

Using it

Initial login

• Telnet (ssh after root password is set)
• 192.168.1.1
• Wifi is disabled
• All incoming traffic blocked on WAN port

Configuration steps

1. Connect to router LAN port
2. Router will assign address through dhcp
3. #telnet 192.168.1.1
4. Set root password
5. Logout
6. #ssh root@192.168.1.1
7. Have Fun!

Understanding it

Flash Layout ("partitions")

1. Boot Loader
2. Read only image
3. Writable area
4. NVRAM area

"BIOS"

• Boot-loader + NVRam

Squashfs ROM

• Mounted at /rom
• LZMA compression
• Write only
• Contains Base system

JFFS2 flash

• Mounted at /jffs
• Also compressed
• read/write
• Contains changes made to root file system

mini_fo overlay

• Mounted at /
• Presents unified root file system
• Changes in flash override rom
• Deleting rom files actually consumes space

Configuring it

NVRAM

• Built in
• Used by OEM firmware, and White Russian
• nvram show, get, set, unset, commit

UCI (Universal Configuration Interface)

• Used by Kamikaze
• Stored in files (/etc/config/*)
• uci show, get , set, del, rename, validate, commit

Configuration files

• /etc/inittab
• /etc/ipkg.conf
• /etc/dnsmasq.conf
• /etc/firewall.user

Fixing it

Lan connection

• Often still usable when wifi or wan is broken
• Try it first

Failsafe mode

• Uses only Squashfs
• Ignores settings in JFFS
• Requires wired connection
• Activated by pressing reset switch wile OpenWrt is booting

Hardware reset

• Methods vary
• Results vary
• Worth a shot

Reflash

Methods discussed under "Debricking"

Building it

Why

• Only way to free up space by omitting unused apps
• Allows you to modify settings used in fail-safe mode
• Build-in custom configuration for normal operation
• Build-in custom kernel
• Build image for Mass deployment needing no configuration

How

1. Download/unpack "source" file (consists of patches and make files)
   kernel and application sources are downloaded automatically during make process
2. #make
3. #make menuconfig
4. #make kernel_menuconfig (only to customize kernel)

What

• Builds entire system from source
• Stages all files in a local directory
• Creates quashfs image
• Compiles .trx flash image
• creates .bin files with OEM headers appropriate for all selected traget systems

Extending it

<builddir>\Packages\<packagedir>\makefile

• prepare (download /patch source)
• build (compile rules)
• install (copy binaries to staging directory)

Buildroot

• Builds whole system
• Makes firmware images and installable package files
• Can build packages into rom image

SDK

• Smaller foot print
• Complete cross compile tool-chain
• Build a single package
• Only makes installable package files

Debricking it

Boot_Wait

• Requires support, and reconfiguration
• No extra hardware
• uses tftp
• Easy, reliable, best

Serial Console

• Often requires soldering and adapters.
• Allows you to interact with boot loader
• useful if you forgot to turn Boot_Wait on

JTAG

• Available on Many models
• Allows direct interface with flash chip
• Requires specialized hardware
• Most powerful debricking method
• Easy to make things worse if you don't know what you are doing

Pin Shorting

• requires specialized knowledge of a specific device
• may be used to trick boot loader into Boot_Wait mode
• HIGH potential for damage
• Absolute Last resort