Wireless Nederland

door **Gast** » vr mei 23, 2003 01:18

Hi! I have not seen this posted anywhere so here goes :

as many know the WAP54G runs a MIPS version of the Linux operating system, the firmware file that anyone can download from linksys support site contains a bootloader and the filesystem that runs on the AP.

firmware = 2MB
the first 800k are probably the kernel or PMON
the last 1.2MB are the filesystem.

on any linux system with support for cramfs and the loop file system do this :

open firmware file (2MB) in a text editor like vim or joe and delete all data (first 800k) up to this data

E=Í(............Compressed ROMFS
save file (now we have a 1.2MB file) with the begining "E=Í(............Compressed ROMFS"

now we can mount this filesystem on any linux box
mount -o loop -t cramfs /name.of.1.2MB.file /mnt

now we can see the files inside. in the www directory there is a file called dummy.asp.
try opening it using your browser.

http://IP.ADDR.WAP54G/dummy.asp

here we have options to change the mac address of the AP, look inside the NVRAM, look at the kernel messages....
the POWER options seem to reduce the power ... so no luck yet (32mW is just too low)

http://IP.ADDR.WAP54G/apply.cgi?action=Nvram
http://IP.ADDR.WAP54G/apply.cgi?action=kmsg

there is another cgi script -> http://IP.ADDR.WAP54G/pmon.cgi?
I do not know what this does but a guess it puts the AP in PMON mode http://pmon.groupbsd.org/

I post this to see if someone finds new information about the WAP54G and how one can modifiy its parameters.

I did not find any dummy.asp in the WRT54G firmware....

greetings from Portugal

door **Gast** » vr mei 23, 2003 01:20

post by me vertical
vertical AT wireless.com.pt

door **vertical** » vr mei 23, 2003 01:21

oops forgot to login

door **Trankilo** » vr mei 23, 2003 02:52

Very interesting reading.
Tnx for posting this :top:

door **henkiev** » vr mei 23, 2003 18:35

Thanx for searching and exploring WAP54G...

I don't think I use these options.. but ofcourse maybe later I will.

Perhaps in the future someone finds out how we can select only one antenne output in the wap54g and maybe there's way in powering up the output power of the wap54g...

Thanx.. from Holland

door **Tazzy** » vr mei 23, 2003 20:40

I tested all those urls on my wrt54g... None of them worked.
I run firmware "v1.02.1, Mar. 4, 2003" on my AP

door **vertical** » vr mei 23, 2003 21:05

Tazzy schreef:I tested all those urls on my wrt54g... None of them worked.
I run firmware "v1.02.1, Mar. 4, 2003" on my AP

yes it was like I said the wrt54g doesn't have this file (dummy.asp) I did a listing of the WRT54G server firmware /www directory :

Cysaja.asp Fail_s.asp Forward.asp Routing.asp Success_u_s.asp Wireless.asp index.asp
DDNS.asp Fail_u_s.asp Help.asp Security.asp System.asp common.js index_pppoe.asp
DHCP.asp FilterIPMAC.asp Log_incoming.asp Status.asp WL_ActiveTable.asp firmware_upgrade.asp index_pptp.asp
DHCPTable.asp FilterSummary.asp Log_outgoing.asp Success.asp WL_FilterTable.asp help/ index_static.asp
Fail.asp Filters.asp RouteTable.asp Success_s.asp WL_WEPTable.asp image/ style.css

these are the files contained within.

and the cgi scripts available are:

get_cgi
init_cgi
do_upgrade_cgi
gozila_cgi
apply.cgi
upgrade.cgi
Gozila.cgi <- this one doesn't seem to be called anywhere

I have no ideia if any of these are of interest as I do not have a wrt54g to test.just try out the .asp files.

door **Trankilo** » za mei 24, 2003 02:33

The dummy script works fine whit the 1.06 firmware and is, I think, a interesting development. Maybe the WAP11 is also build on a Linux like basses. And it could dare fore be possible to upgrade a WAP11 to a G machine like US Robotics has done whit there 11b equipment.

I’ve got grate respect for mr Frank from Beverwijk-Wireless regarding the D-Linksys firmware release, so don’t get me wrong. But this particular development will open new doors I’m sure.

It seems the WAP54G is able to make a PPOE connection to a ISP.
For those interested in the Nvram page data, this is from one of mine WAP54G:

Parameters in NVRAM
boardtype = "bcm94710dev"
boardnum = "2"
clkfreq = "125"
et0phyaddr = "30"
et0mdcport = "0"
et1phyaddr = "30"
et1mdcport = "1"
dl_ram_addr = "a0001000"
os_ram_addr = "80001000"
os_flash_addr = "bfc40000"
lan_ipaddr = "192.168.2.1"
lan_netmask = "255.255.255.0"
wan_ipaddr = "192.168.0.172 "
wan_netmask = "255.255.255.0 "
scratch = "a0180000"
boot_wait = "off"
watchdog = "1000"
GemtekPmonVer = "1"
DefaultEthPort = "1"
et0macaddr = "00:11:22:33:44:55"
lan_hwaddr = "00:11:22:33:44:56"
et1macaddr = "00:06:25:4A:8D:CB"
wan_hwaddr = "00:90:4B:02:7C:F6"
lan_ifname = "br0"
lan_ifnames = "eth1 eth2"
lan_hwnames = "et1 wl0"
wan_ifname = "eth1"
wan_hwname = "et1"
os_name = "linux"
os_version = "3.11.30.5"
timer_interval = "3600"
ntp_server = ""
log_level = "0"
time_zone = "PST8PDT"
upnp_enable = "0"
os_server = ""
stats_server = ""
console_loglevel = "1"
log_ipaddr = "0.0.0.0"
log_ipaddr_1 = ""
log_ipaddr_2 = ""
log_ipaddr_3 = ""
log_ipaddr_4 = ""
lan_proto = "static"
lan_stp = "1"
wan_proto = "dhcp"
wan_ipaddr_1 = "192"
wan_ipaddr_2 = "168"
wan_ipaddr_3 = "0"
wan_ipaddr_4 = "240"
wan_netmask_1 = "255"
wan_netmask_2 = "255"
wan_netmask_3 = "255"
wan_netmask_4 = "0"
wan_gateway = "192.168.0.1 "
wan_gateway_1 = "192"
wan_gateway_2 = "168"
wan_gateway_3 = "0"
wan_gateway_4 = "1"
wan_dns = "194.134.5.5 194.134.0.94 "
wan_wins = "192.168.0.1 "
wan_hostname = "Wap54g verguldeP"
wan_domain = ""
wan_lease = "172800 "
static_route = ""
filter_ip = ""
filter_tcp = ""
filter_udp = ""
forward_tcp = ""
forward_udp = ""
dmz_ipaddr = ""
dhcp_start = "192.168.1.100"
dhcp_end = "192.168.1.150"
http_username = ""
http_passwd = "plaintext"
http_wanport = ""
http_lanport = "80"
pppoe_ifname = "eth1"
pppoe_username = ""
pppoe_passwd = ""
pppoe_idletime = "60"
pppoe_keepalive = "0"
pppoe_demand = "0"
pppoe_mru = "1500"
pppoe_mtu = "1500"
wl_ssid = "www.wireless-amersfoort.nl"
wl_country = "Worldwide"
wl_closed = "0"
wl_mode = "ap"
wl_wds = ""
wl_lazywds = "0"
wl_auth_type = "2"
wl_radio = "1"
wl_wep = "off"
wl_auth = "0"
wl_key = "1"
wl_key1 = ""
wl_key2 = ""
wl_key3 = ""
wl_key4 = ""
wl_mac_hwaddr = ""
wl_macmode = "disabled"
wl_mac_index = "0"
wl_passphrase = ""
PassphraseKeyLength = "0"
ap_mode = "0"
wds0 = ""
wds1 = ""
wds2 = ""
wds3 = ""
SNMPEnable = "0"
SYSContact = ""
SYSName = ""
SYSLocation = ""
SNMPCommunityOne = "public"
SNMPCommunityTwo = "private"
RWEnableOne = "0"
RWEnableTwo = "0"
d11b_channel = "11"
d11b_rate = "0"
d11b_rateset = "default"
d11b_frag = "2346"
d11b_rts = "2346"
d11b_dtim = "1"
d11b_bcn = "100"
d11b_plcphdr = "long"
FilterSwitch = "0"
wl_rate_5G = "best"
wl_ssid_5G = "linksys-a"
wl_rts_5G = "2346"
wl_frag_5G = "2346"
wl_dtim_5G = "3"
wl_wep_5G = "off"
wl_key_5G = "0"
wl_key1_5G = ""
wl_key2_5G = ""
wl_key3_5G = ""
wl_key4_5G = ""
wl_auth_5G = "0"
wl_auth_type_5G = "2"
wl_BeaconInterval_5G = "100"
wl_TransmitPower_5G = "0"
wl_TurboMode_5G = "0"
wl_channel_5G = "52"
wl_cipher_5G = "0"
bridge_count_5G = "0"
Bridge_MAC0_5G = ""
Bridge_MAC1_5G = ""
Bridge_MAC2_5G = ""
Bridge_MAC3_5G = ""
ap_mode_5G = "0"
wds0_5G = ""
wds1_5G = ""
wds2_5G = ""
wds3_5G = ""
wl_filter_mode_5G = "0"
wl_mac_5G = ""
d11a_hwaddr = ""
d11a_channel = "64"
d11a_rate = "0"
d11a_rateset = "default"
d11a_frag = "2346"
d11a_rts = "2346"
d11a_dtim = "3"
d11a_bcn = "100"
d11g_hwaddr = "00:06:25:4A:8D:CB"
d11g_channel = "9"
d11g_rate = "0"
d11g_rateset = "default"
d11g_frag = "2346"
d11g_rts = "2346"
d11g_dtim = "3"
d11g_bcn = "100"
d11g_mode = "1"
t11g_mode = "1"
restore_defaults = "0"
curpage = "1"
lastpage = "1"
router_disable = "1"
fw_disable = "0"
restore_defaults_flag = "1"
wl_maclist = ""
FirmwareVersion = "v1.42.05, Feb 21 2003"
filter_maclist = ""
filter_macmode = "disabled"

door **Pwkooistra** » ma mei 26, 2003 09:31

wl_rate_5G = "best"
wl_ssid_5G = "linksys-a"
wl_rts_5G = "2346"
wl_frag_5G = "2346"
wl_dtim_5G = "3"
wl_wep_5G = "off"
wl_key_5G = "0"
wl_key1_5G = ""
wl_key2_5G = ""
wl_key3_5G = ""
wl_key4_5G = ""
wl_auth_5G = "0"
wl_auth_type_5G = "2"
wl_BeaconInterval_5G = "100"
wl_TransmitPower_5G = "0"
wl_TurboMode_5G = "0"
wl_channel_5G = "52"
wl_cipher_5G = "0"

intresting, what to do with it

:D

grtzz pw

door **Wifi-xs** » ma mei 26, 2003 17:33

Zie ik dit nou verkeerd of wordt dit os ook gebruikt voor 5 Ghz,

maar die turbo mode

in iedergeval leuk nieuws

zou deze firmware ook op een gewone pc werken
valt te proberen

door **Leroy** » ma jun 02, 2003 09:52

Hmm.. ff door die filetjes heen gespit.. er is dus een binary file die "wl" heet.. die stuurt de module (driver) aan voor de wirelesslan kaart.. check wat voor strings er onder andere in die file staan (zijn dus waarschijnlijk parameters):

antdiv
Set antenna diversity for rx
0 - force use of antenna 0
1 - force use of antenna 1
3 - automatic selection of antenna diversity

txant
Set the transmit antenna
0 - force use of antenna 0
1 - force use of antenna 1
3 - use the RX antenna selection that was in force during
the most recently received good PLCP header

txpwr
Set tx power in milliwatts. Range [1, 84].

Nu wordt het interessant

Ik ga bezig met het modden van mkcramfs.c & cramfsck.c zodat ik files kan toevoegen aan de "huidige" cramfs image in de firmware van de ap's van linksys.. ze gebruiken een oude versie van cramfs waardoor linksys een "nieuwe cramfs image" niet accepteerd in een firmware file..

Hopelijk kan ik hiermee over een tijdje bijvoorbeeld telnet & een shell eraan toevoegen zodat je "ff met kunt inloggen op je ap en in een shell belandt"

Greetz,

Leroy

door **Wifi-xs** » ma jun 02, 2003 15:28

nu alleen nog weer omvormen tot echte firmware en klaar is kees,

dan hebben we eindelijk een ap met goede specs

TX Power: 84 mW
geen antenne diversity

kortom we kunnen de wap54g in gaanzetten in onze netwerken

door **nightwatcher_b** » ma jun 02, 2003 15:55

Keep up the good work!!!
Zou heel mooi zijn als de antenne diversity eruit is.
Extra vermogen kan natuurlijk ook geen kwaad

Ga zo door Leroy, laat ff weten als je weer verder bent gekomen.
Special thnx to vertical of course!!

Maar als dit waar is dan zou linksys toch gemakkelijk een filmware kunnen uitbrengen zonder diversity

En waarom niet meer vermogen, waarom niet op maximaal?

door **henkiev** » ma jun 02, 2003 18:21

thnx mates..

We hope that we soon can adjust our wap54g so that we can use antenne selection... and ofcourse the power up....

Leroy ik hoop dat het aanpassen gaat lukken..

and ofcourse vertical.. thanx for posting.

door **Leroy** » di jun 03, 2003 13:34

Status update:
Ik kan nu m'n eigen firmware maken.. CRC checking heb ik al gefixt

damn hele avond gisteren bezig geweest maar het is ZONET gelukt! ik heb nu een nieuwe firmware erop geflasht die 1 byte verschilt met de originele

tevens kan ik ook al een cramfs image maken met dezelfde indeling zoals die standaard in de wap54g zit

this makes my day

Jullie horen snel meer ..

Wireless Nederland

WAP54G hidden information and inside info

WAP54G hidden information and inside info

dit is interesant

Dit is leuk nieuws

Wie is er online