critical WPA2 vulnerabilities afoot, see KRACK attacks (discussion @ /r/KRaCK, HN, /r/netsec, Slashdot)

Linksys WRT54G v4.0

From WikiDevi
Jump to: navigation, search

Linksys WRT54G v4

Manuf/OEM/ODM CyberTAN

FCC approval date: 31 May 2005
Country of manuf.: China
Serial Num. Prefix: CDFA

Local image
Linksys WRT54G-02.jpg

Type: wireless router

FCC ID: Q87-WT54GV40

Power: 12 VDC, 1 A
Connector type: barrel
Conn. measurements: 5 mm (OD), 2.5 mm (ID), 12 mm (LEN)

CPU1: Broadcom BCM5352E (200 MHz)
FLA1: 4 MiB
4,194,304 B
32,768 Kib
4,096 KiB
32 Mib
0.00391 GiB
(Intel TE28F320C3BD90)
RAM1: 16 MiB
16,777,216 B
131,072 Kib
16,384 KiB
128 Mib
0.0156 GiB
(Hynix HY5DU281622ET-J)

Expansion IFs: none specified
JTAG: yes, 12-pin header, unpopulated
Serial: yes, 10-pin header, unpopulated, (115200,8,N,1)

WI1 chip1: Broadcom BCM5352E
WI1 chip2: Broadcom BCM2050
WI1 802dot11 protocols: bg
WI1 antenna connector: RP-TNC

ETH chip1: Broadcom BCM5352E
Switch: Broadcom BCM5352E
LAN speed: 10/100
LAN ports: 4
WAN speed: 10/100
WAN ports: 1

bg

Stock bootloader: CFE

Stock FW OS: Linux

Third party firmware supported: DD-WRT • (List), Gargoyle, OpenWrt, Tomato • (List), TomatoUSB • (List)

Default SSID: linksys (51 addl. devices)
Default IP address: 192.168.1.1
the IP 192.168.1.1 is used by 1025 additional devices
of which 138 are Linksys devices
Default login user: blank
Default login password: admin
blank:admin credentials used by 266 additional devices
of which 137 are Linksys devices

802dot11 OUI: 00:14:BF (9 E, 14 W, 2005)
Ethernet OUI: 00:14:BF (9 E, 14 W, 2005)

 FCC ID
Linksys WRT54G-RGQ87-WT54GV40
Linksys WRT54G-TMQ87-WT54GV40
Linksys WRT54GL v1.0Q87-WT54GV40
Linksys WRT54GL v1.1Q87-WT54GV40
Linksys WRT54GS v3Q87-WT54GV40
Linksys WRT54GS v4Q87-WT54GV40
Linksys WRT54GS v5.0Q87-WT54GV40
Linksys WRT54GS v5.1Q87-WT54GV40
 CPU1 brandWI1 chip1 brandWI1 chip2 brand
Linksys WRT54G v1.0BroadcomBroadcomBroadcom
Linksys WRT54G v1.1BroadcomBroadcomBroadcom
Linksys WRT54G v2.0BroadcomBroadcomBroadcom
Linksys WRT54G v2.2BroadcomBroadcomBroadcom
Linksys WRT54G v3.0BroadcomBroadcomBroadcom
Linksys WRT54G v3.1BroadcomBroadcomBroadcom
Linksys WRT54G v4.0BroadcomBroadcomBroadcom
Linksys WRT54G v5BroadcomBroadcomBroadcom
Linksys WRT54G v5.0BroadcomBroadcomBroadcom
Linksys WRT54G v6.0BroadcomBroadcomBroadcom
Linksys WRT54G v7.0AtherosAtheros
Linksys WRT54G v7.2BroadcomBroadcom
Linksys WRT54G v8.0BroadcomBroadcom
Linksys WRT54G v8.1BroadcomBroadcom
Linksys WRT54G v8.2BroadcomBroadcom
Linksys WRT54GHRalinkRalink
For a list of all currently documented Broadcom chipsets with specifications, see Broadcom.


Wireless-G Broadband Router

 • Support page • Downloads (US)

Links of Interest[edit]

Flashing[edit]

Flashing DD-WRT[edit]

 

The stock firmware from Linksys on the WRT54G v4 won't accept a firmware image over 3MB in size (you will get the error: "Upgrade are failed!" if you try) so you will need to flash the mini version of DD-WRT onto the router BEFORE flashing any other versions.

  1. Read the peacock announcement found here: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=51486
  2. Do a Hard reset or 30/30/30 on the router according to note 1 of the peacock announcement (30/30/30)
  3. Set a static IP on your computer to 192.168.1.7. Subnet mask should be 255.255.255.0.
  4. Connect the lan cable from your computer to a LAN port of your router. Make sure your router is plugged in. Nothing should be connected to your computer or the router except the lan cable between them. Turn your firewall and any wireless computer connections OFF.
  5. Power cycle the router (uplug the power from the router for 30 seconds and then plug it back in)
  6. Open your browser to 192.168.1.1 by putting that in the browser address window of your browser. You should open the linksys webgui and NOT a page that says Management Mode. If you see management mode, power cycle the router again.
  7. Leave the username blank and enter "admin" as the password
  8. Go to administration and firmware upgrade
  9. Navigate to the folder that you are using, and select dd-wrt.v24_mini_generic.bin
  10. Hit upgrade
  11. When you get a success, wait FIVE FULL minutes.
  12. If you don't get success, repeat from steps 6 up to this one. If you still don't get success, clear your browser cache. Try using a different browser as well, to navigate to 192.168.1.1.
  13. When you can access the dd-wrt webgui using a browser at 192.168.1.1, power cycle the router.
  14. When you can again access the dd-wrt webgui using a browser at 192.168.1.1, do another Hard reset or 30/30/30 on the router.
  15. At this point you can choose to put a different build on, depending on what you needs are.
  16. Reset your computer ethernet connection to auto IP and auto DNS
  17. Check for recommended builds here.

Flashing OpenWrt[edit]

Linksys WRT54G

Flashing Tomato[edit]

Flashing Gargoyle[edit]

Install Guide

Upgrading[edit]

Updating DD-WRT

If dd-wrt is already on the router follow these instructions. If stock firmware is on the router follow the flashing instructions.

  1. Check for recommended builds here first.
  2. Set your computer to a static IP of 192.168.1.7. (or to whatever subnet the router is on) Disable all firewalls and security. Disable wireless on your computer and only have the router connected to the flashing computer by the ethernet cable between the two.
  3. Hard reset or 30/30/30 (If the router supports it, if not, reset to defults in the GUI) prior to flashing. Wait. Check for password page on re-login and change password.
  4. Flash firmware. You can use the webgui except if you have a belkin router. (For belkin use tftp.exe to flash)
  5. Wait...at least three minutes. Lights should return to normal. See important2, below. Failing to wait is how most people brick their routers.
  6. Do a power cycle of the router. (Unplug the cord, count to 30 and plug it back in.)
  7. Wait for the lights to return to normal usually about 2 minutes.
  8. Hard reset or 30/30/30 again (If the router supports it, if not, reset to defults in the GUI). Wait. Check for the password page and re-login to change the password. Then you can reconfigure your settings manually.
  9. Once configured set your computer back to autoIP and autoDNS.

Important1: This Hard reset or 30/30/30 works fine for Asus router, but you do have to power cycle after the reset.

Important2: After you flash the firmware, and before you do the hard reset, the router will be building some nvram settings. YOU MUST WAIT FOR THIS TO FINISH PRIOR TO DOING ANYTHING WITH THE ROUTER INCLUDING A HARD RESET. Usually, you can tell when this process is completed by the WAN light coming on, but it does take several minutes. Go have a beer. There are starting to be more and more people who BRICK their routers by not waiting until the nvram is rebuilt, PRIOR to doing a hard reset. YOU NEED TO WAIT!

Reverting[edit]

Reverting to OEM Firmware from DD-WRT[edit]

  1. Read the peacock announcement found here: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=51486
  2. Do a Hard reset or 30/30/30 on the router according to note 1 of the peacock announcement (30/30/30)
  3. Set a static IP on your computer to 192.168.1.7. Subnet mask should be 255.255.255.0.
  4. Connect the lan cable from your computer to a LAN port of your router. Make sure your router is plugged in. Nothing should be connected to your computer or the router except the lan cable between them. Turn your firewall and any wireless computer connections OFF.
  5. Power cycle the router (unplug the power from the router for 30 seconds and then plug it back in)
  6. Open your browser to 192.168.1.1 by putting that in the browser address window of your browser. You should open the linksys webgui and NOT a page that says Management Mode. If you see management mode, power cycle the router again.
  7. Enter your username and password
  8. Go to administration and firmware upgrade
  9. Navigate to the folder that you are using, and select WRT54G_v4.21.1_fw.bin once you've unzipped it.
  10. Hit upgrade
  11. When you get a success, wait FIVE FULL minutes.
  12. When you can again access the Linksys webgui using a browser at 192.168.1.1, do another Hard reset or 30/30/30 on the router.
  13. Reset your computer ethernet connection to auto IP and auto DNS

JTAG-Serial Info[edit]

JTAG[edit]

JTAG Pinouts[edit]

 nTRST   1o o2	GND
   TDI   3o o4	GND
   TDO   5o o6	GND
   TMS   7o o8	GND
   TCK   9o o10	GND
 nSRST  11o o12  N/C

Using Universal JTAG Adapter

 white    1o o2	 black
   red    3o o4	 GND
  blue    5o o6	 GND
 green    7o o8	 GND
 yelow    9o o10  GND
 orange  11o o12  N/C

DD-WRT JTAG Recovery[edit]

  • /noemw /nocwd switches required
  1. Backup CFE x2 (Compare the files, they must match exactly or there is something wrong with your JTAG setup)
  2. Erase Wholeflash x2
  3. Flash CFE
  4. Unplug Power
  5. Unplug JTAG Cable

TFTP

  1. Set Rig ip static 192.168.1.10
  2. Plug network cable from rig to port 1
  3. Get TFTP ready, server ip - 192.168.1.1, Password - blank, file - dd-wrt.v24_mini_wrt54g.bin
  4. Plug in power
  5. As soon as windows says "connected" hit upgrade. May have to use a network hub to make sure windows is always connected.
  6. Hard Reset 30\30\30

Serial[edit]

Serial Pinouts[edit]

 VCC  1 o o 2  VCC
 TX1  3 o o 4  TX0
 RX1  5 o o 6  RX0
 N/C  7 o o 8  N/C
 GND  9 o o 10 GND
Hyper terminal Setup in Windows XP
In Windows XP, Click Start Button - All Programs - Accessories - 
   Communication - HyperTerminal
Enter a name for the connection, Click ok
Choose com port you adapter is plugged into, Click ok
Set:
 Bits per second = 115200
 Data Bits = 8
 Parity = none
 Stop bits = 1
 Flow control = none
Click ok
Click File - Save As, and select a place to save it to so you 
             don't have to enter the settings again.
Putty Setup in Windows XP
After installing putty, run it
 Serial line = The COM port your using for serial (ie. COM3)
 Speed = 115200
Click on Serial under Connection
 Serial line to connect to = same as above (Serial line)
 Speed (baud) = 115200
 Data bits = 8
 Stop bits = 1
 Parity = none
 Flow control = none
Click Session
 Enter a name for your connection under saved sessions
Click Save
Click Open

DD-WRT Serial Recovery[edit]

Modified Redhawk0 instructions

  1. Connect Serial cable
  2. Start one of the programs from above
  3. Get TFTP ready with file selected
  4. Use dd-wrt.v24_mini_wrt54g.bin
  5. Connect power to the router
  6. start a rapid fire Cntl-C as you plug the router to power
  7. type "nvram erase" w/o quotes, hit enter
  8. type "flash -noheader : flash1.trx" w/o quotes, this starts the tftp daemon, hit enter
  9. but have tftp.exe ready
  10. Click go or start on TFTP
  11. give it 5 minutes after it finishes
  12. then power cycle....hard reset...then config
  13. when it stops spitting out txt in the serial console....hit the enter key...you should get a login prompt...at that point, power cycle it, Hard reset or 30/30/30...then config
  14. you'll see it boot up

USB Info[edit]

No USB

vlan Info[edit]

DD-WRT vlan Info[edit]

Defaults[edit]

"/proc/switch/eth0" exists

1 2 3 4 | case labels
3 2 1 0 | nvram port numbers
root@DD-WRT:~# nvram show | grep vlan.ports
vlan1ports=4 5
vlan0ports=3 2 1 0 5*
size: 19872 bytes (12896 left)
root@DD-WRT:~# nvram show | grep port.vlans
port5vlans=0 1 16
port4vlans=0
port3vlans=0
port2vlans=0
port1vlans=0
port0vlans=1
size: 19872 bytes (12896 left)
root@DD-WRT:~# nvram show | grep vlan.hwname
vlan1hwname=et0
vlan0hwname=et0
size: 19872 bytes (12896 left)
root@DD-WRT:~# lsmod
Module Size Used by
ip_nat_pptp 2560 0 (unused)
ip_conntrack_pptp 3036 1
ip_nat_proto_gre 1664 0 (unused)
ip_conntrack_proto_gre 2584 0 [ip_nat_pptp ip_conntrack_pptp]
etherip 5104 0 (unused)
switch-robo 5356 0 (unused)
switch-core 6352 0 [switch-robo]
root@DD-WRT:~# ls /proc/switch
eth0
root@DD-WRT:~# cat /proc/switch/eth0/vlan/0/ports
0 1 2 3 5t*
root@DD-WRT:~# cat /proc/switch/eth0/vlan/1/ports
4 5t
root@DD-WRT:~# cat /proc/switch/eth0/vlan/2/ports
4
root@DD-WRT:~#

nvram commands[edit]

root@DD-WRT:~# nvram set vlan1ports="3 4 5"
root@DD-WRT:~# nvram set vlan0ports="2 1 0 5*"
root@DD-WRT:~# nvram commit
root@DD-WRT:~# reboot

nvram[edit]

Port 1 moved to WAN vlan

root@DD-WRT:~# nvram show | grep vlan.ports
vlan0ports=2 1 0 5*
vlan1ports=3 4 5
size: 19850 bytes (12918 left)
root@DD-WRT:~# nvram show | grep port.vlans
port5vlans=0 1 16
port3vlans=0
port1vlans=0
size: 19850 bytes (12918 left)
port4vlans=0
port2vlans=0
port0vlans=1
root@DD-WRT:~# nvram show | grep vlan.hwname
vlan1hwname=et0
size: 19850 bytes (12918 left)
vlan0hwname=et0
root@DD-WRT:~#

GUI[edit]

Port 4 moved to WAN vlan

root@DD-WRT:~# nvram show | grep vlan.ports
vlan1ports=4 5
vlan0ports=3 2 1 0 5*
size: 20005 bytes (12763 left)
root@DD-WRT:~# nvram show | grep port.vlans
port5vlans=0 1 16
port4vlans=1 18 19
port3vlans=0 18 19
port2vlans=0 18 19
port1vlans=0 18 19
port0vlans=1 18 19
size: 20005 bytes (12763 left)
root@DD-WRT:~# nvram show | grep vlan.hwname
vlan1hwname=et0
vlan0hwname=et0
size: 20005 bytes (12763 left)
root@DD-WRT:~#

Pictures[edit]

DarkShadow's Unit
FCCID Q87-WT54GV40

Notes[edit]

DD-WRT Troubleshooting[edit]

  • If your router fails to reboot (power light doesn't stop flashing, no web interface, etc) you will need to Recover from a Bad Flash.

Hardware Modification[edit]

See Also[edit]