At last there is available a nice piece of hardware - the Hacking WiFi Nets II. - Crack WPA tutorial might be ready even this year, also(?) remake of Linksyse into Wardrive Bot and tutorial Hacking Linksys (extended memory) as planned previously. Access Point Linksys WRT54GL was choosen on purpose. There also exists an upgrade which has the USB port (as well as other AP for example Asus) but then there won't be nothing to remake :) I have to mention that this article will have at least 3 parts. In this first part will be described how to change firmware and potential problems.
Alternative firmware flash
As an alternative firmware I have used for the flash OpenWRT Kamikaze 7.07. The first flash was OK because the web administration interface was available. The process:
1. Connect the AP by delivered ethernet cable to PC. (LAN card -> AP port no.1). The card in PC was by DHCP provided by IP address 192.168.1.100. I have in my PC several network cards so it was fighting for a while even though I have configurated prerouting. Rambling of packets was solved by refresh of IP address on the card which is in the PC the gate into internet.
sudo dhclient ath0
After this everything runs as it should and ping on Linksys works.
2. In AP administration do reset into factory setting.
3. Download and in administration record firmware into AP. I have used this source.
I have connected to Access Point by telnet
telnet
> open 192.168.1.1
changed password by command
passwd
new password
password confirmation
Restart and connection by ssh.
Upgrade onto newer firmware
After a while I have found out that there is a newer version 7.09. So I have said to myself why not "flash" it once again. Wget from Linksys router did not work
wget http://downloads.openwrt.org/kamikaze/7.09/brcm-2.4/openwrt-brcm-2.4-squashfs.trx
No route to host..
No route to host..
..I have not set the DNS and before realizing it. Finaly I have downloaded the packet manualy, set it off on PC SSH server and copy it from Linksys by scp command. At the same situation you can download it to desktop (you have to run the command from the desktop shell)
wget http://downloads.openwrt.org/kamikaze/7.09/brcm-2.4/openwrt-brcm-2.4-squashfs.trx
and copy in the packs from router console:
cd /tmp
scp -r airdump@192.168.1.100:/tmp/linksys/openwrt-brcm-2.4-squashfs.trx /tmp
Don't forget write command
mtd write openwrt-brcm-2.4-squashfs.trx linux && reboot
Graphic administration interface
Although (httpd after restart runs) someone can think that GUI is a standard (as well as did I in the first moment)
the OpenWRT does not include the grafic interface for Linksys router configuration. No grafic what now? To set everything that is necessary can be done by console or use (with Open WRT paralel) project called X-Wrt to enable web GUI interface. Solution is installation haserl and webif packages.
Download and install packs (wget from router kamikaze 7.07)
wget http://downloads.x-wrt.org/xwrt/kamikaze/7.07/brcm-2.4/packages/haserl_0.8.0-1_mipsel.ipk wget http://downloads.x-wrt.org/xwrt/kamikaze/7.07/brcm-2.4/webif_latest.ipk
ipkg install haserl_0.8.0-1_mipsel.ipk ipkg install webif_latest.ipk
Download and install packs (wget from router kamikaze 7.09)
wget http://downloads.x-wrt.org/xwrt/kamikaze/7.09/brcm-2.4/packages/haserl_0.8.0-2_mipsel.ipk wget http://downloads.x-wrt.org/xwrt/kamikaze/7.09/brcm-2.4/webif_latest.ipk
ipkg install haserl_0.8.0-2_mipsel.ipk ipkg install webif_latest.ipk
Manual instalation from desktop (version 7.09)
wget http://downloads.x-wrt.org/xwrt/kamikaze/7.09/brcm-2.4/packages/haserl_0.8.0-2_mipsel.ipk wget http://downloads.x-wrt.org/xwrt/kamikaze/7.09/brcm-2.4/webif_latest.ipk
scp -r airdump@192.168.1.100:/tmp/linksys/haserl_0.8.0-2_mipsel.ipk /tmp scp -r airdump@192.168.1.100:/tmp/linksys/webif_latest.ipk /tmp
ipkg install haserl_0.8.0-2_mipsel.ipk ipkg install webif_latest.ipk
That scp, I know its like scratching your left ear with your right hand but I haven't came up with anything better :). Packets (plural) is writen on purpose becausewebif is not enough. Installation depends on packet haserl (first install haserl)
Setting the password is to be repeated, after telnet restart and so on.
And this is the result ..the heart is beating :)
Interesting "article".
Interesting "article". Waiting for the other parts! =)
Superb
Oh, this goes in bookmarks. I'm interested in cracking part.
I think i did something wrong
Ok, here is my story. I have a wrt54gs v1.1 router. I upgraded from whiterussian to kamikaze 7.09 url (2.6-squashfs.bin), but I had no web gui so I thought if I just upgraded a firmare of kamikaze with x-wrt already in it would work url (2.4-squashfs.bin) I did it doing this commands from router console
wget http://downloads.x-wrt.org/xwrt/kamikaze/7.09/brcm-2.4/openwrt-wrt54gs-2.4-squashfs.bin
mtd write openwrt-wrt54gs-2.4-squashfs.bin linux && reboot
It apparently performed the upgrade but I have no access to the router either by telnet or web gui. It does assigned IP's What do I do now? Thank you very much for any feedback
Linksys Help
You can use recovery mode.. After reboot you can connect to special port - sniff it with Wireshark.. You can connect from console.
More details about this method of recovery
Which port?,
I google a bit about this and I can't find the steps to do this? Where can I find them?
Many thanks!
Post new comment