Linksys Hacked Firmware
Of all the great DIY projects at this year's Maker Faire, the one project that really caught my eye involved converting a regular old $60 router into a powerful, highly configurable $600 router. The router has an interesting history, but all you really need to know is that the special sauce lies in embedding Linux in your router. I found this project especially attractive because: 1) It's easy, and 2) it's totally free.
Hack Attack: Maker Faire Highlights
by Adam Pash
Read more ReadFeb 20, 2016 - This post is for information sharing purposes: I have a 2 year old Linksys WRT 1900AC attached to my Arris cable modem. The Linksys router is.
Advertisement
So when I got the chance, I dove into converting my own router. After a relatively simple firmware upgrade, you can boost your wireless signal, prioritize what programs get your precious bandwidth, and do lots of other simple or potentially much more complicated things to improve your computing experience. Today I'm going to walk you through upgrading your router's firmware to the powerful open source DD-WRT firmware.
Photo by puruan.
Update: This is a rather old post at this point, and much has changed in the world of DD-WRT. For one, DD-WRT now supports considerably more devices, and it's much easier than it used to be. Check out our updated guide to supercharging your router with DD-WRT to see how it works. And, for an alternative to to DD-WRT with a simplified interface and fancy charts and graphs, check out our other guide to turning your $60 router into a user-friendly super router with Tomato.
Advertisement
What you'll need:
- One of the supported routers. I used a Linksys WRT54GL Wireless router that I picked up from Newegg, and the instructions that follow detail the upgrade process specifically for that router and its close siblings. If you're upgrading one of the other supported routers, you might want to look into instructions specific to your router. These instructions may generally work for other supported routers, but I'm not making any promises.
- The generic DD-WRT v23 SP1 mini firmware version located here.*
- The generic DD-WRT v23 SP1 standard firmware version located here.*
*You'll be upgrading the firmware twice, first using the mini firmware, then using the standard.
Advertisement
Upgrading your router to the DD-WRT firmware
Check out this gallery for the detailed step-by-step upgrade with screenshots. When you're finished, come back here for some of my favorite tweaks.
Advertisement
Update, October '07: Reader Josh Harris writes in:
All the new WRT54G routers being sold now are v8, and the previous DD-WRT software didn't work on them. However, recent versions added support for the new v8 router— but it's a little more in depth.
Got this to work on the WRT54G v8 (should work on 7 as well, just replace the files with the corresponding 7 version):
First of all, use IE explorer. Firefox didn't work at all on this for me, even after install. Second, go to this page. Read the textfile carefully and follow its instructions. Two edits to the textfile:
1. Make sure you go to command prompt and type ipconfig /all. Record the default gateway, the subnet mask, and the two DNS addresses. When you set the IP address manually on your desktop/laptop to 192.168.1.100 as per the instructions, you will need to set these 4 numbers as well.
2. Don't forget when you do the tftp that you need to be in the folder that contains the downloaded dd-wrt.v24_micro_wrt54gv8.bin file (for example, if it is in C:/Downloads, type /cd C:/Downloads).
Lastly don't forget you need to be on a wire to the router, and download both vxworkskillerGv8.bin and dd-wrt.v24_micro_wrt54gv8.bin before you start. Following this procedure will install the micro version on your router.
After this, switch your laptop/desktop back to receiving your IP address via DHCP rather than the manual configuration you set as per the instructions. You will be able to access the DD-WRt micro install via 192.168.1.1 with the login username root and the password admin. From here, you still need to install the DD-WRT standard.
Unfortunately, you cannot go any farther than this with WRT54G v7 and v8 because Linksys downgraded the physical memory in these recent models. However, micro is still an improvement over the original Linksys firmware.
Advertisement
Boost your wireless signal
The first thing I did after I finished the firmware upgrade was give my wireless signal a much needed boost ('needed' in the sense any signal boosting that can be done needs to be done, right?). Doing so is trivial.
Go to the Wireless tab, then to Advanced Settings. Find the entry labeled Xmit Power, which is set by default at a paltry 28mW, and can be set up to 251mW. To be honest, I don't know much about the science of the whole process, but I do know that 251 is WAY bigger than 28. However, you probably don't want to pump it up to 251mW right away.
Advertisement
The DD-WRT manual suggests that a 'safe increase of up to 70 would be suitable for most users.' Anything too much above that and you'd be flirting with overheating your router and damaging the life of your router (though I've heard that many people have pushed it up to 100 or above). So go ahead and change your Xmit Power to 70 and click the Save Settings button at the bottom of the page.
I can't measure for sure how the signal boost has improved things for me since I've just moved into this apartment, but I can say that the signal is full bars pretty much anywhere I go. How's that for scientific?
Advertisement
Hack Attack: Apartment hunting 101
by Adam Pash
Read more ReadThrottling your bandwidth by program
While most routers treat one request for bandwidth the same as any other, your new $600 router is a step above. By setting up QoS (Quality of Service) rules, you can give priority to your interactive traffic (like VoIP, web browsing, or gaming) while throttling traffic that doesn't require a steady rate of bandwidth to function (like P2P programs).
Advertisement
Doing so will ensure that even if your network gets clogged with lots of file sharing, you'll still have enough bandwidth left over to make all of your free SkypeOut phone calls. If you've got roommates who tend to sponge up a lot of bandwidth, you can even prioritize by IP address.
Free calls to any phone with SkypeOut
Skype has just announced free SkypeOut calling to any phone (landline or mobile) within the US and…
Read more ReadWhat to do if you brick your router
Linksys Firmware Update Wrt54g
Advertisement
If, god forbid, while flashing your firmware you end up 'bricking' your router, don't worry - all is not lost. The DD-WRT wiki (a great resource of all things DD-WRT) can help you recover from a bad flash.
Of course, your router will handle securing your network, port forwarding, and all the other things your regular old router does.
Geek to Live: How to access a home server behind a router/firewall
by Gina Trapani
Read more ReadAdvertisement
Linksys Firmware Downgrade
Obviously I've just scratched the surface here, so if you decide to try this out, there's a lot of potential for other things you can do. Any readers tricked out a router with DD-WRT or one of the other open source distros? Tell us what tweaks have worked for you in the comments or at tips at lifehacker.com.
Adam Pash is an associate editor for Lifehacker who loves a good signal boost. His special feature Hack Attack appears every Tuesday on Lifehacker. Subscribe to the Hack Attack RSS feed to get new installments in your newsreader.
Your Wi-Fi router, sitting in the corner of your home accumulating dust and unpatched security flaws, provides an attractive target for hackers. Including, according to a new WikiLeaks release, the CIA.
On Thursday, WikiLeaks published a detailed a set of descriptions and documentation for the CIA's router-hacking toolkit. It's the latest drip in the months-long trickle of secret CIA files it's called Vault7, and it hints at how the agency leverages vulnerabilities in common routers sold by companies including D-Link and Linksys. The techniques range from hacking network passwords to rewriting device firmware to remotely monitor the traffic that flows across a target's network. After reading up on them, you may find yourself itching to update your own long-neglected access point.
Inside Vault 7
Routers make an appealing entry point for hackers, the CIA included, in part because most of them offer no easily accessible interface or performance giveaways when they've been compromised. 'There’s no sign to tell you whether your router is hacked or not—you’re just on the internet as normal,' says Matthew Hickey, a security researcher and founder of the firm Hacker House, who's analyzed the documents. 'The only thing is that everything you’re doing on the internet is going through the CIA.'
According to the leaked documentation, the CIA's router-hacking killchain seems to start with a tool called Claymore, which can scan a network to identify devices and then launch the CIA's router-hacking exploits. The leaked files cite two specific exploits, named Tomato and Surfside. Tomato appears to target vulnerabilities in at least two routers sold by D-Link and Linksys, and is designed to steal those devices' administrative passwords. The files also note that at least two other routers sold by Linksys could be targeted with Tomato after a few more 'manweeks' of development.
The files don't explain Surfside in any detail, or exactly how the Tomato exploit works, though the documentation hints that it may abuse a protocol called UPNP that security researchers have long warned represents a security liability. It's not clear if the vulnerabilities that the exploits attack still exist in devices, or if the manufacturers have fixed them, given that WikiLeaks' Vault 7 files appear to date to early 2016 at the latest. (Neither D-Link nor Linksys responded immediately to a request for comment.) Even if they've made a patch available, though, the difficulty of updating router firmware means vulnerabilities often go unaddressed at the consumer level for years. Hickey also notes that the default admin password often resides printed on a sticker on the back on the router; for models on which Tomato or Surfside don't work, physical access could.
With those credentials, a CIA hacker can then install their own custom firmware, which it calls Flytrap, on a victim's router. That malicious firmware can monitor the target's browsing, strip the SSL encryption from web links they click, and even inject other exploits into their traffic, designed to offer access directly to the target's PC or phone. Yet another piece of software, called CherryTree, serves as a command-and-control system for those hacked routers, allowing operators to monitor and update the infected network devices from a browser-based interface called CherryWeb.
'Everything you’re doing on the internet is going through the CIA.' —Matthew Hickey, Hacker House
Given the general insecurity of the average home router, it shouldn't come as a surprise that one of the world's most well-resourced spy agencies has exploited them for surveillance. But the details of those hacking tools should, if nothing else, serve as a reminder to patch your own home router, as frustrating a process as that may be.
Hacker House's Hickey says that if users stay vigilant in keeping their router updated, there's no direct evidence in the CIA leak that their router would be vulnerable to the agency's spying. But given that most users don't frequently update their routers, and consumer antivirus software doesn't track router malware either, WikiLeaks' release demonstrates just how much of a hacking bonanza the world's Wi-Fi access points may offer to capable hackers. 'Almost every home has a wireless router, and we don't have many tools to check what’s going on on those devices,' Hickey says. 'So it's quite a stealthy way to get malware into someone’s home.'
Related Video
SecurityWhat is a DDoS Hack and How Do You Avoid Them?
Linksys Router Hacked Firmware
DDoS! It stands for distributed denial of service, a kind of attack that turns insecure, internet-connected devices into a sort of zombie army. So here's how you can avoid being part of that zombie army.