-
-
Save HackingGate/b75ac856397075756ea878380c5b848c to your computer and use it in GitHub Desktop.
VERSION=19.07.7 | |
# Download imagebuilder for R7800. | |
aria2c -c -x4 -s4 https://downloads.openwrt.org/releases/${VERSION}/targets/ipq806x/generic/openwrt-imagebuilder-${VERSION}-ipq806x-generic.Linux-x86_64.tar.xz | |
# Extract & remove used file & cd to the directory | |
tar -xvf openwrt-imagebuilder-${VERSION}-ipq806x-generic.Linux-x86_64.tar.xz | |
rm openwrt-imagebuilder-${VERSION}-ipq806x-generic.Linux-x86_64.tar.xz | |
cd openwrt-imagebuilder-${VERSION}-ipq806x-generic.Linux-x86_64/ | |
# Use https when making image | |
sed -i 's/http:/https:/g' repositories.conf | |
# Make all kernel modules built-in | |
sed -i -e "s/=m/=y/g" build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/linux-ipq806x_generic/linux-*/.config | |
# Run the final build configuration | |
make image PROFILE=netgear_r7800 \ | |
PACKAGES="ca-bundle ca-certificates libustream-openssl -ppp -ppp-mod-pppoe \ | |
uhttpd uhttpd-mod-ubus libiwinfo-lua luci-base luci-app-firewall luci-mod-admin-full luci-theme-bootstrap \ | |
-wpad-mini -wpad-basic wpad-openssl usbutils block-mount e2fsprogs samba4-server luci-app-samba4 \ | |
aria2 luci-app-aria2 ariang stubby curl wget tcpdump kmod-fs-ext4 kmod-usb-storage kmod-usb-storage-uas" | |
# list result | |
ls $PWD/bin/targets/ipq806x/generic |
# To use opkg via https | |
opkg update | |
opkg install ca-bundle ca-certificates libustream-openssl curl wget | |
sed -i 's/http:/https:/g' /etc/opkg/distfeeds.conf | |
# DoH with Dnsmasq and https-dns-proxy | |
# https://openwrt.org/docs/guide-user/services/dns/doh_dnsmasq_https-dns-proxy | |
opkg install https-dns-proxy luci-app-https-dns-proxy | |
# pkg-upgrade.sh | |
wget https://gist.github.com/HackingGate/b75ac856397075756ea878380c5b848c/raw/db404b6028b9136b47192ce90f3520e97a3faa3e/pkg-upgrade.sh | |
chmod +x pkg-upgrade.sh | |
./pkg-upgrade.sh | |
# sys-upgrade.sh | |
wget https://gist.github.com/HackingGate/b75ac856397075756ea878380c5b848c/raw/725c991f7286400e4f0d6ae5f993f8dd17caca90/sys-upgrade.sh | |
chmod +x sys-upgrade.sh | |
./sys-upgrade.sh | |
# Capturing packets | |
opkg install tcpdump | |
# Deploy WPA3 Wi-Fi | |
opkg remove wpad-mini wpad-basic | |
opkg install wpad-openssl | |
/etc/init.d/network restart | |
# Using storage devices | |
opkg update | |
opkg install kmod-usb-storage | |
opkg install kmod-usb-storage-uas | |
opkg install usbutils | |
lsusb -t | |
opkg install block-mount | |
block info | grep "/dev/sd" | |
lsusb -t | |
opkg install e2fsprogs | |
opkg install kmod-fs-ext4 | |
block detect | uci import fstab | |
uci set fstab.@mount[-1].enabled='1' | |
uci set fstab.@global[0].check_fs='1' | |
uci commit fstab | |
uci show fstab | |
service fstab boot | |
# SMB Samba4 | |
opkg install samba4-server | |
opkg install luci-app-samba4 | |
# Aira2 and ariang | |
opkg install aria2 | |
opkg install luci-app-aria2 | |
opkg install ariang |
#!/bin/sh | |
set -e | |
# Force HTTPS | |
sed -i 's/http:/https:/g' /etc/opkg/distfeeds.conf | |
# Update packages | |
opkg update | |
for ipk in $(opkg list-upgradable | awk '$1!~/^base-files|^kmod|^Multiple/{print $1}'); do | |
opkg upgrade $ipk | |
done | |
# Download bt trackers | |
TRACKERS=`curl -s https://raw.githubusercontent.com/ngosang/trackerslist/master/trackers_best.txt \ | |
| tr '\n' ' ' \ | |
| sed 's/ *$//'` | |
echo "Updating /etc/config/aria2 bt_tracker" | |
# Delete config | |
sed -i "/list bt_tracker/d" /etc/config/aria2 | |
# Append config | |
echo -e "\tlist bt_tracker '$TRACKERS'" | tee -a /etc/config/aria2 | |
# Download netboot.xyz | |
wget https://boot.netboot.xyz/ipxe/netboot.xyz.efi -O /root/tftp/netboot.xyz.efi |
#!/bin/sh | |
set -e | |
OPENWRT_TAG=`git ls-remote git://github.com/openwrt/openwrt.git | grep -E -o 'v[0-9]+\.[0-9]+\.[0-9]+' | tail -1` | |
OPENWRT_VERSION=`echo ${OPENWRT_TAG} | grep -E -o '[0-9]+\.[0-9]+\.[0-9]+'` | |
rm -f *.manifest manifest.diff | |
# Use sed remove vlmcsd | |
opkg list-installed | sed '/vlmcsd/d' | tee list-installed.manifest | |
wget https://downloads.hackinggate.com/openwrt-${OPENWRT_VERSION}-ipq806x-generic-netgear-r7800/openwrt-${OPENWRT_VERSION}-ipq806x-generic-device-netgear-r7800.manifest | |
diff openwrt-${OPENWRT_VERSION}-ipq806x-generic-device-netgear-r7800.manifest list-installed.manifest | tee manifest.diff | |
FILE1_LINES=`cat manifest.diff | grep '<' | wc -l` | |
FILE2_LINES=`cat manifest.diff | grep '>' | wc -l` | |
# n1 -ge n2 True if the integer n1 is algebraically greater than or equal to the integer n2. | |
# n1 -gt n2 True if the integer n1 is algebraically greater than the integer n2. | |
if [ ${FILE1_LINES} -ge 0 ] && [ ${FILE1_LINES} -eq ${FILE2_LINES} ] | |
then | |
echo "Upgrading to ${OPENWRT_TAG}" | |
rm -f openwrt-${OPENWRT_TAG}-ipq806x-generic-netgear_r7800-squashfs-sysupgrade.bin | |
wget https://downloads.hackinggate.com/openwrt-${OPENWRT_VERSION}-ipq806x-generic-netgear-r7800/openwrt-${OPENWRT_VERSION}-ipq806x-generic-netgear_r7800-squashfs-sysupgrade.bin | |
# -o attempt to preserve all changed files in /, except those | |
# from packages but including changed confs. | |
sysupgrade -o openwrt-${OPENWRT_VERSION}-ipq806x-generic-netgear_r7800-squashfs-sysupgrade.bin | |
fi |
DoH with Dnsmasq and https-dns-proxy
https://openwrt.org/docs/guide-user/services/dns/doh_dnsmasq_https-dns-proxy
opkg install https-dns-proxy luci-app-https-dns-proxy
PS4 Remote Play
Common Ways To Remote Play While Away Home
-
The official PS Remote Play app away home play feature
I'm currently using v6プラス(based on MAP-E) option from my ISP. I have public IPv4/v6 addresses but I have only SOME IPv4 ports available. I failed to connect my PS4. -
The official PS Remote Play app in-home play feature with a home VPN server
This method works on OSI-layer 2 VPN but not on layer 3.
WireGuard is layer 3. And I have no plan to start a OpenVPN TAP mode (layer 2) VPN.
The solution (the third way to remote play)
Prepare a layer 3 home VPN server.
Use Chiaki instead of official PS Remote Play. (I learned here)
Seems Chiaki don't wake PS4 on LAN. So I installed ps4-waker on my home Raspberry Pi.
Just follow the link and setup it.
The result
- Set PS4 to Rest Mode before leave home. (Don't Power Off)
- SSH into home Raspberry Pi.
- Run
ps4-waker
command will wake up PS4. - Connect to home VPN (layer 3).
- Open Chiaki any enjoy it.
Block Country IPs
Tutorial for how to boycott CN IPv4 on OpenWrt.
Script from here https://github.com/kravietz/blacklist-scripts
CIDR IP list from my project https://country-ip-blocks.hackinggate.com
OpenWrt Setup
Install
opkg install ipset curl
wget https://raw.githubusercontent.com/kravietz/blacklist-scripts/master/blacklist.sh
mv blacklist.sh /etc/firewall.user
Create /etc/ip-blacklist.conf
URLS="https://country-ip-blocks.hackinggate.com/CN_IPv4.txt"
Edit /etc/firewall.user
I don't have pppoe-wan
and the blocklist don't work.
I replaced IN_OPT="-i $wan_iface"
with IN_OPT=""
and it works now. (kravietz/blacklist-scripts#6)
Activate
# Manual run
sh /etc/firewall.user
# Daily update
echo "01 01 * * * sh /etc/firewall.user" >>/etc/crontabs/root
Check & Test
ipset list -name
Two new sets are added
manual-blacklist
country-ip-blocks.hac
View blocked CN IPv4 entries
ipset list country-ip-blocks.hac
Here's how to use manual-blacklist
.
ipset add manual-blacklist 8.8.8.8
ipset list manual-blacklist
ping 8.8.8.8
ipset del manual-blacklist 8.8.8.8
ping 8.8.8.8
Block Multi Lists
Example of /etc/ip-blacklist.conf
# Emerging Threats lists offensive IPs such as botnet command servers
URLS="https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt"
# Blocklist.de collects reports from fail2ban probes, listing password brute-forces, scanners and other offenders
URLS="$URLS https://www.blocklist.de/downloads/export-ips_all.txt"
URLS="$URLS https://country-ip-blocks.hackinggate.com/CN_IPv4.txt"
URLS="$URLS https://country-ip-blocks.hackinggate.com/HK_IPv4.txt"
URLS="$URLS https://country-ip-blocks.hackinggate.com/MO_IPv4.txt"
All set will name country-ip-blocks.hac
and override.
To fix it. Edit /etc/firewall.user
. Insert script between the two lines. L116
# download the blocklist
set_name=$(echo "$url" | awk -F/ '{print substr($3,0,21);}') # set name is derived from source URL hostname
curl -L -v -s ${COMPRESS_OPT} -k "$url" >"${unsorted_blocklist}" 2>"${headers}"
Will be
# download the blocklist
set_name=$(echo "$url" | awk -F/ '{print substr($3,0,21);}') # set name is derived from source URL hostname
# autodetect country-ip-blocks.hackinggate.com
if echo "${url}" | grep -q 'country-ip-blocks.hackinggate.com'; then
set_name=$(echo "$url" | awk -F/ '{print substr($4,0,21);}')
fi
curl -L -v -s ${COMPRESS_OPT} -k "$url" >"${unsorted_blocklist}" 2>"${headers}"
sh /etc/firewall.user
and ipset list -name
will be
manual-blacklist
rules.emergingthreats
www.blocklist.de
CN_IPv4.txt
HK_IPv4.txt
MO_IPv4.txt
Check if there's entries
ipset list CN_IPv4.txt | wc -l
netboot.xyz
cd /root
mkdir tftp
cd tftp
wget https://boot.netboot.xyz/ipxe/netboot.xyz.efi
Edit /etc/config/dhcp
config dnsmasq
...
option enable_tftp '1'
option dhcp_boot 'netboot.xyz.efi'
option tftp_root '/root/tftp'
config dhcp 'lan'
...
list dhcp_option '66,0.0.0.0'
/etc/init.d/dnsmasq restart
Upgrade OpenWrt
auc
Advertise DNS server
/etc/config/dhcp
config dhcp 'lan'
...
list dhcp_option '6,192.168.4.45'
R7800 Debricking
[OpenWrt Wiki] Netgear R7800 (Nighthawk X4S AC2600) Debricking
On macOS the
tftp
command is a little different.References
More about
launchctl
: https://apple.stackexchange.com/a/308421/105981Commands