Linksys router notes

linksys-notes.txt

# Disassembly

## WRT54G

Pull off the blue front bezel at one edge. The black main case is hooked below 
the blue bezel below the side edge.

http://blog.irrashai.com/blog/2008/09/how-to-crack-open-a-wrt54g-router/

# Serial Port
On all models that I have (WRT54G, WRT54GS, WRT54GL), the serial port is on 
the 10-pin header below the blue front bezel:

Pin  2: 3.3V
Pin  4: Tx (ttyS0)
Pin  6: Rx (ttyS0)
Pin  8: NC
Pin 10: GND

TTL adapter "Sparkfun 3.3 V FTDI Basic" works flawlessly. 115200 bps 8N1.

http://www.rwhitby.net/projects/wrt54gs

# Flashing from the CFE prompt

With the serial port in place, flashing is mostly painless, independent of the 
boot_wait setting.

On my Mac, I prepare the tftp client:

$ tftp 192.168.1.1
tftp> bin
tftp> rexmt 1


On the WRT, I press Ctrl+C on the serial line immediately after powering on and 
get to the CFE prompt. From there, I start flashing:

CFE> nvram erase
CFE> flash -ctheader : flash1.trx

And immediately on the Mac:

tftp> put foo.bin

(Still no proper solution for code pattern mismatch, though.)

CFE> flash -ctheader : flash1.trx                                               
Reading :: CODE Pattern is CORRECT!                                             
upgrade_ver[v4.70.6] upgrade_ver[47006] 4712_ver[15000]                         
Done. 1418240 bytes read                                                        
fname=flash1.trx                                                                
CODE Pattern is correct! (W54S)                                                 
Programming...done. 1418208 bytes written                                       
*** command status = 0                                                          
CFE> reboot

http://www.dd-wrt.com/wiki/index.php/Serial_Recovery#Serial_Commands

# WPA/WPA2 on OpenWRT White Russian

ipkg update
ipkg install nas