Currently working on a script that will automate the "hack" of the router, including updating the router on the fly instead of flashing it.

Just trying to find some place where to put it all. Will probably need about 50Mb of space for everything... Any one that could reccomend a good free provider, or that want to host the page for me?

If you want to host it for me drop me a mail on pakar(at)imperialnet.org

Now a page exists for this...

http://wifi.rulez.org/wgt634u/

The 634U doesn't have a boot_wait flag. But you can "emulate" that by setting the ENV var "STARTUP" to the following value:

"ifconfig eth0 -addr=192.168.1.150 -mask=255.255.255.0;boot -z -elf -tftp 192.168.1.100:vmlinux.gz;boot -z -elf flash0.os"

192.168.1.150 = IP Address of the 634U
192.168.1.100 = IP Address of a TFTP server
vmlinux.gz = GZip compressed elf kernel to fetch and run from the TFTP server.

This will try to download the file from the TFTP server. If the download fails it will fall back to boot from flash.

BE CAREFULL: I dont know wether the default kernel of Netgear is compressed. If it is not you need to remove the "-z" to load uncompressed files. Check the contents of STARTUP before overwriting it!

Hope this helps,
  Florian

Thanks for the very useful info!! Finally i think i will have the courage to upgrade the kernel atleast

btw, the current STARTUP is set to:
STARTUP=ifconfig eth0 -addr=192.168.1.1 -mask=255.255.255.0;boot -elf flash0.os:

Just cant understand why netgear did not implement the boot_wait and tftp_server in the router.. With this "auto upgrade" feature i just wonder how many people will make doorstop's out of their routers due to powerfailues and sutch.

Hi,

i'm not entirely sure how the Netgear upgrade process works. The flash layout is totally different and it might be the case that the fallback tftp server is in a readonly area of the flash and is invoked after a broken upgrade. Haven't investigated that.

Anyway i like the Netgear approach much more. Its possible to boot a kernel without actually flashing it. So if its a broken kernel - nevermind just powercycle and you're good to go again. It helped me much during the kernel development phase.

Best,
  Florian

Yep, that feature is quite nice... The only problem is when you put a bad flash on the box..

I have some pointers on how they do the flashing... Just check the page: http://wifi.rulez.org/wgt634u/, thoe the inner process of the flashing is nothing that i really understand... dd to the flash-disk and it's done..

I would also want to attach a console to this unit for the troubleshooting while booting new kernels and stuff... Do you or anyone else have a pinout of the ports in the unit?

Hi,

i've a console. It's the 4 pin connector near the flash. The non soldered one is ttyS0 and the soldered one is ttyS1. Fortunately the console is on ttyS1 so you can use the available header.

Dont know the pinout offhand but its easy to measure:

1. 3.3v or GND
2. RX or TX
3. TX or RX
4. GND or 3.3v

You'll need a level converter.

Best,
   Florian

Thanks for the info... I put the info on my wgt634u page and will post the correct pinout later when i have checked it, and schematics on the interface.

Here is how I managed to unpack the last part of image-file with LRP-packages (tgz-format)

Some strange thing with this firmware is that it contains a telnetd-package which is not included in "GPL-sources"!!!!
But it's not possible to login to it because of missing libncurses which it's depending on (found on LEAF list)...

I didn't manage to create a root ftp-account on version 1.4.1.8 with the "posting.html" hack! Maybe I need to edit some cgi-script(s) first.. But almost every file is 777.

Does anybody yet managed to set up toolchains and compiled an own kernel?

/Claes

Hi,

i "hacked" into the router by backuping the configuration through the web interface, then modifing the passwd file and restoring the config through the web interface again. The netgear software isn't very interesting IMHO.

To build your own kernel you can use the Linksys toolchain or build our own using the ublibc build system (this is what i'm doing).

Back in the days where i negotiated with Netgear about the release of the GPL sources their kernel wasn't building out of the box. Dunno wether they fixed that in the meantime. I'm running a 2.6.x kernel.

Best,
Florian

One question to Jolt:

When you replace the kernel with your own 2.6, do you need to use MadWifi to get atheros/wireless to work?

Hi,

yes. You'll loose the 108Mbps mode. Beside of that everything works fine.

Best,
  Florian

About how to "hack" a saved configuration:

The file is a 128K minix-image with 108 byte appended where the last 8 is a CRC32 checksum of all before it. The other 100 bytes are version and date info plus padded hashes.
Content of the minix-image is a LRP-package config.lrp (tar -zxf) which has some of the /etc files.

I modified /etc/samba/smb.conf to have / as path for [share].
When "guest account = root" and "path = /" you could do what you want...

You have to put in a new CRC32 in your modified config-file!

BTW Is this kind of info and similar about the 634U published anywhere else?

Hi,

Well, for most "newbies" this kind of hack might be hard, that's why  i recommend the webhack.

The info about the device can be found here:
http://wifi.rulez.org/wgt634u/

Updating it whenever i get new info or succeed with new stuff.

The "webhack" that i have posted there works with the firmware 1.4.1.5 available from netgear, and after it has been applied the root user will keep on having that homefolder after a firmware upgrade (tried myself with an upgrade to 1.4.1.8.

Hi everyone!

I opened a case with Netgear support about problems to connect a Freecom USB 2.0 drive (250GB) and got the answer to "downgrade" tp 1.4.0.6.
When I got that answer I checked the "GPL-source" and found that CONFIG_USB_STORAGE_FREECOM parameter in kernel .config wasn't set in that source either. I opened the case again and told them that! They responded again and said that they had tested it with that firmware. Then I downgraded and it worked for me to!!

Leson learned:
The GPL-sources they publish is not what they compile against!!

Proof 1: CONFIG_USB_STORAGE_FREECOM not set in 1.4.0.6-source.

Proof 2: Thereis a telnetd running in 1.4.1.8 and not in the source.

Something else intresting:
I have a quite fresh MadWifi CVS chekout running on my Linux workstation. It says:

I read exactly the same from /var/log/messages on my 634U with 1.4.0.6 firmware.

What I understand, they are running MadWifi drivers on it!
MadWifi is both BSD and GPL licensed, then I think they have to "give back" their SuperG pathces to that project

Or what do you think ?

/Claes

NetGear is know not to follow the GPL license, not only for the madwifi driver, but also not distributing a working sourcetree for the latest firmware (kernel cannot be compiled) and some other things.

The only "bad" thing is that only the owner of the copyright for the software can sue them and no alot of people want to take the risk of loosing in court...

Take a look here for some more information:
http://gnumonks.org/~laforge/weblog/lin … iolations/

OK, they are bad boys!

Any tactics to learn the old dog sit?
(some slashdot story or someting)

One thing I don't realy understand, how do they got the closed HAL source from MADWIFI in an other way then from Sam Leffler?

Hi,

1. You can compile the kernel. It needs some minor modifications though...

2. What makes you think that they are forced to release their MadWifi modifications?

3. They might have access to a Atheros supplied HAL which is able to do the 108 Mbps mode.

4. Before trying anything else just ask Netgear to correct the problem. I found them very responsive about GPL violations.

Best,
  Florian

Hi,

I was thinking about to try to build my own kernel and add support for ssh and webcam. Probably by a second 634 and let connect to my first one as client on the WLAN.

Any chance to get some more detailed instructions on how Florian managed to build his own firmware (2.6 kernel and rebuilt MadWifi)?

If I'm going to set up the toolchain on my Gentoo/Linux notebook, where should I pick up the hndtools-mipsel-linux and which version is prefered?

Btw IDC, are you also from Sweden (I saw some comments in your scrips)?

Is there any IRC-channel to find/ask info about hack like this?

/Claes

Hi,

sure. I'm using a uclibc toolchain. IIRC 3.3.x. You can download the kernel i'm using here: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/tuxap/kernel/

You still need some of the Broadcom files from the Netgear tree. Just drop me a mail if you have any futher questions.

Best,
  Florian

Hi All,

I've got a schematic for connecting a console to the router, you can view it here:

http://www.nomis52.net/?section=project … ge=console

Hi All,

I'm trying to get a 2.6 kernel built for this router. I've checked out the source from  http://cvs.berlios.de/cgi-bin/viewcvs.cgi/tuxap/kernel/ and copied the contents of broadcom-src from the netgear distribution to arch/mips/bcm47xx/broadcom . However when I do a make I get :

 CC      arch/mips/bcm47xx/setup.o
arch/mips/bcm47xx/setup.c:17:21: ssbcore.h: No such file or directory
make[1]: *** [arch/mips/bcm47xx/setup.o] Error 1
make: *** [arch/mips/bcm47xx] Error 2

I can't seem to find the file ssbcore.h anywhere. Anyone got any ideas ?

Cheers,

Simon N

Hi,

you dont need it. Just remove it and all code references. Its my early start to get rid of all the Broadcom sources.

Best,
  Florian

Thanks Florian,

That got me a bit further.  The next error complained about missing a Makefile in arch/mips/bcm47xx/broadcom so I just created an empty one there and it started working.

During the build process I got a lot of the following warnings:

{standard input}: Assembler messages:
{standard input}:1452: Warning: bcm4710a0: .set noat in effect, cannot swap lbu with bnez

Is this going to be a problem ?

The build does not complete sucessfully, it exits with :

  LD      init/built-in.o
  LD      .tmp_vmlinux1
arch/mips/bcm47xx/built-in.o: In function `arch_init_irq':
arch/mips/bcm47xx/built-in.o(.init.text+0x0): multiple definition of `arch_init_irq'
arch/mips/sgi-ip22/built-in.o(.init.text+0x268): first defined here
arch/mips/bcm47xx/built-in.o: In function `prom_free_prom_memory':
arch/mips/bcm47xx/built-in.o(.init.text+0xc8): multiple definition of `prom_free_prom_memory'
arch/mips/sgi-ip22/built-in.o(.init.text+0x118): first defined here
mipsel-linux-ld: cannot open arch/mips/bcm47xx/broadcom/built-in.o: No such file or directory
make: *** [.tmp_vmlinux1] Error 1

BTW thanks for all the work you've done on this Florian.

Cheers,

Simon N

The empty Makefile will lead to problems. Solution below.

Which compiler are you using? In generall i dont think this is a problem.

You have enabled a second MIPS board in the kernel config. Go to the place where you enabled support for the BCM47xx board. On the same page should be another star in front of SGI IP22 support (name might differ). Disable this entry.

This is because of the empty Makefile. Add the following line to the Makefile in arch/mips/bcm47xx/broadcom:

obj-y := sbutils.o sbpci.o (and all the other files in the broadcom dir)

If a file doesn't compile just remove it from the obj-y line. You won't need it then.

You're pretty close 

Best,
   Florian