WRT54G Firmware Hacks.

"Raphael" hath wroth:

Educational my posterior. Welcome to the dark side.

What you want is DD-WRT version 23 SP1 01/23/06 at running in client mode. Be sure to read the wiki install instructions before you turn your router into a brick.

Client mode:

it's much easier than the minimal docs show. You go to the: Status -> Wireless -> Survey page. It displays all the available access points in the area. If you click "connect" to any of them, the router magically switches from access point mode to client mode and connects. Putting it back to access point mode is a bit non-obvious, but since you're into education, I'll leave it as an exercise.

However, we're not done with what can be done. The WRT54G can be use as a Kismet sniffer that will show access points, those that don't broadcast their SSID, and clients. Far more than what can be seen with just a site survey. See Kismet and Kismet Drone.

Look here in the forums for custom firmware:

use HyperWRT on my WRT54GS.

I don't believe custom firmware is going to do what you want. Perhaps NetStumbler would work for you:

Lance

*****

Raphael thought carefully and wrote on 1/24/2006 6:50 PM:

Jeff Liebermann hath wroth:

Screen shot of what the DD-WRT site survey page looks like.

educational purposes only, of course:

You can also dive into the router with telnet and extract the same info and more from the command line. See the scan option for the "wl" command.

For example, from my palatial office: wl ap 0 (turn off access point mode) wl scan (scan for access points) wl scanresults (display results) wl ap 1 (turn access point mode back on)

SSID: "Mariposa's Art" Mode: Managed RSSI: -89 dBm noise: -99 dBm Channel: 6 BSSID: 00:0D:88:BF:5A:97 Capability: ESS WEP ShortPre ShortSlot Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 6 12 24 36 9 18 48 54 ]

SSID: "CMS" Mode: Managed RSSI: -75 dBm noise: -93 dBm Channel: 11 BSSID: 00:11:50:0C:92:F7 Capability: ESS WEP ShortSlot Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 18 24 36 54 6 9 12 48 ] WPA: multicast cipher: TKIP unicast ciphers(1): TKIP AKM Suites(1): WPA-PSK No WPA Capabilities advertised

Thank you very much for your responses. I'll go try these out. I tried NetStumbler, but thats only if you have a wireless network card, which I do not.

If someone does go wrong, whats the worse that can happen and can I save my router from this?

While the Jan 23 and 25 versions fix the DHCP NAK issue, they break the httpd daemon. (Although it fixed httpd memory leaks) When you try to save on the Administration >Management page, the httpd crashes.

The Jan 25 version was supposed to fix the problem which started on the Jan 23 version, but it seems that it didn't.

25.01.2006: [actually includes fixes for both 23 and 25 - there was never a changelog entry for the 23 ] 0000653 DNSMasq as DHCP server NAKs lease renewal request - v23 sp1 16/01/06 0000386 Memoryleak httpd status page 0000589 PPPoE (standard) Connect on demand is broken 0000641 sp1: 13.&16.jan: All "Additional filters" turned ON by default

Raphael said the following on 1/25/2006 11:53:

The worst that can go wrong with a firmware update is that you make your router absolutely unresponsive. This is called "bricking" your router.

The HyperWRT site has some things you may try to unbrick the router:

Lance

*****

Raphael said the following on 1/25/2006 11:49:

Jeff, whom I never knew was knowledgeable about the darkside, gave a superb answer.

Lance

*****