untitled

Cross-compiling adventures with the WRT54G

I recently purchased a Linksys Wireless-G router, model WRT54G from Amazon. The reasons behind my purchase were three: (1) my home wireless access point was old and didn't work well, (2) I wanted to remove my need for an entire machine running as my firewall (even if it was a floppy-based 486), and (3) I had seen that this router ran Linux and there were ways to add your own software to it.

Little did I know what I was about to get myself into.

Installing a usable shell

There are third-party firmwares for the product, such as Sveasoft. I decided I didn't want to void my warranty quite yet, so I have stuck to adding additional software into the router's /tmp directory. Advantage: (I think) no way to really screw up the router. Disadvantage: a power-cycle wipes out all your changes.

As a result, Jim's Batbox Linux is a logical starting point for anyone. His software works and the documentation is fine. Make sure that you configure the LAN and WAN ports through the Linksys web interface before trying to install, that was the only hangup I ran into.

SSH and SFTP

My next task was to get SSH running, so that I could tunnel into my home network. Also, getting SFTP working would allow me a decent way to get files on and off the router. So, I found this site which had mipsel-compiled binaries of sshd, tinylogin, and sftp-server to install on the box. After a little messing around, I had it up, working, and integrated into the batbox script I use to get the router working the way I want. However, I ran into two problems: (1) with the size of these binaries, I was left with little room in the /tmp directory for other stuff, and (2) SSH tunneling wasn't working. I decided to get to work compiling my own SSH daemon.

To Install:

Update 30 April 2004, 1:40PM EDT: passwd file was corrupted with a DOS linefeed and caused you to not be able to log in as root after changing password. Download updated version in the tarball.

Download the mipsel versions of staticdropbearmulti, tinylogin, and sftp-server. Download this sample passwd file (note: this passwd has root's password as * which indicates no password will match. You'll change it later)
Use batbox routines to get the files on your router. (I recommend tar'ing them into distro.tar) Locations: /tmp/usr/sbin/staticdropbearmulti, /tmp/usr/sbin/tinylogin, /tmp/usr/libexec/sftp-server, /tmp/etc/passwd.
Create symlinks to dropbear and dropbearkey.
ln -s /tmp/usr/sbin/staticdropbearmulti /tmp/usr/sbin/dropbear
ln -s /tmp/usr/sbin/staticdropbearmulti /tmp/usr/sbin/dropbearkey
Create directory to store dropbear keys.
mkdir /tmp/etc/dropbear
Run dropbearkey to create RSA and DSA keys.
./dropbearkey -t dss -f /tmp/etc/dropbear/dropbear_dss_host_key
./dropbearkey -t rsa -f /tmp/etc/dropbear/dropbear_rsa_host_key
Create symlinks to adduser and passwd.
ln -s /tmp/usr/sbin/tinylogin /tmp/usr/sbin/passwd
ln -s /tmp/usr/sbin/tinylogin /tmp/usr/sbin/adduser
Run passwd to change root's passwd to something secure.
Add usernames with the command adduser -h /tmp -s /bin/sh username, but note that EVERYTHING AND EVERYONE ALWAYS RUNS AS ROOT ON THIS BOX.
Launch an SFTP client (such as Putty PSFTP) and retrieve the modified /tmp/etc/passwd, /tmp/etc/dropbear/dropbear_dss_host_key, and /tmp/etc/dropbear/dropbear_rsa_host_key files.
Modify your batbox upload script to upload the changed passwd and key files every time. Also, you won't need tinylogin except to change passwords--you can remove that from your script if desired.

How I compiled

Dropbear was a logical choice, because (A) I knew it supported tunneling and (B) it was designed to be small. So, I got a Debian system up and running (Sarge distribution), downloaded the Linksys GPL build environment, and got to work cross-compiling. I had to make a couple changes in a similar fashion to the changes made on the above SSH compilation

Dropbear needed to be configured to use the /dev/ptmx device

a simple change to config.h took care of this

Dropbear used setuid/setgid to change to the user you log in as

The WRT54G doesn't have multiple users. So, I #ifdef'd it out and added a definition (SINGLE_USER_SYSTEM) to config.h

Dropbear needed an /etc/passwd file and a way to check passwords against it.

Downloaded and cross-compiled TinyLogin to give a passwd and adduser function
Added password-checking routines from TinyLogin to Dropbear (changed Makefile accordingly)

Recompiled sftp-server from OpenSSH to use uclibc

made it a lot smaller

Leaner and Meaner: Sizes of the mysteryvortex compilations were 2.44MB for sshd, 1.90MB for ssh keygen, 648KB for tinylogin, and 718KB for sftp-server -- total 5.69MB; I've knocked it down to 321KB for dropbear, 106KB for tinylogin, and 185KB for sftp-server -- total 613KB.

Caching nameserver

This is a work in progress. My version of the linksys firmware (2.02.2) has a caching nameserver already, but Linksys is set to launch it and ignore the hosts file. I want it to serve names out of my hosts file. I've got a hack working but trying for something more elegant. Progress will be shared here later.

Downloads

Binaries

Download this tarball containing mipsel/uclibc static compiled versions of staticdropbearmulti, tinylogin, and sftp-server. It also contains the stub passwd file. (Updated 30 April 2004, 1:40PM EDT)

Setting up code environment

Steps to get the cross-compiling environment set up. (Note: I used Debian-Sarge; YMMV)

Download the Linksys GPL code for your WRT54G firmware version.
Copy the WRT54G/tools/brcm directory to /opt (as linksys recommends)
add /opt/brcm/hndtools-mipsel-linux/bin to your path
add /opt/brcm/hndtools-mipsel-uclibc/bin to your path
Switch to the /opt/brcm/hndtools-mipsel-uclibc/bin directory and run this command: for i in 'ls'; do ln -s $i ${i/uclibc/uclinux}; done
This will give you links to the mipsel-uclibc-* files named mipsel-uclinux-*.

Dropbear

Here is the diff from Dropbear-0.41 to my code. First, set up the environment as directed above. Then, download and extract dropbear-0.41. Then, inside that directory run the command:
./configure --host mipsel-uclinux --disable-zlib --disable-openpty --disable-shadow --disable-loginfunc --disable-lastlog --disable-pututline --disable-pututxline --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx
This will create a config.h and Makefile which the diff will act upon. Now, download the diff and patch your code. You should be set to compile. I compiled with make dropbearmultistatic

Other Code

Other source code diffs will be available as soon as I can get around to creating them. Contact me if you are desperate.

Questions? Comments? Problems? Email me.

Report Content · · Web Hosting · Blog · Guestbooks · Message Forums · Mailing Lists
Easiest Website Builder ever! · Build your own toolbar · Free Talking Character · Email Marketing
powered by a free webtools company

bravenet.com