6. Modding and reverse-engineering

There is a page that tells you how to casemod the Linksys wireless router (they just call it the WAP11 but it appears to be one of the BEFW11S4 variants.

The Linksys has Linux inside. Intrepid hacker Erik Andersen tells us:


#!/bin/sh
# This is what I did to open up the Linksys rom...

wget ftp://ftp.linksys.com/pub/network/WRT54G_1.02.1_US_code.bin

# I noticed a GZIP signature for a file name "piggy" at offset
# 60 bytes from the start, suggesting we have a compressed Linux
# kernel
dd if=WRT54G_1.02.1_US_code.bin bs=60 skip=1 | zcat > kernel

# Noticed there was a cramfs magic signature (bytes 45 3D CD 28
followed shortly by "Compressed ROMFS") at offset 786464
dd if=WRT54G_1.02.1_US_code.bin of=cramfs.image bs=786464 skip=1
file cramfs.image

sudo mount -o loop,ro -t cramfs ./cramfs.image /mnt
ls -la /mnt/bin
file /mnt/bin/busybox
strings /mnt/bin/busybox | grep BusyBox
# Use uClibc's ldd to get useful answers for non-x86 binaries
/usr/i386-linux-uclibc/bin/i386-uclibc-ldd /mnt/bin/busybox

Linksys now supplies source code on its site (I don't know what's in the various archives, though). Several other similar products, including the Buffalo Technology box, seem to use the same firmware.

There's an interesting site on hacking the Wrt54g by Seattle wireless.net.