Hacking Linksys WRT54g Wireless Router

Milan Milosevic

Group Members:

AJAYI Temitope Omotosho, BOYINBODE, Olutayo Kehinde, SALEHIN, Asif Gazi, Lajpat Dhingra, Maheshwari Hitesh Kumar, Timothy Chadza, Purna Bahadur Roka,

Anna Zakrzewska, OLAJUYIGBE, Ebenezer Oluwaseun, Giorgi Gvianishvili

ICTP. Trieste, Italy – February 13, 2008

Tasks:

● 1. To configure a Linksys router as an Access Point using basic configurations.

● 2. To discover the settings of a Linksys router configured with unknown settings

● 3. To upgrade the firmware of a LinkSys router and consequently configure it as a client

Easy !

Ideas:

● Try it regular way?

● Brute force?

● Use Google !

http://www.linksysinfo.org/forums/showthread.php?t=47259

Warning !

● this WILL void your warranty

● you could make your WRT54G even deader than it already is

We can start:

● locate the flash chip● at each corner of the chip is a large white

number● little white line every 5 pins that should help you

count● Do not plug the power in just yet ● Plug a patch cable into one of the 4 LAN ports

Configure your network

● IP: 192.168.1.2● NETMASK: 255.255.255.0● don't need a gateway address● ping 192.168.1.1

● Locate pin 15● Stick the point between pins 15 and 16● Plug in the power and watch your ping screen● Pings starting to succeed

Do it !

theory !

Try it again... and again... and again...

Different solution?

● Unplug power● Ground pin 16● Plug it again

Try it again... and again... and again...

Dinner time :)

Forget everything ! ! !

and

Get back to the 1st idea ! ! !

#dhclient eth0

– Do not plug the power in just yet – Plug a patch cable into one of the 4 LAN ports– Configure the network:– Use DHCP

The Solution:

[root@localhost media]# dhcpclient eth0

[root@localhost media]# ifconfig eth0eth0 Link encap:Ethernet HWaddr 00:0C:6E:13:01:06 inet addr:192.168.1.188 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:6eff:fe13:106/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:584152 errors:0 dropped:0 overruns:0 frame:0 TX packets:508898 errors:0 dropped:2 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:745903995 (711.3 MiB) TX bytes:44541763 (42.4 MiB) Interrupt:19 Base address:0x8800

# /sbin/ifconfig eth0# /sbin/dhcpclient eth0

or

# ln -s /sbin/ifconfig ifconfig

So easy !

● The default gateway is the IP address of the router

● it was 192.168.1.20

● We logged in the router and changed the necessary configuration

Tasks:

● 1. To configure a Linksys router as an Access Point using basic configurations.

● 2. To discover the settings of a Linksys router configured with unknown settings

● 3. To upgrade the firmware of a LinkSys router and consequently configure it as a client

Easy !

At the end EASY

Next Task

To upgrade the firmware of a LinkSys router and consequently configure it as a client

● DD-WRT is a typical free Linux- based firmware originally designed to work on Linksys WRT54G

● Download of the DD – WRT firmware:

http://www.dd-wrt.com/dd-wrtv2/downloads/stable/dd-wrt.v23

● There are several files – use dd-wrt.v23_sp2_vpn

● Unzip

● You will discover 9 files; which one is required?

● Only need the bin file dd-wrt.v23_vpn_generic

● Use web interface

● Find option for upgrading

● Browse the folder you downloaded and click to the bin file and start the upgrade

● now wait for about 5 or more minutes● but how long?

● Note that any disturbance can blow off your router

● we closed the window

● using the previous IP address 192.168.1.20 we had our router upgraded

● Finally we required user and admin password

● We simply did a hardware reset and obtained the default User: root with password: admin

● Now you are done and can move to the next step.

References

● http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fstable%2Fdd-wrt.v23+SP2/

● http://en.wikipedia.org/wiki/DD-WRT

● http://www.dd-wrt.com/wiki/index.php/Installation