You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
149 lines
10 KiB
149 lines
10 KiB
|
|
\documentclass[11pt]{article}
|
|
%Gummi|065|=)
|
|
\usepackage{graphicx}
|
|
\usepackage{caption}
|
|
\usepackage{xcolor}
|
|
\usepackage[vcentering,dvips]{geometry}
|
|
\geometry{papersize={6in,9in},total={4.5in,6.8in}}
|
|
\title{\textbf{}}
|
|
\author{Steak Electronics}
|
|
\date{}
|
|
\begin{document}
|
|
|
|
\maketitle
|
|
|
|
%\tableofcontents
|
|
\textcolor{green!60!blue!70}{
|
|
\section{Edimax WAP1750}}
|
|
\begin{verbatim}
|
|
From:
|
|
https://openwrt.org/toh/devolo/devolo_wifi_pro_1750e
|
|
\end{verbatim}
|
|
\footnote{Always type out full URL in links. Don't put hyperlinks. This is done, so that when you print out a webpage, the URLs are still readable.}
|
|
The devolo WiFi pro 1750e is a wall mountable access point with:
|
|
|
|
|
|
Dual band 2.4 and 5 GHz WiFi (3 by 3 IEEE 802.11n 450Mbps, 3 by3 IEEE 802.11ac 1299Mpbs)
|
|
|
|
\begin{itemize}
|
|
\item 2x 1Gbit ethernet ports (with Power over Ethernet support)
|
|
\item 1x USB 2.0 port
|
|
\item External serial console port (Currently unsupported but internal 4-pin internal Dupont connector is functional)
|
|
\item 1x GPIO attached piezo beeper
|
|
\end{itemize}
|
|
|
|
The access point is manufactured by OEM Acelink Technologies Co., Ltd. as a EW-7679WAC and was originally sold by Edimax as a WAP1750. The Edimax unit was reviewed by SmallNetBuilder.
|
|
|
|
|
|
|
|
|
|
\subsection{Flashing Openwrt on to the WAP1750}
|
|
|
|
At the moment, this page:
|
|
\\
|
|
https://openwrt.org/toh/devolo/devolo\_wifi\_pro\_1750e
|
|
discusses flashing new firmware via SSH. However, the WAP1750 has a custom console, and while it's running GPLv2 GNU Linux, somehow it managed to lock down the software, so that simply shelling into it, is no longer possible. I'm sure that is a sin. GPLv2 does not mean people can take it and then abuse it for commercial use. It's a community good.
|
|
|
|
None the less, it can be turned into an upgradeable router via the following means:
|
|
\begin{itemize}
|
|
\item Teardown enclosure
|
|
\item Remove flash chip by desoldering with hot air
|
|
\item Read flash with appropriate tool (Flashrom, TL866A).
|
|
\item Patch existing image sysupgrade for Devolo 1700 series.
|
|
\item Write flash with new image
|
|
\item Resolder chip to board
|
|
\item Access board via FTDI / USB-Serial chip
|
|
\end{itemize}
|
|
Simple enough, right? It is simple. But it's not simple. At least 5 years of hobbyist electronics and I'm able to do this, but for the layman... Only with a guide. And let's also talk about the issues that arose during the above steps. It's never as easy as it would be in a normal world. Earth is not normal. Earth is tilted.
|
|
|
|
\subsection{Teardown Enclosure}
|
|
The first time, I went careful with a plastic spudger. This device is actually well designed as far as teardowns go. The second time, I got angry and snapped off the front plate with a screwdriver. In fact, the screwdriver approach (here) was superior. Much faster. Although scratches are left. Scratches only hurt those who favor form over function. Fools.
|
|
|
|
\subsection{Remove Flash chip by desoldering with hot air}
|
|
Once you teardown into the board, you'll examine the ICs. The flash is nowhere to be seen. Is it onboard the CPU? No, it's on the bottom of the board. So it must be lifted out of the enclosure. With hot air desoldering, you must also use lead solder first on the pins. This guide is not a tutorial on hot air soldering. I assume you know this kind of stuff. I won't go into it, unless notable.
|
|
|
|
Not all tweezers can grab these large chips easy. I have one pair that fits them, and about 3 that don't. Can't have enough tweezers, it seems.
|
|
|
|
\subsection{Read flash with appropriate tool}
|
|
I have a new rule. Every EE should have a toolbox of flash reading / writing equipment. It's necessary.
|
|
|
|
My weapon of choice for this project was the Beaglebone black with flashrom. A TL866A could also work. Flashrom is compatible with lots of hardware. An RPI can be used. Doesn't matter, but you must set it up. And when you have the chip, you will need:
|
|
\begin{itemize}
|
|
\item Breakout boards for the IC, as those clips are useless \footnote{I have two of those flash-in-place clips. Pomona used to sell them for \$40 each, then China came in and sells them for less than 12 dollars each now. Some for 5. They can work, but the one I had barely reached to all the pins. It wasn't big enough. Not worth it. Get breakout pcbs unless you do this a lot.}
|
|
\item Soldering Iron
|
|
\item Hot Air station
|
|
\item Lead solder
|
|
\item Tweezers
|
|
\item Experience to not damage pins during the operation
|
|
\item Short wires between breakout and BBB
|
|
\item Proper connecting of wires to BBB
|
|
\end{itemize}
|
|
I got a tote/toolbox of a few pages of documentation on flashing via BBB, and also the pinouts of the P8 and P9 headers of the BBB. Printouts help.
|
|
|
|
A guide on the BBB flashrom setup is here: %insertlibrebootlink
|
|
|
|
BBB SRM manual has the P8 and P9 headers.
|
|
|
|
Since I've used flashrom in the past to flash Libreboot, this was not new territory for me. Experience with this helps. \footnote{Such as, keep wires short, make multiple reads, and compare with md5sum afterwards, don't fry chip.}
|
|
|
|
\subsection{Patch existing image sysupgrade for Devolo 1700 series.}
|
|
This was easy enough (what I tried worked the first time). Based on this link on the forum for tp link devices https://forum.openwrt.org/t/debricking-tl-wr1043nd-v4-hard-way-by-external-flashing-solved/7675/6
|
|
So the command was similar.
|
|
|
|
\begin{verbatim}
|
|
sudo dd if=lede-17.01.4-ar71xx-generic-tl-wr1043nd-v4-squashfs-sysupgrade.bin of=dump.bin bs=1 seek=$((0x20000)) conv=notrunc
|
|
\end{verbatim}
|
|
|
|
Except I knew the proper directory was at 0x70000 on my chip, thanks to the partition map at the devolo page, and also the partitions page here which explains all this:
|
|
https://openwrt.org/docs/techref/flash.layout
|
|
|
|
Another interesting, but not required reading:
|
|
https://openwrt.org/docs/techref/flash
|
|
|
|
Basically, any IT admin who sells / maintains a flash based device, and doesn't have a plan to replace the flash when it fails (which it very likely will at some point) is a hack. It's the number one cause of built in obsolescence. Even Tesla ran into trouble with their cars\footnote{Some early cars had their onboard flash fail. Flash is a problem, and a big one for the long game.}.
|
|
|
|
I had an argument at work with a 'normal' IT company that advocated that 'Hardware firewalls' were more secure than 'software firewalls'. There's of course, no such thing as a hardware firewall. There are no dedicated ICs for firewalls. There are ARM chips tailored for firewalls (or perhaps just networking equipment), but these are just ARM chips, for the most part. One argument from this IT company was that my x86 PC was less secure than a commercial MIPS or ARM product off the shelf, e.g. Juniper, or Cisco. They considered the Juniper to be a 'hardware firewall'. Bollocks. Those are also software firewalls, just as much as the x86 is. There's a whole page on stack exchange on this. It's not even an argument. It appeals to the uneducated. It's nonsense. It's a nonsensical argument. It's like saying a hardware desktop is better than a software desktop. That makes no sense.
|
|
\\
|
|
|
|
Ref: https://serverfault.com/questions/268542/hardware-firewall-vs-software-firewall-ip-tables-rhel
|
|
\\
|
|
|
|
The second argument they had was that Open Source is less secure than commercial products because ``Any hacker can look at the code''. I could rebut this with the identical hyperbole of ``Any hacker can buy your commercial firewall off of ebay and hack it'', but that's childish. Let's not. Here's what matters: No one with a whit of integrity would say Free and Open source software is worse than Proprietary software. You can't. In 2020, it's 20 years too late for that. The success of Google was proof that FOSS works.\footnote{Additionally, Sophos bases its XG firewalls off of GNU Linux. So much for that argument.}
|
|
\\
|
|
|
|
I read somewhere the following, and it seems right:''Humans write good software, and they write bad software. Most of it is not good. Whether it's proprietary or foss has zero relation on the quality of the software. ``
|
|
\\
|
|
|
|
And if anything, FOSS benefits from the 'many eyes' approach, that will ensure that successful software at least has a lot of people reviewing it. Whether it's good or insane complexity is another matter.
|
|
\\
|
|
|
|
Anyways, my point is: IT companies can be insidious profit chasing vermin. I'm sure they aren't all bad, but the common IT company is about as good as the common hamburger (i.e. fast food). They will sell you everything Windows, and in 5-10 years, they will sell you it again, and again. The idea of updating a server without replacing hardware is almost unheard of. All firewalls are sold, and expected to be landfilled in 5-7 years. It's not sustainable business. Humans need to have a minimal footprint on planet Earth, and they need to reuse as much as possible. It's a sin.
|
|
\\
|
|
|
|
I know this planet appears a joke, but that's not going to stop me from doing what should be done. And a spade will be called a spade.
|
|
|
|
\subsection{Write flash with new image and Resolder chip to board}
|
|
After dd'ing the new image bin, you write it back to the flash chip. This is not dramatic, just don't forget to do so. If you have a solid flashrom and pcb setup, it will just work.
|
|
|
|
Resoldering the chip to the board is also trivial, assuming you have hot air and lead solder. Not all the pins have to be connected in a 16 pin EEPROM. This board happens to have two footprints. Underneath the 16 pin IC, is... surprise: a 8 pin footprint (same ic). So you can swap in the smaller package if you want.
|
|
|
|
|
|
\subsection{Access board via FTDI / USB-Serial chip}
|
|
After that, you will again need to have serial access. FTDI is my goto as I've learned over the years that my cheapo PL2302 usb serial adapters are not reliable.\footnote{Another thing that must go right.}
|
|
|
|
Finally, you can use the board.
|
|
|
|
\subsection{Dumb AP}
|
|
I just learned the value of a Dumb AP with this project. What is a dumb ap? It's essentially a Wifi AP with zero configuration. Maybe it can't be logged into, it has no subnet, it doesn't do anything outsde of connect wireless clients to the lan. It's like a wireless switch. It's beautiful.
|
|
\\
|
|
|
|
I know that it isn't 100\% secure, but the idea that Wireless APs could be as future proof as a network switch is wonderful. No more mesh, no more management console, no busywork interfaces... Just configure the SSID / Password, and plug it in to ethernet. That's it. It's such an obvious solution, I am surprised I didn't understand it before.
|
|
\\
|
|
|
|
Dumb AP is the ideal Wireless AP.\footnote{Technically, you probably still want to update them every so often, given that RF and Encryption (e.g. WPA) adds complexity to the AP, but a Dumb AP is the way Wireless Access Points should be done, if possible.}
|
|
|
|
|
|
|
|
\end{document}
|
|
|