After moving into a new property a few months ago, the drawbacks of using the ISP supplied firmware included on my router rapidly started to become apparent.
As a rule, ISP supplied firmwares tend to have poor support for custom DNS servers (no PiHole for you), lack an SSH server (ruling out remote administration) and do not allow the installation of software supplied by a third party, among other drawbacks.
This is not a conspiracy against end users - removing features that are infrequently used makes sense from a business perspective when you consider the extra man-hours required to develop, test and support them. Additionally, the attack surface of a device can be reduced by limiting the number of features capable of causing security issues if improperly configured.
Regardless, it’s still frustrating using a router that offers few of the features needed to have control over your home network.
Fortunately, the OpenWrt project offers an alternative firmware that is available for many embedded devices. I’ve been using it both professionally and at home for a number of years now, mostly for creating additional WLAN access points or repeaters connected to existing networks. OpenWrt has the advantages of a decent web interface (LUCI), shell access using the Dropbear SSH server and the option of installing extra software using the opkg
package manager.
However, there are some significant drawbacks depending on the device that you use. Support for some devices lags behind others and is dependent on both the level of interest that the community takes in that device and the availability of open source drivers for the hardware within the router. This means that 2.4Ghz WiFi, 5Ghz WiFi, the modem or some combination thereof may not be functional.
This leaves us with the choice of buying either a new or used router with good support for OpenWrt. I prefer to reuse old hardware whenever it is practical and was lucky enough to have a BT Homehub 5A lying about unused. This router is a popular target for OpenWrt and has excellent hardware support but the installation process is quite convoluted, requiring you to solder wires to test points exposing a serial port and the boot mode selector.
You then need to load a modified version of U-Boot over the serial connection that allows booting via TFTP. This, in turn, is used to load a minimal OpenWrt image that allows you to back up the existing firmware and patch U-Boot to enable console access and modify the boot variables. Once this is done, you can install a full release of OpenWrt from a USB drive.
Prerequisites
To install OpenWrt on this device, you will need to download the following files:
- U-Boot with TFTP
- Minimal install image
- Full OpenWrt image
- FAT32 formatted USB stick
- USB-Serial converter
- Ethernet cable
- Soldering iron (preferably with a fine tip) + solder
- Fine wire
There are a number of USB to Serial converters available, usually based on the CH340/341, CP102 or FT232RL chips. Any converter that supports 115200 bauds at 5 volts will do; in this article I am using one based on the CP102. A USB extension cable is not necessary but allows you some additional flexibility when working on the router.
You will also need a serial terminal emulator and TFTP server. You could use screen
, minicom
, picocom
or a variety of others as your serial terminal; my personal preference is for picocom
. For the TFTP server, I used aftpd
.
Opening the case
This is perhaps the most difficult part of the installation. You will need to use a plastic card or spudger to work open the clips inside the case to release the front section and expose the PCB within. James Finnie has created a video detailing this process which I have included below.
Soldering to test points
You will now need to solder wires to the PCB of the router at the following locations:
Location | Purpose |
---|---|
Right of R77 | Serial RX |
Right of R78 | Serial TX |
Above R45 | Boot Select |
Left USB | GND |
I used Dupont wires terminated with female connectors for this. The Dupont connectors made it easier to attach the wires to my serial converter but if I was to do this again, I’d probably use finer single core wire considering the size of the pads. Once the wires were attached, I taped them down to the PCB and case to provide some strain relief.
Booting into UART mode and loading U-Boot
You will need to connect the RX and TX wires to the matching pins on your serial converter and bridge the Boot Select wire to the ground wire with a jumper wire or paper clip. When ready, open a picocom
session on your serial converter - on Linux, the serial converter is usually located within the /dev/
directory with a name beginning with ttyUSB*
or ttyACM*
:
Turn on the router and wait until you see the output below:
When you see the output above, quickly remove the bridge wire between Boot Select and ground, then attach the ground wire to your serial converter.
In a separate terminal, use cat
to send the U-Boot image to the device:
This will take a few minutes to load. Once this is completed, you should see output in picocom
similar to that below:
Loading the install image
The router is now ready to load a firmware image over TFTP. You will need to configure our Ethernet interface to temporarily use a static IP address - this build of U-Boot is configured to load an image from 192.168.1.2
.
To do so, disconnect any existing connection on this interface and issue the following command, replacing eth0
with the name of your Ethernet interface if necessary:
Next, prepare the directory that you will serve the firmware image from and move the minimal install image to it:
Finally, start the TFTP server. This needs to run as root as the TFTP protocol uses port 69, a privileged port:
If you are running Ubuntu 18.04/20.04, this command may exit immediately. This is because the package provided with this distribution adds an entry to /etc/inetd.conf
which runs atftpd
with different parameters to those above. This can be verified using netstat
:
To avoid this, stop the inetutils-inetd
service:
To load the minimal image, issue the following command within the picocom
session:
Once the image has loaded, you should see output similar to this:
Backing up original firmware and preparing for install
Once the minimal image has finished booting, you will presented with the guide below:
From here, things are fairly self explanatory.
The first step is to create a backup of the original firmware. This will allow you to restore the original state of the device, including the bootloader and firmware. The backup is unique to each device, as it contains MAC addresses and calibration data for the wireless radios, among other things.
This will take a while to complete (around 25 minutes in this case but others have reported shorter backup times). Once this is complete, you can prepare the router for the installation of OpenWRT:
The final step is to run the sysupgrade
utility to install a full version of OpenWRT.
OpenWRT is now installed! My router rebooted into UART mode on the first reboot, but this was easily fixed by following the guidance in the output of prepare
and power-cycling the router.
Conclusion
Although installing OpenWRT over the serial port probably felt quite intimidating, there are a number of benefits gained by doing so:
- A router with performance and functionality that is usually found only in much more expensive routers
- Skills that can be useful when debricking or reverse engineering other embedded devices
- By re-using an old router, you’ve made a small contribution to reducing the amount of e-waste in the world
I will not be covering the setup of this device in this article (it’s destined for a mundane life hooked up to an ADSL line), but some useful resources can be found here: