Comments For Entry #377

The Origo Wireless Router Hack(Comments RSS)

I put this entry off a few days (I wanted to fully check this did not damage my AP in any way first) but I recently bought an eBuyer 22mbps WiFi access point (Brand : Origo) and read from one of the comments that it could be hacked to use the D-Link firmware, sporting enhanced security (there is a vulnerability with the Eusso ROM it came with in which a broadcast UDP packet gives out its WEP keys and admin password in plain text).

What access points are hackable?
This will/should work on any APs based on the GL2422AP chipset, for a full list of brands that are confirmed as using the same ROM and chipset see here. They even have a link to the German copy of the hack here.

Why would you hack a perfectly good router?
Reading the eBuyer user comments told me that the D-Link 900+ AP has a built in repeater mode and other fantastic features which unusually are much better than LinkSys' firmware.

Why else might you upgrade? Well, the D-Link ROM provides extra features like
  • Full 22mbit support between other DWL's or reflashed wap11's!
  • Repeater mode
  • DCHP server (with DNS support)
  • Scan mode for finding other AP's when AP is used in client mode
  • Auto fill in MAC addresses to filter from log files (more logging possibilities)
  • More filtering possibilities
  • More security (setup program asks for a password and SSID broadcast can be switched off)
  • A lot more support, help and information available


Quick quick tell me how!
Well you cannot just give it the latest D-Link ROM because it checks the manufacturer number and checksum. So, you will need a specially hacked ROM from any of the links below, or by contacting me). Once your AP is running D-Link code, it will obey whatever new firmware you send to it.

Here are the confirmed steps to turn your Eusso ROM based GL2422AP -> D-Link 900+ AP:

  1. Download the necessary files from either of the sites listed below (I got mine from the German site but if you would like my "Special ZIP" full of the various utilities and JUST the Eusso ROM leave a comment asking for it Smile)
  2. Open up the web configuration for your AP (the Origo's default IP is 192.168.1.1 Username : admin, Password : admin) and go to "update firmware" and select: YOUROEM-to-DWL900ap+_nml.bin (in this case the EUSSO rom, Eusso-to-DWL900ap+_nml.bin)
  3. Upload the patched ROM file (the default Eusso ROM checks to see if it's the same manufacturer, hence needing a patched file)
  4. Reboot your AP by Switching it off and unplugging the power cord and re-inserting it.. Restart the AP with a hardware reset (the reset button on the back.)
  5. Open up the "D-Link Access point Utility", It should now detect a DWL 900ap+ with unknown Firmware. (press "refresh" a couple of times if necessary)
  6. Select the firmware update that it asks to update. Wait until the green blinking light stops and press "refresh" so your AP will be detected again
  7. For some reason you are supposed to use TFTP to upload rom.img to your AP at this stage. rom.img is the ROM Global Sun Tech puts in every D-Link before it ships. The ROM included in the ZIP should be the most recent one. Upload rom.img to the address you gave to your AP (the default D-link Address is 192.168.0.50). Put the TFTP client In binary mode.
  8. Set up your AP just as you would normally (Default IP : 192.168.0.50, Username : admin Password : (Blank) Smile). Personally I went on to go and download the latest D-Link firmware and install that (your AP thinks it is a D-link and there is no way D-link can tell it otherwise. There's nothing new you need to do now in order to update it)


Troubleshooting
If your Router flips out, do NOT panic, your router should have a built in hardwired BACKUP ROM, this will allow you to immediately specify the (Eusso I think) ROM and it will restore it, to place your AP into recovery mode stab it in the back twice really quickly (or hold the reset button while powering it up).. Then visit the routers default IP address in your browser..This is as far as I know a way to go back to your old ROM if you need to (aka Unhack)

Update : A week later after having a loving, well cherished and well behaved Access Point, eBuyer have placed this note up on the products' homepage...

 eBuyer 22Mbps WI-FI 802.11b+ Wireless Access Point
(QuickFind: 48430) -
Sorry, this product is currently unavailable / discontinued.


Fear not my friends, there are more shops in the world other than eBuyer and if you visit the German link at the top, you might be able to get hold of a different make based on the same chipset (hence still having almost identical hardware and being open to hacking).



Original Reference : http://www.seattlewireless.net/index.cgi/Wap11Ver22Hack (An incredibly messy page, which is why I've written my entry)

Keywords : WAP11 hack, Origo, Eusso, Trendnet, Access Point, DLink, D-Link

Add New Comment

Name

E-mail

Homepage

Remember Me           E-mail me replies

Content (HTML not allowed)