OpenWRT and Perl

OpenWRT and
Perl
(Because, why not smoke
CPAN on your home’s router?)
Dean Hamstead
dean@bytefoundry.com.au

This ‘LCARS’ like slide theme was just a
choice on Google docs.
It’s not a statement on Star Trek vs Star
Wars.
If pressed, my thoughts on Star Trek vs Star
Wars are as follows...
Dislcaimer

An introduction to OpenWRT
Installing Perl
Smoking CPAN
You all go home and brick your routers
Overview

Linux distro
Aimed at IP routers and Access Points
Originated from Linksys’s infamous
WRT54G
Started 2004
Kernel is kept parallel to mainline
Lot’s goes upstream, wifi related especially, but no
sense in mainlining code for quirks in just one
modem model
Release names are alcoholic beverages
OpenWRT in a nutshell

Userland is ash, uClibc and BusyBox with
lots of Lua scripts
opkg package suite
Unified Config. Interface (UCI)
Configures everything in one place - /etc/config
Use vim, and/or CLI and GUI tools
Easy to backup/migrate all your config!
OpenWRT in a nutshell (cont.)

Similar Projects/Products
DD-WRT
Some devices require a license
http://www.dd-wrt.com
Tomato Firmware
Based on HyperWRT
http://advancedtomato.com
LibreCMC
OpenWRT minus binary blobs
http://librecmc.org

Quick Start
Buy a compatible router
Find & download the correct image file
Then install it...

Flash the firmware via “upgrade”

Log in for the first time
The router/AP hands out
IP’s via DHCP by default
Watch out for that!
Telnet (yes, telnet) to
192.168.1.1 to log in as
root
Set root’s password with
‘passwd’ and telnet will be
automatically and forever
disabled
Log back in as root via ssh

Now you can do stuff!
See also http://wiki.openwrt.org/toh/start
That’s it!

SoC - System on a Chip. The CPU +
whatever is on the same die
PCB - Printed Circuit Board
TTL - Transistor-Transistor Logic. Serial
done differently is all you need to know
Pin Headers (header) - Pins you can attach
too on the PCB. Sometimes you have to
solder them on.
JTAG - Colloquialism for the TTL headers
on the modems PCB
Important Terms

From: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=431294
Router Structure 101

Like Router, but without the Switch bit
Access Point Structure 101

From: https://wiki.openwrt.org/doc/techref/internal.layout
Router Structure 202

On embedded devices a “bootloader” initializes the
hardware then loads the kernel. Bootloader->Kernel
Contrast to the PC with BIOS->Grub->Kernel
Das U-Boot (GPL) is the most common IMO
It has lots of nice features, especially for recovery
Vendors tend to mess with the bootloader
Arbitrary kernel size limits
Magic values need to be present in the kernel
Require some exotic firmware format
Don’t support ELF
See also http://wiki.openwrt.org/doc/techref/bootloader
The Bootloader

Most modems and routers are the MIPS architecture, as
opposed to x86 or AMD64
“Microprocessor without Interlocked Pipeline Stages”
Good performance/cost/power ratios
RISC, simple instructions, frequently studied in
Universities (I had to write a mips VM)
Manufacturers make various changes for whatever
reason, which results in lots of “sub” architectures
OpenWRT also supports ARM, PowerPC and x86’s
See https://dev.openwrt.org/wiki/platforms
Let’s learn about Architectures

Let’s learn about flash
Routers have flash rather than HDD, which serves the same purpose
When flash directly attached to the SoC, OpenWRT calls it “raw flash”
When there is a chip between the SoC and the flash (like an SSD or
USB), OpenWRT calls this a “Flash Translation Layer”
Older routers usually have NOR flash
Newer routers have NAND flash
NAND can tolerate errors, though Linux still can’t
Linux and hence OpenWRT, utilize raw flash via the “Memory Technology
Device” layer and a special purpose FS
More flash is always good, you can install more stuff!
You will likely want to use one of OpenWRT two main flash formats,
SquashFS or JFFS2
See also http://wiki.openwrt.org/doc/techref/flash.layout
See also http://wiki.openwrt.org/doc/techref/filesystems

SquashFS is a read-only LZMA compressed file system.
In this image type, OpenWRT stores the system in
SquashFS partition, then uses a JFFS2 partition to
overlay changes
JFFS2 is r/w and also LZMA compressed, but
SquashFS is 20-30% smaller.
Includes wear leveling and Journalling. This OpenWRT
image type just has one partition
SquashFS vs JFFS2

+less space
+failsafe recovery
- read only
- uses more space
over time
SquashFS JFFS2
+r/w, journaling and
wear leveling
+compression
saves space
- … but actual
space usage
difficult to estimate
before writing files
- no failsafe
recovery

SquashFS is a good choice for beginners as
you can “factory reset”.
So let’s just plan to download a SquashFS
image once you’ve picked out a router as
your first victim.
Which we will do now...
So… SquashFS or JFFS2?

Firstly:
Throw away all your preconceptions
about “good” and “bad” router brands.
They are all just a SoC + RAM + Flash on a
PCB mounted inside a plastic case.
Who cares how woeful the vendor firmware
is, it won’t be on there for long!
Don’t spend extra $ on the same SoC
Picking a Router / AP device

A compatible Router or AP
Linksys WRT54G is too old
now. Avoid it.
Netgear & TP-Link are
readily available in
Australia.
Check compatibility
BEFORE you buy!
There’s no consistency
with compatibility at all.
Even between model
revisions! Netgear WNR3500Lv1 is a good choice. Alas
you’ll need to order online or via eBay.

If listed as supported on OpenWRT wiki, it’s
supported
If listed as absolutely no chance (i.e. due to
SoC or low flash), it’s not supported
Anything in between it may be supported
via nightlies
Search their forums, their change log and
commit history
Don’t be offput by nightlies
Check BEFORE you buy
A compatible Router or AP (cont.)

OpenWRT ships nightly builds and “stable” releases
Nightlies will support the latest and greatest
Major stable releases seem to be roughly annual, with
minor updates in between
Stable release version numbers are the year and month
of issue. (An additional third number indicates a
service or interim release from that branch)
LUCI web interface isn’t included in nightlies (not a
huge loss)
I’ve had as much success with nightly builds as with
stable, so no need to be sheepish
Naturally, YMMV
Nightlies, what?

Netgear WNR3500L v1
Ubiquiti UniFi AP’s
TP-Link TL-WR703N,
TL-WDR3500/3600
See also:
wiki.openwrt.org/toh/buyerguide
Suggested Devices

Yes, OpenWRT runs on
Raspberry Pi!
A, B, B+, B2 all supported
WiFi + 2nd NIC via USB
(Miserable performance
IMO)
See also
http://wiki.openwrt.org/toh/raspberry_pi
What about Raspberry Pi?

Older modems might not be able to sustain
‘modern’ (NBN, Cable, FTTN) speeds LAN to
WAN, irrespective of the port connection
speed
The original Linksys WRT54G could only
manage 30mbps LAN2WAN
I also recommend making any serious use of
the built in switch, they usually suck.
Note!

99.9% OpenWRT has no
ADSL support
Traverse Technologies
has a Geode (x86!) based
dual ADSL modem with
fully FOSS ADSL. A little
pricy but only just outside
impulse buy IMO.
www.traverse.com.au
ADSL?

Netgear released a GPL
driver in their code drop for
their VEVG2500 device. It
uses the Lantiq VR9 SoC
and was only released in
France?
Good news! the TP-W8970
& TP-W8980 use the same
SoC
Supports both VDSL and
ADSL2+ !
ADSL? (cont.)

You’re mostly out of luck, cable modems tend to run
eCos and have fun getting source
Get a cable modem with bridge mode, connect to it an IP
router with OpenWRT
Optus (and Telstra?) currently only ship NATing modems,
so you’ll have to head to eBay.
Far be it for me to EVER recommend Cisco Products. But
for Optus I do recommend the Cisco DPQ3212 if you can
find it. It’s DOCSIS 3.0 for 100mbps+.
Cable? (DOCSIS)

Buy a set of Torx
Screwdrivers from
Jaycar or online
Alas you can’t really
just buy 1
You’ll need these to
open up your modem
when...
Torx Screwdrivers

...you inevitable brick your modem.
Not a big deal
Modems usually have a 3.3v TTL
console header inside
Purchase a USB Serial to TTL off
of eBay for a few dollars
Buy the cheapest you can find
Linux supports w/ in kernel driver,
Windows not so much
I recommend moulded with floating
pin sockets as pictured
Also available are pure PCB, or
actual RS232 to TTL
converters
USB Serial to TTL

Use web interface for “upgrade”

The Ubiquiti UniFi AP’s can be upgraded via
scp+ssh, as can many other devices
Some devices require a special intermediate
image which is either signed or somehow
breaks out of vendor lock in
Refer to the OpenWRT Wiki page for your
modem!
… or via CLI

Other modems you will need to attach your
TTL cable and get into the bootloader
Yet other modems will allow you to hold the
reset button and put them into a “brain load”
mode
From either of the above, you can then feed
in an OpenWRT image via tftp. Good times.
...or via serial and/or tftp

Bricking isn’t a big deal (I 99% promise)
If you brick your router due to config, with
SquashFS you can just “factory reset”
back to vanilla OpenWRT
Reminder: back up /etc/config
If you brick during upgrade:
“Failsafe” reload is a common function of U-Boot
devices. Hold down reset, power on, then tftp
upload firmware
Otherwise you will need to use your TTL cable...
Rescuing your bricked router

Sometimes needed to load
Often needed to de-brick
Carelessness can release the magic black smoke inside
the chips. No magic = no modem. be careful
Unlike in movies, the colors of the TTL wires are
basically random
If you have 4 wires, attach to USB and use a volt-meter
to determine which one is +5V
Mark it clearly
Plugging it to your device will almost certainly release
the genie. So don’t plug it to your device.
Connecting your TTL Cable

If you’re lucky the pins are labeled or
documented on online (i.e. OpenWRT
wiki)
Some online reference may tell you the
BAUD rate. Set that in your terminal
software. Else start with 19200 or 38400
I like cu and gtkterm. minicom not so much.
putty has great serial support too
Turn on your modem, and try the different
wires on each pin until you get
something meaningful on your screen
Mark that pin as “out” on the pcb and “rx” on
the wire
Repeat for “in” / “tx” - mash keys and look for
screen changes
The remaining wire & pin is ground. Mark
that too
I suggest you take a photo for good measure
---->
Optionally, make it a permanent fixture by
drilling a small hole in the case and
feeding the cable through, then tying a
small knot in the cable on the inside to
secure it. Maybe use a glue gun too
Connecting your TTL Cable (cont.)

Doing stuff via TTL
When you boot the device, you will see it
POST and boot. If it’s bricked you will see
some of that
For Atheros, BIOS is usually ‘Das U-Boot’
You can set an IP (or DHCP) then pull a tftp
file to boot. Something like:
setenv ipaddr 192.168.0.1
setenv serverip 192.168.0.10
setenv bootargs 'board=WNDR3700'
tftpboot 80800000 openwrt-fixed.out
bootm

Micro Perl Smoker, B.O.M.
TP-Link TL-WR703N (not the 702!!)
A USB thumb drive
A Linux machine
Too much spare time

Just get it from eBay
Generally it will come from Asia with a
transformer unsuited to our Australian wall
sockets… but it’s just micro-USB (like on
most Android phones)
Acquire TL703N

Get the “Chaos Calmer” stable release
from:
http://downloads.openwrt.org/chaos_calm
er/15.05/ar71xx/generic/
You’ll want the 703n...factory.bin file
Revisions prior to 1.7, just use the GUI to
flash
1.7 is a pain
Flash TL703N

Copy and paste non-english menus to
Google translate. Or guess from the URL.
Flash TL703N (cont.)

For version 1.7, follow the steps on
https://wiki.openwrt.org/toh/tp-link/tl-wr703n
Basically, you will split the openwrt image
into two pieces using ‘dd’. Set up a tftp
server. Then exploit a bug in the web
interface to download and overwrite the
vendor firmware… using curl.
It’s actually not too bad!
Flash TL703N (cont.)

Plug your Linux PC via Ethernet to the
TL703N
Get an IP via DHCP
Telnet to 192.168.1.1
Use ‘passwd’ to set a password (telnet is
now disabled and ssh enabled)
Logout, then ssh root@192.168.1.1
Optionally, configure WiFi as a client
See also https://wiki.openwrt.org/doc/howto/firstlogin
Follow first install steps

Insert drive to your linux PC
fdisk /dev/sdX
set to type 83
mkfs.ext4 /dev/sdX1
remove thumbdrive
Format your thumb drive

The TL703N doesn’t have enough space,
so we pack a custom image without PPP
and plus usb+ext4
Pack not compile - OpenWRT provides nice
tools for this purpose
Image Generate (was Image Builder)
Learn more
https://wiki.openwrt.org/doc/howto/obtain.firmware.generate
Pack a custom OpenWRT image

cd ~; mkdir openwrt; cd openwrt
wget https://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/OpenWrt-
ImageBuilder-15.05-ar71xx-generic.Linux-x86_64.tar.bz2
tar -xvjf OpenWrt-ImageBuilder-15.05-ar71xx-generic.Linux-x86_64.tar.bz2
make image PROFILE=TLWR703 PACKAGES="blkid block-mount kmod-fs-ext4 kmod-usb2 kmod-
usb-uhci kmod-usb-ohci kmod-usb-storage -ppp -kmod-ppp -ppp-mod-pppoe -kmod-pppoe -
kmod-pppox"
cd bin/71xx
scp *sysupgrade.bin root@192.168.1.1:/tmp/
ssh root@192.168.1.1
cd /tmp
sysupgrade *bin
… thats it!
Packing Steps

There still isn’t enough space.
So we set the root to the external drive
(ExtRoot). First plug in the USB drive, then:
ssh root@192.168.1.1
mount /dev/sda1 /mnt ; tar -C /overlay -cvf - . | tar -C /mnt -xf - ;
umount /mnt
echo -e "config 'global'ntoption anon_swap '0'ntoption anon_mount
'1'ntoption auto_swap '1'ntoption auto_mount '1'ntoption
delay_root '5'ntoption check_fs '0'nnconfig 'mount'ntoption
target '/'ntoption enabled '1'ntoption device '/dev/sda1'n" >
/etc/config/fstab
# read more at https://wiki.openwrt.org/doc/uci/fstab
reboot
# if something seems fishy, it’s safe to start up the TL703N without
the usb, and it will fallback to the onboard flash
Make system ExtRoot

root@MiniOpenWrt:~# df -h
Filesystem Size Used Available Use% Mounted on
rootfs 3.6G 7.7M 3.4G 0% /
/dev/root 2.3M 2.3M 0 100% /rom
tmpfs 14.0M 68.0K 14.0M 0% /tmp
/dev/sda1 3.6G 7.7M 3.4G 0% /overlay
overlayfs:/overlay 3.6G 7.7M 3.4G 0% /
tmpfs 512.0K 0 512.0K 0% /dev
/dev/mtdblock3 640.0K 244.0K 396.0K 38% /mnt/mtdblock3
Hooray we have more space!

Trivia:
OpenWRT breaks core perl up into very
small pieces… infact, ridiculously so.
However, this means you can be very
frugal with the tiny space you have
available.

# Note the double >>
echo -e "src/gz chaos_calmer_base
http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/basensrc/g
z chaos_calmer_packages
http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packagesns
rc/gz chaos_calmer_routing
http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/routingnsr
c/gz chaos_calmer_management
http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/management
n" >> /etc/opkg.conf
opkg update
opkg install perl perlbase-cpan perlbase-unicore perlbase-dynaloader perlbase-term
perlbase-perlio perlbase-if perlbase-universal perlbase-getopt
# optionally...
opkg install screen wget
# things are looking good!
Install a Perl

perl -MCPAN -e shell
> install CPAN::Reporter
##### OH GNOES KILLED!!!!! #####
dmesg | tail -5
# [160707.320000] Out of memory: Kill process 3501 (perl) score 529 or sacrifice
child
# [160707.330000] Killed process 3501 (perl) total-vm:19836kB, anon-rss:15568kB,
file-rss:80kB
Not surprising really...
> egrep 'Swap|^Mem' /proc/meminfo
MemTotal: 28740 kB
MemFree: 13472 kB
MemAvailable: 15580 kB
SwapCached: 0 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Install a CPAN Smoker...

# its like windows all over again
dd if=/dev/zero of=/swapfile bs=1M count=1024
# because hax00rs
chmod 600 /swapfile
mkswap /swapfile
# that url again https://wiki.openwrt.org/doc/uci/fstab
echo -e “nconfig ‘swap’noption device ‘/swapfile’n”
swapon /swapfile
# win! - note: swap on a USB thumb drive will thrash it
> grep Swap /proc/meminfo
SwapCached: 0 kB
SwapTotal: 524284 kB
SwapFree: 524284 kB
Quick, add a swap file

perl -MCPAN -e shell
> install CPAN::Reporter
# wait a long long time
##### OH GNOES KILLED!!!!! #####
dmesg | tail -5
# [160707.320000] Out of memory: Kill process 3501 (perl) score 529 or sacrifice
child
# [160707.330000] Killed process 3501 (perl) total-vm:19836kB, anon-rss:15568kB,
file-rss:80kB
And now the dramatic, unexpected
twist!
Try CPAN again

I haven’t solved why OOM keeps killing it!
I suspect:
/tmp (tmpfs) is chewing up “RAM”
Whilst perl is also chewing up “RAM”
I will need a bigger USB stick or several USB
sticks on a USB hub to experiment further.

http://www.linux-
magazine.com/Online/Features/The-One-
Watt-Server
http://www.openwrt.org
Others?
Useful links

OpenWRT and Perl

More Related Content

What's hot (20)

Similar to OpenWRT and Perl (20)

Recently uploaded (20)

OpenWRT and Perl