Hack the Router

A Router Reclaimation Journey

I enjoy repurposing devices where I can, and one of the devices in my junk pile is a “gaming” router with plenty of marketing specs to boast. And I’ve used this as a router in the past, it’s a decent consumer quality router, able to be quickly setup and silently do it’s job in the corner, broadcasting ssids, and handling the occasional pc plugged in through ethernet.

I’m not very satisfied with that though. This device has a braodcomm b4908 soc, and a gig of ram and 8 ports. Nothing crazy by most standards, but it’s extravagent for my favorite flavor of CFW for consumer routers, OpenWRT. Adding openwrt would allow me better granularity, and run plenty of network services such as vpns and dns over https/tls. I really just want a single place to manage my network and related services, as I haven’t outgrown 8 gigabit ports, this would be fantastic for that.

Performance on stock firmware is fine, just built for the lowest common denominator and no longer supported. And to be fair OpenWRT does have build targets for this soc, and I’ve sucessfully flashed it.

But absolutely no wifi…

In the end I put this project on the maybe one day bucket for now. It’s been great to learn more about building linux kernels from source, learning how a large open source project with many build targets like OpenWRT manages each individual change, and embedded linux as a topic.

Feel free to check out and stop reading here. The rest is all about my struggles to get something resembling wifi functionality on a ASUS GT-5300 GAMING router and is mostly a rant at this point. Editing this would mean more time spent on this project so I’m typing my frustrations to the ether (or whatever IEEE standard for a straight to /dev/null network is).

Preamble rant, this would be so much easier if Broadcom cared to share firmware or even a scrap of documentation. I wouldn’t have a router equivalent of a muscle car with bike pedals. I wouldn’t be going down this path if the firewall option on this router was more than a yes or no checkbox, Asus…

Asus actually does have some more prosumer features, like having a built in vpn config option, ability to create guest networks, and even being able to ssh into your own router. Theoretically most things I would want to do would be possible through the terminal on the router. But besides being really good at knowing when to quit (big sarcasm), I’m not managing vlans, bridges and vpn connections through a terminal on a read only filesystem loaded into ram.

No matter how good I get at Ansible, I’m going to move on before I get curious enough to try something.

Stock firmware bad, especially when it might as well be abandoned. OpenWRT good, so much more functionality and security from being updated.

Since we already have a openwrt build for this router, what is missing? I’m sure the chip isn’t fully documented, but I really just want wifi hardware support. The wifi on this router is actually really strong. Still transmitting out on 802.11ac, although a part of “Wave 2” and implements some non standard features (NitroQAM) which actually help it stay fairly modern. It has 3 bands, one 2.4 and two 5ghz with 4x4 mu-mimo, which can acheieve near gigabit wifi speeds in good conditions (read, right next to router). It’s been fantastic as a wifi ap, supporting data heavy streams with very low latency.

Sorry, I’m still ranting, still miffed, and still mourning this hardware.

Wifi hardware support requires soc communication bus to be defined in a device tree, drivers to be correctly loaded, and recognized by openwrt. Easy stuff right?

Here’s where I’m lost

Device trees can be scraped from other projects, (legality respected) and even extracted from a device which you have terminal root access. I have terminal root access through ssh. Yay!

I’ve built and tried a few different dts builds in openwrt, but that hasn’t gotten me anywhere new yet. I don’t know enough about reverse engineering a device soc and debugging patched changes without documentation in a non destructive way. And I’m not sanding and splicing in with logic analyzers and oscilloscopes for this project.

Really this stop is coming from a lack of knowledge. This is my first time putting together a device tree, my first time building OpenWRT with my own patches, really my first time even running into hardware level pcie in a project.

I heavily suspect this router is using a pcie bus for each wifi soc/band. Maybe a serdes possibly, but all crumbs of documentation and device trees point to 3 pcie buses built into this chip. I’ve defined them in a device tree, but no dice as far as where to go from here. There’s also some DMA stuff coming up in dmesg when defining pcie, but again, another topic I am pretty fresh to.

Another thread to pull at is finding io mapped to memory defined in a compiled firmware somewhere in the system. Still not great at sniffing around a system yet though. Especially since I’ll have to compile any software not already built in to the firmware. Python might be a good idea.

If you’ve read this far and have some ideas for me, feel free to email me derek@sysdev.engineer
I’d love to give this router a brand new lease on life and tons more life.

I may pick this up in the future, I want to learn much more about low level hardware, this just might be a difficult place for someone at my current stage.

Also I heart Obsidian for notetaking, notes don’t come easy to me, turned into a really useful tool for this project.