[ARCHIVE] Modify firmware Cisco RV016 RV042 RV042G RV082

Here you might find archives of tutorials, open source softwares, discussions, etc...
Etre_Libre
Administrateur
Messages : 647
Inscription : 13 novembre 2012, 21:44

[ARCHIVE] Modify firmware Cisco RV016 RV042 RV042G RV082

Message par Etre_Libre » 16 août 2013, 18:19

Pour voir ce tutoriel en Français, cliquer ici (To see that tutorial in French, click here).

Note : this tutorial is archived, there is not help about it anymore.

With that tutorial, I will explain how to download and modify these Cisco routers, which are part of "Small Business" series :

- RV016 V3
- RV042 V3
- RV042G (it's as a RV042 V3 Gigabit Ethernet ports)
- RV082 V3


Any older revision / version of these routers are not supported.

In fact, the firmware is the same for these 4 models, and after depending on hardware detected, there are features enabled or not.

To me, the interest to modify that firmware was :
- Telnet access (not possible with original firmware, because of unknown password)
- SSH access (software added)
- ether-wake support (Wake On Lan)

Others adds or modifications are possible, with your ideas ;)

Download here a modded firmware based on 4.2.3.07 version (it's the latest release on january 2016)
That firmware contains Telnet and SSH enabled by default, and the root password is set to : cisco2016*
If you wish to create your own firmware or see in details all modifications I provide, so read below (at the end I indicated exactly all modifications of the home-made firmware).


Important : the open source firmware provided seems to contain sources of GPL parts.
But, many softwares are home made by Cisco and are provided already compiled (binary).


Firmware used for that tutorial : 4.2.3.07

With Cisco, to obtain firmware source code, we can ask that by downloading PDF of that kind :
"RV0xx-V3_4-2-3-x_OSD.pdf" on their website into downloads section.

Inside, we find we must send an email to external-opensource-requests _at_ cisco.com with the reference number written into the PDF (here it was 78EE117C99-113235201 for the most recent firmware used, 4.2.3.07).

In my case, on each demand (new firmware = new demand) it tooks few days to receive the GPL firmware.

We obtain a temporary link or FTP access, that can work few hours to few days.

The obtained file in my case is : RV0XX-v4.2.3.07-GPL-20151110-2.tar.gz

Otherwise, I provide direct download of the firmware :
--> click here for the 4.2.3.07

To compile the firmware, I suggest Fedora 6 x86, even if from a recent firmware Cisco suggest Fedora 8 x86_64.

Because it's a very old Fedora version, I supposed if firmware was developped again to support a recent Fedora, it might need a lot of development.
And for the proper functioning, 2nd supposition : Cisco probably adapted his firmware with its own needs, so an old Fedora seems to be not a problem.

To download Fedora 6 x86, I provide 2 links :

- Download Fedora 6 x86 from Europe (OVH, France)
- Download Fedora 6 x86 from official Fedora archives

To ease the process, I suggest install Fedora 6 into a virtual machine (VMware Workstation, VirtualBox, Xen, Parallels, etc...).

Fedora 6 for Cisco RV042 V3 :

During installation, choose to "customize now" paquets.

Then, uncheck any graphical interface, it will not be useful.

For example we can keep :

- Applications --> Editors --> vim-enhanced
- Applications --> Texte-based Internet --> elinks
- Development --> Development Libraries
- Development --> Development Tools
- Base System --> Base (few paquets are not useful, as dictionnaries, and few others of your choice)


After, install "gperf" rpm (it's inside Fedora 6 DVD).

If we have a file similar to "RV0XX-v4.2.3.07-GPL-20151110-2.tar.gz", we can extract with :

tar xfz RV0XX-v4.2.3.07-GPL-20151110-2.tar.gz

But if it's a RAR archive, Fedora 6 don't support that, we can extract before (there are few files inside) then send the files into Fedora via SFTP for example.

We obtain a "GPL" folder that contains few compressed files, and a "README" important to read.

Into the "GPL_Make.sh" script there is a little no blocking error on line 1 :

Code : Tout sélectionner

!/bin/sh
It just need a "#" first, to be :

Code : Tout sélectionner

#!/bin/sh
Example of full GPL_Make.sh :

Code : Tout sélectionner

#!/bin/sh

rm -fr /usr/local/cavium
rm -fr /tmp/*

echo "############# toolchain #############"
tar zxf octeon_toolchain-4.1.tar.gz
cd octeon_toolchain-4.1
make linux_release
mkdir -p /usr/local/cavium
cp -rf tools /usr/local/cavium/tools-gcc-4.1
cd ..

echo "############# RV SOURCE #############"
tar zxf RV0XX-v4.2.3.07-GPL.tar.gz
cd CI005-ipv6
cd linux/embedded_rootfs/pkg_addon/iptables-1.3.7
make clean; make clean; make clean; make clean
cd -
./RUN.sh
cd ..

echo "############## u-boot ###############"
tar zxf u-boot-gpl.tar.gz
cd trunk
./nk_config.sh
cd ..
Caution : the 1st part, dedicaded to the toolchain compilation (among others cross-plateform compiler for compile to a machine with Cavium octeon CPU, with MIPS64 architecture) can be long.

Near the end is displayed : "Image build success!"

After that, if at the end, you obtain an error with the command "cp -f bootimage /tftpboot/" it's not important, that step is optionnal and useful only if we plan to send firmware through TFTP, it's not the case.

For next steps, for information I put all files into /root/ :

And so the .bin file obtained with the compilation :
/root/GPL/CI005-ipv6/linux/kernel_2.6/linux/code.bin

That "code.bin" file is the final firmware, so send into Cisco router.

However, for now, firmware stays unmodified, but it was important to test 1st compilation to check if it works.
Also, with a modification, it will be not needed to compile toolchain each time, only firmware will (it's much faster).


Changes start :

Into /root/GPL/GPL_Make.sh I commented several lines to prevent toolchain to be rebuild each time, and that firmware not be unpacked too :

Code : Tout sélectionner

#!/bin/sh

#rm -fr /usr/local/cavium
rm -fr /tmp/*

echo "############# toolchain #############"
#tar zxf octeon_toolchain-4.1.tar.gz
#cd octeon_toolchain-4.1
#make linux_release
#mkdir -p /usr/local/cavium
#cp -rf tools /usr/local/cavium/tools-gcc-4.1
#cd ..

echo "############# RV SOURCE #############"
#tar zxf RV0XX-v4.2.3.07-GPL.tar.gz
cd CI005-ipv6
cd linux/embedded_rootfs/pkg_addon/iptables-1.3.7
make clean; make clean; make clean; make clean
cd -
./RUN.sh
cd ..

echo "############## u-boot ###############"
tar zxf u-boot-gpl.tar.gz
cd trunk
./nk_config.sh
cd ..

Thus with running "GPL_Make.sh" again, only firmware is compiled.


Telnet and root password

I have been confronted to one thing : although telnet server can be enabled temporarily via a specific url (http://ip_of_your_router/sysinfo123.htm?ConsoleSimulation=1), root password is unknown (unlike old Linksys RV0XX).
Note : the url provided is valid only if we are authenticated through web interface.

In this case, we can alter /etc/shadow file of the firmware, into the folder :
/root/GPL/CI005-ipv6/linux/embedded_rootfs/etc-files

Here are "shadow" and "shadow-cisco" files, I don't know why there are 2, that seems don't contain the same hashed password, so we can change these 2 files at once.

By default, I obtain that content :

[root@localhost etc-files]# more shadow
root:$1$9vy.Pgyx$.wDfqHPt/t7/6Q65kKScK0:13782:0:99999:7:::
[root@localhost etc-files]# more shadow-cisco
root:$1$QjtTLjmy$UPj.FGmd6DvpSFfH0YAfH0:13782:0:99999:7:::

To change that password (I set the same into 2 files), I suggest a simple method :
Create a Linux account into Fedora, attribute password, and copy / paste content of that hashed password into shadow files of cisco's firmware.

Commands :
useradd iloverouters
passwd iloverouters


We obtain :
passwd: all authentication tokens updated successfully.

Then reading /etc/shadow, there is a line of that kind :
iloverouters:$1$GJA0Dcnz$3q8j/VnT9M/zv6mIGakKO0:15722:0:99999:7:::

In this case, part that interest us is after a colon ":" of the username, and stop after the next colon ":".

The part for that example is : $1$GJA0Dcnz$3q8j/VnT9M/zv6mIGakKO0

And into shadow and shadow-cisco files of the firmware, we can replace the similar chain that start after the name "root".

It would be for password "cisco2016*" :
root:$1$GJA0Dcnz$3q8j/VnT9M/zv6mIGakKO0:13782:0:99999:7:::

And voila, thus when telnet will be enabled (temporarily or not), "root" password will be known.

Further, via an unveiled command into that tutorial, it will be possible to change "root" password without change firmware each time.

If you want to test, you can compile the firmware again (GPL_Make.sh).


When firmware is flashed, log in on the router, then use that url after :
http://ip_of_your_router/sysinfo123.htm?ConsoleSimulation=1

"ip_of_your_router" must be replaced by your router IP address.

So, telnet server is enabled temporarily, and we can use that door ;)

Note : with that url, there is nothing to screen, but telnet server is running on the LAN.


We must obtain :
my-router login: root
Password:


BusyBox v1.2.1 (2016.01.09-17:59+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

~ #
Up to here, obtained firmware with recompiling permit a pontual telnet access (to enable through the url previously indicaded), and the root password is known.


Additional changes :

1) Busybox
By default, busybox provided don't contain few programs as :
ether-wake, ftpget/ftpput, wget, etc...

Caution : any changes to busybox can affect the embedded Linux :
I suggest don't disable anything, but add what you think necessary.

The conf file is :
/root/GPL/CI005-ipv6/linux/embedded_rootfs/storage/busybox.config

Into the same folder, there is also "busybox-1.2.1.tar.bz2" that we must unpack to configure.

Go inside "busybox-1.2.1" folder that was created.

Copy /root/GPL/CI005-ipv6/linux/embedded_rootfs/storage/busybox.config to :
/root/GPL/CI005-ipv6/linux/embedded_rootfs/storage/busybox-1.2.1/.config

via "make menuconfig" you can change options etc... (to go back into a menu, press Escape).

After, take the .config obtained and remplace busybox.config previously used (dans le dossier parent).

After, remove /root/GPL/CI005-ipv6/linux/embedded_rootfs/storage/busybox-1.2.1 folder and /root/GPL/CI005-ipv6/linux/embedded_rootfs/build/busybox-1.2.1 folder for each Busybox configuration change.

2) Enable telnet by default, and use a script without flashing firmware each time :

With the temporary telnet access, via "ps" we can see the process running :
/usr/sbin/telnetd -l /bin/login

Thus, by changing the firmware (for example the start script rc.local), we can run telnet server at router start.

Directly into the router, the file is at this location : /sbin/rc.local

Into Fedora with the open source firmware, I found 3 files :
/root/GPL/CI005-ipv6/linux/embedded_rootfs/etc-files/rc.local
/root/GPL/CI005-ipv6/linux/embedded_rootfs/pkg_addon/vendor/web_ui_Base/root/sbin/rc.local
/root/GPL/CI005-ipv6/linux/embedded_rootfs/pkg_addon/vendor/web_ui_Data/Model_sbin/RV0XX_CRAMFS/rc.local


To find the right, I suggest to read /sbin/rc.local from the router and compare with the 3 files.

If some files are too similar, we can change the 3 files, even if it was the 2 last files for me,
with a RV042 V3.

If we wish only one firmware for all Cisco routers I listed at the beginning, we must alter the 3 files.

To activate telnet by default, just add that line :
/usr/sbin/telnetd -l /bin/login

Note : by default it seems telnet server is available only on the local network.
To remotely access to telnet, we can create a port forwarding to the router's local IP or open TCP 23 port into router's Firewall.

About the script I mentioned in the title, the goal is :
Be able to change or add router's scripts easily, without recompile and flash again the firmware for each modification.

To do that, it can be well to known few things :
Into Cisco router, a special folder /etc/flash contain a small quantity of flash memory writteable.
It's used for logs, configuration and certificates.

With "df -h" command I could read :
/dev/mtdblock3 1.0M 524.0k 500.0k 51% /etc/flash
In clear, it's a tiny Flash memory of 1 MB, and full at more of 50%.

It's a little light, but widely sufficient to insert a start script.

Also, another thing interesting is that router have "a lot" of RAM, including a part for /tmp folder :
none 50.2M 1.2M 49.0M 2% /tmp
We can see we are near of 50 MB usables.

In this case, why not a start script into /etc/flash that will be called by /sbin/rc.local and if we alter that start script later (into /etc/flash ) we could do that via telnet directly, without any new firmware flashing.

Be warned to not saturate the Flash memory of 1 MB because we must keep a little of memory for logs and configuration, so I suggest to put minimum script here, and all the rest can be downloaded through FTP (ftpget) or SCP with a compressed archive, then unpacked into RAM at the "/tmp" location to use all your scripts and programs inside.

With that, we have "a lot" of memory, and it allow to add programs, including a SSH server.

Example : I have created a folder named /etc/flash/perso and a script "startup" inside.
Now that script is executable with "chmod +x startup" and inside I have written :

Code : Tout sélectionner

#!/bin/sh
sleep 20
/usr/sbin/telnetd -l /bin/login
Thus, the script wait 20 seconds at router's startup, to not interfere with others programs.
After, it runs telnet server.
It permit not too alter the rc.local, because we only add an execution of the script /etc/flash/perso/startup and only if it exists.

Here is the content to add to the router rc.local before recompiling firmware (the last recompilation !) :

Code : Tout sélectionner

CUSTOMSCRIPT="/etc/flash/perso/startup"
if [ -e "$CUSTOMSCRIPT" ]
then
        $CUSTOMSCRIPT
fi
With that, the script will be run only if it exists, it's useful.


Automatically close a non desired program :
"licensecheck" seems to serve certain optional paid services.
If you think you don't need that, we can stop it with adding the following command into startup script :

kill `pidof licensecheck`

And if we don't use the internal Cisco VPN :
kill `pidof nk_quickvpnd`
kill `pidof quickvpn_dos_prevent`


And the optional paid service of url filter :
kill `pidof urlfilter`

Also I have noticed even if we choose a specific NTP server through web interface, in reality cisco router use it and 2nd (hard coded).
Into process list (ps) we can see :
ntpclient -h fr.pool.ntp.org -l -s
ntpclient -h 218.75.4.130 -l -s


Here, fr.pool.ntp.org is the NTP server I have choosen.

"218.75.4.130" hasn't been choosen, it's here without we know his existence.

Code : Tout sélectionner

ps | grep "218.75.4.130" | sed -n '/grep/!p' | cut -d"r" -f1
--> return ntpclient program PID for hard coded IP : 218.75.4.130

To close that program with only one line of commands :

Code : Tout sélectionner

kill `ps | grep "218.75.4.130" | sed -n '/grep/!p' | cut -d"r" -f1`

Replace root password (without flashing firmware again) :

Define a first time a password into Fedora 6 and copy it from /etc/shadow or create a root password into the router, and copy it.
For the moment, it change if we reboot the router, and is restored by router's original password (password we have changed too).

Create a copy of the final router's /etc/shadow and put it into the /etc/flash/perso folder for example.
cp /etc/shadow /etc/flash/perso/shadow_new

At startup, you can automate the file replacement, via the command :
cp -f /etc/flash/perso/shadow_new /etc/shadow


Compile a software for the router, for example a SSH server dropbear

Into Cisco RV0XX router there is a MIPS64 CPU, so with a different architecture than X86 used into Fedora 6 installed for our modifications.

We can compile any software (with right libs) with provided toolchain by Cisco, that is into :
/usr/local/cavium/tools-gcc-4.1

Into the "bin" folder, we can find the compiler :
mips64-octeon-linux-gnu-gcc
mips64-octeon-linux-gnu-cpp
mips64-octeon-linux-gnu-c++



Here is an example of software I have desired to add : dropbear

It's a minimalist SSH server, and that easily compile (it don't use OpenSSL) for differents architectures.

dropbear version used : dropbear-2015.71

First, dropbear sources, unpack, and add mips64 compiler with the command :
export PATH=/usr/local/cavium/tools-gcc-4.1/bin:$PATH

Run the following ./configure (or any others settings you want to add) :
./configure --host=mips64-octeon-linux-gnu CFLAGS=-mabi=64 LDFLAGS=-mabi=64 --disable-zlib --disable-lastlog

And the make to enable all programs we need :
make PROGRAMS="dropbear dbclient dropbearkey scp"

Thus, we obtain 4 programs "dropbear dbclient dropbearkey scp" into dropbear folder, and we will send them into the router.

To do that, 1st possibility is to integrate them directly inside firmware (and it need to flash router again, I will give more informations at the end), 2nd possibility is to create a FTP server, and from the router I downloaded the 4 files with ftpget.

For the FTP way I created a /tmp/perso folder, then I have used that kind of commands :

Code : Tout sélectionner

ftpget -u login -p pass_ftp ip_ftp_server dropbear dropbear/dropbear
ftpget -u login -p pass_ftp ip_ftp_server dropbearkey dropbear/dropbearkey
ftpget -u login -p pass_ftp ip_ftp_server dbclient dropbear/dbclient
ftpget -u login -p pass_ftp ip_ftp_server scp dropbear/scp
Usefulness of the compiled programs :
dropbear = SSH server
dropbearkey = keys generator for SSH server
dbclient = SSH client (optional)
scp = Files transfer to send and receive files from a SCP client (as WinSCP)


Keys creation :
./dropbearkey -t dss -f key_ssh_dss -s 1024
et
./dropbearkey -t rsa -f key_ssh_rsa -s 1024

Start of SSH server dropbear :
./dropbear -d /tmp/perso/key_ssh_dss -r /tmp/perso/key_ssh_rsa -a -p 22

Note : default port is 22, but we can change it into the command line ;)

Test a SSH connection to the router, it should be work.

Caution : for the moment, dropbear is only into the router's RAM, but it would be deleted after a router reboot.
A simple solution is suggested after into that tutorial.


If you have usage of SCP, to send or receive files into the router, I provide more informations to get it working :

From a SCP client (as WinSCP), change shell SCP used into the settings, by the program :
/tmp/perso/ssh_shell

Content of ssh_shell :

Code : Tout sélectionner

#!/bin/sh
PATH=$PATH:/usr/sbin:/sbin:/tmp/perso
/bin/ash
Or, into the router, we create or modify the /etc/profile to add folders /sbin, usr/sbin and even /tmp/perso into the PATH, if you need that.

Thus, from WinSCP, files transfer work from or to the router ;)

Screenshot of a connected WinSCP :
Image

And for a better view to the shell setting into WinSCP into advanced mode (shell to use only if you don't have created /etc/profile into the router) :
Image

The only visual bug I encountered : sometimes WinSCP said the "groups" command don't work, because that command don't exist into the router.
That command is not essential, after WinSCP works anyway.

To hide that error message, we can create into the router an executable script /tmp/perso/groups with the content :

Code : Tout sélectionner

#!/bin/sh
echo ""
Also, it's possible to integrate that script into the router (folder /sbin), we will see that at the end.

Compile a software for the router, as Curl

Note : first read the previous part about Dropbear compilation, it help well.

To compile Curl, I have got version 7.46.0 (download here).

If it's not done, add mips64 compiler into the PATH via the command :
export PATH=/usr/local/cavium/tools-gcc-4.1/bin:$PATH

Run the following ./configure (or add you own settings, for example to add more protocols) :
./configure --host=mips64-octeon-linux-gnu CFLAGS=-mabi=64 LDFLAGS=-mabi=64 --disable-shared --enable-ipv6

Then a simple make :
make

We obtain (for curl unpacked into /root/ folder) into /root/curl-7.46.0/src :
"curl" file that is an standalone executable, with libcurl included (library not shared).

After we send it into the router through HTTP, FTP, SCP or what you want, and Curl become available for your scripts ;)


Keep programs into RAM on each router reboot :

If you have done, we can compress /tmp/perso folder with tar.gz format then send it to a FTP or SCP server (flexible, but everything is not directly integrated into the firmware).

For me I have choosen unencrypted FTP, very simple for my needs (we can add an encryption with OpenSSL).

Into /tmp/perso folder I have the following files :
key_ssh_dss
key_ssh_rsa
curl
dbclient
dropbear
dropbearkey
groups
scp
ssh_shell


When we are into the /tmp folder :
tar czf router_perso.tar.gz perso

It compress "perso" folder to the file "router_perso.tar.gz"

After, send to a FTP server with ftpput :
ftpput -u login -p password -P server_port server_hostname router_perso.tar.gz router_perso.tar.gz

"router_perso.tar.gz" is twice into the command because the distant and local names are the same.

And a little of fantasy, into startup script :
echo "Welcome to your modded router..." > /etc/motd

Thus, when we connect through telnet or SSH, welcome message appears :)

Into startup script, add necessary "ftpget" command to download compressed folder via FTP, unpack it, and run programs you have placed inside.

Example of script to add at startup to get your "perso" folder via FTP :

Code : Tout sélectionner

perso_file="router_perso.tar.gz"
tmp_folder="perso"
cd /tmp
ftpget -u login -p password -P server_port server_hostname $perso_file $perso_file
if [ -f /tmp/$perso_file]
then
        echo "Download is done with success"
        tar xzf $perso_file
        rm $perso_file
        if [ -d /tmp/$tmp_folder]
        then
                echo "Folder has been unpacked"
                cd $tmp_folder
                ./dropbear -d /tmp/$tmp_folder/key_ssh_dss -r /tmp/$tmp_folder/key_ssh_rsa -a -p 22
        fi
fi

Few explanations :
Into startup script proposed :
After download of compressed file via FTP, I check it exists, and same check for unpacked folder.
In this case only next commands are started.

It prevent error messages when we power router without internet connected for example.


Detailled modifications to home-made firmware I provide :

As a reminder, henceforth I provide a home-made firmware (with the previous version, not the latest), the link is here :
Download here a modded firmware based on 4.2.3.07 version

With that home-made firmware, I wanted to integrate directly more things, without to use and external FTP server, everything is into the firmware.

Inside, I changed Busybox to enable ether-wake, wget, ftpget / ftpput.

I modified shadow and shadow-cisco files that are into "/root/GPL/CI005-ipv6/linux/embedded_rootfs/etc-files/" to set root password to "cisco2016*" by default.

Also, I noticed that the following folders are copied into router's /sbin :
/root/GPL/CI005-ipv6/linux/embedded_rootfs/pkg_addon/vendor/web_ui_Base/root/sbin
and
/root/GPL/CI005-ipv6/linux/embedded_rootfs/pkg_addon/vendor/web_ui_Data/Model_sbin/RV0XX_CRAMFS

So I copied the following files inside :
- curl (compiled by myself, but without SSL support)
- dbclient (dropbear)
- dropbear (dropbear)
- dropbearkey (dropbear)
- groups (home-made script that return a blank message, to help WinSCP usage)
- scp (dropbear)

Also, I modified the 3 rc.local :
/root/GPL/CI005-ipv6/linux/embedded_rootfs/etc-files/rc.local
/root/GPL/CI005-ipv6/linux/embedded_rootfs/pkg_addon/vendor/web_ui_Base/root/sbin/rc.local
/root/GPL/CI005-ipv6/linux/embedded_rootfs/pkg_addon/vendor/web_ui_Data/Model_sbin/RV0XX_CRAMFS/rc.local

At the end, I added a home-made script :

Code : Tout sélectionner

PERSONALFOLDER="/etc/flash/perso"
CUSTOMSCRIPT="$PERSONALFOLDER/startup"
KEY_SSH_DSS="$PERSONALFOLDER/key_ssh_dss"
KEY_SSH_RSA="$PERSONALFOLDER/key_ssh_rsa"
SHADOW_NEW="$PERSONALFOLDER/shadow_new"

if [ ! -d "$PERSONALFOLDER" ]
then
        mkdir $PERSONALFOLDER
fi

if [ ! -e "$CUSTOMSCRIPT" ]
then
        touch $CUSTOMSCRIPT
                chmod 755 $CUSTOMSCRIPT
                echo "#!/bin/sh" >> $CUSTOMSCRIPT
                echo "echo \"Bienvenue sur votre routeur avec firmware modifie...\" > /etc/motd" >> $CUSTOMSCRIPT
                echo "echo \"Welcome into your router with modded firmware...\" >> /etc/motd" >> $CUSTOMSCRIPT
                echo "sleep 20" >> $CUSTOMSCRIPT
                echo "/usr/sbin/telnetd -l /bin/login" >> $CUSTOMSCRIPT
                echo "sleep 20" >> $CUSTOMSCRIPT
                echo "/sbin/dropbear -d /etc/flash/perso/key_ssh_dss -r /etc/flash/perso/key_ssh_rsa -a -p 22" >> $CUSTOMSCRIPT
fi

if [ ! -e "$KEY_SSH_DSS" ]
then
        /sbin/dropbearkey -t dss -f $KEY_SSH_DSS -s 1024
fi

if [ ! -e "$KEY_SSH_RSA" ]
then
        /sbin/dropbearkey -t rsa -f $KEY_SSH_RSA -s 1024
fi

touch /etc/profile
echo "PATH=$PATH:/usr/sbin:/sbin" >> /etc/profile
echo "export PATH" >> /etc/profile

if [ -e "$SHADOW_NEW" ]
then
        cp -f $SHADOW_NEW /etc/shadow
fi

$CUSTOMSCRIPT
That script allows :
- Fix the PATH (change that if you wish to include more folders)
- Create automatically /etc/flash/perso folder and startup script if it don't exists
- Create SSH keys for dropbear if they don't exist
- Add a welcome message when we connect with Telnet or SSH
- Run Telnet Server
- Run SSH Server dropbear
- If the script detect your own "shadow_new" file into /etc/flash/perso then it will be copied automatically into the router, that permit to change root password without flashing router again
- At any time if you don't want anymore some functions or if you want to change SSH port, etc... you have just to modify /etc/flash/perso/startup script that is writeable easily because it's into the flash memory.

Note : SSH server dropbear allow port forwarding, I tried and it works very well ;)

Reboot the router :
"busybox reboot" or directly "reboot" if your PATH is correctly set.
Dernière modification par Etre_Libre le 09 janvier 2016, 19:17, modifié 4 fois.

hh_shan

Re: Modify firmware Cisco RV016 RV042 RV042G RV082

Message par hh_shan » 05 décembre 2013, 15:59

This post is really informative and just the kind of source I was looking for to implement my project.
Sir, I have a small query.
I already obtained the source code RV0XX-v4.2.2.08-GPL-20130426 from CISCO which includes 2 rar files,
1. octeon_toolchain-4.1
2. RV0XX-v4.2.2.06-GPL (which includes CI005-ipv6 folder)

along with,

3. GPL.Make.sh
4. RV0XX-v4.2.2.08-GPL-20130426.

I would greatly appreciate if you could give some pointers on which sections of the source code to look into when I need to make IPsec, IPv6 and IPv4 related modifications. Your Expert opinion is highly valued and looking forward for a reply.

Thank you very much :) :)

Etre_Libre
Administrateur
Messages : 647
Inscription : 13 novembre 2012, 21:44

Re: Modify firmware Cisco RV016 RV042 RV042G RV082

Message par Etre_Libre » 05 décembre 2013, 19:24

Hi ;)

Sorry for the delay, I received your PM 2 days ago but I am full for now...

If I understand, you want to add a feature into that Cisco router.

In fact, I am not a Linux expert, and I just done light modifications to the original firmware.

My knowledge for router firmware changes is very light, so I think I can't help you to do that.

Also, I prefer to be honest : I never used IPsec, but OpenVPN yes.

I suggest you to search and try many tests to reach your goal, and it need a good knowledge of Linux.

Good luck.

hh_shan

Re: Modify firmware Cisco RV016 RV042 RV042G RV082

Message par hh_shan » 06 décembre 2013, 13:38

Hi, :)

Very much appreciate your reply. :) yes you are right! and you sir are the only one that has posted on firmware alteration that I came across and I have to say it is very informative :) I would be grateful if you could give some links that would help me in this matter :) thanks again. :)

Etre_Libre
Administrateur
Messages : 647
Inscription : 13 novembre 2012, 21:44

Re: Modify firmware Cisco RV016 RV042 RV042G RV082

Message par Etre_Libre » 06 décembre 2013, 17:39

I admit I don't have more links now, and in this period I use Windows a lot and I use Linux from time to time.

Thank you for your message, and again I wish you will find what you need ;)

Etre_Libre
Administrateur
Messages : 647
Inscription : 13 novembre 2012, 21:44

Re: Modify firmware Cisco RV016 RV042 RV042G RV082

Message par Etre_Libre » 11 mai 2014, 15:24

Import update :

- Firmware 4.2.3.03
- Creation of an home-made firmware that I provide
- Detailled informations about modifications made into the home-made firmware

somnuk

Re: Modify firmware Cisco RV016 RV042 RV042G RV082

Message par somnuk » 15 mai 2014, 05:21

Hi Etre_liibre,

Thank you for your kind contribution. I had successfully upgrade my RV042 V3 to your firmware but I cannot find any menu for WOL. I did create the arp table by telnet but the table will be deleted after router reboot. I would be very appreciated if you can teach how to keep the arp table permanently.

Thank you,

Somnuk

Etre_Libre
Administrateur
Messages : 647
Inscription : 13 novembre 2012, 21:44

Re: Modify firmware Cisco RV016 RV042 RV042G RV082

Message par Etre_Libre » 15 mai 2014, 07:27

Hi,

As I said, WOL is available through command line (telnet or SSH) with "ether-wake" command.

Also, you don't need to add ARP entries to use that ;)

somnuk

Re: Modify firmware Cisco RV016 RV042 RV042G RV082

Message par somnuk » 15 mai 2014, 08:57

Hi,

Thank you for your prompt reply, I will try again. I got another problem. I use the start up from original firmware to restore in this firmware, everything seem working fine but the gateway-to-gateway is not working. Do you have any idea.

Thank you,

Somnuk

Artisto

Re: Modify firmware Cisco RV016 RV042 RV042G RV082

Message par Artisto » 15 mai 2014, 13:38

Hi, Tank you for this How-To,

I have an additional question. I want to change the default DDNS entries in adv_ddns.htm from dyndns.org to spdns.de. Or something else.

With these changes web interface changed but obviously the "ip-update-command" is the default (dyndns.org).
there comes an errormessage that this dyndns.org-hostname is not valid.

Where can I find the "ip-update-commands" to change it to i.e. spdns.de?


regards
Artisto

Verrouillé