Hacking the Asus WL-520GU w/ OpenWRT

I was at a Gumbo Labs meeting recently and one of the members, Mark, showed us the router that he had been working on. He had flashed it with OpenWRT, added an SD card, and a serial GPS module. He used it to collect geospatial network information on the way to the meeting for the demonstration. What interested me the most was the expansive abilities of OpenWRT, as well as the relative cheapness of some of the routers that could host it. According to Mark’s logic, why buy an Arduino when you can spend a little more and have linux, wireless, and a higher level programming language? I still think the Arduino has it’s place in my life, mostly considering you can go from the Arduino to a real, sell-able, AVR prototype easily and for extremely cheap. For certain situations though, using a hacked router is a great idea. So I decided to do some research and I came across the Asus WL-520GU.

the 520gu

the 520gu

You can pretty much ignore the specs you see online because they aren’t really important. Here are the real specs to this device:

  1. It is extremely small, can run off 5 Volts, and doesn’t consume much current. You can easily run it on a battery.
  2. You can easily find builds of OpenWRT for the Broadcom chip found in the Asus. Flashing it is simple. OpenWRT is among the more hackable and useful of the WRT firmwares. You can SSH, telnet, or log in over serial.
  3. Asus left a 3.3V serial port right on the board, just solder in a 4 pin header and you got serial communications. You can log into the board from there or you can have your programs access it and send the info out to the world.
  4. There is a USB port. You can use some cross-compiled linux packages to access that serial port. This opens up a lot of room for creativity. The most important thing about it is that it gives you more space to store cool stuff, like a python interpreter!
  5. That leads us to the thing I was most excited about, you can run python scripts on the router. And you can use pySerial to access the serial port!

So, how do we go about hacking this? Well, there are a few initial steps. I figured all of this out by reading these two articles

but I am going to go through all the steps here so I can clarify some things. You should read those and then reference them when I am not making sense. I copied a lot verbatim.

First off, we must take apart the router.

Taking off the casing

Taking off the casing

BTW, sorry for the crummy pics, I had to use my phone. Anyway, to take this thing off, unscrew the two visible screws then flip out the corner of the rubber feet on the top-left and bottom-right. There are two hidden screws there. After we remove the casing, you can pull out the board.

After the case is removed

After the case is removed

Now we need to locate the convenient 3.3V serial port that the Asus designers left on the board. It is pretty easy to spot. It is this empty space for a 4 pin jumper. The pin-outs from top to bottom in this picture are 3.3V – RX – TX – GND.

3.3V serial port left by asus designers

3.3V serial port left by asus designers

Now you need to desolder this port so you can get access to it. I found this more difficult than it usually is. To keep you from going through the same, I recommend the following steps:

  1. Desolder from the bottom of the board. There are some delicate traces on the top and you don’t want to cause a short.
  2. You may need to use a little solder to get the old solder to flow.
  3. Don’t heat the board too long, you could damage nearby components or traces.
  4. Use some good wick, not a sucker. This is one of the few times I will recommend you head over to Radio Shack. Their solder wick is great! Unfortunately, I used this bulk Chinese crap.
Cheap ass thin wick

Cheap ass thin wick

Here is what happens when you use bad wick:

Desoldered port

Desoldered port

Not the worst desoldering ever done, I have heard of people bricking routers this way, but certainly not as clean and easy as it should have been.

Next we need to connect this to our computer. Since this is just basically a serial port, you can use a variety of old hardware. Just remember, this doesn’t follow the standard RS-232 specification of 12 Volts! It is only 3.3. Most people have used the FTDI TTL serial to usb cable for this. I happened to have a few extra FTDI chips lying around for such hacking occasions.

FTDI 232 chip on breakout board from Sparkfun

FTDI 232 chip on breakout board from Sparkfun

I couldn’t find any female headers in the lab so I just grabbed a breadboard and some wires. I soldered the wires directly into the board. You normally want to solder on headers but I didn’t have a need for this at the time b/c once you get OpenWRT on this thing, you can SSH in. The mapping is simple. Cross RX and TX, makes sense if you think about it, and connect grounds to each other. No need to connect the 3.3V on either side.

Serial conection

Serial conection

Once I plugged it in, I checked to see if the FTDI drivers were working and the port was recognized. You also need to know the unique name of the device. I opened up the terminal and checked my /dev folder for descriptors starting with tty.usb.

searching for serial interface

searching for serial interface

Now that I know the port is working and where it is, I wanted to see if I could listen in on the Asus firmware as it starts up. I opened up ZTerm, set it to /dev/tty/usbserial-A3000RBH, set the baud rate to 1152oo, and set the protocol to the standard ASCII 8N1 (8 bits, No parity, 1 stop bit). Then I did a hard restart on the router [turning my surge protector off then on], and saw the boot log stream into my ZTerm window.

ZTerm showing boot of Asus firmware

ZTerm showing boot of Asus firmware

Now we need to install openWRT. You can build it yourself, but I recommend getting this pre-built version from mightyOhm. Next you need tftp. I know OS X has it, not sure about other OSs. After you have all this gathered, you need to configure your LAN network interface to use a static ip and connect directly to your router. We are going to tftp the openWRT firmware over to the router. The process for this is different for all OSs, but you basically need these settings

  • ip: 192.168.1.XXX #just make up something for XXX that isn’t used, like 180
  • subnet mask: 255.255.255.0
  • router: 192.168.1.1 #this is the default ip of the router

After you are set up, connect up an ethernet cable from your computer to LAN port 1 on your router.

plugged into LAN 1

plugged into LAN 1

Unplug your router, hold down the black restore button, and plug back in. After a few seconds, you will see the router trying to read a tftp connection in your ZTerm window. It will be saying

Failed.: Timeout occurred

Reading:: TFTP Server.

Over and over again. What you need to do is connect to the router over tftp and upload the openwrt firmware you downloaded earlier.

I opened up a terminal and ran these commands. Your process may slightly differ

$ cd ~/Downloads/ #this is where my trx file was
$ tftp
$ trace
$ timeout 1
$ mode binary
$ connect 192.168.1.1
$ put openwrt-brcm-2.4-squashfs.trx

Once you run the last command, you should see the router accept and start to upload. Don’t touch anything at this point!

Flashing the router over tftp

Flashing the router over tftp

Wait for it to say done. XXXX bytes written as seen above. It may take a few minutes, be patient. After this, you can restart the router and watch ZTerm and if all goes well, hit enter when asked and you should see openWRT start up!

openWRT boot

openWRT boot

OpenWRT comes with busybox so you have most of the normal linux commands like ls:

LS

LS

Now, we want to set up our network interface. I wanted to turn the wireless router into a wireless client. All we have as a text editor is vi so you may need to brush up on it’s use.

First we must set up the wireless interface:

root@OpenWrt:~# vi /etc/config/wireless

edit it to look like this with your own settings:

config wifi-device  wl0
	option type     broadcom
	option channel  2  # the channel your wireless network is on

	# REMOVE THIS LINE TO ENABLE WIFI:
	# option disabled 1 (comment out or remove this line entirely)

config wifi-iface
	option device   wl0
	option network	lan
	option mode     sta  # configures the router to connect to your network
	option ssid     MyNetwork # the SSID of your network
	option encryption wep  # the encryption mode of your network
	option key	XXXXXXXXXX  # add this line with your WEP key

Then set up DHCP:

root@OpenWrt:~# vi /etc/config/network

Edit it to look like this commenting out last 2 lines:

#### LAN configuration
config interface lan
      option type     bridge
      option ifname   "eth0.0"
      option proto    dhcp
      #option ipaddr   192.168.1.1
      #option netmask  255.255.255.0

Check your resolve.conf file:

root@OpenWrt:~# cat /etc/resolv.conf

It should say this, if not, make it so:

nameserver 127.0.0.1

Now we can restart the network interface:

root@OpenWrt:/# /etc/init.d/network restart

And we should be able to ping something!

pinging google!

pinging google!

After this, we now have a functioning linux machine! Not bad for 25 bucks. Now I desoldered the serial port hack job [unplug first], and I can SSH or telnet into the router:

SSHing into the asus

SSHing into the asus

If I remember correctly, the username and password were both root.

I have had a few ideas about what to do with this. I think the one I am going with is a home power monitoring system similar to this one :

http://www.picobay.com/projects/2009/01/real-time-web-based-power-charting.html

The basic architecture would be AC clamps in my breaker box -> arduino -> serial port on asus -> python script running off usb -> pachube over wireless connection. I originally thought python would be perfect for this, and it probably is, but I ran into some issues getting USB to work. It was a pain in the ass. Then I realized, do I actually need to write a program to get the info from the serial port to the web? Hello no! I got linux to work with, and linux people have been doing this since the beginning of networks. Fortunately, I found this page that had exactly what I was looking for. Here is the bash script he uses:

#!/bin/sh
while [ 1 ]
do
temp=$(grep -m 1 “temp” /dev/ttyS0|cut -d “=” -f 2)
curl –request PUT –header “X-PachubeApiKey: your-key-here” –data “$temp” “http://www.pachube.com/api/1931.csv”
sleep 300
done

He is basically just listening in on the serial port and parsing the incoming string then piping it to curl [which can be obtained on the Asus via the package manager opkg]. He is using it for temperature but it can easily be adapted for my purposes.

I am waiting to get an AC clamp in and when I do, I will write a part 2 with the rest of the project.

This entry was posted in Tutorial/Documentation and tagged , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

17 Comments

  1. René Weiß Abythe
    Posted October 11, 2009 at 4:16 am | Permalink

    ♫great!♫

    (\__/)
    (=’.'=)
    (“)_(“)

  2. Iordan
    Posted March 6, 2010 at 6:04 pm | Permalink

    Hi, perhaps I didn’t read into this deeply enough, but I don’t see a reason why the serial interface is *required* for this to get done. Can you please point out why it would be necessary? I’d rather avoid opening and soldering parts onto the router if I can. I also don’t have any serial TTL converters lying around :D .

    Was there a step that I missed? After flashing with the image from mightyOhm, isn’t ssh or at least telnet running?

    Thanks!
    Iordan

  3. Posted March 6, 2010 at 7:27 pm | Permalink

    @Iordan,

    Hey, it has been a while since I have messed with this. You can flash it with openwrt without the serial interace. It is helpful to use the serial interface to see what is going on though. I am pretty sure you should be able to telnet in without the serial interface as well. The thing is, if something goes wrong, like you configure the net interface wrong, you won’t be able to access the shell without a serial connection. I think you should be good though.

  4. Posted April 4, 2013 at 11:21 am | Permalink

    Really high quality blog posts on this site, saved to fav.

  5. Posted April 9, 2013 at 10:39 am | Permalink

    Keep on working, great job!

  6. Posted April 10, 2013 at 7:31 am | Permalink

    You are fantastic! Thanks!Good blog here! Also your site loads up fast!
    What web host are you currently utilizing? Can I get your affiliate
    link to your host? I wish my website loaded up as
    swiftly as yours lol

  7. Posted April 15, 2013 at 2:12 pm | Permalink

    I am amazed with this website, really. I am an admirer.

  8. Posted June 20, 2013 at 7:36 pm | Permalink

    You must indulge in a contest for one of the finest blogs online.
    I’ll suggest this web site!

    Here is my weblog home toenail fungus treatment :: 1bestacnetreatment.com ::

  9. Posted August 2, 2013 at 9:55 pm | Permalink

    This post provides clear idea for the new people of blogging, that genuinely how to do blogging.

  10. Posted November 4, 2013 at 11:10 am | Permalink

    What’s up all, here every person is sharing these experience,
    therefore it’s fastidious to read this blog, and I used to go to see this website daily.

  11. Posted November 8, 2013 at 2:28 pm | Permalink

    This crossover series, featuring the combined roster of Samurai Warriors and Dynasty Warriors, should have been amazing.
    My companion didn’t even know that Link had ever been a pink bunny.

    Although it turned out to be not even close to true (Riot
    Games has said there are over five million Lo – L players and Steam statistics show there are only around 300,000 people
    on Dota 2 each day), it did get a lot of people on forums arguing about which game was better.

  12. Posted November 9, 2013 at 6:43 pm | Permalink

    Hello, i think that i saw you visited my site so i came to “return the favor”.I am trying to find things to enhance my site!I
    suppose its ok to use a few of your ideas!!

  13. Posted January 23, 2014 at 8:47 am | Permalink

    Hello, i read your blog occasionally and i own a similar one and i was just curious if
    you get a lot of spam comments? If so how do you prevent it, any plugin or anything you
    can recommend? I get so much lately it’s driving me insane
    so any assistance is very much appreciated.

  14. Posted March 14, 2014 at 5:35 pm | Permalink

    Thanks in favor of ѕharing sucҺ a good idea, paragraph
    is fastidious, thats why i have read it completely

    Look into my weblog: Boston College Apartments

  15. Posted March 15, 2014 at 3:36 am | Permalink

    I almost never comment, however i did some searching and wound up here Hacking the Asus WL-520GU w/ OpenWRT.
    And I actually do have some questions for you if you usually do not mind.
    Is it simply me or does it give the impression like some of these responses come across like left by brain dead visitors?
    :-P And, if you are posting at other social sites,
    I would like to follow everything fresh you have to post.
    Would you list of every one of all your community sites
    like your twitter feed, Facebook page or linkedin profile?

    Feel free to visit my site free itunes codes [Cortney]

  16. Posted March 20, 2014 at 1:37 am | Permalink

    Woah! I’m really enjoying the template/theme of
    this website. It’s simple, yet effective. A lot of times it’s difficult to get that
    “perfect balance” between usability and visual appearance.
    I must say you’ve done a amazing job with this. Also, the blog loads super quick for
    me on Chrome. Superb Blog!

    Here is my web blog … henna for weddings

  17. Posted March 21, 2014 at 5:36 am | Permalink

    This is a topic which is close to my heart… Best wishes!
    Exactly where are your contact details though?

    Stop by my homepage … Asian bridal hair styles

2 Trackbacks

  1. By Arduino and Asus wl520gu « TakenApart on November 29, 2009 at 11:36 pm
  2. By noise is good | Networked Audio Players: Hardware on January 12, 2013 at 11:20 pm

    [...] blog (mentioned in part one) and plenty of others have documented the WL-520GU and how to hack it to perform beyond its consumer/domestic product [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">