We’ve already shown you how to mod your home router with the DD-WRT alternative firmware for greatly improved performance, and today we’re going to show you how to take it even further with the DD-WRT Mod-Kit.
If you haven’t already, be sure and check out the two previous articles in the series:
- Turn Your Home Router Into a Super-Powered Router with DD-WRT
- How to Boost Your Wi-Fi Network Signal and Increase Range with DD-WRT
Assuming you are familiar with those topics, keep reading. Keep in mind that this guide is a little more technical, and beginners should be careful when modding their router.
This guide will give a step by step rundown of how to create your own DD-WRT firmware with modifications and additions using the “firmware modification kit“.
The firmware modification kit enables one to make modifications to the firmware without compiling it from source. Making changes this way, with the aid of the provided scripts, becomes a simple matter of downloading, replacing and deleting some files.
The most predominant reason to use this method is because lately DD-WRT’s support for the Openwrt IPKG packages has shifted towards routers that have hard drives (via USB), which makes the mod-kit the only consistently working way of installing the IPKG packages successfully for cases where an HD is unavailable. In addition, this method has the added advantage of relieving you from the JFFS dependency for packages installation, which for routers with only 4MB of flash is a real problem.
While instructions for this procedure, are detailed on DD-WRT’s wiki and on the developer’s site, we aim to make this guide a copy & paste procedure that anyone can use to achieve the following goals:
- Install the knockd package and its dependencies.
- Install the ssmtp package with NVRAM based generated configurations.
- Optionally with support for TLS smtp (a.k.a. Gmail support).
Once you have followed this procedure it should be relevantly simple to adapt it for other packages installations.
Warning: Tread lightly… keep in mind that incorrect usage of the modification kit, can leave you with a router that needs de-brick-ing (as in turn it into a useless brick). However if you’re a true geek you probably subscribe to the ideology that, he who can destroy a thing, controls a thing, and only true geeks do that
- Using this procedure can brick your router, as in make your router unusable, we take no responsibility for any damages that may be caused directly or other wise due to the use of the procedures below.
- This procedure was performed on Debian based systems (Lenny, Squeeze and Mint) and the instructions below assume you are using one as well.
- This procedure is only recommended for people who have experience with flashing their router with DD-WRT, with all the prerequisites,caveats and limitations that apply for their hardware setup. a good place to start would be our Turn Your Home Router Into a Super-Powered Router with DD-WRT guide.
- Your router has to support at least the “mini” version of DD-WRT.
- This procedure was created and tested on Linksys WRT54GS/L routers, if your using routers from other vendors, your mileage may very.
Installing required packages
The firmware modification kit has some dependencies for it to compile and work. In order to install/update them all at once Issue this command in a terminal:
sudo aptitude install gcc g++ binutils patch bzip2 flex bison make gettext unzip zlib1g-dev libc6 subversion
Download the mod-kit
Create a sub-folder, and get the kit from the official SVN:
svn checkout http://firmware-mod-kit.googlecode.com/svn/trunk/ firmware-mod-kit-read-only
Download a firmware to work on
The first thing to consider is which version you want to use?
A rule of thumb is: when in doubt use “mini”. This is because as long as your router supports at least the “mini” version, using it gives you all of the most commonly used features without any bloatware. thus leaving both space for the procedures and even some JFFS space for other usages in most cases.
Once you’ve decided on a version, it is recommended to use the latest revision of the firmware available, as they tend to have a lot of bug fixes compared to their “stable” counterparts.
At the time of this writing the latest was “03-17-11-r16454″ and this revision is used in the commands that follow.
In order to make it easier to keep track of what version we are using, rename the downloaded file to represent its version number:
mv dd-wrt.v24_mini_generic.bin dd-wrt.v24_mini_generic-03-17-11-r16454.bin
This is of course optional, but the commands below assume that you have renamed the file.
Extracting the firmware
In order to be able to change files within the firmware we need to extract its content into a temporary directory.
The syntax of this command is:
./extract_firmware.sh FIRMWARE_IMAGE WORKING_DIRECTORY
In our case, this would translate to:
./extract_firmware.sh dd-wrt.v24_mini_generic-03-17-11-r16454.bin ./working_dir_mini1
Note: The first time you run this command, it builds the mod-kit tools on your system. this happens only once and may take a little while… so be patient…
Now that the firmware is extracted we can install the packages to it.
In general, the procedure is to download the package and its dependencies in the form of an ipk file from the openWRT repository. Once downloaded install them into the extracted firmware using the provided script.
The knockd package
Detailed instructions on how to configure and use Knockd will be detailed in a future article, so you may opt to skip this step for now or do it in preparation for the future as Knockd doesn’t take a lot of space anyhow.
Knockd is a daemon that listens to communication events at the link layer for sequences then acts on them.
What this means, is that you can have the device running the daemon not even “listen” on the ports (a port scan will not see them as open) and still make it do something you need, from a single command all the way up to a full script. Using this technique you could trigger the server to perform any sort of operation you need of it remotely (across the internet) without exposing your home network.
Knockd has only one listed dependency, so download the package and its dependency by issuing:
Install the “knock daemon” (knockd) ipk into the firmware:
./ipkg_install.sh knockd_0.5-1_mipsel.ipk ./working_dir_mini1/
Install the “packet capture” (libpcap) ipk into the firmware:
./ipkg_install.sh libpcap_0.9.4-1_mipsel.ipk ./working_dir_mini1/
As “knockd” can be invoked with an alternate configuration file (how will be explained in a future article), there is no need to perform any other operation and you may skip to the firmware building section, if its all you wanted to install.
The SSMTP package
The SSMTP package enables your router to send Email messages just like we showed in our How To Setup Email Alerts on Linux Using Gmail or SMTP for servers. We promised you back then that we will show how to configure this for DD-WRT and we will now deliver.
This is mainly useful if your going to create scripts on the router that you would like to receive feedback on their operation via email.
This package’s setup is a bit more complex then it is on normal Linux systems because of the limitation imposed by an embedded system, so take a deep breath… ready?…. lets go…
Download the package:
Install the “ssmtp” ipk into the firmware:
./ipkg_install.sh ssmtp_2.61-1_mipsel.ipk ./working_dir_mini1/
TLS support (Optional)
SSMTP doesn’t list any other packages as its dependencies, however if you want to be able to use an smtp gateway that requires TLS authentication (i.e. Gmail), you have to install the openSSL pakage as well.
Note: There is a HUGE drawback to doing this in the form of considerably reduced space on the router for JFFS later on. That is, the openSSL package takes about 500K of space from your total of 4MB (for a normal non “mega” supporting router), compound to that the JFFS overhead and you will discover that your left with, but a precious few, blocks of free JFFS space (about 60KB on WRT54GL).
As there are still non TLS requiring smtp servers out there (usually your ISP’s), i suggest taking a minute to think if you really need to use the TLS requiring gateway.
If you have decided to enable TLS support despite its disadvantage, download the openSSL package:
Install the “openSSL” (libopenssl) ipk into the firmware:
./ipkg_install.sh libopenssl_0.9.8d-1_mipsel.ipk ./working_dir_mini1/
There is a limitation with the SSMTP package, that it is not possible to invoke it with an alternate configuration file.
Because the firmware is read-only when its on the router, that means that out of the box we can only hardcode the configuration into the firmware.
However, what if we don’t want to go through all of the firmware modification steps, just to change the Email settings? (for example a password change).
To that end, both Jeremy (the firmware mod-kit creator) and myself reached the conclusion (independently if i may humbly add) that the only sane way to do this would be to:
- Make the configuration files location which the ssmtp package points to the read-only location under etc, point to the tmp directory which is writable to at runtime.
- Create a script that would dynamically generate the configurations based off of NVRAM variables at startup.
To achieve that, some additional steps are required…
Symlink the ssmtp configuration directory
As explained above, we need to make the /etc/ssmtp location on the router, point to the /tmp directory as its the only writable place we have on the router at run time. To do this, delete the ssmtp directory that was created by the ipk installer:
rm -rf ./working_dir_mini1/rootfs/etc/ssmtp/
Create a new symbolic link that points the /etc/ssmtp on the router’s root file-system, to point to /tmp/etc/ssmtp as an absolute path:
ln -s /tmp/etc/ssmtp/ ./working_dir_mini1/rootfs/etc/ssmtp
Note: Even though this looks illogical right now, because we are pointing the package’s configuration directory to a location outside of the firmware modification kit’s working directory, I assure you that this looks totally fine from the routers point of view at run time.
An init script
While it is completely possible to not inject this script into the firmware and run it as a startup script later on, I feel its appropriate to put it here if only as an example for future use.
Originally Jeremy created the script tailored to someone’s request, later on, I adjusted and augmented it to be more compatible with DD-WRT and syslog reporting.
Create the new init (startup) script:
Note: You may use another editor, I use vi because its consistent with what’s available on the router…
Make this its content:
# title: ssmtp_nvram.sh
# author: Jeremy Collake and Aviad Raviv
# site: http://www.bitsum.com, http://howtogeek.com
# script to build config file from nvram vars.
# will work for any config file that uses
# var=value type pairs.
# uses prefixes for nvram variables.
# translates to ssmtp.conf
logger -s -p local0.notice -t SSMTP_init $1
logger_func "###########Started the SSMTP init run###########"
logger_func "Creating the etc directory in /tmp"
[ ! -d /etc/ssmtp/ ] && mkdir -p /tmp/etc/ssmtp/
PACKAGE_NAME=`echo $NVRAM_PREFIX | sed 's/_/ /'`
logger_func "Generating $CONFIG_FILE for package $PACKAGE_NAME"
#echo $0: generating $CONFIG_FILE for package $PACKAGE_NAME
echo "#!/bin/sh" > $CONFIG_FILE
echo "#" >> $CONFIG_FILE
echo "# auto generated based on nvram by $0" >> $CONFIG_FILE
echo "#" >> $CONFIG_FILE
if [ -z "`nvram show | grep ssmtp`" ]
logger_func "It appears that you have not set the NVRAM variables required to generate the conf file"
logger_func "**Consider** using these commands in you startup script:"
logger_func "nvram set email@example.com"
logger_func "nvram set ssmtp_mailhub=smtp.gmail.com:587"
logger_func "nvram set firstname.lastname@example.org"
logger_func "nvram set ssmtp_UseSTARTTLS=YES"
logger_func "nvram set ssmtp_AuthUser=username"
logger_func "nvram set ssmtp_AuthPass=password"
logger_func "nvram set ssmtp_FromLineOverride=YES"
logger_func "create the NVRAM variables and re-run the init script or reboot for the settings to take affect."
# main loop
CONFIG_VARS=`nvram show | grep $NVRAM_PREFIX | sed "$SED_COMMAND"`
for i in $CONFIG_VARS; do
echo $i >> $CONFIG_FILE
# sanity check
if [ ! -f "$CONFIG_FILE" ]; then
# echo "$0: ERROR - could not create $CONFIG_FILE. Perhaps there is no symink /etc/XXXX -> /tmp/etc/XXXX ?"
logger_func "ERROR - could not create $CONFIG_FILE. Perhaps there is no symink /etc/XXXX -> /tmp/etc/XXXX ?"
logger_func "###########Finished the SSMTP init run###########"
Make it executable:
chmod +x ./working_dir_mini1/rootfs/etc/init.d/S80ssmtp
Take note of the NVRAM waiting variables in the script, it is our responsibility to give them something to work with after we have installed our modified firmware on the router.
Build the modified Firmware
Now that everything is in place, it is time to re-package the modified firmware into a compressed binary that we can flash to the router.
The “build.sh” script syntax is:
./build_firmware.sh OUTPUT_DIR WORKING_DIRECTORY
To do this we use the supplied script, so issue:
./build_firmware.sh output_mini1 ./working_dir_mini1/
Once the “build” operation is done, there will be several firmware images waiting to be used in the “output” directory.
You may now flash the file called “custom_image_00001-generic.bin” to your router as you normally would a DD-WRT firmware.
Note: Don’t forget to restore to “factory defaults” before, during and right after the firmware flash.
Post flash steps
Because we made the SSMTP package look for NVRAM variables in order to generate the ssmtp configuration file, we now need to supply it with the missing information.
We will accomplish this by using the web-GUI “Run commands” function.
Go to the web-GUI -> “administration” -> “commands” -> paste in the text-box the following:
nvram set email@example.com
nvram set ssmtp_mailhub=smtp.gmail.com:587
nvram set firstname.lastname@example.org
nvram set ssmtp_UseSTARTTLS=YES
nvram set ssmtp_AuthUser=your-gmail-user-name(without the @gmail.com)
nvram set ssmtp_AuthPass=you-gmail-password
nvram set ssmtp_FromLineOverride=YES
Replace the text after the equal (=) sign, with your actual information, And then Hit “Run commands”.
Note: if your using a regular, non TLS using, smtp server the port to use is 25 instead of 587.
Now that the SSMTP information is ready for use, you will need to invoke the init script. So you can either reboot the router, Or paste this into the “commands” text-box:
Then hit “Run commands” again.
The output of this command should look like:
Test that you can send Email
Again paste this into the “commands” text-box the following command with your email address:
echo "testing crucible emailing 123 qwe" | ssmtp -vvv email@example.com
Then hit “Run commands” again.
Because we used the -vvv option for extra verbosity, the output of this command should look like:
If everything went well, you should be getting the test email within seconds.
We hope that you can use this information to push your home router’s limits even further then you thought possible and you now truly control your home router, and DD-WRT…
Linux extends life, Linux expands consciousness… Linux is vital for packet travel
Monday, April 4, 2011
Unleash Even More Power from Your Home Router with DD-WRT Mod-Kit