What's new

Release Asuswrt-Merlin 386.3 is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Since the upgrade I am not able to connect my Trust wallet (iPhone) through PancakeSwap, SushiSwap, Uniswap. It shows error or nothring happens. Going on 4G works straight away. I have disabled DNS and Trend filter with the same failing result.
 
Do any of your SSIDs and passwords contain non-alphanumeric characters?
Yes; in my pass-phrase, but those (all) "have an encoding in the range of 32 to 126 (decimal), inclusive" (and thus satisfy the 802.11i-2004 specification)
 
Yes; in my pass-phrase, but those (all) "have an encoding in the range of 32 to 126 (decimal), inclusive" (and thus satisfy the 802.11i-2004 specification)
It also has to pass the test of the httpApi.nvramGet function call, which I assume fails.

If you load http://192.168.50.1/device-map/router.asp in a browser window and display the F12 console Network tab, then refresh the page, you should see some appGet.cgi calls. Check the Response of those queries to see if the nvram values are being fetched correctly.
 
Responses for both nvram_get and nvram_char_to_ascii show the correct pass-phrase (the latter URL-encoded).
 
Upgraded both routers from 386.3 to 386.3_2.
Upgrading went as smooth as always. Did not experience longer upgrade times or longer GUI access.
USB 3.0 is as always crashing and needs to be downgraded to version 2.0 for correct workings. Pitty, I could use the extra speed from USB 3.0.
 
Responses for both nvram_get and nvram_char_to_ascii show the correct pass-phrase (the latter URL-encoded).
What about in the first query before the encoding? Something in the data must be breaking the results. What special chars are you using?
 
I'd rather not reveal the characters in my password, unless/until I find a single one causing it...

Would this work:
  1. Modify nvram variable wl0_wpa_psk via SSH (but not restart the wireless service)
  2. Check results in browser
  3. Restore nvram variable wl0_wpa_psk via SSH
Or will all my devices still be disconnected after step 1/2?
 
I'd rather not reveal the characters in my password, unless/until I find a single one causing it...

Would this work:
  1. Modify nvram variable wl0_wpa_psk via SSH (but not restart the wireless service)
  2. Check results in browser
  3. Restore nvram variable wl0_wpa_psk via SSH
Or will all my devices still be disconnected after step 1/2?
That will work. Don’t use nvram commit either.
 
Last edited:
Regarding the broken Wireless tab, it comes down to certain special characters returned in the appGet.cgi call breaking the json parser from the ajax call within httpApi.nvramGet. \ is a definite breaking character. Others are possible.
Thank you for this analysis. Will a future fix be possible to correct the problem ?
 
Will it work to transform the string via URL encoding, Base64, etc. before passing it to appGet.cgi and just unpack it there at some point?
 
An immediate fix / workaround is to not use special characters in SSIDs or passphrases. I use ! in one of my passphrases and it’s fine, however.

I used to use special characters in my passwords myself, but at a certain point, when I experienced similar troubles, I researched what is actually the difference between the amount of time before something can be cracked by a brute force attack.

As a completely random and unguessable password like 'fnrw0UHUABS1y2iz' (16 chars alphanumerical, capital and lower capital, numbers but NO special characters) already takes literally centuries to crack, I figured I'll be safe, at least during my lifetime and certainly the lifespan of my equipment. These are estimates of course, but the reality is that some of us tend to overcomplicate things unnecessarily. A longer, more complicated isn't, contrary to what most think, necessarily a better, stronger password.

If anyones' interested in calculating password strengths, this is the tool I often use: https://bitwarden.com/password-strength/ (created by a Reddit user, who like me, got fed up with the Lastpass issues and developed his own password manager (free to use but with a very affordable Premium version which is worth every penny) and a complete suite along with it, for home as well as business users). There's no need to overcomplicate things, as you have experienced it can cause enough trouble to find the cause, which could be as simple as a backslash.

If you wish to generate password and see at the same time how much time it would to crack it (changes password regularly is a good habit btw), visit https://bitwarden.com/password-generator/

*Disclaimer: I'm in no way affiliated with Bitwarden, there are no hidden referral links above, I'm just an enthousiastic user hoping to prevent others from experiencing similar troubles.

Well, that'll be enough before I get corrected again for going off topic. Please read before it gets removed as I think it's relevant for all of us.
 
Last edited:
An immediate fix / workaround is to not use special characters in SSIDs or passphrases. I use ! in one of my passphrases and it’s fine, however.
Unfortunately this temporary solution does not work in my case. However the SSID is "test" and the password "123456789"
333.png
 
As a completely random and unguessable password like 'fnrw0UHUABS1y2iz' (16 chars alphanumerical, capital and lower capital, numbers but NO special characters) already takes literally centuries to crack, I figured I'll be safe, at least during my lifetime and certain the lifespan of my equipment.

For those that doubt, consider the distributed.net RC5-72 project. They've had decades of experience optimizing their code to maximize throughput brute-forcing keys. The project has been working on using thousands of computers to brute force a 72-bit key for over 18 years and they've only managed to try 7.9% of the possible keys. A 72-bit key is equivalent to 12.7 alphanumeric characters.

My Ryzen 3900X system is 'only' able to brute force ~500,000,000 keys per second. A 12-character alpha numeric password would take up to 24,000 years to brute force on my machine. Or it would take 24,000 of my CPUs a up to a year.
 
After updating my usb drive with addons does not show up, what could be the cause?

rt-ac86u

VPN director is pretty awesome feature
lol, someone dropped the usb-sata box drive was in so ssd fall off sata connector inside. Nothing wrong with wrt merlin
 
Status
Not open for further replies.

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top