Accessing modem via N66U and WPS hack?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

diehardfan

Occasional Visitor
Just got myself a N66U currently trying out 246 Merlin build, coming from a WRT54GL running Thibor, so far loving it.

Got couple of questions:
-How do I access the modem in bridge mode (ST516) via N66U?
With the WRT54GL, I just had to add "ip addr add 10.0.0.137/24 dev vlan1 brd +" in the startup script which enables me to access the modem.

-Read about the WPS hack, how to complete disable this to prevent hacking into my router? I know you can disable it via the GUI but its said that some routers are still vulnerable after turning it off via the GUI, is N66U effected by this? I don't use WPS.

Thanks!
 

RMerlin

Asuswrt-Merlin dev
Modem interface: you can do it through some custom iptable rules (no need to fiddle with vlans and what not).

This is based on this Wiki page for DD-RT:

http://www.dd-wrt.com/wiki/index.php/Access_To_Modem_Configuration

This can be adapted to Asuswrt-Merlin.

wan-start script:

#!/bin/sh
ifconfig `nvram get wan0_ifname`:0 10.0.0.2 netmask 255.255.255.0

(change 10.0.0.2 to be in your modem's subnet, i.e. if the modem is on 192.168.100.254, then use 192.168.100.2 instead)

nat-start script:

#!/bin/sh
iptables -t nat -I POSTROUTING -o `nvram get wan0_ifname` -j MASQUERADE

(those are backticks, NOT quotes BTW)

Check the Wiki on Github (see my signature) for more info on JFFS and custom user scripts under Asuswrt-Merlin.

I can't test it because I no longer use a DSL modem, but I used to have something similar here to access my modem's webui.

Let me know if this works as-is, so I can repost it on the Wiki. It's been too long since I've used that configuration, so I'm not 100% sure it's accurate.

WPS: the wps_monitor service only gets started if you have WPS enabled on the webui, so you should be safe if you keep it disabled.
 

diehardfan

Occasional Visitor
Oh wow, that is quite a long process especially for a newbie like me. With the WRT54GL it was just a matter or adding that line into the startup script and done. Was just wishing it was that simple.
Gonna read through it little later.

Merlin, I don't know where to put those scripts? I enabled and formatted JFFS but don't see anywhere to save those scripts in /jffs/scripts/.
Please bare with me, I am a "monkey see monkey do" when it comes to stuff like this.
 

RMerlin

Asuswrt-Merlin dev
If you can see the /jffs/scripts/ folder then it means you are half-way there: JFFS is properly enabled and formatted.

If you never used the "vi" editor before then I recommend you create the two files on a USB disk using your favorite text editor (make sure they don't get an extra '.txt" added - Notepad is pretty bad for that). Plug it into your router, then go to Tools ->Run Cmd. Run these commands (one after another):

cp /mnt/sda1/*-start /jffs/scripts/
chmod a+rx /jffs/scripts/*

(assuming you have only one USB disk plugged to the router, otherwise you might need to replace sda1 with sdb1).

Then reboot your router.
 

diehardfan

Occasional Visitor
Sorry Merlin but where do you go see /jffs/scripts/ folder?
All I did was go under Administrator --> System --> Yes to Enabled JFFS and Fomat JFFS and rebooted. Now Just Enable JFFS is Yes. Other than that I looked everywhere in the webgui and cannot find JFFS folder. I have been told I am blind sometimes ;)

No idea what a "vi" editor is.
If I use notepad, just make sure when I save I select "All files" under Save as type? How about the Encoding?
I assume the two files will each contain wan-start script and nat-start script separately? What name do I safe the files under?

Also, after I reboot. Does the USB stick has to be always plugged in form here on?

Again, please forgive my questions. I am a total newbie at this. I am not even a programmer. Also, given that I am from Toronto, you know we are not the brightest sometimes :).
 

RMerlin

Asuswrt-Merlin dev
Sorry Merlin but where do you go see /jffs/scripts/ folder?
All I did was go under Administrator --> System --> Yes to Enabled JFFS and Fomat JFFS and rebooted. Now Just Enable JFFS is Yes. Other than that I looked everywhere in the webgui and cannot find JFFS folder. I have been told I am blind sometimes ;)

I assumed you had already looked through telnet to confirm that the folder was there. We'll have to assume that it was properly created then.

f I use notepad, just make sure when I save I select "All files" under Save as type? How about the Encoding?

Best way to be sure is to use a more advanced text editor like Notepad++ (free) or Textpad (what I personally use, free for 30 days if I recall).

I assume the two files will each contain wan-start script and nat-start script separately? What name do I safe the files under?

wan-start and nat-start are the actual filenames.

Also, after I reboot. Does the USB stick has to be always plugged in form here on?

No, it's only used to make it easier to create and store the files in their final location inside /jffs/scripts/ , which is located in the router's flash memory.

Again, please forgive my questions. I am a total newbie at this. I am not even a programmer. Also, given that I am from Toronto, you know we are not the brightest sometimes :).

Developers rarely write good documentation for novice users unfortunately. Maybe someone else might be able to provide you with a more in-depth tutorial. You are currently trying to do something that's considered advanced (modifying a router's network interfaces and firewall rules), so, errm... some manual assembly is required :)
 

MoogLe

Regular Contributor
im also looking to do this!

gonna be doing some reading on the links merlin posted

ill post my results if i succeed.

diehardfan, please do the same. I'm in the same boat as you, not a network expert, just an enthusiast that follows instructions well lol.
 

diehardfan

Occasional Visitor
Merlin, I created the two files using notepad++ and saved the two files as wan-start and nat-start.
-When saving these files, I selected under "Save as type" as "All files (*.*), is that right?

Also, does the USB needs to be formatted to a specific file system? Currently FAT32.

After putting the above files into a FAT32 USB key, the n66u webgui sees it. But when I then go to Tools ->Run Cmd and run the first command:

cp /mnt/sda1/*-start /jffs/scripts/

I get this error
cp: can't stat '/mnt/sda1/*-start': No such file or directory

I even tried sdb1, same error instead says sdb1.
What am I doing wrong?

I telnet into the router and /jffs/scripts folder was there (Used command cd /jffs/scripts.

Again, THANKS for your patience.
 

RMerlin

Asuswrt-Merlin dev
Merlin, I created the two files using notepad++ and saved the two files as wan-start and nat-start.
-When saving these files, I selected under "Save as type" as "All files (*.*), is that right?

Also, does the USB needs to be formatted to a specific file system? Currently FAT32.

After putting the above files into a FAT32 USB key, the n66u webgui sees it. But when I then go to Tools ->Run Cmd and run the first command:



I get this error


I even tried sdb1, same error instead says sdb1.
What am I doing wrong?

I telnet into the router and /jffs/scripts folder was there (Used command cd /jffs/scripts.

Again, THANKS for your patience.

You're probably almost there :)

Since you use FAT32, it means the device is probably mounted on a different name. While connected through telnet, do the following:

cd /mnt
ls

This will show you the name of the directory (this is actually called a mount point) that contains your USB disk's file. If you see, for example, KINGSTON, then enter is this way:

cd KINGSTON

Note that Linux is case-sensitive.

Once there, check again using the "ls" command to confirm that the two files are there. You can copy them this way:

cp wan-start /jffs/scripts/
cp nat-start /jffs/scripts/
chmod a+rx /jffs/scripts/*

That third command will make sure the files are marked as being executable scripts.

Then, reboot your router, and see if you can access your modem's web interface.
 

diehardfan

Occasional Visitor
You're probably almost there :)

Since you use FAT32, it means the device is probably mounted on a different name. While connected through telnet, do the following:



This will show you the name of the directory (this is actually called a mount point) that contains your USB disk's file. If you see, for example, KINGSTON, then enter is this way:



Note that Linux is case-sensitive.

Once there, check again using the "ls" command to confirm that the two files are there. You can copy them this way:



That third command will make sure the files are marked as being executable scripts.

Then, reboot your router, and see if you can access your modem's web interface.

The file copying went smoothly, just as you mentioned.

But, what address do I use to access the modem's web interface now? Used to be http://10.0.0.138/ . 10.0.0.138 is still giving me cannot display the webpage

I rebooted the router twice and these are the files I copied:
http://dl.dropbox.com/u/32791915/nat-start
http://dl.dropbox.com/u/32791915/wan-start
Also would like to verify, I created the two files using notepad++
-When saving these files, I selected under "Save as type" as "All files (*.*), is that right?

THANKS!!
 
Last edited:

RMerlin

Asuswrt-Merlin dev
Should be http://10.0.0.138, yes.

As long they are called wan-start and not wan-start.txt, that means you saved them correctly, yes.

After rebooting, run the following commands to make sure the commands were run succesfully by your router:

ifconfig eth0:0

This should mention 10.0.0.2

ping 10.0.0.138

Press Ctrl-C to stop it after a few replies. This should confirm that the router is able to locally reach your modem through the new interface you just configured.

iptables -t nat -L POSTROUTING

This will confirm if the new routing rule was properly added.
 
Last edited:

diehardfan

Occasional Visitor
when I type this command
ifconfig eth0:0
in Tools-->Run cmd I get this

eth0:0 Link encap:Ethernet HWaddr 50:46:5D:XX:XX:XX
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:4 Base address:0x2000

no mention of 10.0.0.2
NOTE: I put the XX:XX:XX in there, as that is the MAC address of my router.

something went wrong?
 
Last edited:

RMerlin

Asuswrt-Merlin dev
when I type this command in Tools-->Run cmd I get this



no mention of 10.0.0.2
NOTE: I put the XX:XX:XX in there, as that is the MAC address of my router.

something went wrong?

Yes, as this should return information indicating this virtual interface is assigned the 10.0.0.2 IP.

Try manually running the first script to see if it's working properly:

/jffs/scripts/wan-start
ifconfig eth0:0

If it fails, try directly running the content of that script (the "ifconfig" line) and check again afterward with ifconfig eth0:0.
 

diehardfan

Occasional Visitor
when I this type in Tools --> Cmd Run
/jffs/scripts/wan-start
I get:
sh: /jffs/scripts/wan-start: not found


Then I ran the scripts manually as you asked:
Ran the wan-script code first:
ifconfig `nvram get wan0_ifname`:0 10.0.0.2 netmask 255.255.255.0


then
ifconfig eth0:0
got
eth0:0 Link encap:Ethernet HWaddr 50:46:5D:XX:XX:XX
inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:4 Base address:0x2000


Got a little adventures and ran the nat-script too: :D
iptables -t nat -I POSTROUTING -o `nvram get wan0_ifname` -j MASQUERADE

and voila was able to access the modem's webgui at http://10.0.0.138/


So it seems like it is having problems with seeing the scripts in jffs/scripts

When I telnet in jffs/scripts/, I do see the files:
ASUSWRT RT-N66U_3.0.0.4 Tue Nov 13 21:00:03 UTC 2012
[email protected]:/tmp/home/root# cd /jffs/scripts/
[email protected]:/jffs/scripts# ls
nat-start wan-start
[email protected]:/jffs/scripts#
 
Last edited:

RMerlin

Asuswrt-Merlin dev
Yay, at least now we know these rules work :)

Did you make your scripts executable?

chmod a+rx /jffs/scripts/*

Then try again running the script manually.

If it still fails then there must be something incorrect inside your script. Let me know if it still fails, and I'll send you actual scripts for you to copy there, in case something went wrong in their encoding.
 

diehardfan

Occasional Visitor
Yes I did make the scrips executable, but to be safe I did it again.
Got a blank screen after I entered the "chmod a+rx /jffs/scripts/*" command.

Then I put in
/jffs/scripts/wan-start
still getting

sh: /jffs/scripts/wan-start: not found

But its there when I telnet in.....
:confused:
 

RMerlin

Asuswrt-Merlin dev
Could be an encoding issue. I'll PM you with AiCloud links to both files that I just created. Copy them on top of your own files, then re-run chmod a+rx on them.
 

diehardfan

Occasional Visitor
was just browing via telnet and it seems like the files are executable
ASUSWRT RT-N66U_3.0.0.4 Tue Nov 13 21:00:03 UTC 2012
[email protected]:/tmp/home/root# cd /jffs/scripts/
[email protected]:/jffs/scripts# vdir
-sh: vdir: not found
[email protected]:/jffs/scripts# ls
nat-start wan-start
[email protected]:/jffs/scripts# ls -al
drwxr-xr-x 2 admin root 0 Dec 3 00:22 .
drwxr-xr-x 5 admin root 0 Dec 31 1969 ..
-rwxrwxrwx 1 admin root 83 Dec 3 00:22 nat-start
-rwxrwxrwx 1 admin root 77 Dec 3 00:22 wan-start
[email protected]:/jffs/scripts#

Also, I just copy and pasted the codes directly from your instructions using notepad++ for the two files.
 

RMerlin

Asuswrt-Merlin dev
There's a chance the files were saved encoded in DOS format, which can cause issues for Linux scripts. I just PMed you links to download both files that I created directly under Linux. I also specified the full command paths to be 100% sure they work properly as startup scripts.
 

diehardfan

Occasional Visitor
Could be an encoding issue. I'll PM you with AiCloud links to both files that I just created. Copy them on top of your own files, then re-run chmod a+rx on them.


YAHHHH!!!!!!!! That worked!!! Awesome!!!

Was checking the code inside those files, its a little different from the one your post, post #2 on this thread.

These are the files I created, the two difference I see it the once you sent me had no enter and some additional command.
Was that the problem?
 
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top