Custom firmware build for Orbi (a la FAQ)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Voxel

Very Senior Member
Well, Orbi firmware. There are a lot of questions from Orbi owners regarding my version of firmware. I do support Orbi not so long time so let us clarify. Something like FAQ regarding Voxel firmware.

1.
Q: Is it firmware modification of binary stock firmware? Something like KoolShare mod made with Firmware Mod Kit or something similar?

A: No. I do the real compilation of my version from source codes by GCC compiler, it is not mod. I use as a base GPL source codes from NG. The only: I have to use limited set of pre-built modules included into NG’s GPL in binary form i.e. w/o source codes.

2.
Q: Is it just a modified version of the stock firmware?

A: Yes and no. We can say that stock firmware is just a modified version of OpenWRT Chaos Calmer, see e.g. the text file of your stock firmware /etc/openwrt_release

DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='Chaos Calmer'
DISTRIB_REVISION='unknown'
DISTRIB_CODENAME='chaos_calmer'
DISTRIB_TARGET='ipq806x/generic'
DISTRIB_DESCRIPTION='OpenWrt Chaos Calmer 15.05.1'
DISTRIB_TAINTS='no-all'

with the proprietary enclosed drivers from QCA optimized for this concrete version of hardware and with WebGUI made by NG/DNI. Yes, I use modification of the sources from NG to provide the real compatibility with stock firmware extending router’s functionality, fixing CVE, bugs, optimizing the performance of these Orbi gadgets and renewing old GPL open source packages (what de-facto also means fixing bugs and CVE). So yes and no. But very initial source is OpenWRT CC, isn’t it?

3.
Q: “It confuses me that one guy could magically fix a premium product like Orbi from a big company like Netgear with own big development team”.

A: First, Netgear is using outsourcing company DNI for development their firmware builds:

http://www.dninetworks.com/

and does not have its own development team. IMO (I stress: just IMO) the only advantage to use outsourcing company is to save the money for support of Company’s consumers. On the other hand the primary goal of outsourcing company is to release the contracted ordered software product as soon as possible maximizing profits and minimizing own efforts plus expenses for developer’s resources. This (again IMO) does not assume acceptable level of the quality for resulting software product.

Second, it looks for me that there is a lack of synergy and re-usability of what was already done among DNI development teams. No centralized software development management. I have to proceed with firmware for R7500, R7800, R9000 and now Orbi and it very often happens that bug or CVE was already fixed for one model but it is left not fixed or even vice versa introduced for other model of router in the new release of firmware. And when initial firmware for very new router is released, there is common part of software/packages used. But after some time everything inside (internally) is too different. Looks as every team is performing their own independent development and is not aware that this was already developed in the neighboring office room. For example R7500/R7800, R9000, R8900, Orbi firmware are compiled by three (!) different (and old) versions of compiler instead of centralized unified software tools common for all QCA based routers support. Kernel’s vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 are fixed for R7800/R9000/R8900 but not for Orbi. Etc, etc, etc.

I am alone really and I have to maximize the re-usability of what I did already for one router to avoid duplication of my job. I have to use the same set of build tools (compiler, assembler, host tools) and most fresh versions of build tools for all router I support (to simplify the maintenance of my versions for these models).

Third, I am professional researcher, developer and scientist. I worked dozens of years in the Japanese Software Company producing extremely high quality software: Computer Graphics applications (famous Japanese quality of 90s with multiply levels of quality checking and testing) as a senior development manager. Our customers were not private persons but huge serious companies such as Toshiba, Toyota, Matsushita, Sony, Sekisui, NEC, Airbus etc. Dissatisfied customer means no contract and thus no money for us.

On the other hand I am just one of you, i.e. I am consumer of NG production, I do use these routers for myself. I started with firmware because of my own dissatisfaction by the quality of the stock firmware incomparable with the quality of the applications what my team had to release. So I release it for myself as well (vs outsourcing) applying my knowledge and experience to the builds of my versions. If I develop something I have to do this perfectly (because I’ll use it as well :)). I should not feel the dissatisfaction by my work.

4.
Q: Why aren’t they just hiring him to fix it if they’re incapable?

A: Well. I’ve suggested NG to cooperate (to increase the quality of the stock firmware versions). For free BTW. My suggestion was silently ignored by NG. So I do not touch them, they do not touch me. I am open for cooperation but I think they are not interested. DNI outsourcing is enough for NG. I decided to stop issuing my bug reports and passing them to NG and the way how to fix because of ignoring these reports by NG. Waste of my time.
(And regarding hiring. If they would intend to hire me, there should be attractive for me offer. I am not jobless person seeking for a job).

5.
Q: What is a difference Voxel vs stock? What’s new functionality?

A:
(1) Optimization of performance. Stock firmware is not optimized for this concrete device, does not use all the power, capabilities and specific of the target platform, but it use generic target ARM. Voxel FW is optimized for concrete Orbi CPU (Cortex-A7 with extended instructions set), is using its FPU (not used at all in the stock), uses both: NEON acceleration of OpenSSL (twice faster vs stock) and hardware acceleration of OpenSSL with PCI crypto device (up to seven times faster vs stock, and stock does not use this device at all). OpenSSL is used for backhaul connection as well BTW. So now it should be faster because of this double acceleration.
Plus general optimization of total performance because of optimal compiler options and most fresh compiler (CGG 9.3.0 with its increased level of optimization). Software should force hardware to use its full capabilities and power.

(2) Fixing bugs and CVE. Software should be up-to-date. Reliability and safety.

(3) New functionalities . Such as WireGuard client, OpenVPN client, DNSCrypt Proxy and Stubby (your privacy), possibility to share your USB drive attached to Orbi in your LAN (NAS, fileserver), possibility to map the network drive (client of fileserver/NAS), access by SSH and … Entware of course. I.e. possibility to install more than 2.5 thousands additional packages such as your own web servers, performance monitor, bittorent downloader, whatever you want… Most of users do not need all this but they can continue to use Orbi as with stock firmware…

(4) Possibility to disable extra not used by owner functionality such as Armor, Disney Circle, etc. All these above when enabled decrease the performance of Orbi thus the speed of Internet.

(5) Well, I see your feedbacks and bug reports. NG has a lot of staff for support but firmware developers (outsourcing) are too far from your feedbacks and bug reports.

Regards,
Voxel.
 

aggybong

New Around Here
Thank you for the FAQ!

I have been interested in switching to your firmware, but the reports of bricking got me scared enough to hold off. Are there sure-fire ways to avoid it?
 

Voxel

Very Senior Member
Thank you for the FAQ!

I have been interested in switching to your firmware, but the reports of bricking got me scared enough to hold off. Are there sure-fire ways to avoid it?
Just do not reset your Orbi to factory settings and no brick. If yo need reset: do it when you have stock firmware flashed.

P.S. I’ll check this issue soon.

Voxel.
 

PeighDay

New Around Here
Just a quick question. Does your firmware support a wired backhaul connection?

Thank you in advance.


Sent from my iPhone using Tapatalk Pro
 

RFG

New Around Here
Hi,

Sorry if this question was already answered before but is there a possibility of support real vlan on your firmware? Thanks for your work!
 

ScottKsander

New Around Here
First, great work. You are very talented and your work is much appreciated.

Second, a question. I have an Orbi that has a problem. I have connected the serial port header and get the console output from the PBL down through DDR Frequency (below) but then U-Boot does not execute. A lot must be working, however, to get to this point. I am guessing the U-Boot image is corrupted somehow. This would appear to mean I need to reload that with a JTAG since the serial port seems unresponsive at that point. Any pointer on next steps? Any experience with JTAG for Orbi?

Again, thanks.

Scott

------

Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.1.1-00110
S - IMAGE_VARIANT_STRING=DAAAANAZA
S - OEM_IMAGE_VERSION_STRING=CRM
S - Boot Config, 0x00000023
S - Reset status Config, 0x00000000
S - Core 0 Frequency, 0 MHz
B - 262 - PBL, Start
B - 1341 - bootable_media_detect_entry, Start
B - 50692 - bootable_media_detect_success, Start
B - 50706 - elf_loader_entry, Start
B - 52906 - auth_hash_seg_entry, Start
B - 55063 - auth_hash_seg_exit, Start
B - 90086 - elf_segs_hash_verify_entry, Start
B - 205000 - PBL, End
B - 205024 - SBL1, Start
B - 297221 - pm_device_init, Start
D - 9 - pm_device_init, Delta
B - 298733 - boot_flash_init, Start
D - 30023 - boot_flash_init, Delta
B - 333108 - boot_config_data_table_init, Start
D - 2774 - boot_config_data_table_init, Delta - (419 Bytes)
B - 340797 - clock_init, Start
D - 7526 - clock_init, Delta
B - 352196 - CDT version:2,Platform ID:8,Major ID:1,Minor ID:0,Subtype:1
B - 355602 - sbl1_ddr_set_params, Start
B - 360696 - cpr_init, Start
D - 2 - cpr_init, Delta
B - 365079 - Pre_DDR_clock_init, Start
D - 4 - Pre_DDR_clock_init, Delta
D - 13172 - sbl1_ddr_set_params, Delta
B - 378376 - pm_driver_init, Start
D - 2 - pm_driver_init, Delta
B - 449726 - sbl1_wait_for_ddr_training, Start
D - 28 - sbl1_wait_for_ddr_training, Delta
B - 465932 - Image Load, Start
D - 15015 - QSEE Image Loaded, Delta - (262104 Bytes)
B - 481376 - Image Load, Start
D - 899 - SEC Image Loaded, Delta - (0 Bytes)
B - 491221 - Image Load, Start
D - 12529 - APPSBL Image Loaded, Delta - (416039 Bytes)
B - 504177 - QSEE Execution, Start
D - 60 - QSEE Execution, Delta
B - 510358 - SBL1, End
D - 307446 - SBL1, Delta
S - Flash Throughput, 25214 KB/s (678738 Bytes, 26919 us)
S - DDR Frequency, 672 MHz
 

aggybong

New Around Here
Just do not reset your Orbi to factory settings and no brick. If yo need reset: do it when you have stock firmware flashed.

P.S. I’ll check this issue soon.

Voxel.
Thanks for the response!

I also wanted to point out that the readme.docx on the main page header has some information that could lead to users bricking their Orbi:
Flashing modified firmware.
Nothing special. Just recommendation to restore factory settings in router WebGUI, after you flash my modified FW. Then setup your Wi-Fi, WAN LAN etc settings manually from the scratch.
It does not mention the instructions are for Orbi, but it is linked on the main page with no reference, and for those who do a quick read, they may not realize that following those instructions on an Orbi will soft-brick the router. Similarly, the QuickStart.txt file included with the Orbi firmware does not mention the bricking if reset issue.
 

Skippy Bosco

Regular Contributor
On the tab bar of the Voxel website there is a "Readme" tab that links to a readme.docx file. The document has this line as part of the instructions:

After flashing Voxel's firmware, don't forget to restore factory settings in the router WebGUI.
While the document does indicate it is for a different router than Orbi, it is creating confusion and causing some users to soft brick their routers.

Would it be possible to either:

1) remove the instructions to factory reset

or

2) remove the readme link since there is a read me included with the firware downloads

or

3) update the link to ask which router you have and direct you to the router specific read me.
 

Voxel

Very Senior Member
Wow... Forum is changed...

First, great work. You are very talented and your work is much appreciated.
Thank you.
Any experience with JTAG for Orbi?
I am sorry, but no experience with JTAG. Fortunately (for me) and unfortunately for you: but I've never disassembled my router. Maximal: soft brick recovered by TFTP since 2015. So just theoretical knowledge of how to use JTAG.

I have an experience with U-Boot because of my primary job (because of dealing with avionics). But no concrete Orbi, sorry.

Voxel.
 

Voxel

Very Senior Member
README should be updated. I know. Coming soon, but I am extremely busy now (as usual :-( ), sorry. To add Orbi specific stuffs. But currently it is for R7500/R7800/R8900/R9000, not for Orbi.

Voxel.
 

ScottKsander

New Around Here
Well, Orbi firmware. There are a lot of questions from Orbi owners regarding my version of firmware. I do support Orbi not so long time so let us clarify. Something like FAQ regarding Voxel firmware.

1.
Q: Is it firmware modification of binary stock firmware? Something like KoolShare mod made with Firmware Mod Kit or something similar?

A: No. I do the real compilation of my version from source codes by GCC compiler, it is not mod. I use as a base GPL source codes from NG. The only: I have to use limited set of pre-built modules included into NG’s GPL in binary form i.e. w/o source codes.

2.
Q: Is it just a modified version of the stock firmware?

A: Yes and no. We can say that stock firmware is just a modified version of OpenWRT Chaos Calmer, see e.g. the text file of your stock firmware /etc/openwrt_release

DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='Chaos Calmer'
DISTRIB_REVISION='unknown'
DISTRIB_CODENAME='chaos_calmer'
DISTRIB_TARGET='ipq806x/generic'
DISTRIB_DESCRIPTION='OpenWrt Chaos Calmer 15.05.1'
DISTRIB_TAINTS='no-all'


with the proprietary enclosed drivers from QCA optimized for this concrete version of hardware and with WebGUI made by NG/DNI. Yes, I use modification of the sources from NG to provide the real compatibility with stock firmware extending router’s functionality, fixing CVE, bugs, optimizing the performance of these Orbi gadgets and renewing old GPL open source packages (what de-facto also means fixing bugs and CVE). So yes and no. But very initial source is OpenWRT CC, isn’t it?

3.
Q: “It confuses me that one guy could magically fix a premium product like Orbi from a big company like Netgear with own big development team”.

A: First, Netgear is using outsourcing company DNI for development their firmware builds:

http://www.dninetworks.com/

and does not have its own development team. IMO (I stress: just IMO) the only advantage to use outsourcing company is to save the money for support of Company’s consumers. On the other hand the primary goal of outsourcing company is to release the contracted ordered software product as soon as possible maximizing profits and minimizing own efforts plus expenses for developer’s resources. This (again IMO) does not assume acceptable level of the quality for resulting software product.

Second, it looks for me that there is a lack of synergy and re-usability of what was already done among DNI development teams. No centralized software development management. I have to proceed with firmware for R7500, R7800, R9000 and now Orbi and it very often happens that bug or CVE was already fixed for one model but it is left not fixed or even vice versa introduced for other model of router in the new release of firmware. And when initial firmware for very new router is released, there is common part of software/packages used. But after some time everything inside (internally) is too different. Looks as every team is performing their own independent development and is not aware that this was already developed in the neighboring office room. For example R7500/R7800, R9000, R8900, Orbi firmware are compiled by three (!) different (and old) versions of compiler instead of centralized unified software tools common for all QCA based routers support. Kernel’s vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 are fixed for R7800/R9000/R8900 but not for Orbi. Etc, etc, etc.

I am alone really and I have to maximize the re-usability of what I did already for one router to avoid duplication of my job. I have to use the same set of build tools (compiler, assembler, host tools) and most fresh versions of build tools for all router I support (to simplify the maintenance of my versions for these models).

Third, I am professional researcher, developer and scientist. I worked dozens of years in the Japanese Software Company producing extremely high quality software: Computer Graphics applications (famous Japanese quality of 90s with multiply levels of quality checking and testing) as a senior development manager. Our customers were not private persons but huge serious companies such as Toshiba, Toyota, Matsushita, Sony, Sekisui, NEC, Airbus etc. Dissatisfied customer means no contract and thus no money for us.

On the other hand I am just one of you, i.e. I am consumer of NG production, I do use these routers for myself. I started with firmware because of my own dissatisfaction by the quality of the stock firmware incomparable with the quality of the applications what my team had to release. So I release it for myself as well (vs outsourcing) applying my knowledge and experience to the builds of my versions. If I develop something I have to do this perfectly (because I’ll use it as well :)). I should not feel the dissatisfaction by my work.

4.
Q: Why aren’t they just hiring him to fix it if they’re incapable?

A: Well. I’ve suggested NG to cooperate (to increase the quality of the stock firmware versions). For free BTW. My suggestion was silently ignored by NG. So I do not touch them, they do not touch me. I am open for cooperation but I think they are not interested. DNI outsourcing is enough for NG. I decided to stop issuing my bug reports and passing them to NG and the way how to fix because of ignoring these reports by NG. Waste of my time.
(And regarding hiring. If they would intend to hire me, there should be attractive for me offer. I am not jobless person seeking for a job).

5.
Q: What is a difference Voxel vs stock? What’s new functionality?

A:
(1) Optimization of performance. Stock firmware is not optimized for this concrete device, does not use all the power, capabilities and specific of the target platform, but it use generic target ARM. Voxel FW is optimized for concrete Orbi CPU (Cortex-A7 with extended instructions set), is using its FPU (not used at all in the stock), uses both: NEON acceleration of OpenSSL (twice faster vs stock) and hardware acceleration of OpenSSL with PCI crypto device (up to seven times faster vs stock, and stock does not use this device at all). OpenSSL is used for backhaul connection as well BTW. So now it should be faster because of this double acceleration.
Plus general optimization of total performance because of optimal compiler options and most fresh compiler (CGG 9.3.0 with its increased level of optimization). Software should force hardware to use its full capabilities and power.

(2) Fixing bugs and CVE. Software should be up-to-date. Reliability and safety.

(3) New functionalities . Such as WireGuard client, OpenVPN client, DNSCrypt Proxy and Stubby (your privacy), possibility to share your USB drive attached to Orbi in your LAN (NAS, fileserver), possibility to map the network drive (client of fileserver/NAS), access by SSH and … Entware of course. I.e. possibility to install more than 2.5 thousands additional packages such as your own web servers, performance monitor, bittorent downloader, whatever you want… Most of users do not need all this but they can continue to use Orbi as with stock firmware…

(4) Possibility to disable extra not used by owner functionality such as Armor, Disney Circle, etc. All these above when enabled decrease the performance of Orbi thus the speed of Internet.

(5) Well, I see your feedbacks and bug reports. NG has a lot of staff for support but firmware developers (outsourcing) are too far from your feedbacks and bug reports.

Regards,
Voxel.
I know I have read about your development environment but can’t locate it. Debian? If a duplicate that setup, can I build from Github? Thakns
 

ten24bytes

New Around Here
On the tab bar of the Voxel website there is a "Readme" tab that links to a readme.docx file. The document has this line as part of the instructions:



While the document does indicate it is for a different router than Orbi, it is creating confusion and causing some users to soft brick their routers.

Would it be possible to either:

1) remove the instructions to factory reset

or

2) remove the readme link since there is a read me included with the firware downloads

or

3) update the link to ask which router you have and direct you to the router specific read me.
Indeed, I am one of those who was confused by the README.DOCX and did a factory reset after flashing the f/w. Had a soft brick and wasn't able to TFTP as the router wasn't replying to pings.
It took my more than three weeks between work and had to go through a lot of pain and research before I was finally able to successfully do a TFTP to my router.

I would highly recommend that the README be updated at the earliest.

Thanks for all your work and making the Orbi even better!
 

namsat

New Around Here
Looks like a nice project! I have an RBR20 and Satellites. Do you @Voxel or anyone else know if this firmware will work on the RBR20? The base firmware is the same
Code:
[email protected]:/etc# cat openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='Chaos Calmer'
DISTRIB_REVISION='r6043'
DISTRIB_CODENAME='chaos_calmer'
DISTRIB_TARGET='ipq806x/generic'
DISTRIB_DESCRIPTION='OpenWrt Chaos Calmer 15.05.1'
DISTRIB_TAINTS='no-all'
[email protected]:/etc# cat openwrt_version
15.05.1
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top