Custom firmware build for Orbi RBK50/RBK53 (RBR50, RBS50) v. 9.2.5.0.43SF-HW

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Voxel

Very Senior Member
Continuation of

https://www.snbforums.com/threads/custom-firmware-build-for-orbi-rbk50-v-2-5-0-42sf-hw.60308/

New version of my custom firmware build: 9.2.5.0.43SF-HW.

Changes (vs 2.5.0.42SF-HW):

1. Support of HiLink modem (3G/LTE: in RNDIS/CDC mode) is added.
2. WireGuard v. 20191212 is added (kernel module + "wg" utility).
3. Issue with telnet login is fixed.
4. Dropbear (SSH) is changed to allow password login (use WebGUI password for "root" user).
5. DnsCrypt Proxy v2 is upgraded to version 2.0.35.
6. stubby config is changed (not so strict requirements to the server).
7. e2fsprogs: CVE-2019-5094 and specific DNI patches are added.
8. bzip2 package is upgraded to version 1.0.8 and enabled instead of busybox version.
9. curl package is upgraded 7.66.0->7.67.0.
10. libnl-tiny package is upgraded 0.1->2019-10-29.
11. proftpd package is upgraded 1.3.3->1.3.6 plus CVE-2019-12815 patch.
12. Several NG/DNI bugs are fixed.
13. 14 not used now packages are disabled.
14. Debug: Possibility to separate SSIDs (2.4GHz/5GHz).
15. Default Congestion Control Algorithm is changed to YeAH.
16. Host tools: 19 components are upgraded to allow compilation on Debian Buster.
17. Numeration of firmware is changed (starting from "9") to avoid firmware auto updates from NG (stock).

(a) To set a separate SSID for the 5 GHz network on your Orbi RBR:
• From telnet/ssh console run
Code:
nvram set wla_ssid="NAME OF YOUR 5GHZ NETWORK"
nvram set allow_diff_ssid=1
nvram commit
• Reboot your RBR and RBS
• Set “allow_diff_ssid” in nvram to “0” to disable separate SSIDs.
NOTE: It is not recommended to separate the SSIDs. Your connection could be unstable. Under your own risk.
(b) WireGuard (everything from console, for advanced users):
To use it you should first load the kernel module:
Code:
insmod /lib/modules/3.14.77/wireguard.ko
After this you should use the commands: ip, route, iptables, wg. See:

https://www.wireguard.com/quickstart/

NOTE: Your iptables rules for WireGuard should be included into /opt/scripts/firewall-start.sh script, see my QuickStart.txt​

(c) SSH: it is set to allow password login. User is: root. Password is: your WebGUI password.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Voxel.
 

alceasan

Occasional Visitor
Thank you Voxel!! Login with password is working again, at least on SSH (I haven'nt tried on telnet). Starting to play with it :)
 

e38BimmerFN

Very Senior Member
Just curious why there is a v9 in the FW version? I presume this was intended? Just curious.
 

L&LD

Part of the Furniture
@e38BimmerFN, that is so it can't auto-update to stock. ;)
 

e38BimmerFN

Very Senior Member
Ah I see...
 

e38BimmerFN

Very Senior Member

Voxel

Very Senior Member
Will be great when Voxel does his magic on the new stock FW version:
https://kb.netgear.com/000061530/RBR50-RBS50-Firmware-Version-2-5-1-8

This fixes the device naming issue users are unhappy about in prior versions. I checked v43SF-HW and it has this problem as well. I reverted to this new stock version to test this out.
2.5.1.8 was released after I prepared my version. So I decided to release my version anyway. There are plans to integrate the changes from 2.5.1.8 but it is really not so easy to do it soon. I do process this version (GPL sources) since yesterday (2.5.1.8) and I've seen the changes in device name processing (net-scan package is disabled and attached-devices package is used now). But there are other changes. Such integration requires a lot of efforts and time from me.

Voxel.
 

e38BimmerFN

Very Senior Member
Yes I was aware of this. Just wanted to post about this being available. Seems it working well for me and others. Just needs your loving touch is all. Hehe. o_O
We wait patiently.

Thank you. ;)
 

alceasan

Occasional Visitor
So far so good with this version, I already have dnscrypt working with adblock filtering, thank you Voxel!

Anyway, now I'm trying to get a way of persist data into the RBR50 between reboots without using an USB drive (my model and the new ones doesn't have an USB port anymore). I read in a blog that there are some partitions on the router that are mounted rw, and I tried putting a file on one of /mnt/bitdefender which is mounted as ubi filesystem:

Code:
ubi0:vol_armor on /tmp/mnt/bitdefender type ubifs (rw,relatime)
After this, I rebooted the RBK50 to check if the file survived the reboot, but something strange happened and my router suffered a reset (I made a previous config backup, so no problem). Any idea why this could happen? Maybe some security check the router does on every boot?
 

Voxel

Very Senior Member
I read in a blog that there are some partitions on the router that are mounted rw, and I tried putting a file on one of /mnt/bitdefender which is mounted as ubi filesystem
There are some partitions, yes. And some of them are not mounted. Try to play with this one:

/dev/mmcblk0p30

I'd not touch specific partitions mounted for bitdefender or circle. Just necessary to test...

Code:
 mount /dev/mmcblk0p30 /mnt/myfiles
Voxel.
 

alceasan

Occasional Visitor
There are some partitions, yes. And some of them are not mounted. Try to play with this one:

/dev/mmcblk0p30

I'd not touch specific partitions mounted for bitdefender or circle. Just necessary to test...

Code:
 mount /dev/mmcblk0p30 /mnt/myfiles
Voxel.
Hi Voxel,

My RBR50 only have MTD block devices. These are the devices and free space available (except mounted ones):

Code:
/dev/mtdblock0 1.00 MB
/dev/mtdblock1 1.00 MB
/dev/mtdblock2 1.00 MB
/dev/mtdblock3 1.00 MB
/dev/mtdblock4 1.00 MB
/dev/mtdblock5 .50 MB
/dev/mtdblock6 .50 MB
/dev/mtdblock7 .50 MB
/dev/mtdblock8 .50 MB
/dev/mtdblock9 2.00 MB
/dev/mtdblock10 2.00 MB
/dev/mtdblock11 .50 MB
/dev/mtdblock12 .50 MB
/dev/mtdblock13 1.00 MB
/dev/mtdblock14 .50 MB
/dev/mtdblock15 .25 MB
/dev/mtdblock16 1.00 MB
/dev/mtdblock17 .50 MB
/dev/mtdblock18 .25 MB
/dev/mtdblock19 5.00 MB
/dev/mtdblock20 .50 MB
/dev/mtdblock21 147.00 MB
/dev/mtdblock22 50.00 MB
/dev/mtdblock23 3.75 MB
/dev/mtdblock24 46.25 MB
/dev/mtdblock25 5.87 MB
/dev/mtdblock26 50.00 MB
/dev/mtdblock27 3.75 MB
/dev/mtdblock28 46.25 MB
/dev/mtdblock29 244.00 MB
/dev/mtdblock30 2.05 MB
/dev/mtdblock31 2.05 MB
blockdev: can't open '/dev/mtdblock32': Device or resource busy
/dev/mtdblock32 MB
/dev/mtdblock33 .60 MB
blockdev: can't open '/dev/mtdblock34': Device or resource busy
/dev/mtdblock34 MB
blockdev: can't open '/dev/mtdblock35': Device or resource busy
/dev/mtdblock35 MB
/dev/mtdblock36 2.05 MB
/dev/mtdblock37 5.08 MB
blockdev: can't open '/dev/mtdblock38': Device or resource busy
/dev/mtdblock38 MB
I also looked into /proc/mtd trying to find out what are the rest of partitions for:
Code:
dev:    size   erasesize  name
mtd0: 00100000 00020000 "0:SBL1"
mtd1: 00100000 00020000 "0:MIBIB"
mtd2: 00100000 00020000 "0:BOOTCONFIG"
mtd3: 00100000 00020000 "0:QSEE"
mtd4: 00100000 00020000 "0:QSEE_1"
mtd5: 00080000 00020000 "0:CDT"
mtd6: 00080000 00020000 "0:CDT_1"
mtd7: 00080000 00020000 "0:BOOTCONFIG1"
mtd8: 00080000 00020000 "0:APPSBLENV"
mtd9: 00200000 00020000 "0:APPSBL"
mtd10: 00200000 00020000 "0:APPSBL_1"
mtd11: 00080000 00020000 "0:ART"
mtd12: 00080000 00020000 "0:ART.bak"
mtd13: 00100000 00020000 "config"
mtd14: 00080000 00020000 "boarddata1"
mtd15: 00040000 00020000 "boarddata2"
mtd16: 00100000 00020000 "pot"
mtd17: 00080000 00020000 "boarddata1.bak"
mtd18: 00040000 00020000 "boarddata2.bak"
mtd19: 00500000 00020000 "language"
mtd20: 00080000 00020000 "cert"
mtd21: 09300000 00020000 "ntgrdata"
mtd22: 03200000 00020000 "firmware"
mtd23: 003c0000 00020000 "kernel"
mtd24: 02e40000 00020000 "rootfs"
mtd25: 005e0000 00020000 "rootfs_data"
mtd26: 03200000 00020000 "firmware2"
mtd27: 003c0000 00020000 "kernel2"
mtd28: 02e40000 00020000 "rootfs2"
mtd29: 0f400000 00020000 "reserved"
mtd30: 0020f000 0001f000 "vol_traffic"
mtd31: 0020f000 0001f000 "vol_traffic.bak"
mtd32: 00516000 0001f000 "vol_devtable"
mtd33: 0009b000 0001f000 "vol_oopsdump"
mtd34: 01e08000 0001f000 "vol_circle"
mtd35: 02d0c000 0001f000 "vol_ntgr"
mtd36: 0020f000 0001f000 "vol_rae"
mtd37: 00516000 0001f000 "vol_arlo"
mtd38: 02815000 0001f000 "vol_armor"
My /dev/mtdblock30 has only 2.05 MB available (it should be enough for storing some scripts and config), but it seems its being used for vol_traffic.
 

Voxel

Very Senior Member
Hi Voxel,

My RBR50 only have MTD block devices. These are the devices and free space available (except mounted ones):
Well. I rather cannot help with this. You should test it yourself... Different models. I was not aware of such differences...

Voxel.
 

exsmogger

Occasional Visitor
Voxel, thanks very much for your efforts. I flashed my Orbi and satellite with your firmware and it all works great. I'm happy you activated SSH so I can leave Telnet turned off. I had some trouble getting Proftpd to work as it wouldn't respond on port 21. I changed it to port 2001 in the config file and it now works perfectly. Obviously something else is using port 21, but no big deal since it works.

I have a question about the Circle service. I have all parental controls turned off in the GUI, but I see circled as a running process as per the netstat command:

[email protected]:~# netstat -natp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:33344 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:7777 0.0.0.0:* LISTEN 23534/hyd
tcp 0 0 127.0.0.1:14369 0.0.0.0:* LISTEN 11618/xagent
tcp 0 0 0.0.0.0:20005 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:4455 0.0.0.0:* LISTEN 11692/upagent
tcp 0 0 x.y.z.1:7272 0.0.0.0:* LISTEN 13686/circled
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8951/lighttpd
tcp 0 0 127.0.0.1:4466 0.0.0.0:* LISTEN 11692/upagent
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 13765/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 13842/dropbear
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 19793/KC_PRINT
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 8951/lighttpd
tcp 0 0 127.0.0.1:54421 127.0.0.1:7777 TIME_WAIT -
tcp 0 0 127.0.0.1:54422 127.0.0.1:7777 TIME_WAIT -
tcp 0 0 127.0.0.1:54426 127.0.0.1:7777 TIME_WAIT -
tcp 0 0 127.0.0.1:54427 127.0.0.1:7777 TIME_WAIT -
tcp 0 0 127.0.0.1:54419 127.0.0.1:7777 TIME_WAIT -
tcp 0 0 127.0.0.1:54420 127.0.0.1:7777 TIME_WAIT -
tcp 0 0 127.0.0.1:54424 127.0.0.1:7777 TIME_WAIT -
tcp 0 272 x.y.z.1:22 x.y.z.100:57748 ESTABLISHED 23821/dropbear
tcp 0 0 127.0.0.1:54425 127.0.0.1:7777 TIME_WAIT -
tcp 0 0 127.0.0.1:54423 127.0.0.1:7777 TIME_WAIT -
tcp 0 0 x.y.z.65:58910 52.26.86.12:443 ESTABLISHED 11618/xagent
tcp 0 0 :::80 :::* LISTEN 8951/lighttpd
tcp 0 0 :::2001 :::* LISTEN 8462/proftpd: (acce
tcp 0 0 :::53 :::* LISTEN 13765/dnsmasq
tcp 0 0 :::22 :::* LISTEN 13842/dropbear
tcp 0 0 :::443 :::* LISTEN 8951/lighttpd

Since I'm not using the circled service, would it hurt anything to disable or kill it? Thanks again for your good work.

exsmogger
 
Last edited:

BANsOnLn

Occasional Visitor
Looking forward to checking this out! Thanks Voxel. So to install this, all I do is GUI into main router and select manual firmware and it will push to the satellites as well?
 

exsmogger

Occasional Visitor
The satellite should be upgraded first. It is assigned its own LAN address which is listed under Attached Devices in the GUI. Enter this address into your browser and use the same login as the main router. Just follow the prompts for a manual upgrade. When the satellite is finished upgrading, login to the router and manually upgrade its firmware.
 

Voxel

Very Senior Member
So to install this, all I do is GUI into main router and select manual firmware and it will push to the satellites as well?
Not quite so. There is an option in main router's GUI, manual firmware update, to update the satellite firmware. Selecting check box(es) of your satellite(s) and pressing the button [Update].

Voxel.
 

Voxel

Very Senior Member
Voxel, thanks very much for your efforts. I flashed my Orbi and satellite with your firmware and it all works great. I'm happy you activated SSH so I can leave Telnet turned off. I had some trouble getting Proftpd to work as it wouldn't respond on port 21. I changed it to port 2001 in the config file and it now works perfectly. Obviously something else is using port 21, but no big deal since it works.

I have a question about the Circle service. I have all parental controls turned off in the GUI, but I see Circle(d) as a running process as per the netstat command:
Well. I am still studying this Orbi firmware. There are a lot of such "ghosts" in the stock fw to fix. For example, it tries to connect NG site to "Update ReadyCLOUD" when no ReadyCLOUD is available yet (even on NG site to download). So if you check the stock version you can see in process list something like "/sbin/cloud update" (fixed in my version). The same circle, or armor (even if they are not used)... proftpd is included but no possibility to enable it in GUI. Samba. hotplug etc. Fixing by me: step by step.

Temporary: you can change the file /etc/init.d/circle_init adding "exit" immediately in the boot() function. Using my scheme with /overlay on USB.

Will be fixed in the next version.

Thank you for reporting. Please report other issues to fix if you find them.

Voxel.
 

Astaroth_PoD

New Around Here
Great firmware!
I am interested in making it work with proper mesh, preferably using 802.11s or even IBSS or ad-hoc.
Any chance you could include "iw" in the next firmware?
 

exsmogger

Occasional Visitor
I was able to kill the circled process. It turned out that killing the process that was listening (13686) didn't work as it would restart itself with a new PID. I don't know a lot about Linux, but I decided there had to be a parent process that was monitoring the process that was listening. I then ran pidof circled and saw two PIDs. I killed the one that wasn't listed in netstat and that did the trick. circled is not running and everything is still working fine.

In looking at the circled log at /tmp/circled.log I saw it was making a check for updated firmware every 2 hours to https://http.fw.updates1.netgear.com/sw-apps/parental-control/circle/rbr50/mr22/ It looks like it was doing no harm, but why should this process be running at all when I have it disabled in the GUI?

I know circled will come back when the Orbi reboots, but this is good enough for now.
 

BANsOnLn

Occasional Visitor
Talk about excited. This firmware finally allows me to have 1 single SSID and my 5G devices connect to the correct network. No more Roku's, iPhones or xbox's on 2.4G. So far they are connecting to 5G like they should using a single SSID!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top