How to get the GPL code of the ASUS Blue Cave AC 2600

[Sniper-Jack]

I want to get the ASUS GPL code of the Blue Cave But I don't know where to download it.
I need Help.

 

[Internet Man]

It does not appear to be available yet.

 

[Sniper-Jack]

It does not appear to be available yet.

Thanks for your reply. But according to the GPL, they should offer the source code without their own drivers.

 

[Internet Man]

https://github.com/RMerl/asuswrt-merlin.382/blob/master/release/src-rt/Makefile contains some Blue Cave build code.

In the past, RMerlin has been given early access to source code from ASUS so that may be the case here. I don't follow ASUS firmware stuff closely enough.

The Phicomm K3C is similar to the Blue Cave and the GPL code for that device seems to be here: http://www.phicomm.com/us/index.php/Soho/software_support/cid/20.html

A discussion in Chinese about firmware for the Phicomm K3C is interesting: https://translate.google.com/transl....cn/forum/thread-250546-69-1.html&prev=search

From that thread, this github might be the Phicomm K3C source code: https://github.com/paldier/K3C

 

[RMerlin]

In the past, RMerlin has been given early access to source code from ASUS so that may be the case here. I don't follow ASUS firmware stuff closely enough.

He'll need a GPL drop from Asus, as all the precompiled components for httpd, shared and rc are all model-specific.

 

[Sniper-Jack]

https://github.com/RMerl/asuswrt-merlin.382/blob/master/release/src-rt/Makefile contains some Blue Cave build code.

In the past, RMerlin has been given early access to source code from ASUS so that may be the case here. I don't follow ASUS firmware stuff closely enough.

The Phicomm K3C is similar to the Blue Cave and the GPL code for that device seems to be here: http://www.phicomm.com/us/index.php/Soho/software_support/cid/20.html

A discussion in Chinese about firmware for the Phicomm K3C is interesting: https://translate.google.com/transl....cn/forum/thread-250546-69-1.html&prev=search

From that thread, this github might be the Phicomm K3C source code: https://github.com/paldier/K3C

I also think that RMerlin has been given early access to source code from ASUS. So I asked their for a GPL code copy. But I was wrong. They also did not get the GPL code from ASUS. I've seen the website you mentioned before and did not get any useful results. I also asked Asus technical support, but they did not give me a reply. I do not know what to do.

 

[Sniper-Jack]

He'll need a GPL drop from Asus, as all the precompiled components for httpd, shared and rc are all model-specific.

Yes you are right. I asked Asus technical support, but they did not give me a reply.

 

[RMerlin]

I also think that RMerlin has been given early access to source code from ASUS

They haven't sent me any pre-release GPL in years now... I tried for months to get a pre-release copy of the 382 code so I wouldn't have to work like a madman to catch up on 18 months of code changes, and I never succeeded.

 

[Sniper-Jack]

They haven't sent me any pre-release GPL in years now... I tried for months to get a pre-release copy of the 382 code so I wouldn't have to work like a madman to catch up on 18 months of code changes, and I never succeeded.

Maybe Asus does not want us to get the pre-release GPL.
I have asked networking_support<at>asus<dot>com for the GPL code. But they told me I'll wait another 24 to 72 hours so they can give me a definite answer.

 

[RMerlin]

Maybe Asus does not want us to get the pre-release GPL.
I have asked networking_support<at>asus<dot>com for the GPL code. But they told me I'll wait another 24 to 72 hours so they can give me a definite answer.

Then just be patient. Bluecave is a completely different architecture from all their other models, so building the GPL is probably harder to do than for example with Broadcom, where they already have scripts developed to take care of preparing the GPL with all the necessary precompiled pieces. It's possible that with Bluecave it's still a manual process.

Asus's GPL drops are more complicated than just tar'ing the code and uploading it. They have to filter out proprietary code, and replace it with prebuilt binary blobs. They also have to ensure afterward that it does compile properly.

 

[Sniper-Jack]

Then just be patient. Bluecave is a completely different architecture from all their other models, so building the GPL is probably harder to do than for example with Broadcom, where they already have scripts developed to take care of preparing the GPL with all the necessary precompiled pieces. It's possible that with Bluecave it's still a manual process.

Asus's GPL drops are more complicated than just tar'ing the code and uploading it. They have to filter out proprietary code, and replace it with prebuilt binary blobs. They also have to ensure afterward that it does compile properly.

Thanks a lot.
I know that Blue Cave is a completely different arch from the Broadcom chip. It's Intel Home wireless solution . So I'm eager to know how it works. Maybe I'm in a hurry. I'm just worried Asus did not want to release GPL.

 

[RMerlin]

I'm just worried Asus did not want to release GPL.

They eventually will - legally, they are required to do so. And so far Asus has shown to be quite GPL-friendly compared to a few other companies out there.

 

[Sniper-Jack]

They eventually will - legally, they are required to do so. And so far Asus has shown to be quite GPL-friendly compared to a few other companies out there.

Thank you very much. And I think I should be more patient.

 

[sfx2000]

They eventually will - legally, they are required to do so. And so far Asus has shown to be quite GPL-friendly compared to a few other companies out there.

At some point - perhaps they'll move from Linux and all the GPL mess there over to BSD, where the BSD license is a bit more vendor friendly...

 

[RMerlin]

At some point - perhaps they'll move from Linux and all the GPL mess there over to BSD, where the BSD license is a bit more vendor friendly...

Moving from Linux to BSD won't change the fact that GPL licences still apply to busybox, Samba, openssl, dnsmasq, etc...

The kernel is the least of their worry.

 

[sfx2000]

The kernel is the least of their worry.

Speaking of the kernel, at the risk of derailing things, wonder if they're going to backport the changes for the recent issues - the Cortex-A9 isn't at risk for Meltdown, but it is at risk for Spectre...

 

[RMerlin]

Speaking of the kernel, at the risk of derailing things, wonder if they're going to backport the changes for the recent issues - the Cortex-A9 isn't at risk for Meltdown, but it is at risk for Spectre...

Considering that the router runs the majority of its services as root, does it really matter?

I saw one of ARM's fixes, which must be done at the compiler level AND at the userspace code level. Highly unlikely it will ever be patched on their SOHO router platforms IMHO.

Personally I'm not worried by it at all. It's more a risk in the server world (especially VM world where different customers share the same hardware), and to a lesser extent at the desktop level (where people run all sort of code, making them at risk of being a potential target).

Spectre is also very difficult to exploit if I remember correctly, meaning it's more likely to get used in a targeted attack than in a widespread malware.

 

[sfx2000]

I saw one of ARM's fixes, which must be done at the compiler level AND at the userspace code level. Highly unlikely it will ever be patched on their SOHO router platforms IMHO.

Personally I'm not worried by it at all. It's more a risk in the server world (especially VM world where different customers share the same hardware), and to a lesser extent at the desktop level (where people run all sort of code, making them at risk of being a potential target).

Spectre is also very difficult to exploit if I remember correctly, meaning it's more likely to get used in a targeted attack than in a widespread malware.

I think the big worry, like you mentioned, is in the cloud and server space where many VM's and/or containers are being used - whether by multiple tenants, or by a single tenant with many instances running.

Interesting to note however, since there is a working proof of concept in Javascript, all the major browsers did take some mitigation steps...

 

[RMerlin]

Interesting to note however, since there is a working proof of concept in Javascript, all the major browsers did take some mitigation steps...

Web browser developers need to get slapped. Seriously, why the f*** does a browser need kernel or memory access to begin with?

Javascript has become the new Java. NOW, we know why they chose to use the same name prefix... Javascript is everywhere (including places where it does not belong), and its security has gone down the drain as they tried to make it capable to basically run a whole OS. Javascript should only be for data manipulation within an HTML page, with very limited access to the filesystem (for reading and writing files).

 

[sfx2000]

Web browser developers need to get slapped. Seriously, why the f*** does a browser need kernel or memory access to begin with?

I agree - unfortunately, browsers have indeed become operating systems of their own to some degree - some more than others - look at Google's Chrome as an example - OSX, Windows, Linux, and across different ISA's, Chrome Apps run across all...

It's like Inception...