Menu
What's new
By:
Filters Better Search

New Threats to Asus Routers, few details.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sfx2000 said:
It is complex enough now that only a few people could possibly understand everything inside - and it's probably close to the point where starting fresh is going to be less expensive than maintaining the existing software.
Click to expand...
Luckily for Asus, a lot of their devs and managers have been there since the early days of Asuswrt (they forked it from Tomato in 2010 or 2011).

And that growing complexity is why I had to constantly narrow down the scope of what I am comfortable with modifying within that code. There's no way I can get even remotely close to having a broad enough understanding of a codebase for which Asus has a whole team of developers devoted to.
 
To put things in perspective: the oldest GPL archive I still have on my NAS is the 3.0.0.4.372_1393, from 2013 (that was when they added their first ARM platform with the RT-AC56U). That compressed archive is 400 MB.

Today, the average GPL archive is between 1 GB and 1.6 GB, depending on the model. And that`s for one single model.

1686250359347.png


I`ll let you imagine the size of their whole git repo where every SDK platform is included. I know what size it was a few years ago, and I'm pretty sure your best guesses would underestimate that size...
 
RMerlin said:
Luckily for Asus, a lot of their devs and managers have been there since the early days of Asuswrt (they forked it from Tomato in 2010 or 2011).
Click to expand...

If you want to see how things have evolved - Belkin still sells routers, and they had a mediatek based WiFi6 (RT3200) device that is basically classic Linksys WRT with mediatek's SDK merged in...

Tarball is here - https://s3.belkin.com/support/assets/belkin/gpl/RT3200_v1.2.00.360516.tar.gz

When you look at their file/folder structure... you might find it somewhat familiar ;)

FWIW - Mediatek, much like QC-Atheros' QSDK, their SDK is also based on OpenWRT with all their closed source drivers/toolchains/etc - it's not OpenWRT per se, but the frameworks are there so they can support all their different chipsets...
 
sfx2000 said:
If you want to see how things have evolved - Belkin still sells routers, and they had a mediatek based WiFi6 (RT3200) device that is basically classic Linksys WRT with mediatek's SDK merged in...

Tarball is here - https://s3.belkin.com/support/assets/belkin/gpl/RT3200_v1.2.00.360516.tar.gz

When you look at their file/folder structure... you might find it somewhat familiar ;)

FWIW - Mediatek, much like QC-Atheros' QSDK, their SDK is also based on OpenWRT with all their closed source drivers/toolchains/etc - it's not OpenWRT per se, but the frameworks are there so they can support all their different chipsets...
Click to expand...
I know that Broadcom has some kind of OpenWRT support in their recent SDKs as well, based on some discussions I've had behind doors.
 
RMerlin said:
I know that Broadcom has some kind of OpenWRT support in their recent SDKs as well, based on some discussions I've had behind doors.
Click to expand...

That's the second time I've heard that now - doesn't mean that OpenWRT is looking to support Broadcom - rather similar to QCA and Mediatek, it's better that buildroot to support multiple chipsets...
 
sfx2000 said:
That's the second time I've heard that now - doesn't mean that OpenWRT is looking to support Broadcom - rather similar to QCA and Mediatek, it's better that buildroot to support multiple chipsets...
Click to expand...
No, but it means hardware manufacturers can now get a Broadcom licence, get the OpenWRT source code, and build a commercial product out of it.
 
sfx2000 said:
It is complex enough now that only a few people could possibly understand everything inside
Click to expand...

I would like to see simple to fix bugs fixed like copy/paste massages from older firmware versions not valid anymore, help tooltips with wrong copy/paste information, GUI elements. This is what all the users see. What's underneath - Windows 98 that has to be re-written completely, but no one wants to.
 
RMerlin said:
No, but it means hardware manufacturers can now get a Broadcom licence, get the OpenWRT source code, and build a commercial product out of it.
Click to expand...

I suppose they could - but GPL gets in the way of things there - it's always the lawyers that spoil the fun I guess...
 
Tech9 said:
This is what all the users see. What's underneath - Windows 98 that has to be re-written completely, but no one wants to.
Click to expand...

Many people like sausage - but really don't want to know what is inside ;)

As I mentioned - the complexity under the AsusWRT skin is truly amazing, and in some ways, a tribute to those that maintain it...

What I thought might be a simple bug fix, and in OpenWRT it would be, after a week of digging around inside the code, with hints provided by folks that _know_ it, I can't do a clean/tested fix, as it would impact devices outside of the one I have at hand, along with the mentioned mobile app and AIMesh configs.

The bug I'm chasing, as mentioned, is in how WL_2 is configured - it's turboQAM support, and they're basically violating a bunch of rules - not Asus perhaps, but Broadcom... most clients are ok with this until someone makes a change - it's actually a sev medium bug perhaps, but one that affects non-windows clients because some of them, including intel, look at the actual frame structure - intel on linux was the first clue, but as I dug into it, ath10k/ath11k also saw the same issue, along with ESP32/ESP8266 chips that are common in IoT devices...

I would add that in 2.4GHz - this bug could actually be a cause of many of the mobile handset issues with devices bouncing on/off the WLAN - again, depends on how the UI is set, and how the driver underneath is configured.

There's always the group-mind approaches - disable this, enable that, beamforming, airtime fairness, etc - but that's dancing around the real bug with potential workarounds, not addressing the real issue at hand.

The fact that ath9k is so well documented and open helped sort the bug.

I've fixed it for AC-68U, but that same change might not work for other SDK versions and I can't test this due to lack of devices (clients and routers) completely - so a pull request is not pending.

I'll likely just document the bug, giving my discovery results, and move on.
 
Last edited:
sfx2000 said:
suppose they could - but GPL gets in the way of things there
Click to expand...
Not necessarily. Plenty of manufacturers have used OpenWRT with a closed source driver in the past. They only need to provide a buildable image by including prebuilt binary blobs, like all manufacturers already do.
 
You must log in or register to reply here.

Similar threads

L&LD
Now, it's Cisco's turn (at least for its older hardware).
Replies
7
Views
723
coxhaus
C
D
[Ars] Kremlin-backed hackers are infecting Ubiquity EdgeRouters
Replies
8
Views
800
RMerlin
RMerlin
P
News Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
Replies
15
Views
1K
sfx2000
sfx2000
P
News A wide range of routers are under attack by new, unusually sophisticated malware
Replies
17
Views
4K
torstein
torstein
PunchCardBoss
Release Asus Updates Mobile App
Replies
0
Views
406
PunchCardBoss
PunchCardBoss
Similar threads
Thread starter Title Forum Replies Date
T 6000 Asus routers in 72 hours!!! General Network Security 2
C AVrecon malware infects 70,000 Linux routers to build botnet General Network Security 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 861 (members: 21, guests: 840)
Top