Hacking the Netgear wgt634u
Abstract: This paper gives you some hints about how to compile click ( http://pdos.csail.mit.edu/click/ ) and madwifi.stripped driver (http://pdos.csail.mit.edu/~jbicket/madwifi.stripped/) using openwrt ( http://openwrt.org ) for the Netgear wgt634u router. General information about the router you can find at http://pdos.csail.mit.edu/roofnet/doku.php?id=wgt634u.
Credits: http://pdos.csail.mit.edu/roofnet/
OpenWRT setup
First of all you need to install the openwrt toolchain ( [1] ) on your build computer.
cvs -d:pserver:anonymous@openwrt.org:/openwrt login cvs -d:pserver:anonymous@openwrt.org:/openwrt co buildroot
The following tools/libs are required:
- wget, tftp
- cvs, subversion
- gcc, gcc-c++, bison, flex
- patch, gettext
- autoconf, automake
- zlib-devel
We need a C++-compiler, so you’ll need to patch $OPENWRT/buildroot/Makefile.
INSTALL_LIBSTDCPP:=true
That's all: run make
Compiling click
To build click you have to copy the following Makefile (click.mk) to the $OPENWRT/buildroot/make directory:
############################################################# # # click # ############################################################# CLICK_DIR:=$(BUILD_DIR)/click click-source: $(CLICK_DIR)/.unpacked $(CLICK_DIR)/.unpacked: $(DL_DIR)/$(CLICK_SOURCE) (cd $(BUILD_DIR); \ svn co svn://merkur.sardmn.informatik.hu-berlin.de/click) touch $(CLICK_DIR)/.unpacked $(CLICK_DIR)/.configured: $(CLICK_DIR)/.unpacked (cd $(CLICK_DIR); rm -rf config.cache; \ $(TARGET_CONFIGURE_OPTS) \ CFLAGS="$(TARGET_CFLAGS)" \ AR_CREATEFLAGS="cru" \ CLFLAGS=-static \ CXXFLAGS=-static \ ./configure \ --build=i686-pc-linux-gnu \ --host=mipsel-linux \ --disable-linuxmodule \ --enable-brn \ --disable-ip \ --enable-wifi \ --disable-ip \ --enable-tools=mixed \ ); touch $(CLICK_DIR)/.configured $(CLICK_DIR)/click: $(CLICK_DIR)/.configured $(MAKE) CC=$(TARGET_CC) -C $(CLICK_DIR) $(TARGET_DIR)/usr/bin/click: $(CLICK_DIR)/click install -c $(CLICK_DIR)/userlevel/click $(TARGET_DIR)/usr/bin/click $(STRIP) $(TARGET_DIR)/usr/bin/click > /dev/null 2>&1 click: uclibc $(TARGET_DIR)/usr/bin/click click-clean: $(MAKE) -C $(CLICK_DIR) clean rm -rf $(TARGET_DIR)/usr/bin/click click-dirclean: rm -rf $(CLICK_DIR)
That's all: run make click to build click. Currently, I only tested the userlevel click binary.
Compiling Madwifi.stripped
The madwifi.stripped driver lets Click directly read and write raw frames from the wireless card, and strips out the usual driver logic. To build the madwifi.stripped driver you have to copy the following Makefile (madwifi.mk) to the $OPENWRT/buildroot/make directory:
############################################################# # # madwifi.stripped # ############################################################# MADWIFI_DIR:=$(BUILD_DIR)/madwifi $(DL_DIR)/$(MADWIFI_SOURCE): $(WGET) -P $(DL_DIR) $(MADWIFI_SITE)/$(MADWIFI_SOURCE) madwifi-source: $(DL_DIR)/$(MADWIFI_SOURCE) $(MADWIFI_DIR)/.unpacked: $(DL_DIR)/$(MADWIFI_SOURCE) (cd $(BUILD_DIR); \ cvs -d :pserver:anoncvs@cvs.pdos.lcs.mit.edu:/cvs login) (cd $(BUILD_DIR); \ cvs -z5 -d :pserver:anoncvs@cvs.pdos.lcs.mit.edu:/cvs co -d madwifi roofnet/release/stripped) touch $(MADWIFI_DIR)/.unpacked $(MADWIFI_DIR)/madwifi: $(MADWIFI_DIR)/.unpacked $(MAKE) CC=$(TARGET_CC) TARGET=mips-le-elf KERNELPATH=$(BUILD_DIR)/WRT54GS/release/src/linux/linux/ -C $(MADWIFI_DIR) $(TARGET_DIR)/usr/bin/madwifi: $(MADWIFI_DIR)/madwifi mkdir $(TARGET_DIR)/usr/bin/madwifi/ cp $(MADWIFI_DIR)/madwifi/driver/ath_pci.o $(TARGET_DIR)/usr/bin/madwifi/ cp $(MADWIFI_DIR)/madwifi/ath_hal/ath_hal.o $(TARGET_DIR)/usr/bin/madwifi/ $(STRIP) $(TARGET_DIR)/usr/bin/madwifi/ath_pci.o > /dev/null 2>&1 $(STRIP) $(TARGET_DIR)/usr/bin/madwifi/ath_hal.o > /dev/null 2>&1 madwifi: uclibc $(TARGET_DIR)/usr/bin/madwifi/ madwifi-clean: $(MAKE) -C $(MADWIFI_DIR) clean rm -rf $(TARGET_DIR)/usr/bin/madwifi/ madwifi-dirclean: rm -rf $(MADWIFI_DIR)
That's all: run make madwifi to build the driver.
Compiling New Kernel
############################################################# # # linux kernel for wgt634 # ############################################################# WGTKERNEL_DIR:=$(BUILD_DIR)/wgt634u-1.4.1.8-gpl-src WGTKERNEL_SOURCE=wgt634u-1.4.1.8-gpl-src.tar.bz2 WGTKERNEL_SITE=ftp://downloads.netgear.com/files/GPL WGTKERNEL_KERNEL=wgt634u-1.4.1.8-gpl-src/linux-2.4.x WGTKERNEL_BROADCOM_SRC=wgt634u-1.4.1.8-gpl-src/broadcom-src LINUX_DIR:=$(WGTKERNEL_DIR)/linux-2.4.x UCLIBC_DIR:=$(BUILD_DIR)/staging_dir/mipsel-linux-uclibc/ STAGING_DIR:=$(BUILD_DIR)/staging_dir/ all: wgtkernel $(DL_DIR)/$(WGTKERNEL_SOURCE): $(WGET) -P $(DL_DIR) $(WGTKERNEL_SITE)/$(WGTKERNEL_SOURCE) $(WGTKERNEL_DIR)/.source: $(DL_DIR)/$(WGTKERNEL_SOURCE) bzcat $(DL_DIR)/$(WGTKERNEL_SOURCE) | tar -C $(BUILD_DIR) -xvf - $(WGTKERNEL_KERNEL) $(WGTKERNEL_BROADCOM_SRC) touch $(WGTKERNEL_DIR)/.source wgtkernel: dep zImage dep: $(WGTKERNEL_DIR)/.source $(MAKE) CC=$(TARGET_CC) -C $(WGTKERNEL_DIR)/linux-2.4.x oldconfig include/linux/version.h $(MAKE) CC=$(TARGET_CC) -C $(WGTKERNEL_DIR)/linux-2.4.x SRCBASE=$(WGTKERNEL_DIR)/broadcom-src dep zImage: $(MAKE) CC=$(TARGET_CC) -C $(WGTKERNEL_DIR)/linux-2.4.x SRCBASE=$(WGTKERNEL_DIR)/broadcom-src zImage wgtkernel-clean: $(MAKE) -C $(LINUX_DIR) clean rm $(WGTKERNEL_DIR)/.unpacked wgtkernel-dirclean: rm -rf $(WGTKERNEL_DIR)
First, the stock kernel doesn’t link with gcc 3.3.3, so you’ll need to patch linux-2.4.x/arch/mips/brcm-boards/bcm947xx/cfe_flash_nvram.c.
@@ -927,6 +927,12 @@ struct page *page, *end; unsigned int i; + /* Register char device */ + if ((nvram_major = devfs_register_chrdev(252, "nvram", &nvram_fops)) < 0) { + ret = nvram_major; + return ret; + } + /* Allocate and reserve memory to mmap() */ while ((PAGE_SIZE << order) < NVRAM_SPACE) order++; @@ -955,21 +961,11 @@ /* Initialize hash table */ nvram_rehash(); - /* Register char device */ - if ((nvram_major = devfs_register_chrdev(252, "nvram", &nvram_fops)) < 0) { - ret = nvram_major; - goto err; - } - /* Create /dev/nvram handle */ nvram_handle = devfs_register(NULL, "nvram", DEVFS_FL_NONE, nvram_major, 0, S_IFCHR | S_IRUSR | S_IWUSR | S_IRGRP, &nvram_fops, NULL); return 0; - - err: - nvram_exit(); - return ret; } module_init(nvram_init);
Third, you’ll need to patch linux-2.4.x/Makefile.
27a28,29 > MIPS_BASE = $(TOPDIR)/../../staging_dir/bin/ > 29c31 < LD = $(CROSS_COMPILE)ld --- > LD = $(MIPS_BASE)/$(CROSS_COMPILE)ld 32,36c34,38 < AR = $(CROSS_COMPILE)ar < NM = $(CROSS_COMPILE)nm < STRIP = $(CROSS_COMPILE)strip < OBJCOPY = $(CROSS_COMPILE)objcopy < OBJDUMP = $(CROSS_COMPILE)objdump --- > AR = $(MIPS_BASE)/$(CROSS_COMPILE)ar > NM = $(MIPS_BASE)/$(CROSS_COMPILE)nm > STRIP = $(MIPS_BASE)/$(CROSS_COMPILE)strip > OBJCOPY = $(MIPS_BASE)/$(CROSS_COMPILE)objcopy > OBJDUMP = $(MIPS_BASE)/$(CROSS_COMPILE)objdump
Fourth, you’ll need to patch linux-2.4.x/arch/mips/Makefile.
69c69 < GCCFLAGS += -mcpu=r4600 -mips2 -Wa,--trap --- > GCCFLAGS += -mips2 -Wa,--trap 72c72 < GCCFLAGS += -mcpu=r4600 -mips2 -Wa,--trap --- > GCCFLAGS += -mips2 -Wa,--trap 75c75 < GCCFLAGS += -mcpu=r4600 -mips2 -Wa,--trap --- > GCCFLAGS += -mips2 -Wa,--trap 78c78 < GCCFLAGS += -mcpu=r4600 -mips2 -Wa,--trap --- > GCCFLAGS += -mips2 -Wa,--trap 81c81 < GCCFLAGS += -mcpu=r4600 -mips2 -Wa,--trap --- > GCCFLAGS += -mips2 -Wa,--trap
Fifth, you’ll need to patch linux-2.4.x/arch/mips/brcm-boards/bcm947xx/compressed/Makefile.
21d20 < STRIP := $(CROSS_COMPILE)strip 23c22,25 < OBJCOPY := $(CROSS_COMPILE)objcopy -O binary -R .reginfo -R .note -R .comment -R .mdebug -S --- > MIPS_BASE := $(TOPDIR)/../../staging_dir/bin/ > STRIP := $(MIPS_BASE)/$(CROSS_COMPILE)strip > > OBJCOPY := $(MIPS_BASE)/$(CROSS_COMPILE)objcopy -O binary -R .reginfo -R .note -R .comment -R .mdebug -S 28c30 < ASFLAGS += -G 0 -mno-abicalls -fno-pic -pipe -mcpu=r4600 -mips2 -Wa --trap -m4710a0kern --- > ASFLAGS += -G 0 -mno-abicalls -fno-pic -pipe -mips2
Last, if you’re planning to run userlevel click, edit the linux-2.4.x/.config file and change the CONFIG_ETHERTAP and CONFIG_TUN lines to y.