WHR-G300N (v1)

主要参考文件 :
Flash from Buffalo stock firmware to DD-WRT
Refer WHR-G300N on DD-WRT WIKI

------------------------------------------------------------
主機板訊息: WRTR-237GN_V02; 190-k05-7700R

------------------------------------------------------------
Wireless MAC (SSID): 00-24-a5-3d-9f-e8
LAN MAC : 00-1d-73-11-11-12
WAN MAC : 00-1d-73-11-11-13

------------------------------------------------------------
原廠 firmware 換成 DD-WRT 的過程:

1) 設定網路 IP : 192.168.11.2, NETMASK : 255.255.255.0, gateway : 192.168.11.1
2) 使用 "arp -a", 確認 192.168.11.1 有出現, ping 192.168.11.1 也正常回應
3) power off router
3) dos command> tftp -i 192.168.11.1 PUT firmware.tftp, 並立即 power on router. 通常 router 只等你幾秒的時間

------------------------------------------------------------
DD-WRT 啟動上有些困難, 原因還不是很清楚, 暫時解法如下:

使用 "arp -a", 確認 192.168.1.1 有出現
若無 (192.168.1.1 cannot link with 00-1d-73-11-11-12),
1) ipconfig /flushdns
2) ipconfig /release
3) ipconfig /renew
4) "route print" 找出 INTERFACE ID
5) netsh interface ipv4 add neighbors %INTERFACE% %ROUTERIP% %ROUTERMAC%

事後, netsh interface ipv4 delete neighbors %INTERFACE%

LED display/Reset Button 不太正常, 暫時不理會

------------------------------------------------------------
如何進入 U-BOOT command mode,
USB 轉 TTL+putty, speed : 57600, 啟動後立即按 "4", 而不是一般所說的 Ctl+C

不穩定, 不是每次都可進入? 應該是焊接工夫有問題

------------------------------------------------------------
Serial port pin layout:
pin 1 : 3.3V (square pad)
pin 2 : Tx
pin 3 : Rx
pin 4 : GND

------------------------------------------------------------
(未測過)
You can install the original encrypted buffalo firmware by decrypting it first. To do so follow these steps (on linux, will probably work on other systems too):

Decrypt original Buffalo firmware:
1) get the files buffalo-enc.c buffalo-lib.c buffalo-lib.h from firmware-mod-kit
2) Compile: gcc -o buffalo-enc buffalo.c buffalo-enc.c
3) Get the encrypted, original firmware from the buffalo website
4) Open the file in a binary editor and remove the first few bytes to just before "the second start(?)" section
./buffalo-enc -d -i infile.enc -o firmware.bin
5) follow the procedure on [Guide] Recovering a bricked Buffalo Airstation N450 Router (WZR-HP-G450H)

WZR-HP-G300NH2 migrate from OpenWRT to DD-WRT

以 wzr-hp-g300nh2-dd-wrt-webupgrade-Multi_r31221.bin 為例:

strip first 28 bytes
dd bs=1 skip-28 if=wzr-hp-g300nh2-dd-wrt-webupgrade-Multi_r31221.bin of=myfirmware.bin
Use open WebGUI to flash myfirmware.bin.

It would take about 20 mins to fully reflash and boot.

OpenWRT webgui 能接受的是以 27 05 19 56 .... 為首的非加密檔案

-----------------------------------------------------------------

Zyamb

TFTP and WebGUi are the best way for flash fw. mtd command is tricky and we should have enough space on the router to contain fw file, enable telnet or sshd, maybe external usb... so better avoid it.

1. If you can still on with openwrt WebGUI:

Use file wzr-hp-g300nh-dd-wrt-webupgrade-MULTI.bin, strip first 28 bytes
dd bs=1 skip=28 if=wzr-hp-g300nh-dd-wrt-webupgrade-MULTI.bin of=myfirmware.bin

Use open WebGUI to flash myfirmware.bin. I've reverted back to dd-wrt by this way. It took 20 mins to fully reflash and boot.

2. TFTP
Use openwrt tftp images. Those files have 32 bytes header.

Actual flash starts at 0x20 offset
0020  27 05 19 56 8C 8E 20 49  4C 70 96 52 00 0D 86 F1  -'..V.. ILp.R....-
0030  80 06 00 00 80 06 00 00  13 72 3C FB 05 05 02 03  -.........r<.....-
0040  4D 49 50 53 20 4F 70 65  6E 57 72 74 20 4C 69 6E  -MIPS OpenWrt Lin-
0050  75 78 2D 32 2E 36 2E 33  32 2E 31 36 00 00 00 00  -ux-2.6.32.16....-

Now I can back and forth any firmware I want, just remember
openwrt WebGUI accepts RAW fw image, that starts with above bolded 5 bytes
openwrt tftp require a 28-bytes header. Spend some time to look at those files and you can modify headers as your needs.

The best way to start new upgrade path is back to factory firmware 1.60 first. Then flash it with buffalo-to-ddwrt followed by dd-wrt-webupgrade.

Hope it helps

設定 client.ovpn for OpenVPN

I had to setup openvpn on 4 non-jailbroken IOS devices yesterday. These devices were not setup to sync to computers, so I had to add the openvpn files via email.
This is a bad (insecure) way to add openvpn to the devices, but in this case it was the only way, and security was not very important on this setup.
If I was able to sync these devices with a computer, I could have used my original config file and cert files by adding the files from within iTunes.
In order to make this work, You need to use in-line certificate files.
My original config file looked like this:
Before:

client
dev tun
proto udp
remote vpn.server.hostname 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
verb 3
ca ca.crt
cert jeff.crt
key jeff.key
tls-auth ta.key 1

After changing my config files to work with in-line certificates, they looked like this:
After

client
dev tun
proto udp
remote vpn.server.hostname 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
verb 3
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>

Notice that --tls-auth takes a direction (1/0) when using it from a file, but when using tls-auth inline you must also use --key-direction (1/0).
Then on the !Iphone/Ipad/Ipod touch go to the app store, search for openvpn connect, and install it.
Then email the final config (with file extension .ovpn) as an attachment from an email account on your computer (or a webmail) to the email address setup on IOS in the Mail app.
In the mail app open the email and open the .ovpn file, then choose to open it with OpenVPN. If you did it right, OpenVPN opens and you can click a + icon next to your config to import it.
Now you can simply slide Off to On and your VPN connects.
If your VPN server is at your house, and you are connecting to the Internet IP (as opposed to using the LAN IP in --remote) you can not connect to it from your house.