惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cloudbric
Cloudbric
有赞技术团队
有赞技术团队
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
Threat Research - Cisco Blogs
L
LangChain Blog
Simon Willison's Weblog
Simon Willison's Weblog
Project Zero
Project Zero
Latest news
Latest news
S
Schneier on Security
Cisco Talos Blog
Cisco Talos Blog
MyScale Blog
MyScale Blog
C
Check Point Blog
IT之家
IT之家
P
Palo Alto Networks Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CERT Recently Published Vulnerability Notes
Scott Helme
Scott Helme
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
G
Google Developers Blog
T
Tor Project blog
T
Threatpost
D
DataBreaches.Net
博客园 - 【当耐特】
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Troy Hunt's Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
NISL@THU
NISL@THU
P
Privacy & Cybersecurity Law Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cisco Blogs
博客园_首页
S
Securelist
T
The Exploit Database - CXSecurity.com
Last Week in AI
Last Week in AI
量子位
U
Unit 42
Know Your Adversary
Know Your Adversary
Hugging Face - Blog
Hugging Face - Blog
S
Security Affairs
Google Online Security Blog
Google Online Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
S
SegmentFault 最新的问题
Engineering at Meta
Engineering at Meta
N
News and Events Feed by Topic
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志

John Bokma's Hacking and Hiking

Failed to verify signature archive-contents.sig in Emacs Aquamacs 3.6 Hangs When Saving An Encrypted File PAR trouble How To Create a Bootable LibreELEC Installation using Mac OS Running pdflatex Using the Alpine Pandoc LaTeX Docker Image A Docker Image for Sass Timezones in Alpine Docker Containers A Tale of Three Docker Images Debugging a Perl Docker container Perl Time::Piece Unicode Issue Giving Docker Desktop for macOS a Second Chance Flashing another TP-Link TL-WDR4300 with OpenWrt firmware Rehousing two tarantulas Getting started with the Perl version of tumblelog on Ubuntu 18.04 LTS A visit to Avonturia De Vogelkelder Mounting a VDI File in a Different VirtualBox Guest Wireless Headless Raspberry Pi - John Bokma A Matter of Time - John Bokma Hand coding an RSS 2.0 feed in Python RFC #822 and RFC #3339 dates in Perl RFC #822 and RFC #3339 dates in Python Hand coding an RSS 2.0 feed in Perl Nav Element with no Heading Rewriting CommonMark Nodes in Perl "right" this time
Flashing a TP-Link TL-WDR4300 with OpenWrt firmware
John Bokma · 2019-11-09 · via John Bokma's Hacking and Hiking

November 8, 2019

Note: an updated version is available: Flashing another TP-Link TL-WDR4300 with OpenWrt firmware.

Today I flashed a TP-Link TL-WDR4300 with OpenWrt firmware using my 2014 Mac Mini running OS X Mojave. Below follow my notes. I highly recommend to read the official OpenWrt documentation as well.

Flashing the router

  1. Download the factory image via the TP-Link TL-WDR4300 OpenWrt page.

    The SHA256 digest for the firmware file I downloaded is given below:

$ shasum -a256 -b openwrt-18.06.4-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.
bin
610192af856f588b4ea46b323e50625db373e2477cb9269ddce09e9ddac832a0 *openwrt-18.06.
4-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin
  1. Rename the downloaded file. This is required otherwise the web interface of the router is not able to open the firmware file.
mv openwrt-18.06.4-ar71xx-generic-tl-wdr4300-v1-squashfs-factory.bin \
   wdr4300v1_en_3_14_3_up_boot\(150518\).bin
  1. Connect the computer, in my case a Mac Mini, to the LAN1 port of the router using a UTP cable.

  2. Browse to http://192.168.0.1/ and login to the router. The default username is admin with default password admin.

    If you can't reach the router you have to assign a static IP address to your computer first.

  3. Click the System Tools entry in the web menu and select Firmware Upgrade. Browse to the renamed file and click the Upgrade button.

Progress bar showing upgrading process 92% complete
Firmware upgrade on the TP-Link TL-WDR4300 in progress.

Connect to the router. You can either connect via the web browser: http://192.168.1.1/ or use ssh root@192.168.1.1; I prefer the latter.

BusyBox v1.28.4 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 18.06.4, r7808-ef686b7292
 -----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------

Use passwd to set a strong password. This password is also the one required by Luci. I disabled Luci using:

/etc/init.d/uhttpd disable

Public key authentication

First generate a key pair. The SSH server used, dropbear, doesn't support Ed25519 so I used RSA 4096 instead:

ssh-keygen -t rsa -b 4096 -C 'router' -f ~/.ssh/router

Copy the public key to the router as follows:

scp ~/.ssh/router.pub root@192.168.1.1:/tmp

On the router, add the public key to the authorized keys of dropbear. You can repeat this step with each new public key.

cd /etc/dropbear
cat /tmp/*.pub >> authorized_keys
chmod 0600 authorized_keys
rm /tmp/*.pub

Next, configure dropbear as follows using vi /etc/config/dropbear:

config dropbear
	option PasswordAuth 'off'
	option RootPasswordAuth 'off'
	option RootLogin 'on'
	option Port '22'
	option GatewayPorts 'off'
	option Interface 'lan'

Restart dropbear:

/etc/init.d/dropbear restart

On the client computer add an entry to ~/.ssh/config:

Host router
    HostName 192.168.1.1
    User root
    IdentityFile ~/.ssh/router

See also