Hacking the Linksys WRT54GL

So I recently purchased a Linksys WRT54GL, hopefully to solve my lagging problem when the old Belkin router was ever overloaded with packets and connections. At which then I’ll have to unplug the router and power it back on.

There are several open source firmwares that work with this mode:
Sveasoft
dd-wrt
HyperWRT

The one I decided to use was dd-wrt. Sveasoft decided to charge for their newest firmware ($20/yr for support). Talisman, their old firmware which works on the WRT54G and WRT54GS, is still free, but Alchemy, their firmware that works on the WRT54GL is not. HyperWRT is the enhanced version of the existing Linksys firmware with bonuses, but has only a limited feature set. DD-WRT on the other hand is trying to replace what Sveasoft’s has done with Alchemy and to continue the project freely.

I finished upgraded the firmware to DD-WRT v2.3 (Standard Generic). The firmware upgrade went through fine, and I started customizing the settings and adding port forwards. However, I noticed that websites were loading awfully slow and when I tried to download a file, it would only get 4KB/s and eventually disconnect. I thought maybe I got the wrong version of the firmware, so I tried to installing the newest firmware from Linksys to see if the problem still occured. The firmware reverted back fine, but now I can’t seem to even go online. DNS resolving works, but no sites would connect. I made sure my connection worked on my old Belkin router and it did. So I was back to square 1.

I thought maybe I enabled some settings in DD-WRT that is causing problems in the Linksys firmware. Since DD-WRT v2.3 is rather new and may have bugs, I downloaded and installed v2.2 (Final R2). Since they never listed WRT54GL, I went for the Generic last time, but this time decided to give the WRT54G version a try. While upgrading the firmware, it reported the upgrade had fail. I was like oh shoot! But I was still able to connect to the router and decided to try the Generic v2.2. The one installed fine and I thought that’s good, until my router wouldn’t ever exit out of diagnostic mode. The power light would keep blinking. Pinging 192.168.1.1 didn’t get any response either.

I thought, crap, I broke my new toy. Started searching online for a way to hard reset the firmware like what I could do to my Linksys PAP2. There were suggestions of holding the reset button for 10 minutes, but it turns out that only resetted the settings and not the firmware. I finally found a site that taught me how to do it. It required opening the router and shorting 2 pins on one of the flash roms. This in turns allows you to force upload a firmware to it.

At first I was stumped on how to open up the router. I couldn’t find any screws and it looked like I’d break the rubber feet if I tried to pull on it any harder.

linksys wrt54gllinksys wrt54gllinksys wrt54gl

So I searched online on how to open it up and it turns out it was just as simply as pulling it apart. No screws involved. There is a warranty sticker which will be detached if you open the box, so do note by opening the router, you void your warranty.

linksys wrt54gllinksys wrt54gllinksys wrt54gl

Next was finding the chip and then the associated pins. It turns out I was doing this the hard way. I could’ve saved myself a lot of time and trouble trying to search for this pins with the handicap of part of the case was covering it. I won’t put you through the same headache, so lets continue for now.

linksys wrt54gllinksys wrt54gllinksys wrt54gl

You can unscrew the 2 antennas and then pop out the remainder of the case.

linksys wrt54gllinksys wrt54gllinksys wrt54gllinksys wrt54gllinksys wrt54gllinksys wrt54gl

Finding the chip was easy. It has the big word “FLASH” on it. On one side, you’ll see pins marked from 1 to 24 and on the other side, you’ll find pins marked from 25 to 48. The 2 pins we want to short are pins 15 and 16. You can enlarge the last image and the click on FULL SIZE to see which pins exactly. I’ve made them red so it can be found easier. Finding the pins were awfully hard, especially when 15 and 16 are smack in the middle. So if you CAN NOT ping your router (by default set to 192.168.1.1), unplug your router, find a sharp metallic object and short those 2 pins, and plug the power back on. I used a small screwdriver and that worked out fine. You should be able to ping the router now.

The next thing you want to do is rename the firmware you want to replace with to code.bin. Open up a command prompt (Start -> Run -> cmd) and type the following:
tftp -i 192.168.1.1 put code.bin
BUT DO NOT HIT ENTER YET

The next instructions I got didn’t work out exactly for me. I was told to reset the router and when my system was connected to the router, to push that binary through immediately. But by resetting the router, I wasn’t able to ping the router any more. So what I ended up doing was shorting the pins again, and made sure I could pin my router, and then I pushed the firmware through (hitting enter on the command prompt). If you get a timeout message, that means it can’t connect. If you get a transmission complete or successful, then means the firmware is in.

However, with the original firmware back in, it still wasn’t able to connect to the internet, meaning no webpage would load. I then tried installing DD-WRT v2.3 (Mini Generic). After the router rebooted, which took a few minutes, everything was fine and dandy. I didn’t have the lag which I saw initially and everything just worked. I had to reset my wireless setting and my port forwardings. I even boosted my wireless transmission power from 28mW to 251mW, which I don’t think I’m technically allowed.

But so far, life is once again good.

12 thoughts on “Hacking the Linksys WRT54GL

  1. Boosting your Transmission power that much will definately overheat the router and shorten its life especially if u have no heatsinks and or other cooling devices in the unit. Besides boosting the tx power that much overpowers the signal to your clients and creates signal noise which actually hurts the overall transmission of wireless delivery. Unless u really need to it is recommended in the help to do nothing over 70mw. Most people wont do over 50 especially if they value thier purchase.

  2. My problem with DD-WRT was that it’s QoS was working worse than even that of default Linksys firmware. I set my games on Exempt priority and p2p on Bulk, and it still lagged.

    Now using HyperWRT and it works much better.

  3. Hi!, I have a WRT54GL v1.1 with a flash chip that is *not* from Intel. I had to short pins 16+17. It worked as expected then.

    • Hi,
      Which flash chip did you have? Mine is non-intel too.
      I wanna confirm if 16+17 would work for me before trying it

      • Thanks for the tutorial. I saw myself building a JTAG cable and pushing bits into debug registers already.

        I also have a v1.1 with non-Intel chip, Samsung-something, i guess and Pins 16+17 worked like a charm. I had to have the tftp-command ready, as there seems to be a certain window in time for the bootloader to accept tftp. Also, i flashed the original Linksys firmware first, as the router complained about “Error on server code pattern incorrect” (http://goo.gl/L1ggR)

        Now i have OpenWRT 10.3 again and i’m happy 😀

        Cheers,
        Bernd

  4. Hi, I have WRT54G v2.2,
    2 days ago it worked fine, and could set the web admin through http://192.168.1.1, but yesterday it didn’t work at all, it gave “hardware error” while ping 192.168.1.1.

    Could your hard reset above works for my WRT54G v2.2. ?

    Tks,

    Kimpuls

Leave a Reply

Your email address will not be published. Required fields are marked *