Where is Model ID information stored in DD-WRT source

Post new topic   Reply to topic    DD-WRT Forum Index -> Generic Questions
Goto page 1, 2  Next
Author Message
dudemanguy0
DD-WRT Novice


Joined: 29 Nov 2021
Posts: 8

PostPosted: Mon Nov 29, 2021 8:01    Post subject: Where is Model ID information stored in DD-WRT source Reply with quote
Introductory Information:
Router: WNDR3700v4SH
Problem: Trying to convert a WNDR3700v4 img to work with WNDR3700v4SH router by modifying the Model ID information of the WNDR3700v4 image.

Why I'm trying to do this
I have a WNDR3700v4 router I want to flash with DD-WRT. This router however, is no ordinary WNDR3700v4. The version of this router I have was issued from a local ISP and was made to not have re-programmable firmware. However it still can be done:
https://pandion.ferrus.net/2019/06/the-netgear-wndr3700v4sh/
The person who wrote this blog was in a similar situation to me. You can see how he solved it in the blog post but in short; the Model ID of the router and the Model ID of the firmware image where different even though the ISP-issued version of the router and the vanilla router are basically the exact same machine. This is the error thrown on the terminal when you try to flash it:
Code:

Model ID of image doesn't match device:
MODEL ID on board: WNDR3700v4SH
MODEL ID on image: WNDR3700v4


The blog poster bypassed this by renaming the Model ID of the router to match the Model ID of the image. I thought instead of doing that, maybe I could just rename the Model ID of the image to match the Model ID of the router.


In short: Where is the Model ID information of a DD-WRT image for any specific router stored so I can modify and recompile it?

Link to the WNDR3700 DD-WRT page: https://wiki.dd-wrt.com/wiki/index.php/Netgear_WNDR3700

**I am trying to modify this image available on above referenced page: 23503 wndr3700v4-factory.img

[/b]
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Mon Nov 29, 2021 16:23    Post subject: Reply with quote
The problem with this hack job is that you have to modify the information of every file you flash to upgrade to current releases, which is what you should be striving to do if this is an internet-facing gateway router.

Seems that the blogger didn't give you the specific information on how to correct the information on the router side, which is not very nice. IOW, the blogger expected you to know information that they did not provide. Bad form.

I'm going to presume that they found this information by using printenv, then modified it with setenv, and then saved it with saveenv; but I am not 100% sure on this.

https://www.nxp.com/docs/en/user-guide/MEDIA5200UBPG.pdf
https://www.digi.com/resources/documentation/digidocs/PDFs/90000852.pdf
https://sites.google.com/site/manisbutareed/bringing-my-beagles-to-heel/u-boot-commands
https://xilinx-wiki.atlassian.net/wiki/spaces/A/pages/18842223/U-boot?view=blog
https://www.mediawiki.compulab.com/w/index.php?title=U-Boot:_Quick_reference
https://www.denx.de/wiki/view/DULG/UBootCommandLineInterface

Not having the stock firmware, I can only guess how to modify the file for it to work, but if you are dead set on that route, let us know.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Mon Nov 29, 2021 17:49    Post subject: Reply with quote
@dudemanguy0

This is a bit like using a hammer to do a screwdrivers job.
If the hardware is the same (EXACTLY) then it would fairly simple to support another target no matter what nonsense the vendor does to prevent people from doing this.

Caveat emptor, if the hardware does not belong to you (ISP provided) and you decide to fiddle with it, within the valid contract period, make sure that you understand that legally you may be breaking the contracts (terms) small print and T.O.S.

It is your responsibility to understand such implications. Both legal and repercussive implications.

Take care.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Mon Nov 29, 2021 19:21    Post subject: Reply with quote
Well, if the person is going to the extreme of serial console, then there is a way to do a fullflash dump to have on hand to flash back to the device when the time comes to return the device. But this would not be the first case where official or unofficial support has been given to modify ISP-supplied routers in the history of DD-WRT. And I think this is where the right to repair initiative is going to throw a one finger salute to the powers that be when it comes to this, anyway.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
dudemanguy0
DD-WRT Novice


Joined: 29 Nov 2021
Posts: 8

PostPosted: Tue Nov 30, 2021 0:11    Post subject: Reply with quote
kernel-panic69 wrote:
The problem with this hack job is that you have to modify the information of every file you flash to upgrade to current releases, which is what you should be striving to do if this is an internet-facing gateway router.

Seems that the blogger didn't give you the specific information on how to correct the information on the router side, which is not very nice. IOW, the blogger expected you to know information that they did not provide. Bad form.

I'm going to presume that they found this information by using printenv, then modified it with setenv, and then saved it with saveenv; but I am not 100% sure on this.

https://www.nxp.com/docs/en/user-guide/MEDIA5200UBPG.pdf
https://www.digi.com/resources/documentation/digidocs/PDFs/90000852.pdf
https://sites.google.com/site/manisbutareed/bringing-my-beagles-to-heel/u-boot-commands
https://xilinx-wiki.atlassian.net/wiki/spaces/A/pages/18842223/U-boot?view=blog
https://www.mediawiki.compulab.com/w/index.php?title=U-Boot:_Quick_reference
https://www.denx.de/wiki/view/DULG/UBootCommandLineInterface

Not having the stock firmware, I can only guess how to modify the file for it to work, but if you are dead set on that route, let us know.


Couldn't I somehow interface with the router via some kind of a command-line once DD-WRT is installed remotely (kind of like the blogger did, but without a serial connection). That way I could:
1. Install DD-WRT on the router
2. Change the Model ID of the router back remotely
3. Have any other DD-WRT installations work from there on

I mainly want to take this route because I can avoid buying and waiting for a Serial-USB adapter and I can publish the build so anyone else with a router like mine can do this. And yes, legally and by any active contracts I have with the ISP I am clear to modify this.

If you want the original firmware, you can get it here if you can get anything out of the vanilla version.

To be honest, as a developer I thought I'd understand a lot more than what's being discussed, but let me know if there is a way to make this work. I could maybe also contact the blog poster in DMs since he is still active. Any details or resources on how this stuff works would be good because being honest, I'm very unfamiliar on why the stock firmware is needed, if there even is a Model ID value inside the img that could be modified anyway, etc.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Tue Nov 30, 2021 1:34    Post subject: Reply with quote
The only way you're getting DD-WRT on this router "unofficially" is either by modifying something in the firmware image to recognize the router or by serial.

EDIT: I examined a factory.img file and made an edit of the model information. Use at your own risk. This image is the current DD-WRT release (47695). Once this is flashed, the webflash file in future releases can be used.

DISCLAIMER: I do not accept any responsibility if anyone chooses to void their contract with their ISP. I do not accept any responsibility if this file bricks your router. I do not have this device, so I have no way to test it.



wndr3700v4-factory.img
 Description:

Download
 Filename:  wndr3700v4-factory.img
 Filesize:  22.23 MB
 Downloaded:  275 Time(s)


_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
dudemanguy0
DD-WRT Novice


Joined: 29 Nov 2021
Posts: 8

PostPosted: Thu Dec 02, 2021 10:10    Post subject: Reply with quote
kernel-panic69 wrote:
The only way you're getting DD-WRT on this router "unofficially" is either by modifying something in the firmware image to recognize the router or by serial.

EDIT: I examined a factory.img file and made an edit of the model information. Use at your own risk. This image is the current DD-WRT release (47695). Once this is flashed, the webflash file in future releases can be used.

DISCLAIMER: I do not accept any responsibility if anyone chooses to void their contract with their ISP. I do not accept any responsibility if this file bricks your router. I do not have this device, so I have no way to test it.


On the DD-WRT Wiki page for the router, the procedure is to install some significantly earlier release of DD-WRT image, then update it to the latest:
https://wiki.dd-wrt.com/wiki/index.php/Netgear_WNDR3700

Try modifying the model information of the image I linked to in the original post. Also, where did you find the model information that you modified?
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Thu Dec 02, 2021 16:43    Post subject: Reply with quote
Did the file I modified *not* flash? If it did not, I will remove it from the previous post.
I noticed the note in red letters in the wiki, but I didn't back-track to see if the note was
still relevant. My apologies for that oversignt.

Anyway, here is that specific file version. As a "developer", you should know reverse
engineering, including how to examine files with a hex editor. IRT your thread question,
the answer is detect.c, if I'm not mistaken.

Use at your own risk. This image is DD-WRT release 23503. Once this is flashed, the
webflash file in future releases can be used.

DISCLAIMER: I do not accept any responsibility if anyone chooses to void their
contract with their ISP. I do not accept any responsibility if this file bricks your
router. I do not have this device, so I have no way to test it.



wndr3700v4SH-23503-factory.img
 Description:

Download
 Filename:  wndr3700v4SH-23503-factory.img
 Filesize:  22.1 MB
 Downloaded:  251 Time(s)


_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
dudemanguy0
DD-WRT Novice


Joined: 29 Nov 2021
Posts: 8

PostPosted: Sat Dec 04, 2021 7:51    Post subject: Reply with quote
kernel-panic69 wrote:
Did the file I modified *not* flash? If it did not, I will remove it from the previous post.
I noticed the note in red letters in the wiki, but I didn't back-track to see if the note was
still relevant. My apologies for that oversignt.

Anyway, here is that specific file version. As a "developer", you should know reverse
engineering, including how to examine files with a hex editor. IRT your thread question,
the answer is detect.c, if I'm not mistaken.

Use at your own risk. This image is DD-WRT release 23503. Once this is flashed, the
webflash file in future releases can be used.

DISCLAIMER: I do not accept any responsibility if anyone chooses to void their
contract with their ISP. I do not accept any responsibility if this file bricks your
router. I do not have this device, so I have no way to test it.


Didn't try it since I didn't feel like risking bricking my router. Also, editing the file with a hex editor was the first thing I tried and it didn't work. Your file also didn't work. I came to the conclusion that there is something that can't be edited through a text/hex editor and is compiled and only editable in the source. There are 2 possibilties:
- Some other error is occuring while trying to flash through the web interface (intentional code to prevent non-ISP issued images? Circumventable through the console?
- The edit you provided done with a hex editor doesn't actually change the model ID of the image and is therefore rejected.

So, I apologize for not being more clear in my original post, but that's why I was asking where specifically the Model ID information is stored in the DD-WRT source.

EDIT: I'm going to try modifying the file you referenced and creating the image file that way, if it doesn't work then it's most likely blocked through the web interface or I'm doing something wrong.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sat Dec 04, 2021 15:26    Post subject: Reply with quote
Then there is more information in the header that has to be modified. Not given 100% information about the device with the assumption that they are 100% identical, and not having a fullflash dump or the "branded" firmware to examine, I went with my best guess. Not sure if this device can be flashed via nmrpflash, but I would venture to say that you need to do a serial console and get more information so that perhaps the file can be properly edited or official support added.

EDIT. I just found another thread about a similar situation with another router: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=275896

Pretty sure the "version" information has to be changed; I didn't download all the files to compare, but that is what I would check if I were you.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
dudemanguy0
DD-WRT Novice


Joined: 29 Nov 2021
Posts: 8

PostPosted: Sun Dec 05, 2021 6:36    Post subject: Reply with quote
kernel-panic69 wrote:
Then there is more information in the header that has to be modified. Not given 100% information about the device with the assumption that they are 100% identical, and not having a fullflash dump or the "branded" firmware to examine, I went with my best guess. Not sure if this device can be flashed via nmrpflash, but I would venture to say that you need to do a serial console and get more information so that perhaps the file can be properly edited or official support added.

EDIT. I just found another thread about a similar situation with another router: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=275896

Pretty sure the "version" information has to be changed; I didn't download all the files to compare, but that is what I would check if I were you.


Impressive find. There is lots of valuable information in that post appeals to my issue as well. I'll be looking into it over the next few days and most likely release a
public build for my model afterwards on github.

EDIT: Bad news, I tried what the post said (changing header information like they did, adding SH suffix to “version” value). It didn’t work. I’ll be sending a link to all the images I tried with varying edits.
However, I stumbled across a Reddit thread with the same issue as the post you linked to. The OP gained telnet access through an old and probably leaked telnetEnable exe that came from netgear. I tried it and to my surprise it actually worked and this also means that I can gain SSH access. Typing in env, I can see that the board value is set to WNDR3700v4, not what’s expected. But in the terminal it says “root@WNDR3700v4SH”. Not sure where to go from here being completely honest but I’ll see if I can find something.

EDIT 2: So it’s too broken to try to enable SSH. It says to use psswd command but fails because the file already exists. Not sure on how it works tbh but I might be able to get it working. wget just doesn’t work and throws a seg fault when I try to download an image. If I can, I want to try to rewrite the firmware from the command line and observe what kind of error it throws. There is a USB port on the router meant for sharing files across the LAN that might be accessible by terminal once it’s inserted. Other than that I’m not sure what I can do because I’ve already tried modifying header data as much as it can be. I could also change the model id information on the router side if I knew how to.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sun Dec 05, 2021 12:15    Post subject: Reply with quote
You will pretty much have to dump as much information as you can regarding model number, version, etc., I think. So, the model number in header may not have needed to be changed at all. Ideally, a serial connection would be best to dump things and get a boot log.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
dudemanguy0
DD-WRT Novice


Joined: 29 Nov 2021
Posts: 8

PostPosted: Mon Dec 06, 2021 1:59    Post subject: Reply with quote
UPDATE

I'm beginning to think that something is broken with the web GUI's flash procedure. I've tried every possible combination of header value's I could think of, all matching the data I've gotten while playing around inside the busybox terminal, and nothing works. There are 2 reasonably inferable possibilities: The web flash is broken or the header's aren't the only thing that have to be modified (something else within the source that has to be compiled).

Please let me know if there is some kind of way to make an image or clone of the system before proceeding and possibly to analyze further (it's pretty hard to do that in a BusyBox terminal only). I was going to use DD to create an image of it onto a connected usb drive but there are multiple partitions and I couldn't identify a single drive I could clone from using the DF command.

I'm going to try to update the router over TFTP next, if that doesn't work then I'll analyze the files of the forum post you sent more closely (comparing the content in the file's directly to another) to see if I need to modify more than just the header, and if that doesn't work I'll have to resort to a serial console to find out what's really going on.

Link to console outputs of interest
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Mon Dec 06, 2021 3:06    Post subject: Reply with quote
The only way you're going to do a flash dump is via serial, AFAIK. But seeing what I am seeing, it has a modified OpenWRT on it. I am wondering if the way to proceed is to try flashing factory or sysupgrade OpenWRT vanilla... https://firmware-selector.openwrt.org/?version=21.02.1&target=ath79%2Fnand&id=netgear_wndr3700-v4 ... and then flash the oldest stock Netgear firmware for the non-branded version that is supported by DD-WRT, *then* flash DD-WRT. If you want to save the flash chip contents first, though, you can only do this via serial, AFAIK. Not sure what commands are enabled via telnet on this firmware. Usually, "help" will list what is available...
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
dudemanguy0
DD-WRT Novice


Joined: 29 Nov 2021
Posts: 8

PostPosted: Mon Dec 06, 2021 5:19    Post subject: Reply with quote
kernel-panic69 wrote:
The only way you're going to do a flash dump is via serial, AFAIK. But seeing what I am seeing, it has a modified OpenWRT on it. I am wondering if the way to proceed is to try flashing factory or sysupgrade OpenWRT vanilla... https://firmware-selector.openwrt.org/?version=21.02.1&target=ath79%2Fnand&id=netgear_wndr3700-v4 ... and then flash the oldest stock Netgear firmware for the non-branded version that is supported by DD-WRT, *then* flash DD-WRT. If you want to save the flash chip contents first, though, you can only do this via serial, AFAIK. Not sure what commands are enabled via telnet on this firmware. Usually, "help" will list what is available...


Considering the router has dd installed on it, I think it could probably work. If it can’t or won’t be used for developing a dd-wrt compatable flash I don’t care though.
The original blog post says that sysupgrade didn’t work because it was too broken, but I can still give it a shot. What commands would I have to run to do what your saying? Btw, I tried running sysupgrade wndr3700v4sh_dd-wrt.img but it failed with 2 error messages (more or less what it said):
- sysupgrade does not yet support generics
- failed firmware comparability check

The second of which would occur no matter what file I tried to flash, even if it isn’t an existent file at all. Maybe the web gui uses this command to install flashes and that’s why it fails every time? Probably not, I don’t know.

I can also give you the supported commands via ‘help’ if you want them but there are more than the ones it lists (I know by playing around in the terminal).

Also I’m not trying to do a flash dump exactly, just image the OS over to a drive. The difference is small, meh. But yea, let me know what commands or procedure id use to do what your suggesting. I don’t think the stock WNDR3700v4 firmware will work because of the aforementioned issues that come with using sysupgrade. Do you think there is a way I could try to repair it by downloading packages off the usb? It sounds like a headache being honest though, the goal is getting dd-wrt on a router not repairing proprietary junk.

Relevant link: https://gist.github.com/Mag81/44097d9a54574a5b2ed8
Putting it here so I remember to check it out next time I sit down to work on this thing.
Even more relevant link: https://gist.github.com/aplocher/7d717925fe00c6602bed


EDIT: I'm tired and want to die...
but I've made some good progress. First off, one of the github links leads to this: https://forum.archive.openwrt.org/viewtopic.php?id=39142
TL;DR: You need the original firmware file to create an image. This is probably circumventable through some reverse engineering DD clone bs but I'm not about to do all that. So, I did something a bit bold; I sent an email to NETGEAR basically saying what they are doing is illegal and to upload that file. The hope is they don't just ignore me. If they do, I'm getting a serial-usb bridge and I'm going to try to see how hard it would be to create an image file from serial/terminal access to the router and therefore making a compatible image. This ISP is basically only local to my city, this router is really old, and there isn't much posted online about it so I doubt anyone else would care about developing it. Then again if no one else is in my situation then I suppose I'm not helping many others by releasing it anyways. In conclusion, a big middle finger goes out to both NETGEAR and Shaw from the bottom of my heart <3.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Generic Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum