this are the main sources for firmware the other links are outdated _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Download at least twice. Compare checksums. Brainslayer does not provide checksums. _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
really with all the surveillance that goes on around the world these days, targeting insecure router firmware download and automating injection of some backdoor would be a trivial task for some governments. it's pretty easy to generate a gpg signature for example and provide it with the downloads... one or two extra commands
really with all the surveillance that goes on around the world these days, targeting insecure router firmware download and automating injection of some backdoor would be a trivial task for some governments. it's pretty easy to generate a gpg signature for example and provide it with the downloads... one or two extra commands
Posted: Thu Apr 11, 2019 14:32 Post subject: How to verify .chk files
I was wondering if there is any update on this important topic.
Many of us who flash these firmware care about security, so having the possibility to download a signature and the PGP/GPG key of the developer who released the version is essential.
I'm interested in R6400v2 (Netgear) and I haven't found any way to verify the .chk file.
Am I missing something? Any help or suggestion would be very appreciated.
There is a upgrade utitlity in his builds named ddup which downloads and checks the files.
When you are on his builds just run ddup --flash-latest (from telnet) to upgrade to the latest build.
I trust Kong 100% (I know who he is and where he lives )
Thank you for the suggestion, but unfortunately this does not solve the problem because ddup is available only if you have already flashed the build. Besides, I think it probably would not work updating R6400v2, because if the checksum is not available, it's not available also for ddup.
I trust Kong too! this is why I want to make sure what I am flashing is his build, and not some other maliciously modified builds.
Of course, having PGP signed checksums would be the best solution but, failing that, at least a unsigned checksum posted on a HTTPS site would be reasonable. What I think is not reasonable is having unsigned checksums posted on plain HTTP sites or plain FTP sites. Or, even worse, no checksum at all.
Anyway, thank you very much for the install guide. I found it very useful and detailed.
Joined: 16 Nov 2015 Posts: 6407 Location: UK, London, just across the river..
Posted: Fri Apr 12, 2019 15:52 Post subject:
hmm... i can see when i flash BS builds over SSh it does CRC verification if this is a concern that firmware is not broken...
otherwise on Kong builds it does checksum and CRC... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
On highly critical software, like a VPN enabled router, this is not a *nice to have* addition, but pretty much a standard requirement nowadays.
By the way, also a warrant canary would be greatly appreciated.