Recent Posts

Pages: 1 [2] 3 4 ... 10
11
Storage / TS-HTGL lost boot image
« Last post by ttquattroman on October 21, 2017, 02:04:59 pm »
Hi Guys,

I know this is an old topic - but I am clutching at straws here.

I have a TS-HTGL with FW version 1.35 onboard.

When I use the TFTP software I get the following;

Preparing to write TFTP configuration settings.
TFTP Configuration settings have been written.
TFTP Server Multithreaded Version 1.4 Windows Built 1.400


Starting TFTP...
alias / is mapped to C:\Users\Peter\Desktop\Buffalo\Recovery\TFTP Boot Recovery TS-HTGL-R5\
listening On: 192.168.2.50:69
listening On: 127.0.0.1:69
listening On: 192.168.11.1:69
permitted clients: all
server port range: all
max blksize: 65464
defult blksize: 512
default interval: 3
overwrite existing files: No
thread pool size: 1

accepting requests..
Client 192.168.11.150:1216 C:\Users\Peter\Desktop\Buffalo\Recovery\TFTP Boot Recovery TS-HTGL-R5\uImage.buffalo, 3433 Blocks Served
Client 192.168.11.150:3912 C:\Users\Peter\Desktop\Buffalo\Recovery\TFTP Boot Recovery TS-HTGL-R5\initrd.buffalo, 10656 Blocks Served

Then the machine boots ok, but I cannot connect to it via the NSA Navigator, the firmware update tool does not find the machine in order that I can force a FW update.

If I power down and then up I am left with the original Lost Boot error.

Any thoughts or guidance would be appreciated.

Peter
12
Wireless / Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Last post by retry on October 21, 2017, 01:44:56 pm »
In my case, I need to upgrade/update a Buffalo WHR-HP-G54 (two, purchased in 2007 and 2010) and have no idea whether they are considered so old that neither Buffalo nor dd-wrt.com will eventually have updates that deal with the KRACK WPA2 vulnerability for that particular platform.

Dude I got rid of my WHR-HP-G54 like 5 years ago.  They are paperweights.  You haven't been safe running those in a very long time. KRACK is just the latest software flaw needing patching.  You haven't been paying any attention and NOW expect firmware updates on 802.11g technology? Come on.  You can't expect support for a device that isn't even physically up to snuff with modern standards.  That's like owning a 32 bit computer and being angry that only 64 bit builds are getting made now.

That thing was a great router in its day, but it only has 16MB of RAM and 4MB of storage.  That's not even close to capable of running modern firmware.  Even a minimal openwrt build with squashfs needs more than 4MB!

As for the complete mess of the dd-wrt website, no joke, it's pretty bad.  But basically two guys (kong and brainslayer) are doing ALL this work for free for the rest of us. Besides, I already showed you where to go: FTP site for the latest builds, forums for the latest news. The cruft sucks, but it's easily ignored.

Check this out: a new build released yesterday includes an EAPOL kill switch to protect unpatched clients on your LAN:
http://dd-wrt.com/phpBB2/viewtopic.php?t=311799

So now community dd-wrt protects the router itself (e.g. if it's a client bridge) and all your attached devices.  Will Buffalo have this in theirs?
13
Wireless / Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Last post by retry on October 21, 2017, 01:29:07 pm »
Yes flashing router firmware is not the same thing as a software update. IMO it's a travesty of the hardware community that they don't maintain the software that runs their equipment.  Buffalo does show support for *some* of its older hardware, and that is laudable.  This is why I've been a loyal buffalo customer through 3 generations of router purchases (802.11g, 802.11n, dual-band 802.11n/ac).  That and the fact that when they do cut off support, their routers take DD-WRT already without having to go through extra steps like unlocking a bootloader.

I'll use a car analogy.  Some people can barely pump their own gas.  Some people can change their oil/swap their tires/replace spark plugs.  Some people can repair engine problems. Some people can completely mod a car. 

The point is, if you're not a technical computer user, if the command line frighten and confuses you, then do not attempt a TFTP upgrade.  It also means *if* you brick your router through the web gui, you cannot recover.  Honestly, it's just about following a series of steps without rushing through it and skipping something important.  Remember when we were kids in school and we got that assignment to read ALL the instructions carefully before you begin?  Then the last instruction is to disregard all the instructions and merely sign your name at the top? Did you pass that quiz? If not, then you will probably fail.

I've flashed every router I've ever owned.  I have bricked routers, screamed, punched things, etc, but I always ended up triumphant.  This is the nature of ALL engineering and technical work.

I am unaware of any features in the Buffalo branded dd-wrt firmware that aren't in the community builds.  The community builds have moved on so much and added features.  My wifi is infinitely more stable on this latest community build than it was on the last buffalo build. 

BTW, the dnsmasq vulnerability was never patched by buffalo either.
http://www.itsecdb.com/oval/definition/oval/com.redhat.rhsa/def/20172836/RHSA-2017-2836-dnsmasq-security-update-Critical-.html

If you *are* still using the buffalo firmware, you ought to disable dnsmasq.

The fact of the matter is, no hardware vendor is really doing a good enough job keeping their products up to date and safe.  Sure Buffalo is better than most of the other router vendors, but that's not really saying much.  A router is just a purpose specific server.  Servers get software updates AS THEY ARE needed.  If you run linux systems, security patches can come at any time, and are almost always painless to install. 

Phones are a great example of a purpose specific computer that is actually nothing more than a server (always on/always connected to the internet with at least one exposed service) but almost never get timely updates.  There is only one way I know to remedy that: own an android phone and install LineageOS or some other community driven project based on AOSP.  I flash a new ROM onto my phone weekly in a few minutes.  It is painless and effective.

In my experience with DD-WRT, they rely on the community to QA builds, so a new revision can be really buggy and unstable.  I only flash when something serious comes along like KRACK or the dnsmasq flaws.  It takes effort to pay attention to what is happening with software. But you know what? You ALL rely on this technology everyday for very important things.  You SHOULD be paying attention.  Or you can be like the ignorant masses and have your equipment become part of some 100000 unit strong botnet, causing DDOSes and ransomware.  Consider it civic duty if you will.
14
Wireless / Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Last post by ACGarland on October 20, 2017, 03:46:44 pm »
I concur: the number of dire warnings and "details" that one is expected to navigate on the dd-wrt.com website in order to update one's router seems over-the-top.  Many (most?) who might consider doing so will conclude its too risky or will require a ton of time.  Representing the upgrade process as something where people have to master all the intricacies of dozens of warnings and potential problems is simply not workable.  Most folks don't have the time, nor the expertise, to devote hours and hours to updating their firmware.

This has always been the Achilles heel of open source: some WONDERFUL apps and mind-blowing utilities (e.g., git), but sorting through the mountain of stale may-or-may-not-apply-in-your-case "documentation" to figure out what YOU need to do can almost make some packages unusable.  Aspects of the dd-wrt.com website seem that way.

In my case, I need to upgrade/update a Buffalo WHR-HP-G54 (two, purchased in 2007 and 2010) and have no idea whether they are considered so old that neither Buffalo nor dd-wrt.com will eventually have updates that deal with the KRACK WPA2 vulnerability for that particular platform.
15
Wireless / Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Last post by hmrct on October 20, 2017, 01:08:24 pm »
Glad to see Buffalo is *probably* going to issue a DD-WRT Professional firmware upgrade for the WZR-600DHP.  There are a number of reasons you might want to wait for the pro upgrade instead of replacing it with a community firmware upgrade.  In particular, there are two router features supported by the pro firmware that are not supported by the community firmware (don't have the list in front of me, but the DD-WRT wiki section for the WZR-600DHP is helpful in that regard): most of us probably don't use those features, but I hate giving up capabilities even if I'd never use them.

You also lose the Buffalo branding seen on the web-based administration pages (not necessarily an issue -- pointed reminder you're running a community firmware load instead of the pro firmware), and the ability to configure certain features via the web interface, i.e., you'll have to get familiar with the command-line interface.  I'd like to think that's not an issue for people who value having DD-WRT as an option, but I'm all about not violating the principal of least astonishment when it comes to upgrades.

One last observation...  As another poster mentioned, if you read through the instructions for flashing the community firmware and are paying attention, you will probably come away from the effort with the distinct impression your odds of success are essentially nil.  Logic says that has to be b.s. or people couldn't be enticed to try the community firmware loads.  HOWEVER, the advice to have a backup router available is a great idea.  Get the backup flashed and configured the way you want it, then swap it out with your current primary.  Minimal downtime, and you don't accidentally saw off the tree limb upon which you're sitting.
17
Wireless / KRACKs WPA2 Vulnerability
« Last post by Texturtle on October 20, 2017, 08:50:12 am »
In WPA2, the wireless LAN encryption technology, there was an announcement that there is a vulnerability called "KRACKs".

Since this is a vulnerability depending on the implementation of the "slave" function of the WPA 2 standard, there is an possible vulnerability when using wireless client / bridge product and wireless routers which have relay functions (WB WDS, etc.) supporting WPA 2.

We are currently conducting investigations of our products, we will publish information concerning which products are impacted and countermeasures when available.

Please note that if you are not using relay functions (WB WDS, etc.) with the wireless router, there is no vulnerability, so please use with confidence.


Products without KRACKs issues

 WXR-1900 series
 WXR-190X series
 WXR-1750 series
 WXR-175X series
 WSR-300HP series
 WAPM series
 WAPS series

As soon as vulnerable products are identified we will release a firmware update that will eliminate the vulnerability of the applicable product.
Please update the firmware as soon as it is released.
18
Storage / Shared Folder
« Last post by gianluigi on October 20, 2017, 04:21:00 am »
good morning,
I created a shared folder without access restrictions. However, when tries to access from windows  it still asks for credentials. It's normal ?
Thanks
19
Wireless / Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Last post by retry on October 20, 2017, 01:26:24 am »
I just want to help everybody out that wants a fix for this.  Yes, you need to go to dd wrt's community site to get new firmware.  First off, the website is completely out of date.  You want to go to the forums to look for the newest information.  Unfortunately it's just a complete mess to get that information.  But the firmware is reasonably well organized.  You just have to know where to look.  So here is where you go:

ftp://ftp.dd-wrt.com/betas/

Then drill down to the latest builds:

ftp://ftp.dd-wrt.com/betas/2017/10-17-2017-r33525/

This is the ONLY rev with the KRACK patch.  Find your router model.  For example, I own 2 WZR-600DHP's :
ftp://ftp.dd-wrt.com/betas/2017/10-17-2017-r33525/buffalo_wzr-600dhp/

In that dir, you will see TWO binaries. If you're here, you probably still have buffalo firmware installed.  So you'll want this one:
buffalo_to_ddwrt_webflash-MULTI.bin

The other one is what you will use after you've converted to the community builds (i.e when you flash future revisions).

You can try to upgrade via the web interface if you have buffalo branded DD-WRT.  I highly recommend you backup your config, take screenshots of settings too, and reset the config when you flash.  Don't be surprised if the flash takes 10 minutes.  Also don't be surprised if it fails.  I could never get a web upgrade to work right. 

In which case you have to use tftp, which is technically more complicated than the web based upgrade. Different routers have different tftp guides.  I will explain the pocedure for a WZR-600DHP which should cover fundamentals, but settings will be different for different hardware (i.e. IP addr to set, MAC addr to set, etc.)

This is going to be super confusing to novices, but what you want to do is unplug your router from the internet and pull the plug. Get an ethernet cable and attach it from your PC to a LAN port on the router (NOT the WAN port).  You will then set your PC's ethernet device to 192.168.11.2 with a 255.255.255.0 subnet mask (gateway can stay blank).  Then you will open a command prompt.

Then type the following command:

netsh interface ip add neighbors "Local Area Connection" 192.168.11.1 02-AA-BB-CC-DD-20

Again, the IP address and MAC address is what the WZR-600DHP wants.  Other routers will expect different things. You'll have to do your own research on that.

Now cd to whatever dir you saved the firmware binary in.  If you saved to your Desktop, then cd Desktop should take you there.  Now you will type (but do not press enter yet):

tftp -i 192.168.11.1 PUT <firmware file>

e.g.:
tftp -i 192.168.11.1 PUT buffalo_to_ddwrt_webflash-MULTI.bin

So that command is waiting to launch (you didn't press enter right?).  Now open a second command prompt.  Type the following command:
arp -a

You will see some IP addresses and MAC addresses in a list (or maybe nothing at all).  Just be ready to type that command over and over in a moment.

Now plug the router back in.  It will power up, and the TFTP window will open in around 10 seconds and last for 4 seconds.  While it's powering up, go back to the window with the arp -a command just repeatedly run the command until you see a line for 192.168.11.2 pop up with the MAC address we entered earlier: 02-AA-BB-CC-DD-20

When you see it, switch to the window with the tftp command line ready to go and press enter.  Wait for the transfer to complete.  You may have to disable your firewall if it doesn't work.  If you miss the window, or the transfer fails or times out,  power off the router and start over at the tftp line above.

If you see the result that the transfer was successful, then just be patient.  Give the router 10 minutes to flash and restart.  If all goes well you can change your ethernet adapter back to dynamic assignment and connect to your router via the web gui at http://192.168.1.1 .

Good luck.  I won't be monitoring this forum or offering any help.  Be prepared to waste hours if you brick your router.  If you have another way of connecting to the internet during all this, great.  If not make sure you've got all the documentation, firmware, etc. you need before you knock yourself offline. 

If you're smart like me (haha), you own two identical wifi routers and you rotate which is the slave (repeater) and which is the master (router) with every firmware upgrade, always upgrading the slave first, then promoting it to the master.  This way you never end up offline in case things go totally south (yes I've been in a bricked state for days before -- live and learn).

The WZR-600DHP is a fine router.  I've been happy with them.
20
Wireless / Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Last post by ACGarland on October 19, 2017, 05:46:51 pm »
Hello ProFromGlover,

Just a short note to say "thank you" for the links to the detailed information regarding applying updates from dd-wrt.com .  I read some of the precautionary warnings and I must say, it's a wonder anybody risks doing an upgrade--the number and seriousness of the warnings is pretty overwhelming. (And I'm an electrical engineer working in firmware/software for multiple decades.) 

I found your second report a great deal more encouraging!

Unfortunately, the router database page for my model (WHR-HP-G54) shows a latest stable build dated 2017-09-07 and I couldn't find any betas listed for that model.

So I guess I'll have to wait to see if anything newer than 2017-09-07 gets posted--or a beta added for the WHR-HP-G54.

My present firmware version is pretty ancient (model  WHR-HP-G54 Ver.1.40 (1.0.37-1.08-1.04)) so I definitely need to get with it and update mine--I'm still using WEP (although with MAC filtering) :-P  But if the update is risky/complex, I'd rather wait and do it once.
Pages: 1 [2] 3 4 ... 10