SUSFinder Code
Set recovery mode IP and flash firmware to ASUS WL-500gP router
Status: Beta
Brought to you by:
xwindows
Menu
▾
▴
Tree [2633af] master 0.2.0 / History
Read Me
SUSFinder is a utility to find and assign IP address to ASUS WL-500G Premium
router booted in recovery mode on local network for flashing firmware,
in the case that you didn't know router's IP address settings beforehand,
or your router's IP address settings in NVRAM have been corrupted.
This utility do essentially the same thing as ASUS Firmware Restoration
Utility, except that it relies on an external atftp
<http://sourceforge.net/projects/atftp/> program to do the firmware flashing.
In case that atftp is not available on your system, you can do the
TFTP flashing part manually after the address is set, using any
ordinary TFTP client.
It was tested only on ASUS WL-500G Premium v2 router. If you have succeeded
in using this utility with other model of ASUS router, I appreciate if you
could drop me a line, or file a bug report, so I could list them for
other users.
Currently, SUSFinder is written in ANSI C with POSIX API, thus should be
portable to most Unix-like platform (including Cygwin).
Project website: http://susfinder.sourceforge.net/
Contents
--------
1. Background
2. Principle of Operation
3. Installation
3.1 System Requirement
3.2 Compiling
3.3 Installing
3.4 Uninstalling
4. Running
4.1 Basic Usage
4.2 Using SUSFinder for Flashing Firmware
5. Alternatives
6. Acknowledgements
7. Author
1. BACKGROUND
=============
In order to flash a new firmware to ASUS WL-500G Premium router, you have to
boot it into recovery mode, and use a TFTP client to connect to its IP address
and upload a new firmware file into it. Any ordinary TFTP client will do.
But it starts to be a problem if your router is configured to use non-default
IP address (the default is 192.168.1.1/24). Now you have no clue which network
to configure your PC for or which address to TFTP to. Using broadcast ICMP ping
won't help as it didn't reply at all. (Unicast ping still works however)
But with ASUS Firmware Restoration Utility and its magic, you can do it.
This utility is proprietary and works only on Microsoft Windows though.
So, with a small bit of reverse engineering on a packet dump captured while
running the ASUS utility on Microsoft Windows 7 with ASUS WL-500G Premium v2
router, I was able to recreate what ASUS utility do to locate a router
booted with recovery mode on a local network, and assign an IP address to it.
This utility is written mostly to satisfy my own curiousity on this ASUS
proprietary utility I encountered while I'm working on OpenWRT flashing
in college's Linux Kernel class; hence its limited usefulness.
2. PRINCIPLE OF OPERATION
=========================
In ASUS WL-500G Premium router's recovery mode, only TFTP and unicast ICMP echo
service are available.
In order to assign IP address to the router, SUSFinder sends a TFTP binary file
read request to the broadcast address 255.255.255.255 with a filename that
starts with "ASUSSPACELINK" followed by four octet of IPv4 address in reverse
(little endian) order and wait. When ASUS router received that packet, the
router will set its own IP address to the value found in filename, with subnet
mask 255.255.255.0, then send an EOF data packet (block 1 data packet with
0 byte of data) back to the PC, announcing its presence.
Once SUSFinder received the first applicable TFTP EOF data packet, it will
print out originator's (router's) IP address, and exit (or, if applicable
start TFTP firmware flashing).
3. INSTALLATION
===============
3.1 System Requirement
----------------------
SUSFinder should run on any Unix-like system.
For source version of SUSFinder; to use it you'd need:
- C Compiler (that could compile at least ANSI C89)
- Standard C Library (that has POSIX socket API)
- Make (optional)
This program have been tested using GNU C Compiler (GCC) 4.3.2, GNU Make 3.81
and ran on Debian GNU/Linux 5.0 i386. For Cygwin port, tested and released
using GNU C Compiler (GCC) 4.8.2, GNU Make 4.0 with cygwin1.dll 1.7.28
and ran on Microsoft Windows XP SP3.
If you planned to use the convenience '--flash' option, 'atftp' program must be
available on the system too. Without using '--flash' option, you can still run
any other TFTP client manually with IP address given by SUSFinder.
Note: if you've just checked out SUSFinder from git repository,
you also need to run this command in source directory before proceeding
to the next step:
$ ./autogen.sh
3.2 Compiling
-------------
To compile SUSFinder on Unix-like system, run this command in source directory
$ make
This will produce an executable named 'susfinder' in the source directory.
You can even run it directly without installing, using:
$ ./susfinder
In case you want to install SUSFinder on your system for long term use,
then proceed to the 'Installing' step.
Alternatively, in case you didn't have the Make program, you can use your
platform's C compiler to compile 'susfinder.c' directly. Then you manually copy
the executable to desired location. (Skip the 'Installing' step)
3.3 Installing
--------------
If you wanted to install SUSFinder system-wide on Unix-like system,
use this command (as root):
# make install
This will install susfinder binary to /usr/local/bin.
Alternatively, in case you need to install it just for yourself (like in
your ~/bin folder), prepend PREFIX=... in front of 'install' and it will place
the binary in 'bin' subfolder (and manual page to 'share/man' subfolder) of
your prefix. Also you didn't need to be root to install it.
This example will install SUSFinder to your home folder (~/bin):
$ make PREFIX=~ install
3.4 Uninstalling
----------------
To uninstall (on Unix-like system), you just need to do the same step as
installation, but change 'install' word to 'uninstall'.
4. RUNNING
==========
4.1 Basic Usage
---------------
To use SUSFinder, you need to configure your PC as if you're going to use
that router as an internet gateway, but use manual IP address settings,
with subnet mask 255.255.255.0, and a made-up default gateway address.
Then run SUSFinder with the default gateway address you made up earlier.
When SUSFinder repeated the address back, your router is now configured to
use that gateway address, and you can use a TFTP client to flash it.
For example, if PC is set up with IP address 192.168.1.21, subnet mask
255.255.255.0 and made-up default gateway address 192.168.1.1, run SUSFinder:
$ susfinder 192.168.1.1
When SUSFinder outputted '192.168.1.1' back, you can now use a TFTP client
to flash your firmware to that address.
In case you want to flash a firmware file named 'openwrt.trx' right away, and
'atftp' program is available on your system, run SUSFinder:
$ susfinder --flash "openwrt.trx" 192.168.1.1
See SUSFINDER.txt for detailed usage, bugs and catches.
If you installed this on Unix-like system, you can view that documentation via
system's manual page viewer (e.g. using 'man susfinder').
4.2 Using SUSFinder for Flashing Firmware
-----------------------------------------
This is a step-by-step instruction to use SUSFinder together with TFTP client
to flash your ASUS WL-500G Premium router.
1. Plug your router (LAN side) to to your machine's ethernet port, using a
normal straight-thru UTP cable.
2. Put your router in recovery mode, by plugging in router's power cord
while pressing "Restore" button on the router.
3. Wait till your router's power light blinks, then release "Restore" button.
4. Set your machine's ethernet port IP address to any desired value with
subnet mask 255.255.255.0 (don't use "Automatic" or "DHCP"). Then set
default gateway to any address in the same subnet. (But don't set the same
address as the machine)
Default gateway address you set here will be the address you're going to
assign to the router.
5. Now, assuming 'atftp' program is available* on your machine.
Run SUSfinder with '--flash' option, followed by path to firmware file and
IP address you specified as machine's default gateway.
When IP address of your router is shown (which is supposed to be the same as
one you specified), SUSFinder will start firmware uploading automatically.
Don't be alarmed if router's power light stopped blinking or turned off
as soon as the upload started; it's normal.
6. Once the upload is finished, wait two minute (or five, to be safe) to let
your router flash its memory.
7. Now you're done! Reboot the router to enjoy your new firmware.
* Side note: if 'atftp' program is not available on your machine, do this
in place of step 5:
5.1 Run SUSFinder with an IP address you specified as your machine's default
gateway.
5.2 SUSFinder will show you an IP address of the router (which is supposed
to be the same as one you specified).
5.3 Use an ordinary TFTP client to upload the firmware file to that IP
address. (Don't forget to set transfer mode to "binary" before uploading,
and don't be alarmed if router's power light stopped blinking or
turned off as soon as the upload started)
Then continue to step 6.
5. ALTERNATIVES
===============
If your router isn't already bricked, it might be easier to just go into
its web configuration interface and read its current IP address. If you are
currently using OpenWRT <https://openwrt.org/> firmware (or its derivatives),
you might need to login on terminal and use 'nvram' command to see the
IP settings, since OpenWRT's IP configuration is separated from the
bootloader's one.
6. ACKNOWLEDGEMENTS
===================
Development of utilty is possible, thanks to my classmate (Anotien Yuyanyong)
who kindly run Wireshark <https://www.wireshark.org/> on his Windows 7 machine
when using ASUS Firmware Restoration Utility as I requested, and the
class lecturer (Mr. Aphirak Jansang) who mentioned this alternative firmware
flashing method since I'm too lazy to read the manual.
7. AUTHOR
=========
SUSFinder is written by Nutchanon Wetchasit,
released as Free Software under GNU General Public License.
For legal information, see LICENSE.txt.
