Compiling Netgear Firmware

Posted on 23 April 2013 by stuff writer

Having ranted about Netgear’s terrible support for their old stuff, I have finally managed after many moons to recompile the software they provide, so that I can brick my router.  The trick is to do the compiling as root on an old system – and lacking an old system, a virtual machine, installed with old software.

Netgear made supplied source code for a stack of their firmware for download in terms of the GPL – link.  Compiling this proved to be difficult, nay, impossible on my system, since the compiler and build environment have moved on, and now detect buffer overflows in the source code.

Here’s how it’s done:

  1. Download a copy of CentOS 4 – http://vault.centos.org/4.9/isos/i386/ – the i386 DVD works – YMMV with others.  You might be able to do this on Debian 4, but I could not obtain a copy of Debian 4 – there’s a torrent, but it’s mostly unseeded, and there’s an archive, but it’s empty in a few important parts.
  2. Run virt-manager, and create a new machine with the installation DVD.  Configure the virtual machine with 1Gb of RAM, 8GB of disk (although if you’re sloppy and install too much junk, then you won’t have space for the build system).
  3. For the software selection, select “Workstation” so that you get the software development tools, and deselect Gnome and Office so that your virtual disk is not filled with junk.

Once you have a working virtual machine, you have support for gcc-3.4.6 and some relatively ancient version of make that the Netgear developers used.

Since this is a virtual machine, you can do junk as root, and only cry a little if it breaks. Here’s how to download a particular firmware image:

wget http://www.downloads.netgear.com/files/GPL/DGN1000_V1.1.00.45_WW_src.tar.bz2.zip
unzip DGN1000_V1.1.00.45_WW_src.tar.bz2.zip
tar -xjf DGN1000_V1.1.00.45_WW_src.tar.bz2

And to rebuild the toolchain and firmware without modifications:

NETGEAR=/root/DGN1000_V1.1.00.45_WW_src
cd $NETGEAR
tar -zxf bootloader_src.tgz
tar -zxf toolchain_uclibc_src.tgz
tar -zxf target.tgz
cd $NETGEAR/Toolchain/uclibc_toolchain/ifx-lxdb26-1.0.2
./setup.sh all redo
cd $NETGEAR/Toolchain/uclibc_toolchain/ifx-lxdb26-1.0.2/source/hostutils/sqlzma/sq3.2-r2-lzma443
make ;
./build.sh ../../../../hostutils
cd $NETGEAR/uclibc_toolchain_src/buildroot
cp config .config &&
make oldconfig
make
cd $NETGEAR/
make

That gives you newimage.img which is hopefully 4Mb large, or something supported by your device’s hardware. If it’s bigger, you have a problem, which you fix.  Wish me yuck as I download it to my ECONNREFUSED: no route to host

This entry was posted in Stuff and tagged , , , , , . Bookmark the permalink.