America's crackdown on open-source Wi-Fi router firmware – THE TRUTH and how to get involved UPDATED

[dorsetknob]

@jboydgolfer Don't delete your thread, keep the instructions as it is was useful IMHO.

Agree ^^^^^^^

 

[newtekie1]

've never once had to use the Firmware Restoration method on my AC66R to go from AsusWRT to AsusWRT or to any version of Merlin in the time I've used/deployed it. In-fact none of the AC66x or N66x series I flashed to Merlin ever had the issue that @jboydgolfer experienced. That is until now with the newer firmware check. Part of why I recommend Merlin so strongly for AsusWRT-based routers is because of how simple and painless the process was for a more capable and stable network device. Maybe I was lucky in the past two years and definitely most recently not upgrading to the newest official AsusWRT releases. But they definitely add a few steps to upgrading to Merlin from AsusWRT...I am tempted to flash to official just to go through the process myself... if I get a spare AC or N66 to test I sure will...my current one is acting as an AP and I'm not about to piss off the wife this week by disabling her wifi lol!

IDK, like I said, I've had issues flashing Merlin from the stock BIOS before so I always just use the restoration method since then.

Also, on the wife front, I totally understand. The wife and I are moving, and one of the first questions asked was "how long before we have wifi at the new house?"

@jboydgolfer Don't delete your thread, keep the instructions as it is was useful IMHO.

I agree. It doesn't hurt to have the information in as many places as possible.

 

[Ahhzz]

It's a compatability issue according to Merlin, thanks in part to Asus implementing a new firmware verification method in recent official releases (that I have never flashed to thankfully): http://www.snbforums.com/threads/im...le-with-asus-3-0-0-4-380_3000-or-newer.32962/

More information on the new firmware verification method Asus introduced: http://www.snbforums.com/threads/asus-firmware-will-change-the-verification-method.32357/

I've never once had to use the Firmware Restoration method on my AC66R to go from AsusWRT to AsusWRT or to any version of Merlin in the time I've used/deployed it. In-fact none of the AC66x or N66x series I flashed to Merlin ever had the issue that @jboydgolfer experienced. That is until now with the newer firmware check. Part of why I recommend Merlin so strongly for AsusWRT-based routers is because of how simple and painless the process was for a more capable and stable network device. Maybe I was lucky in the past two years and definitely most recently not upgrading to the newest official AsusWRT releases. But they definitely add a few steps to upgrading to Merlin from AsusWRT...I am tempted to flash to official just to go through the process myself... if I get a spare AC or N66 to test I sure will...my current one is acting as an AP and I'm not about to piss off the wife this week by disabling her wifi lol!

@jboydgolfer Don't delete your thread, keep the instructions as it is was useful IMHO.

I've got an ASUS at the house which gave me tons of issues, and I've fallen back to just letting it run the wireless at that end. I may upgrade it to Merlin. Need to check which model it is. Is there a back-list of older flash versions if I need to go backwards?

 

[Kursah]

I've got an ASUS at the house which gave me tons of issues, and I've fallen back to just letting it run the wireless at that end. I may upgrade it to Merlin. Need to check which model it is. Is there a back-list of older flash versions if I need to go backwards?

Verify your router model, if it runs AsusWRT, odds are there's a version of Merlin out for it.

Depending on how old the currently installed firmware is, you might be able to just straight flash it over (the bulk of my experience with AsusWRT routers)...otherwise check this link: http://www.techpowerup.com/forums/threads/asus-rt-ac66w-rt-ac66u-locked-firmware-resolution.223393/

 

[TheGuruStud]

This means that stock firmware from now on (near future) will contain a backdoor that allows the govt to snoop every packet. Sure, they already have everything you do from the telcos, but now they can access your devices from the router and steal data off them directly. I'd expect a key logger to be dropped in, too. USA USA USA

No doubt they'll be attacking SSL to gain access to your secured stuff, too.

 

[jboydgolfer]

these are some of the places i got the information regarding the FCC issue.
@newtekie1 is correct in stating that i have no proof that Asus has implemented that change, but I did see that other large manufacturers Have inplimented it, so i assumed Asus had, i shouldnt have made that assumption, i can admit to that, but im also No pro @ this stuff, and i cant Personally find Proof that they haven't either, But IMO, innocent until proven guilty. i just read posts from people who know more than me, stating they believed it Was true. but thats only hearsay. either way, the guide was a nice gesture, and although NEW pointed out others exsisted b4, I didnt find them, and i posted mine with the thinking that others may also not find the sources NEW pointed out.

https://www.federalregister.gov/art...-and-electronic-labeling-for-wireless-devices

http://hackaday.com/2016/02/26/fcc-locks-down-router-firmware/ <<dont know how reputable this site is

 

[dorsetknob]

Pity the Poor Bast***ds that have a Modem Router supplied by the Telco's
Another Inserted and uncontrollable Back Door
Soon your only be able to get 3 letter Acronym Agency approved KIT

 

[newtekie1]

Pity the Poor Bast***ds that have a Modem Router supplied by the Telco's
Another Inserted and uncontrollable Back Door
Soon your only be able to get 3 letter Acronym Agency approved KIT

I know it is a different subject, but the shit the ISPs pull with their provided hardware pisses me off so bad.

When Comcast started doing that bullshit with the public WiFi hotspot built into every provided router/"gateway" I was annoyed. Even though they claimed you could opt out, I found out on some equipment you can't. But I had a standard modem, no router/gateway, so I wasn't affected anyway. Then I upgraded to the X1 TV system and when they came to install it they said they also had to replace my modem because it was outdated, I had no choice. And sure enough, it was one of those public hotspot things with now way to opt-out. I bought my own modem the next day. Ironically, or hypocritically, I do use the public hotspots all the freaking time though when I'm out and about...

Then there is AT$T with their absolutely garbage equipment. At least Comcast's provided stuff is halfway decent quality. AT$T's stuff is bottom of the barrel, fails all the time, and has the worst software. There are areas around me that they sell "uverse" that is still actually standard DSL because they don't want to lay new cables. In those areas there is literally only one gateway you can use, the Motorola NVG510. It is garbage. It lacks basic features like being able to pick your IP scheme. You are stuck with 192.168.x.x. And it has a very nasty DNS bug that causes constant redirects to a page that doesn't work if you try to browse when the DSL connection is down. Even after the DSL connection comes back, it will constantly redirect to this broken page. So if your internet is down, and you open your web browser, your home page will be stuck in this redirect loop. Even after the internet comes back, your home page will still be stuck in the redirect loop. It is a known problem, and AT$T hasn't bothered to fix it, in fact they made the issue worse by blocking a 3rd party method that fixed the problem. You used to be able to telnet into the gateway and issue a few commands to fix the problem. AT$T put out a new firmware for the gateway. That new firmware doesn't fix the redirect problem, instead it disabled telnet so you couldn't use the work around anymore. WTF?!?

Sorry about the rant, this stuff just really pisses me off!

 

[Peter1986C]

Statistics 101, correlation doesn't necessarily imply causation. Coincidence alone is never proof.

Correlation is not "coincidence". I think you are the one here who needs to redo his semester for Statistics and for Methodology.

 

[dorsetknob]

Sorry about the rant, this stuff just really pisses me off!

Perfectly Justifiable and Acceptable
Any ISP (World Wide ) that will not allow you to Provision your Own Supplied modem/router is Not to be fully Trusted.
With your own Supplied modem/router you Have a Far Better Chance of Securing it Security Wise.
You DO NOT NEED the ISP to have ACCESS to quote " upgrade Firmware ".
Auto Access for Your ISP for "Firmware Upgrades" Is in My Opinion just a Publicly Acknowledged Back Door.
Often if this ISP Access for "Firmware Upgrades" is Disabled this puts you in Breach of Contract.

 

[R-T-B]

Perfectly Justifiable and Acceptable
Any ISP (World Wide ) that will not allow you to Provision your Own Supplied modem/router is Not to be fully Trusted.
With your own Supplied modem/router you Have a Far Better Chance of Securing it Security Wise.
You DO NOT NEED the ISP to have ACCESS to quote " upgrade Firmware ".
Auto Access for Your ISP for "Firmware Upgrades" Is in My Opinion just a Publicly Acknowledged Back Door.
Often if this ISP Access for "Firmware Upgrades" is Disabled this puts you in Breach of Contract.

It's also what prevents us from deciding our own DOCSIS speeds.

Correlation is not "coincidence".

No, not necessarily. But it can be.

https://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Relevant section is "General Pattern"

 

[dorsetknob]

It's also what prevents us from deciding our own DOCSIS speeds.

That Speed is set by your isp nothing to change there unless you want less than they provide
Sorry but it was a bad choice to use as a rebuttal
You want more or higher speed than what the ISP Provide Negotiate and PAY MOAR

 

[R-T-B]

That Speed is set by your isp nothing to change there unless you want less than they provide
Sorry but it was a bad choice to use as a rebuttal
You want more or higher speed than what the ISP Provide Negotiate and PAY MOAR

It's actually set in firmware. How do I know? Because a common way to cheat your ISP is to load your own router firmware on old Surfboard cable modems. Part of the firmware is a plain text config file with your speed tier.

 

[Ahhzz]

Verify your router model, if it runs AsusWRT, odds are there's a version of Merlin out for it.

Depending on how old the currently installed firmware is, you might be able to just straight flash it over (the bulk of my experience with AsusWRT routers)...otherwise check this link: http://www.techpowerup.com/forums/threads/asus-rt-ac66w-rt-ac66u-locked-firmware-resolution.223393/

https://www.asus.com/us/Networking/RTN66U/

Dark Knight. May try it this weekend, and see what breaks

 

[Kursah]

https://www.asus.com/us/Networking/RTN66U/

Dark Knight. May try it this weekend, and see what breaks

You'll do just fine and have better firmware and capabilities to boot.

 

[AsRock]

This means that stock firmware from now on (near future) will contain a backdoor that allows the govt to snoop every packet. Sure, they already have everything you do from the telcos, but now they can access your devices from the router and steal data off them directly. I'd expect a key logger to be dropped in, too. USA USA USA

No doubt they'll be attacking SSL to gain access to your secured stuff, too.

Whats worse is other people using the backdoor and to think you are responsible for whats on your PC when some one could be stealing stuff from you. Users fault for not having a secure network.

Makes me wounder if Apple are going do a firmware update for there Airport 5th gen then again Apple router prolly has a backdoor already o well .

 

[newtekie1]

No, not necessarily. But it can be.

https://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Relevant section is "General Pattern"

 

[Kursah]

Edit: The post this refers to has since been deleted.

A little more respect to fellow users is recommended...if you want to act like you're on reddit then maybe go there. Attacking other members is not necessary to prove a point nor does it make you seem like your point is any more valid. Reported.

 

[Peter1986C]

I cooled off a bit now and heed the warning. Sorry for the mess-up. Sincerely.

I however stand by the opinion RTB does not know what he is talking about and that he was bringing up false (or otherwise irrelevant) arguments.
I know correlation does not imply causation; I have never stated otherwise (in contrast to his and Newtekie's Straw-man argument). In case of a reliable and scientifically sound study, correlation is not "coincidence". All the calculations are there to falsify the existence of the correlation. If the latter happens successfully (i.e. there is no systemic pattern found in the data), there is a possible "coincidence". Else there is some form of a correlation, which is important for the larger picture of the field in which the study is conducted. Not some "happy little accident" that needs ignoring.

Newtekie: your meme is ignoring the fact that there is not even a correlation in that situation since the research population is only 1. Scientists would never make a conclusion based of such silliness. Plus, it is completely besides the point RTB and I were originally arguing (correlation being "coincidence").

And I am somehow "bad" because of perceived personal attacks and a "bad' word or two that everyone and their dog uses. Yes, it was not right and not necessary. And I once more apologise for that. But it does not make anything I said invalid.
Why am I always falling for it and do I even keep trying to fight the purposeful spread of misinformation.

 

[remixedcat]

Holy feck this made me spit out some rum... you owe me more rum now!!

 

[Ahhzz]

I cooled off a bit now and heed the warning. Sorry for the mess-up. Sincerely.

I however stand by the opinion RTB does not know what he is talking about and that he was bringing up false (or otherwise irrelevant) arguments.
I know correlation does not imply causation; I have never stated otherwise (in contrast to his and Newtekie's Straw-man argument). In case of a reliable and scientifically sound study, correlation is not "coincidence". All the calculations are there to falsify the existence of the correlation. If the latter happens successfully (i.e. there is no systemic pattern found in the data), there is a possible "coincidence". Else there is some form of a correlation, which is important for the larger picture of the field in which the study is conducted. Not some "happy little accident" that needs ignoring.

Newtekie: your meme is ignoring the fact that there is not even a correlation in that situation since the research population is only 1. Scientists would never make a conclusion based of such silliness. Plus, it is completely besides the point RTB and I were originally arguing (correlation being "coincidence").

And I am somehow "bad" because of perceived personal attacks and a "bad' word or two that everyone and their dog uses. Yes, it was not right and not necessary. And I once more apologise for that. But it does not make anything I said invalid.
Why am I always falling for it and do I even keep trying to fight the purposeful spread of misinformation.

Peter, appreciate the apology, but maybe if it weren't immediately followed by another attack on RTB it might be a little more accepted.

Maybe it were best if both of you agreed to the age-old wisdom: Agree to Disagree, and let it go. My ignore list is probably a bit too long, and I'm not recommending you go that route, but stopping while everyone is still able to provide input without rancor, is probably best...

 

[jsfitz54]

Holy feck this made me spit out some rum... you owe me more rum now!!

That's the short version which leaves out important experimental facts.
It goes like this:

A scientist wanted to see how far frogs could jump on various amounts of legs.
He puts a frog down on a starting line and yells "jump" while slamming his hand down behind the frog.
He measures the distance the frog jumps and is pleased that the experiment is going well.
He then proceeds to remove one leg at a time and repeats the above procedure and measures the distance the frog jumps on 3-2-1 leg(s).
When the final leg is removed, and he yells "jump" and slams his hand down, the frog doesn't move.
He repeatedly yells, "jump",again to the same result.
He concludes that the frog having not moved, has gone deaf due to loosing all its legs.

 

[remixedcat]

Whats worse is other people using the backdoor and to think you are responsible for whats on your PC when some one could be stealing stuff from you. Users fault for not having a secure network.

Makes me wounder if Apple are going do a firmware update for there Airport 5th gen then again Apple router prolly has a backdoor already o well .

Apple "routers" are a complete joke. They don't even have normal management! They have a convoluted discombobulated "app" that barely works and no browser or SSH config like normal routers/APs do!

 

[AsRock]

Apple "routers" are a complete joke. They don't even have normal management! They have a convoluted discombobulated "app" that barely works and no browser or SSH config like normal routers/APs do!

and yet i have had 0 problems with mine, it lacks options but it's very far from convoluted discombobulated. In fact it's too frigging simple if any thing.

And no browser connection to it is not really a bad thing as seen most bad crap you get from the next pass though your browser.

And the 5th gen is very well made you can tell nothing looks cheap about it like most others do.

 

[Makaveli]

Apple "routers" are a complete joke. They don't even have normal management! They have a convoluted discombobulated "app" that barely works and no browser or SSH config like normal routers/APs do!

Apple products are for noobs you know this!

No point stating the obvious!