A few months ago my ADSL provider introduced a new flat rate. The rate was even cheaper than the volume based rate I used until yesterday. Thus, I ordered this new rate along with some subsidised new DSL hardware: a Fritz!Box WLAN 3030 DSL modem, router, firewall, and WLAN accesspoint. Finally, a WLAN access point supporting WPA2, I thought, not yet having experienced the unreliability of Apple’s WPA2 implementation…
At first, I was really disappointed by my new Fritz!Box. The web interface sucks, obviously made for total n00bs: only a few configurations options and features compared with my Draytek Vigor router. For example, there is now way to see (and thereby debug) the firewall log files…
A colleague pointed me at a wiki (in German) which explains some of the internals of a Fritz!Box. Well, here begins the reconciliation! Fritz!Box runs Linux with busybox and it is easy to start a telnet server and do the complete configuration work via command line.
Following the instructions presented in the wiki, I installed this “firmware update” and rebooted the router. This “update” overwrites some files and starts telnetd. The “update” process ended up with an error message explaining that no error occurred. Ok, and there it is: telnet access!
Exploring the system:
# uname -a Linux fritz 2.4.17_mvl21-malta-mips_fp_le
699-4 Fr Mai 13 10:38:09 CEST 2005 mips unknown
# cat /proc/cpuinfo
processor : 0
cpu model : MIPS 4KEc V4.8
BogoMIPS : 149.91
wait instruction : yes
microsecond timers : yes
extra interrupt vector : yes
hardware watchpoint : yes
VCED exceptions : not available
VCEI exceptions : not available
# cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 15020032 14274560 745472 0 1462272 4956160
Swap: 0 0 0
MemTotal: 14668 kB
MemFree: 728 kB
MemShared: 0 kB
Buffers: 1428 kB
Cached: 4840 kB
SwapCached: 0 kB
Active: 2308 kB
Inactive: 6356 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 14668 kB
LowFree: 728 kB
SwapTotal: 0 kB
SwapFree: 0 kBI started by setting up a root account with a password (as described here). Using vi (yes, the router comes with vi installed), I modified /var/rc.user which seems to be some kind of start script. Here is it (I have deleted my crypted password):
# cat /var/rc.user
#!/bin/sh
/sbin/syslogd -R 192.168.77.1
/bin/cat /var/tmp/passwd | /bin/sed "s/^root.*//;s/^$.//;d" > /var/tmp/passwd
/bin/echo root:CRYPTED_PASS:0:0:root:/var/tmp:/bin/sh >> /var/tmp/passwd
/bin/hostname fritz
/bin/echo "192.168.77.254 fritz" >> /var/tmp/hosts
/usr/sbin/telnetd
/usr/bin/killall dsld
/bin/sleep 2
/sbin/dsld -i
/bin/sleep 2
/sbin/dsld -iWith cat /var/rc.user > /var/flash/debug.cfg this file may be stored in non-volatile memory.
This is, what I have done so far. Next, I’ll try to find out how this dsld works and how to configure the firewall manually. The web pages of the Karlsruhe LUG contain the slides (in German) for a talk explaining even more details of the Fritz!Box. A good starting point, maybe.
Technorati Tags: FritzBox, DSL