Forums

Home Forums Miscellaneous Under the Hood

Under the Hood

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #4744
    Jake
    Participant

    Hey,
    I have a few questions for ya.
    Why don’t you use TLS/SSL for the router management gui?

    I’ve been hacking around with some embedded linux stuff. I just got a pogoplug (NAS/Server) running Debian with help from Bodhi on Jeff Doozan’s uboot forum. I also decided to take a dive into openwrt, and picked up another MT7621 based router to play with. The hardware UART lead me to the BREED bootloader, and the BREED binaries. What’s up with it? Is there a story behind the ambiguity of BREED? IMO it looks like the bootloader is Chinese in origin. Do you care to speculate on it’s actual source or is there a source code repo available somewhere? Do you know of any blog or forum posts about reverse engineering it?

    Lastly, how do I isolate vlans and/or wlans to keep various devices from communicating between eachother on pcWRT?

    #4745
    Jake
    Participant

    Ignore the last question. These answered it:

    Put IoT devices on guest network

    How to use your router to block smart TV snooping

    The reason for asking about breed is because I think you might be really familiar with it. I’m just a curious hobbyist and have no other motivations. I just volunteered to do some testing for someone that is trying to do kernel improvements for the MT7621.

    My reason for asking about TSL/SSL is bc if my browser has the HTTPS-Everywhere addon installed it mixes up the pcWRT blocked site filter warning. Sometimes it is unclear if the website is down, is a http site but blocked by pcWRT, or is just blocked by pcWRT.

    #4748
    support
    Keymaster

    Breed is a bootloader of Chinese origin, first published on the forum https://www.right.com.cn/forum/. This is the developer’s blog: https://blog.hackpascal.net/. It’s closed source. Unfortunately all these are in Chinese.

    Router management UI is available in HTTPS as well as HTTP (using a self-signed cert, you’ll get a warning the first time). We kept HTTP open for convenience to the user.

    When a page is blocked, the router tries to display a “blocked” page. This works if the accessed page is in HTTP. For pages blocked over HTTPS, the router still tries to send the “blocked” page. But since the router does not have the right SSL cert for the requested web site, your browser will either deny the page or show a SSL cert warning.

    #4752
    Jake
    Participant

    Thanks for the information. I found the hackpascal github too. Strangely, there is another MT7621 bootloader posted there, but no mention of breed.

    BTW I finally got around to attaching a USB to TTL converter to pcWRT. It’s cool to see your work in detail. I am still looking for your update mechanism, SSH management, and how you’ve emplemented the firewall. I may have overlooked some of it though. It’s hard for me to follow JS. I haven’t programmed with it, and as a single string it’s even harder to parse.
    I must confess I was a bit disappointed to see 19.07.2, but I think I understand why after reading how openWRT (doesn’t) deals with user installed packages during upgrades, and you’re doing your own thing and providing your own updates regularly.
    Out of curiosity, what kinds of changes in openwrt are possible without breaking your overlay? Like, if I wanted to setup more detailed IPtable rules, how would that impact the overlay?

    #4756
    support
    Keymaster

    There’s a possibility that you’ll break something if you modify the iptables directly.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.