Linux on Linksys Wi-Fi Routers

Hacking this reliable, inexpensive platform can be your first step to a successful wireless project. Chain access points together to cover a wide area, crank up the power level, get more working space in Flash memory and more.

Wireless networking has become a mass-market technology, and the price of 802.11 or Wi-Fi gear has fallen to commodity levels. Several thousand competitors with virtually identical products now are vying for your Wi-Fi dollars. In this kind of competitive space it is natural for manufacturers to seek the lowest cost alternatives. Their choice? Linux, of course.

Linux has become the premium OS for inexpensive, feature-packed wireless networking. Linksys, one of the major wireless players, turned to Linux for its 802.11g next-generation Wi-Fi devices. When Cisco bought Linksys in early 2003, it inherited both the Linux devices and an emerging feud over the unreleased GPL source code. After several months of lobbying by open-source enthusiasts, Cisco relented and released the source.

The Linksys WRT54G product (Figure 1) is especially interesting due to its low price and internal hardware. The WRT54G contains a four-port Ethernet hub, an Ethernet WAN port, support for the new high-speed 54MB/s 802.11g wireless protocol and backward compatibility with older 802.11b devices.

Figure 1. For under $100 US, the Linksys WRT54G is a capable Linux platform with 16MB of RAM, a 125MHz processor and support for 802.11b and g.

But what the WRT54G lacks is what makes it interesting. Under the hood the unit sports a 125MHz MIPS processor with 16MB of RAM. This is more than enough horsepower to run some serious applications, so why not add some?

Setting Up the Development Environment

The latest source on the Linksys site is about 145MB in size and contains a complete toolchain for MIPS cross development (see “The Linksys WRT54G Source Tree” sidebar).

Follow the instructions for creating symlink and PATH additions in the README file in the WRT54G/src subdirectory. Then cd to the router subdirectory and run make menuconfig. Keep the standard options for your first build, and click through to create your configuration files. cd up one level to the WRT54G/src directory and type make. That's all there is to it. A file called code.bin is created in the WRT54G/image directory containing a compressed cramfs filesystem and a Linux 2.4.20 kernel.

Now comes the scary part—how do you get this new firmware on to your Linksys? There are two methods, by tftp or through the Web-based firmware upgrade interface. I suggest you use the Web upgrade for your first try.

Surf to your Linksys box—the default address is—and log in. Select Firmware Upgrade from the Administration menu and upload your code.bin file. The router now restarts. Congratulations, you have just modded your Linksys box.

The Ping Hack

The existence of Linux on the WRT54G was discovered through a bug in the ping utility in the Diagnostics menu. Firmware versions prior to 1.42.2 allowed arbitrary code to be run from the ping window if surrounded by back-ticks. If you have a box with the older firmware, try typing `ls -l /` in the ping window's IP address field. Voilà—a listing of the root directory magically appears.

The ping hack allows curious folks to explore their boxes without modifying the source. But exploring by way of the ping window is slow and tedious. What we really need is a shell on the box.

By expanding the ping hack in the source code, a custom firmware image can be created with the full power of a Linux shell over the Web interface. See the on-line Resources section URLs on how to create the command shell.

But why stop there? The default firmware's cramfs filesystem leaves 200K of Flash memory free. There is room for many useful applications, such as telnet or Secure Shell or perhaps even a VPN client or server.

The wl Command

One useful command supplied by Linksys in binary form only is wl. The wl command contains several dozen internal commands that control wireless settings, including the popular power adjustment setting. Typing wl with no parameters produces a complete list of its capabilities.

The default power setting on the WRT54G is 28 milliwatts, and this setting cannot be changed externally. But by using the ping hack or a shell, you can change this with wl, using the txpwr subcommand and a number between 1 and 84 milliwatts. This number raises or lowers the default power setting until the next reboot.

Increasing the power setting or replacing the stock antennas may increase your radio output and violate local laws. If you replace the stock antennas and lower the power setting, your unit's range can be extended significantly while remaining within legal radio power limits.

The WRT54G supports two external antennas and automatically balances between them depending on which received the last active packet. When adding a more powerful external antenna, this is not the setup that you want. You need to force the unit to choose the high power antenna every time. This is done with wl txant for receiving and wl antdiv for sending. A 0 parameter forces the left antenna coupling and a 1 forces the right, as you face the front panel.



Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

dreambox 500s

Dreambox 500s's picture

Thanks for your sharing! very impressive!

Wireless signal through a metal shed

Howard's picture

Any one know what equipment I need to send a wirless signal from my router across the yard through a metal shed so I can get a signal on the inside.

You need an ethernet cable

Anonymous's picture

You need an ethernet cable punched through the wall and ran across your yard. connect the ethernet cable to a switch in your house and you are good to go. Physics dictates that you won't be able to send a good signal through your faraday cage, uh, I mean metal shed. :-p

Ping Hack Script

Shawn's picture

Here's a free ping hack script.

One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix