Are Ubiquiti actively blocking installation of Third Party Firmware?

In my particular case this question relates the UniFi AP v2 but has more general implications.
One would imagine this to be a simple question to answer with a yes or no answer but not for Ubiquiti it seems.
I have been asking this question of Ubiquiti for about a month now after having problems loading OpenWRT 15.05.1 into a number of UniFi AP v2 units. The answers from Level 1 support (via their forums) has been, "It shouldn't be blocked" (hoping for a Yes or No), "It's ok in the latest release" (it wasn't), "I'll have to check with Development" (still waiting for that), "We don't support Third Party Firmware" (wasn't asking for support) or (the most honest) "I don't know". So I pressed for an answer, they escalated it to the next level but were very vague about what that meant. Oh and it seems Level 1 support at Ubiquiti have no SLA what so ever with the team they escalate to. They also have no way to communicate with them after an escalation. So the question has gone some where in Ubiquiti to be answered at some unknown time.
My own feeling is that they are avoiding answering the question as they took the excuse of the FCC rules relating to unauthorised changes to Wireless parameters that could be part of Third Party Firmware, to do this. Of course the FCC rules only applied to 5Ghz not 2.4Ghz Wireless and, as the FCC have stated, was not intended to be used as a reason for blocking Third Party Firmware. TP-Link got caught up in this too. So they cant say they are blocking.
I also think they are actively blocking. Firmware Images for the UniFi AP v2 have a different device type in their header but this is easy to cater for by either making changes in the OpenWRT firmware builder to generate a correct header (sorry not going to go into derail on that here) or by using a binary editor to change it manually. The real issue is that the Ubiquiti Firmware images have a new RSA signature section at the end. The U-Boot loader, already on the device and included in Ubiquiti Firmware updates, checks the signature and rejects images that don't have it, making TFTP updates not work. fwupdate.real used to do upgrades via the command line, also checks and rejects images without the signature giving the "Invalid FW Part 3 MAGIC 'END.'" message.
I'm interested to hear other peoples thoughts on this please.

Hello. Did you get OpenWRT or LEDE working on the UAPv2? I need to use this third party OS to make the device act as router, firewall and multi-AP, and with these new versions I can't. This is the worst thing Ubiquiti could do to these devices...

You might look at the OpenWRT documentation for your specific Ubiquiti device...

No. It's not really a matter of getting OpenWRT or LEDE to work, it's about Ubiquiti blocking the installation of third party firmware in the first place by checking that any firmware has the correct RSA signature before its even loaded. Ubiquiti wont even discuss this. Try asking the question on their support forum and see what they say :slight_smile: .

Hi can you tell were you able to load firmware on UAP-V2 devices anyhow

No its not been possible and UBNT will not help at all.

I've finally got a clear response. After a lot of mails with the support people (they didn't know even what's an SSH connection), I sent this message:

Hi Vaughn,

One thing is support the 3rd party firmware and another, completely different, is not allowing me to install it at the ubiquiti devices. Are you telling me that Ubiquiti is restricting the 3rd party firmwares installation?


And finally got this:

Hi Nico,

Yes, that could be one of the reasons hence we don't recommend and provide support for the 3rd party software and firmware.

Hope that's helpful. If you have any other questions, please let us know!


Vaughn B
Ubiquiti Networks

So yes, they are explicitly accepting that they prevent the installation of third party firmware.

And now... Until the RSA key is disclosed or someone finds a vulnerability to bypass the firmware installation process... This device will be like a stone for me.

I don't interpret "could be" as an explicit confirmation.

Tier 1 support people are not extremely technical (by design), so it's an expected answer.

No router vendor provides support for firmware that is not theirs.

Sounds like a serial flash is the last option currently.

i've recently came up with an idea how to flash locked/signed firmware on litebeam ac gen2. basically you start flashing same ubiquiti fw that is already on device and interrupt the process, that leaves mtd partitions unlocked and you can flash another image to these using dd. more info in this GH comment->

let us know if it works on unifi and other ubiquiti hw