Hello everyone, I have an old firewall from NETGEAR, but its firmware has not been updated for a long time and its protocols are outdated. I would like to revive it and update it to OpenWRT or any other firmware that is currently supported.
I would be grateful if you help me build the OpenWRT firmware for this firewall. It requires .bin files for firmware.
Thank you in advance!
Since you have a device, you'll probably need to take the lead here. To get you started, check this out:
The SRX runs on a 700Mhz Cavium CN5010 CPU, 512 MB of DDR2 of RAM, 64 MB of Flash and a Broadcom BCM53118 9-Port GbE Switch
from https://www.smallnetbuilder.com/lanwan/lanwan-reviews/netgear-prosafe-srx5308-gigabit-quad-wan-ssl-vpn-firewall-reviewed/
Also: https://deviwiki.com/wiki/Netgear_SRX5308
The only other forum thread about CN5010: Install Zyxel USG20 , from 2 years ago; a dead-end.
EDIT: There is https://github.com/openwrt/openwrt/commit/8c0930b70b4f8d7447e34a59d52b1a5485aa4d49 , which added support for a device with a CN5020, which may be similar enough to your device
Unfortunately, I'm not good at firmware and builds of anything, so I need your help. Also, after reading your link, I realized that I do not have full access to the loader, I only have a web page with the ability to upload firmware
If you want to run OpenWrt the easy way, select hardware that is already supported by the project. But if you're up for learning, this is a great opportunity -- you'll likely need a serial TTL usb adapter (for connecting to the UART) and some basic tools to disassemble the device.
Since this is a Netgear device vendor source is easily available. NETGEAR Open Source Code for Programmers lists 19 different versions for the SRX5308.
Some additional details that may prove useful to the next person that stumbles upon this thread (or perhaps myself in a month):
Netgear's Chinese sites have had documentation for how to ask their customized/restricted u-boot to flash a firmware image from the serial console and a connected TFTP server, in case you succeed at flashing a broken image as I have. http://club.netgear.cn/Knowledgebase/Document_detail.aspx?Did=1202
In short:
setenv ipaddr ${ipForTarget}
setenv serverip ${yourTftpServer}
flashappimage ${imageFileNameOnTftpServer}
dualimageboot
Or, to jump back to the firmware flashed previously on the alternate partition:
showbootflag
setbootflag ${oppositeValueOfShowBootFlag}
dualimageboot
The firmware images have a 0x40 byte header I haven't seen elsewhere, not sure if it is a standard somewhere or not. Offset 0x1c is a 4-byte unsigned integer that serves as a checksum, which is simply calculated by summing all the bytes following the first 0x40 byte header. Offset 0x24 is a 4-byte unsigned integer that serves as the length of the bytes following the header.
After the 0x40 byte first header, you have a SquashFS header.
In-between the SquashFS header and the filesystem contents, you have a gzipped Linux kernel.
At this point, I started a CentOS 6 VM, extracted the filesystem contents and the compressed kernel image, added some CGI files that gave me something closer to a "real" shell, built a new SquashFS filesystem with the aforementioned modifications and the original compressed kernel image, then added Netgear's (TeamF1's?) 0x40 byte header at the beginning with tweaked checksum and length values, and after flashing the result at least got to a place where I could poke at the gadget a bit more.
With a shell, used the provided TFTP client to pull more binaries onto the gadget such as a copy of gdb and 64-bit libraries from one of the older Octeon SDKs floating around.