How to maintain/support router running backfire/10.03 (Deltenna Wibe 3G)

I bought a Deltenna Wibe 3G router a few months ago, trying it out was delayed by Covid but I have now got around to it.

Imagine my surprise when I found out that it runs OpenWrt, version 10.03.

The company Deltenna who make the WiBE is long gone so there's not much help in that direction.

I'm wondering what my options are as regards supporting and/or updating the software. I'm a Unix/Linux command line sort of person, was a Software Engineer for 40 years or more until I retired so low level stuff on Linux is my bread and butter. I run mostly xubuntu on my home machines but also have some Pis and BBBs.

Is there an easy/obvious upgrade path through the various versions of OpenWrt or should I bite the bullet and just install the latest? There's a lot of spare memory on the WiBE, I don't think that will be an issue. However I don't know if their version of OpenWrt has been customised to work with the WiBE hardware.

If I try 19.07 and it fails can I get back to my working 10.03?

It doesn't currently seem to have ssh installed, just the Luci GUI for configuration. I'll try and get ssh going to start with.

No, as the router is not among the supported routers. Googling for OpenWrt deltenna revealed pretty much nothing.

Openwrt is always hardware specific, so you are out of luck if the device uses an OEM customised version of OpenWrt.

Ps. Not having SSH enabled already hints toward heavy modification.

OK, thanks. I've been paging through the Luci GUI and it seems to use a fairly standard OpenWrt.

It looks for http://downloads.openwrt.org/backfire/10.03/ramips/packages to find software to install. Is there still a 'ramips/packages' directory that I can try. The router allows me to change the address to find a package list and allows me to add software so if I can find an ssh that will run I may be on the way. It has busybox installed.

These versions of OpenWrt are ancient and full of known security holes.

You're far better off buying a cheap modern device and getting a USB 4G dongle... tons of people on the forum are doing this.

There is https://archive.openwrt.org/backfire/10.03/
But there is no ramips.
There is in 12.09 but not in 10.03

Better to get a new device...

I agree with @hnyman that it is probably not supported by official OpenWrt. Besides, that version is 10 years old. Even if you actually have enough flash storage and RAM to run a more recent build, it is unlikely to run well given the processor speed/capabilities of a 10(+) year old low cost/embedded system.

And as @dlakelan states, it is probably not a good idea to use this device based on the security issues of a 10 year old OS (you probably wouldn't want to run Windows 2000 now).

Although it won't likely get you very far, you could see if telnet is running on that device. SSH may not have been a default option at the time (my OpenWrt experience doesn't go back quite that far -- I think I started with BB or CC). If telnet is running, it might give you some additional ways to manipulate the system, but would actually be yet another indicator of the outdated security standards of OpenWrt Backfire.

Yes, and they won't get a connection at all where I am. Search for
"Deltenna WiBE" and you'll see what this device is, it's worth getting
it going for what it does.

psherman [1]Peter Sherman psherman Regular
December 30

I agree with [2]@hnyman that it is probably not supported by official
OpenWrt. Besides, that version is 10 years old. Even if you actually
have enough flash storage and RAM to run a more recent build, it is
unlikely to run well given the processor speed/capabilities of a 10(+)
year old low cost/embedded system.

It's not a "low cost/embedded system", it cost over £300 new. It's
also only about 3 years old.

Although it won't likely get you very far, you could see if telnet is
running on that device. SSH may not have been a default option at the
time (my OpenWrt experience doesn't go back quite that far -- I think I
started with BB or CC). If telnet is running, it might give you some
additional ways to manipulate the system, but would actually be yet
another indicator of the outdated security standards of OpenWrt
Backfire.

I tried both telnet and ssh.

Running nmap against it the only open ports are 53, 80 and 8080.

I can log in to Luci and have full 'root' access (though not command
line of course). If I could find a compatible telnet or ssh
executable I could upload it to the device.

3 years old and it is running an OS that is 10 years old (i.e. 7 years older than the device itself). That seems like either bad product design or indicates a relatively significant amount of customization was necessary to run the device on OpenWrt.

2 Likes

@poodad would beg to differe :wink:

of course, it's not a USB stick... but the point is you should NEVER put an OpenWrt 10 device connected to the internet, its lifetime before compromise is probably a few hours to days (I get thousands of bots probing my router a day).

Is it 3G? In the USA at least one of the major wireless phone companies is about to take 3G signals off the air, making every phone and modem that is not LTE useless.

So first you should see if you can even buy service for it.

My approach would be to run the existing firmware but keep it outside your trusted zone by routing through another router.

2 Likes

You can install luci-app-commands that will enable you to define commands to be run from LuCI. But I do not think that it existed in 2010, so that is theoretical.

Your best bet is dropdear SSH from 10.03 downloads. You can download the .ipk to your pc and extract the executables from the archive file.

(OpenWrt used uclibc C library at that time, and any executable needs to match exactly the same uclibc version.)

Edit:
Luci-commands exists for 12.09.
You might try it, as the Luci infra did not change that much between 10.03 and 12.09.
E.g. from https://archive.openwrt.org/attitude_adjustment/12.09/ramips/rt288x/packages/

1 Like

It appears it is! This product supports a blazing 21Mbps/5.76Mbps on a HSPA+ 3G modem and contains 802.11n wifi + 2x 10/100 ethernet ports. This should be good for at least another decade or two. :rofl:

If I use it it will be on a boat in France with only a Beaglebone
Black SBC connected to it, the whole setup could be completely
compromised and all they would find would be the battery voltages and
temperatures on my boat!

I have checked and 3G is available where I want to usae it, OK it
might not be there for ever but I want to try the idea first.

If it works what hardware would people here suggest for wholly
'unmanned' automatic internet connection? That's the whole (well,
much of) the point of the WiBE, put a SIM in it, plug it in and it's
an internet connection - that's what I need.

Thanks, I'll try that, I guess it just depends one whether any of the
underlying libraries has changed dramatically.

Hilarious I'm sure, but not very helpful.

If you can come up with some useful information I'd love to have it
but so far all I seem to have received is close to abuse.

Yes, I know it's a few years old but it does things that are not
widely available:-

It has four aerials and searches for the best signal

It connects automatically with no user interaction

It works on a very weak signal

I can certainly confirm the last of these, it works inside our house
where virtually no one's mobiles work at all, our guests spend their
time walking around the garden very often.

I want to use it to connect (using ssh) to an SBC on a boat. Speed
really isn't an issue, if it gives me 2400 bauds (thats somewhere
around 240 characters/second, a tiny fraction of 1Mb/s) it'll be fine
for the use I want for it. As I have also said security is really not
an issue, there's just some data about my boat going to be carried.

If it was easy to set up an old fashioned dial-up modem that would
satisfy my requirements beautifully.

As long as you are ok footing the $1000 monthly data charge when it comes part of a ddos botnet and spams a megabit per second for a month straight. The internet is really not a nice place for insecure iot type devices

As it will be on a pay as you go tariff any intruder will almost instantly run out of credit.

1 Like

... and anyway, wait a minute, how is anyone going to get any sort of access to this device in order to break into it? It will be behind a phone company's NAT firewall, there's no direct access to it at all when connected. All that anyone out on the public internet will see will be the public address of the 'outside' of the company's NAT behind which there will (presumably) be hundreds of routers, phones and other devices.

depends I guess on the plan. We are providing general advice here, not specifics. I think it's good for you to have in your mind a threat model and make active decisions about whether they are acceptable to you.

Here are some thoughts:

  1. If it does get a public IP then literally anything could send packets at its WAN interface
  2. If it's behind a NAT, then "hundreds of routers, phones and other devices" could send packets at its WAN.
  3. Ipv6 ? Then literally anything on the IPv6 internet can attack it. That's ~50% of all google traffic these days, so much of the internet.

Remember there's a whole business of selling DDoS on the internet, so people are actively making money by finding ways to compromise IoT devices and build botnets using automation.

If you have a threat model and are happy with the risk. then go ahead, I'm not saying you're wrong, but it's good to have that threat model. my router gets hammered all day long by probes. It's thousands and thousands a day sometimes.

I just looked at a snapshot in the last 5 minutes I had about 120 attempts to connect on various ports on my router.

1 Like