Using binary blob driver in OpenWrt

m95d · January 20, 2022, 10:08am

I have a Asus RT-N18U using BCM4360. There is no wifi driver for it in OpenWrt. But there is a driver in DD-WRT. Kernel version is 4.4.241.

DD-WRT has a license agreement and NDA in place with Broadcom that allow usage of better, proprietary, closed source wireless drivers (binary blobs) which they are not allowed to redistribute freely.

I want to do this only for my own router. I will not distribute the resulting binaries.

Is it possible to configure a recent OpenWrt kernel to be able to load that older module?
or
Can I build a customized OpenWrt with that kernel version, so I can load the DD-WRT module? Maybe even menuconfig OpenWrt to use the DD-WRT kernel sources directory?
or
Can I extract the broadcom blob from DD-WRT sources and make a package to be built together with my OpenWrt?
or
The router has USB. Can I boot DD-WRT kernel and then mount or pivot to a OpenWrt root, keeping only the kernel modules from DD-WRT?

If any of this is possible, will Luci / uci work with it, or will it need manual configuration using some other tools?

I have some experience building OpenWrt from source, using kernel_menuconfig and making OpenWrt packages (but not drivers). Any advice where to start?

Thanks!

frollic · January 20, 2022, 10:18am

not what you want to hear, but get a device supported by openwrt

m95d · January 20, 2022, 10:20am

I already have a Linksys WRT1900ACv1. I'm just trying to reduce electronic waste. Yes, you can argue that BCM is mostly electronic waste...

frollic · January 20, 2022, 10:22am

I agree, you could buy used/refurbed network equipment, that's what I've been doing for the last 10 years, one Netgear multi gig switch excluded ...

Doppel-D · January 20, 2022, 11:06am

Have you tried DD-WRT? Perhaps it fits your needs. If not, I would sell it with as is, probably better as with stock firmware.

m95d · January 20, 2022, 6:57pm

I did and I'll use it with DD-WRT if OpenWrt doesn't work. But I still want to try.

If I sell it I won't get much. Maybe 15€. There are dozens of them listed on my local ebay-like site.

jdwl1o1 · January 20, 2022, 9:15pm

The blob they are using is very likely to have been compiled for the ddwrt kernel only.

You could attempt to match kernel version but there’s still no guarantee it would work, as the ddwrt kernel is customised.

Or you can force load it and live with instability.

jonjongx · January 20, 2022, 11:46pm

For Broadcom based routers you can also try FreshTomato .

https://wiki.freshtomato.org/doku.php?id=hardware_compatibility

meisterlone · January 30, 2023, 7:53pm

Why do you always get the inevitable “buy a different router” types who respond on here. People who post in the dev section here are trying to learn something and/or doing this as a passion project.

Perhaps someone with technical knowledge can respond with some actual useable info on what the process would be like, even if its guaranteed to fail due to mismatched kernel versions etc.

frollic · January 30, 2023, 8:45pm

is that why you're bumping a one year old thread ?

sure, but some projects are just time vampires without any chance of a positive end result.

it's more honest than "have fun, come back in two years, so we can tell it's all been for nothing ..."

like, get a box that can reverse engineer ICs ?

so what's the point ?

meisterlone · January 30, 2023, 9:05pm

I would very much like to know how someone would go about RE/extract device drivers or firmware blobs from original OEM openwrt firmware. I have already gained access to the filesystem, but im not sure where to go next.

@frollic there as multiple threads on here with the same type of question- better to not open another thread and have another bunch of people post 'buy another router' - if everyone did that then wed have no supported devices

soxrok2212 · January 31, 2023, 12:29am

Dump the firmware, find the blob, throw it in IDA or Ghidra and start cracking. Only it’s not really going to be as easy as that.

It’s really just easier to get supported hardware, or at least hardware that has design docs available for developers to use. Nobody wants to throw years reverse engineering Broadcom devices, only for them to be out of date or impractical when they’re done.

meisterlone · January 31, 2023, 12:45am

Ok but how do i find the actual firmware blob, is there some kind of signature? A location where it is usually found? How does openwrt interact with the blob?

meisterlone · January 31, 2023, 12:46am

Btw my device is qualcom, with decent platform support already;

I dont think RE this stuff would take years and some of us enjoy the pain anyways.

My device thread is here, but i suspect some firmware blobs need to be extracted and I cant find a lot of help searching the forum. My next steps would be to go look at some of the blobs extracted from similar devices by other people and try find some kind of signature or something, but since many people have done this successfully, youd think more info is available here regarding this

jdwl1o1 · January 31, 2023, 9:16am

Start with /lib/firmware or better yet find a copy of the qsdk and get them from there.

Even after you have the ‘blobs’ you still have the issue that they were only compiled to work with the single kernel version in the qsdk and with whatever patches Qualcomm made to the kernel to support their closed source modules.

The people here don’t say this for no reason, we’re trying to save wasted effort that could be used to improve the actual open source kernel modules