Using binary blob driver in OpenWrt

I have a Asus RT-N18U using BCM4360. There is no wifi driver for it in OpenWrt. But there is a driver in DD-WRT. Kernel version is 4.4.241.

DD-WRT has a license agreement and NDA in place with Broadcom that allow usage of better, proprietary, closed source wireless drivers (binary blobs) which they are not allowed to redistribute freely.

I want to do this only for my own router. I will not distribute the resulting binaries.

  1. Is it possible to configure a recent OpenWrt kernel to be able to load that older module?
  2. Can I build a customized OpenWrt with that kernel version, so I can load the DD-WRT module? Maybe even menuconfig OpenWrt to use the DD-WRT kernel sources directory?
  3. Can I extract the broadcom blob from DD-WRT sources and make a package to be built together with my OpenWrt?
  4. The router has USB. Can I boot DD-WRT kernel and then mount or pivot to a OpenWrt root, keeping only the kernel modules from DD-WRT?

If any of this is possible, will Luci / uci work with it, or will it need manual configuration using some other tools?

I have some experience building OpenWrt from source, using kernel_menuconfig and making OpenWrt packages (but not drivers). Any advice where to start?


not what you want to hear, but get a device supported by openwrt :wink:

I already have a Linksys WRT1900ACv1. I'm just trying to reduce electronic waste. Yes, you can argue that BCM is mostly electronic waste...

1 Like

I agree, you could buy used/refurbed network equipment, that's what I've been doing for the last 10 years, one Netgear multi gig switch excluded ...

Have you tried DD-WRT? Perhaps it fits your needs. If not, I would sell it with as is, probably better as with stock firmware.

1 Like

I did and I'll use it with DD-WRT if OpenWrt doesn't work. But I still want to try.

If I sell it I won't get much. Maybe 15€. There are dozens of them listed on my local ebay-like site.

The blob they are using is very likely to have been compiled for the ddwrt kernel only.

You could attempt to match kernel version but there’s still no guarantee it would work, as the ddwrt kernel is customised.

Or you can force load it and live with instability.

For Broadcom based routers you can also try FreshTomato .

Why do you always get the inevitable “buy a different router” types who respond on here. People who post in the dev section here are trying to learn something and/or doing this as a passion project.

Perhaps someone with technical knowledge can respond with some actual useable info on what the process would be like, even if its guaranteed to fail due to mismatched kernel versions etc.

is that why you're bumping a one year old thread ?

sure, but some projects are just time vampires without any chance of a positive end result.

it's more honest than "have fun, come back in two years, so we can tell it's all been for nothing ..."

like, get a box that can reverse engineer ICs ?

so what's the point ?

1 Like

I would very much like to know how someone would go about RE/extract device drivers or firmware blobs from original OEM openwrt firmware. I have already gained access to the filesystem, but im not sure where to go next.

@frollic there as multiple threads on here with the same type of question- better to not open another thread and have another bunch of people post 'buy another router' - if everyone did that then wed have no supported devices

Dump the firmware, find the blob, throw it in IDA or Ghidra and start cracking. Only it’s not really going to be as easy as that.

It’s really just easier to get supported hardware, or at least hardware that has design docs available for developers to use. Nobody wants to throw years reverse engineering Broadcom devices, only for them to be out of date or impractical when they’re done.

1 Like

Ok but how do i find the actual firmware blob, is there some kind of signature? A location where it is usually found? How does openwrt interact with the blob?

Btw my device is qualcom, with decent platform support already;

I dont think RE this stuff would take years and some of us enjoy the pain anyways.

My device thread is here, but i suspect some firmware blobs need to be extracted and I cant find a lot of help searching the forum. My next steps would be to go look at some of the blobs extracted from similar devices by other people and try find some kind of signature or something, but since many people have done this successfully, youd think more info is available here regarding this

Start with /lib/firmware or better yet find a copy of the qsdk and get them from there.

Even after you have the ‘blobs’ you still have the issue that they were only compiled to work with the single kernel version in the qsdk and with whatever patches Qualcomm made to the kernel to support their closed source modules.

The people here don’t say this for no reason, we’re trying to save wasted effort that could be used to improve the actual open source kernel modules

1 Like