Archive for July, 2007

Enabling 32MB memory on the linksys WRT54G router (version 2.2 XH only!)

Friday, July 13th, 2007

Once in a while luck strikes. I was really lucky buying an wrt54g when they first appeared. I got a revision 2.2 which meant that they had ironed out the bugs from the first revisions, but not yet decided to cripple the unit as they did in revision 5 and 6. Furthermore I was lucky enough to get a revision 2.2XH on which linksys, for unknown reasons, has put 32MB of memory (normally 16MB for other revisions). Linksys has disabled half of the 32MB to make the unit look like every other wrt54g. Here is how to enable it.

Firstly, no cheating:

~ # uname -a
Linux dd-wrt 2.4.34-pre2 #174 Fri Sep 15 20:38:23 CEST 2006 mips unknown

How much memory to begin with:

~ # cat /proc/meminfo | head
total: used: free: shared: buffers: cached:
Mem: 14516224 13836288 679936 0 462848 5664768
Swap: 0 0 0
MemTotal: 14176 kB

Perform some magic:

~ # nvram set sdram_init=0×008
~ # nvram set sdram_ncdl=0×000
~ # nvram commit
nvram_commit(): end
~ # reboot

How much do we have now?

~ # cat /proc/meminfo | head
total: used: free: shared: buffers: cached:
Mem: 31113216 18386944 12726272 0 1835008 8638464
Swap: 0 0 0
MemTotal: 30384 kB

Ofcourse I use a custom firmware on the unit, but more on that in another post.

Secure information store in a file using dmcrypt

Sunday, July 8th, 2007

I was bored and decided to harden the security for some of the stuff on my server. A server which, by many means, are secure enough. Some people would claim otherwise, as my ssh is still open to the world and not hidden behind a port knocking sequence. But that will change real soon now(tm).

dmcrypt is a Linux device mapper module written by Christopher Saout. I have read and understood all the code as part of my project of migrating Poul Henning Kamps ingenious GDBE module to device mapper, but thats another story. Dmcrypt will be more than adequate for this tutorial. Basically dmcrypt is an AES block encrypter using a single passphrase for all blocks (which makes it really lean and fast, but vulnerable to attacks)

I’ll just provide the actual commands to let you see just how easy it is:

# touch .passwords (only initially/first time)

# shred -n1 -s5M .passwords (only initially/first time)

# losetup /dev/loop0 .passwords

# cryptsetup -y create mypasswords /dev/loop0

# mkfs.ext2 /dev/mapper/mypasswords (only initially/first time)

# mount /dev/mapper/mypasswords /mnt

# ls /mnt

# umount /mnt

# cryptsetup remove mypasswords

# losetup -d /dev/loop0

Could it be easier? AES secured filestore in a single file, right there on your linux filesystem. I have omitted the pesky details on the kernel and userlevel utils, but basically you need support for AES, loop devices, device mapper for both kernel and userland.