Posted: Tue Dec 06, 2016 19:00 Post subject: add tomato feature to dd wrt
Hello room
Im posting this as I managed to port essentially a tomato feature onto DD WRT. What it does is when I press the wps/ez access button for 10 seconds, it turns on a backdoor telnet port on port 322 for backdoor access. You can use this if you have a bad firmware flash that seemingly locks you out of the router (happened to me on tomato, dont know how likely on dd-wrt but it is there) OR you forget your password and need to recover without resetting your whole configuration (some of us have long complicated ones that can make a reflash a bit of a project).
To do this in my implimentation is quite simple and involves no other tools outside nvram. What you simply need to do is go to Administration > commands on your router and paste the following code into the commands box and then click save as startup:
What the script does:
1. make a folder for /tmp/etc/config (as per the dd wrt wiki on adding commands for the wps button)
2. create a script echoing each line into the file to start the hidden telnet service
3. make the script executable.
Once the script is running, accessing that port will return your root shell to the router. You can then go in, make your configuration changes and leave. To then close the backdoor, simply kill the process.
Hopefully this can help people and is a clever way to setup a backdoor on a home router you own or possibly maintain for someone else!
As a point if anyone didnt realize, the script I provided will generate the script at every boot, you can probably integrate it into an existing one as well.... also it will be wiped whenever the router is rebooted but the startup script will simply re generate it.