Posted: Thu Apr 15, 2010 1:15 Post subject: New Belkin Routers (04/2010)
This month, Belkin released a new series of routers, the "Surf", "Share", "Play", and "Play Max". All of the details can be found at their website. I did a little research and found this info:
Quote:
The Play Max is a Broadcom-based dual-radio design using a BCM4718 Intensi-fi XLR 802.11n Simultaneous Dual-Band (2.4/5 GHz) Router SoC Wireless Network Processor, which includes the processor, BB/MAC and radios. The radio in this device appears to be used for the 2.4 GHz radio only, while a Broadcom BCM43224 Integrated 802.11a/b/g/n is used for the 5 GHz radio.
Broadcom BCM53115 switch provides the Gigabit WAN and LAN ports without jumbo frame support and 64 MB of RAM and 8 MB of flash round out the design.
The Play Max also has two USB 2.0 ports that can share a printer and have a USB drive attached. The attached drive can be used with the Vuze BitTorrent download app, for general networked file storage and apps for UPnP / DLNA media serving and client backup via a bundled client.
If it's running these apps, I am assuming it's running some sort of Linux. So maybe it has a future with dd-wrt :D
I bought a Play Max from Amazon and got it today. So far, it's a heck of a lot better than some of those notorious routers that lock up frequently.
(This is my first post here, but I am not new to dd-wrt. I have a Fonera running dd-wrt that I use as an AP in my dorm room, or as a wireless bridge when I'm at home for my 360)
Posted: Mon Apr 19, 2010 15:14 Post subject: Belkin Play
I actually just picked up a Belkin Play myself - definitely a solid router and awesome price considering it has a similar chipset to the Linksys 620N. I cracked it open and took pictures, which I will upload later. It definitely has a BCM4718 in it, which I know the Play Max has as well.
I'll admit that I don't know a whole lot about JTAG, although it looks like there are pins for it here. There are also a few other headers on the board, one of which is for the second USB port that's found on the Play Max (model 4301).
I'd love to know more about what I have here, so any comments are welcome. Also, considering that the chipsets are similar to the Linksys 610/620N, i'm wondering if that process for flashing would work?
Done. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Apologies for the overly high-res pics - wasn't on my usual comp and didn't have a good grasp on how big they were. I'll make sure the additional pics are the right size.
Posted: Wed Apr 21, 2010 22:55 Post subject: Definitely Linux
It's definitely Linux - it even shows up under my shared network resources as an independent device named "ROUTER". I ran the Belarc advisor test (which is great, btw) and it shows it as a Linux device.
Now the question is how to go about flashing the firmware. I've successfully implemented DD-WRT on a Linksys WRT54Gv2, so I do have some experience with flashing and subsequently configuring, but I don't claim to be an expert.
I attempted to flash using TFTP and the subscribed method, including the 30-30-30 reset, but didn't have any success. In fact, I found that doing the 30-30-30 actually did *NOT* clear any of the router's settings. I'm not sure why, but would be curious to find out. I also noticed during my "infinite ping" loop that, once the reset button is held down, the TTL is 100, whereas it's 64 when the router is active (green light on, not in reset mode). Not sure what this indicates/means, either.
Definitely open to any advice/questions. Thanks in advance!
Posted: Thu Apr 22, 2010 2:32 Post subject: More Linux Proof
This just in...
Belkin released firmware update 1.0.0.15 to my router through the automatic update feature (it was not available on their website... not sure why).
Well, prior to that, nothing had been showing up in the security logs section.
Now, there are things populated there. Of particular note was this:
Using dnsmasq, eh?
I did some configuring in DD-WRT on my Linksys that included using dnsmasq to pass out IPv6 addresses to my connected devices. It looks like the underlying Linux distro used in this firmware might be more robust than i'd thought. I'd like to figure out how to start issuing command line requests to the OS... would this be something that can be done via telnet? (I'm not a telnet expert, but I know there are some people on here that are)
Also of particular note is the fact that this firmware is not available in the open source section of Belkin's website, whereas a bunch of their other router firmware sources are. I wonder if this falls under the GPL or not. (Hopefully)
I'm glad there's finally some activity in here. Thanks for tearing apart your Play, I've had nothing but problems with routers in the past 2 years so I figured I'd wait a month before deciding whether or not I wanted to return it. So far, so good. I knew it ran Linux, we just need to figure out how to get into it now.
Totally agreed!
I've used a ton of different routers in the past, and the DD-WRT firmware is by far the most robust, to the point where other manufacturer firmware is just awful in comparison.
Spec-wise this Belkin router (the Play - and yours, the Play Max) is fantastic. It has the same chipsets as the high-end Linksys routers for half the price. Once we can get DD-WRT on them, they'll be really awesome.
I have to say that i'm not a big fan of the Belkin firmware, but then again I never have been, and I bought this router for the guts, not the firmware.
So far i've tried to load DD-WRT using the methodologies listed in the posts for the Linksys WRT-620N but haven't had much success. I think the problem is that I keep missing the "window" for the firmware to flash properly. One thing I do know is that i'm not comfortable trying to flash this thing in any way other than TFTP (what i've been trying) or by putting together a JTAG cable - which i've never done before, but would be willing to try.
It's a shame we can break into the Belkin firmware, as it appears that it's running a lot of the underlying components that are found in things like DD-WRT, an example being DNSMasq.
I'll keep fighting the good fight in trying to find out more info across the web - let me know if you find anything as well!
First I would like a moment of silence for my WHR-125G, he died valiantly with his wife the cable modem during a thunderstorm Tuesday. He will be missed...
I got the play last night as it was the cheapest dual radio router that was available at the store, I checked on a laptop they had on display to see if the play was listed as compatible, I saw that it was WIP and brought it home.
So far, I have tried flashing it with tftp like TheUSMarshell above. I have not had any luck, my next thought is to perhaps edit the latest SVNs header to match that of the Belkin firmware.
update: I think I might have made a breakthrough!
2.png
Description:
Look What I found! First, start with the router unplugged, then hold the reset button down, while holding the button plug in the power and hold the power button for another 10 or so seconds.
Filesize:
111.17 KB
Viewed:
79692 Time(s)
6.png
Description:
Immediately I tried the obvious and tried to upload several different dd-wrt firmwares, each was met by this screen. when I uploaded the belkin firmware, the router rebooted itself in several minutes and came back to itself.
Filesize:
81.2 KB
Viewed:
79692 Time(s)
Last edited by deadlyquirk on Sat May 29, 2010 8:27; edited 1 time in total
Additionally, I played around with the links to restore the firmware and reboot the router. It's actually fairly interesting.. the reboot link is 192.168.2.1/do.htm?cmd=reboot the link to restore the default nvram is 192.168.2.1/do.htm?cmd=nvram+erase My assumption is that anything that you pass to do.htm will be run. My next assumption was that the router was running busybox(as most embebed linux systems do) I haven't found anything one way or the other to prove it, but if busy box is there, it doesn't have telnet compiled into it.
1.png
Description:
This is what is returned when I resored the nvram. Notice the command as a variable. I'm going to assume that we are dealing with some sort of embebed linux.
Filesize:
89.1 KB
Viewed:
79692 Time(s)
3.png
Description:
I tried several commands(ls,busybox +telnetd,etc) but was unable to get any output on [b]do.htm[/b] I think that the page is static and would say Command complete no matter what.
Filesize:
105.48 KB
Viewed:
79692 Time(s)
5.png
Description:
After following my assumption that the system was running busybox, I ran a full port scan in nmap. The only open port was the webserver.
I did not try to start dropbear(which is the usual mini ssh server), or tftp so there might still be hope for those,