There is a page that tells you how to casemod the Linksys wireless router (they just call it the WAP11 but it appears to be one of the BEFW11S4 variants.
The Linksys has Linux inside. Intrepid hacker Erik Andersen tells us:
#!/bin/sh # This is what I did to open up the Linksys rom... wget ftp://ftp.linksys.com/pub/network/WRT54G_1.02.1_US_code.bin # I noticed a GZIP signature for a file name "piggy" at offset # 60 bytes from the start, suggesting we have a compressed Linux # kernel dd if=WRT54G_1.02.1_US_code.bin bs=60 skip=1 | zcat > kernel # Noticed there was a cramfs magic signature (bytes 45 3D CD 28 followed shortly by "Compressed ROMFS") at offset 786464 dd if=WRT54G_1.02.1_US_code.bin of=cramfs.image bs=786464 skip=1 file cramfs.image sudo mount -o loop,ro -t cramfs ./cramfs.image /mnt ls -la /mnt/bin file /mnt/bin/busybox strings /mnt/bin/busybox | grep BusyBox # Use uClibc's ldd to get useful answers for non-x86 binaries /usr/i386-linux-uclibc/bin/i386-uclibc-ldd /mnt/bin/busybox |
Linksys now supplies source code on its site (I don't know what's in the various archives, though). Several other similar products, including the Buffalo Technology box, seem to use the same firmware.
There's an interesting site on s more like an epileptic seizure than catatonia, and involves strange blink patterns on the Link, Collision, and 100Mbit diagnostic lights (the 100Mbit light should not normally ever blink).
If this happens, power-cycling the Linksys won't suffice; you'll have to hard-reset the thing. Some versions (like the BEFSR41) have a reset pin that you poke with a paperclip end through a small hole in the front panel labeled Reset. Some versions (like the BEFW11S4) have a reset button on the back. You have to hold these down for about thirty seconds to hard-reset the nonvolatile RAM. This will lose your configuration settings.
Linksys boxes support MRTG, the Multi Router Traffic Grapher, which queries devices via SNMP. It is not clear what the extent of the SNMP support is, as it's not documented. This security advisory from January 2002 claims Linkys doesn't distribute a MIB because their implementation of SNMP is broken.
Linksys blue boxes have a webserver embedded in their firmware. The normal way to administer one is to point a browser at its IP address on your network. You program the box by filling out HTML forms.
This is a nice bit of design that neatly avoids having OS-specific client software. But some older versions of the webserver firmware have a quirk that interacts with a bug in Mozilla (at least at release 1.0.1) to make the interface almost unusable. Fortunately, the recovery procedure is trivial. This bug was known to be present as late as 1.40, and also interfered with Netscape; it is absent in 1.44 and a good reason to upgrade. We have a report that Mozilla 1.3 fails with 1.43, so whatever change fixed the problem likely came in with 1.44.
The symptom you're likely to see is a broken-image icon at the upper left hand corner of each page. The broken image is a series of file-folder tabs for an image map. That image map is how you get to the other web pages.
You can recover by right-clicking on the broken-image icon. Select "View Image", then back out. This will build the image map correctly.
You will almost always have to do this on the first page, but it often won't trigger on later page loads.
Here's what's going on. Mozilla tries to stream multiple concurrent requests at the webservers it talks to in order to speed up page loading. The dimwitted little firmware webserver in the Linksys is only single-threaded and doesn't handle concurrent requests. So there's a race condition. When you hit the window just right, you get an aborted request and a broken graphic.
Most other browsers are immune to this problem. Konqueror doesn't trigger it. Neither does Internet Explorer.