Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Can You Avoid Routers With Locked Firmware?

Posted by EditorDavid on from the wise-why's-of-WiFi dept.

thejynxed writes: Awhile ago the FCC in the USA implemented a rule that required manufacturers to restrict end-users from tampering with the radio outputs on wi-fi routers. It was predicted that manufacturers would take the lazy way out by locking down the firmware/bootloaders of the routers entirely instead of partitioning off access to the radio transmit power and channel ranges. This has apparently proven to be the case, as even now routers that were previously marketed as "Open Source Ready" or "DD-WRT Compatible" are coming with locked firmware.

In my case, having noticed this trend, I purchased three routers from Belkin, Buffalo, and Netgear in Canada, the UK, and Germany respectively, instead of the USA, and the results: All three routers had locked firmware/bootloaders, with no downgrade rights and no way to install Tomato, DD-WRT, OpenWRT, etc. It seems the FCC rule is an example of the wide-reaching effect of US law on the products sold in other nations, etc. So, does anyone know a good source of unlocked routers or other technical information on how to bypass this ridiculous outcome of FCC over-reach and manufacturer laziness?
The FCC later specified that they were not trying to block Open Source firmware modifications -- so leave your best suggestions in the comments. How can you avoid routers with locked firmware?

8 of 320 comments (clear)

  1. Turris Omnia by JoSch1337 · · Score: 5, Interesting

    https://omnia.turris.cz/

    Specs: 1.6 GHz dual-core ARM, 2 GB DDR3, 8 GB flash, 5 Gbit LAN, 1 Gbit WAN, 2 USB 3.0, 2 Mini PCI Express, 1 mSATA / mini PCI Express, 3x3 MIMO 802.11ac, 2x2 MIMO 802.11b/g/n

    I use it together with two hard drives attached via SATA.

    It ships with a custom version of OpenWRT but you can also install other stuff on it like Debian:

    https://wiki.debian.org/Instal...

    Or openSUSE:

    https://en.opensuse.org/HCL:Tu...

    1. Re:Turris Omnia by AmiMoJo · · Score: 3, Interesting

      Seems very expensive for what it is... If you go on AliExpress and search for "x86 router" or "arm router" you will find hundreds of options costing less than 1/3rd as much. For example: https://www.aliexpress.com/ite...

      Celeron J1900 (quad core, 2.4GHz)
      1x DDR RAM RAM socket
      Intel chipset
      mSATA SSD slot
      4 Intel I211AT gigabit LAN ports
      3x USB 2.0
      1x USB 3.0
      2x MiniPCIe ports
      10W max power consumption

      The case has holes for wifi antennas, which you can order with it. It's pretty much a standard PC so will run whatever Linux or even Windows OS you want. It's got VGA as well which can be handy for an emergency shell.

      You could add a really simple UPS with a 12V lead acid battery and a few diodes too.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Separate Access Point from Router by aaarrrgggh · · Score: 4, Interesting

    Personally, I find that going with a dedicated router and dedicated access point(s) makes for a more flexible solution anyway. Better placement options, easier to upgrade the wireless, etc. I use Ubiquiti gear, which gives me Vyatta on the routing/firewall and a solid (locked down) access point.

    Curious to try out the little pfsense appliances, but they are a bit more pricey.

  3. "save wifi" campaign by lkcl · · Score: 3, Interesting

    The FCC later specified that they were not trying to block Open Source firmware modifications

    they were told IN NO UNCERTAIN TERMS that this is exactly what would happen - that manufacturers would take the "lazy" way out. unfortunately, a number of prominent "open source" activists completely and utterly failed to comprehend that this would happen, and ENDORSED the FCC's proposal.

    there are some very specific companies that sell RYF-Endorsed products (answering the OP's question: google "RYF Certified router" or other such keyword combinations), and these companies are near-completely screwed. if they are not careful they have to sell ILLEGAL products in order to satisfy the RYF-Endorsement Criteria! however it turns out that there's a small workaround: what they can do is put an UNPUBLISHED hidden link into the web interface in order for users to carry out quotes unauthorised quotes firmware updates.

    basically as a world-wide community we f******d up. the opportunity to stop the FCC from being a Corporate lap-dog was when the "Save WIFI" campaign was underway. it was a complex situation understood by very few people: we should have listened to the people who properly understood it, and supported them. we didn't do that... and now we suffer the consequences, as indicated by the OP.

  4. Re: Get a cheap PC that 10 years old, add PFSense by raburton · · Score: 4, Interesting

    Can't argue with the pricing there. But if you want something lower power and smaller size try one of these https://m.aliexpress.com/s/ite... still more power than you need for most applications (especially if you're comparison is some crappy little MIPS router). I considered pfsence but I'm more of a Linux person and didn't need the bells and whistles of the nice GUI, so it's just running stock Debian with ip tables and very little else on it (but with a lot of options if you want to do more with it).

  5. Re:Get a cheap PC that 10 years old, add PFSense by thegarbz · · Score: 4, Interesting

    It's recommendations like this that are the reason for America's incredible high emissions per capita stats.

    Running a full powered PC from an era that didn't concern itself with efficiency, in a field (servers) which didn't concern themselves about efficiency instead of a small appliance that should use less power than an energy saving bulb.

  6. Don't blame the FCC by Solandri · · Score: 5, Interesting

    Blame the idiots hacking their firmware and using their routers irresponsibly (illegally).

    First you have to understand why the FCC made the request to router manufacturers. Shortly after the FCC opened up the 5 GHz band for unlicensed use, terminal doppler weather radar was invented in response to several airliner crashes due to adverse weather conditions. Unfortunately, it relies on frequencies smack dab in the middle of the open 5 GHz band, so the FCC took the unusual step of revising their rules which opened up those frequencies

    That's why most 5 GHz devices only support channels 36-48 and 149-165. The intermediate channels were reclassified as DFS - dynamic frequency selection. Open devices could use them, but if they detected weather radar in use they had to switch to a different channel. A few devices actually do this and check to see if weather radar is in use. Most manufacturers just took the easy way out and blocked out channels 50-144 entirely in the firmware.

    DD-WRT supports DFS - it will change frequencies if it detects weather radar in use (at least it does on my hacked TP-Link). If you install third party firmware and use the 5 GHz band, do the responsible thing and enable this functionality if you're going to enable channels 50-144. Unfortunately, some idiots didn't do this, which caused the FCC to grow concerned about the impact of third party firmware on the effectiveness of TDWR. That's why the FCC made the request to router manufacturers. Not because they hated third party firmware, but out of concern for the safety of the flying public.

    This is why we can't have nice things - a few idiots ruin it for everyone else. I had lots of fun with lawn darts as a kid, but we always treated the target area as if it were a shooting range. Here's an example of what happens to TDWR when an idiot blasts their router in the TDWR frequencies. The unauthorized broadcast shows up as a wedge-shaped area spanning a few degrees and extending to the edge of the radar image, completely obscuring any weather in the wedge.

    And buying the router in Canada or Europe won't make any difference because those countries have the exact same restrictions on those TDWR frequencies. The only reason they're not being as aggressive as the FCC is because TDWR so far is mostly used at U.S. airports. Eventually most airports in the developed world are going to upgrade to it (or at least airports which frequently encounter bad weather). So the regulatory agencies in Canada, the EU, and most of the rest of the developed world are all going to be on the same page as the FCC once TDWR is rolled out in those countries.

  7. Re:Get a cheap PC that 10 years old, add PFSense by mellon · · Score: 4, Interesting

    I'm currently experimenting with the NanoPi, which I think has better I/O (it has gigabit ethernet and comes with an antenna). I haven't gotten openwrt running on it yet, but am working on it: http://nanopi.org/NanoPi-2_Fea...

    The best thing about it is that if it doesn't suck, I can just scatter a bunch of them around the house--they are ridiculously cheap compared to typical WiFi routers.

    If you want something a lot beefier, consider getting a Turris Omnia. Not cheap, but it's practically a server, and will draw a lot less power than your 10-year-old PC. They are working on FCC certification, should be available in the U.S. in a few months. I have one from the kickstarter... :)