While we tried very hard to produce a technically accurate book, it is inevitable that there will be corrections. If you find something, please let us know ASAP and we will post it here!

So far everything is good :)

Cheers,

PaulDotCom

Stay tuned!

All:

First, let me welcome all of you to the official web site and blog for our "Linksys WRT54G Ultimate Hacking" book! We are very excited to have completed the book, and even more excited to continue to provide information on embedded device hacking via this web site and blog.

First order of business, our book is shipping! W00t! You can purchase it via the links on the front page via Amazon.

Next, we have a winner of our book contest! The contest was to be the first person to send us a picture of themselves with the book. Doing so would win you (Compliments of the PaulDotCom Security Weekly Crew):

• An autographed copy of Wireshark & Ethereal Network Protocol Analyzer Toolkit
• An autographed copy of Network Security Hacks, 2nd Edition by Andrew Lockhart
• An official PaulDotCom Security Weekly Hack Naked beer drinking mug and t-shirt

And the winner is......Dave! Who submitted a wonderful picture of himself holding the book and two WRT54G routers (whoops, don't drop one :).

Congrats Dave!

Stay tuned, good things coming...

Paul "PaulDotCom" Asadoorian

Without further ado: Inside the WRT54G version 8!

Before we get to the juicy bits, this version will be very easy to identify on the store shelves. Linksys has totaly redesigned the packaging:

The power supply has remained the same here in the US, with 12 volt output. Nothing to see here folks. The front panel also remains the same as the last few versions:

Before we even get this bad boy apart, we can see some very significant design changes. No more removable antennas! (we'll get to this more in a bit)

When we open up the case, we can immediately see that the board design looks different from some of the earlier versions. I'm not sure of how it stacks up to the version 7, as we've been unable to locate one locally. The front of the board looks different:

The reverse side of the board actually features some components, even if they are SMT resistors:

With some closer inspection, we may be drawn to the traces for the wireless antennas. It looks like the traces still exist for the removable connectors. Possibly for future board revisions, or a hold over from the v7 design:

Guess what! Those traces also contain, what looks like a U.FL antenna connector! Certainly we can find a pigtail online to convert to something we can use. Add a little de-soldering braid, and a soldering iron to that mix and we've got a removable antenna, at least on the primary connenctor. Looks like we'd also need to disable antenna diversity too. Here's a good look at the U.FL connector:

Further examination of the board reveals some more of the standard features we've come to expect. The first is the JTAG header:

There is also another set of headers, which would appear to be a single serial port. this remains unconfirmed by us at this point, but all signs point to yes: capability in the chipsets (the BRCM5354 spec sheet states that it has two UARTs available), and the proper pin count. Why only one port? Who knows, but I would bet that the other serial port could be found on the board, just not at a header. Here's a good look at the possible serial port:

The RAM installation seems to be fairly typical With a Samsung chip:

But wait! What's that you say? You read the Samsung chip documentation, and is says the chip is 64M? Well, sure! We still need to confirm that some open source firmware (say...OpenWrt) can take advantage of the additional RAM, if the extra RAM meets up to the documentation. All available reports state that this unit only has 8M!

Even more changes to the design for the version 8 is a diversion from the Intel based flash chip. Linksys has opted to drop the Intel brand for a company named Spansion, which is apparently a subsidiary of AMD. The new Spansion S29AL016D90TF chip is listed as being 16M, however other available documenation only lists flash as 2M! It looks as though the chip is modifiable to protect some sectors, limiting the amount usable memory sectors. Overall, this device may be quite nice for hacking, given the alleged 64M RAM and 8M of flash. Here's a good look at the the Spansion flash chip:

Again the Broadcom SoC has changed to the BCM5354KFBG, which operates at 240Mhz! This chipset contains all of the goodies: ethernet switch, main processor, and wireless processor. Here is a shot of the chip:

In combination with the wireless processor, the wireless power amp chipset can be located under the nice metal shielding, and is of the SiGe SE2528L RangeCharger variety, which is rated at 24dBm for 802.11b networks and 21dBm for 802.11g networks. Here is a look of this sneaky little animal:

In even more modifications, we have some additional changes related to the power conversion and regulation chipset. The main power conversion chip has remained the same with the AnaChip AP1513 which can take an input voltage of between 3.6 and 18 volts DC, in combination with the SK33B Schottky Rectifier, it utilizes a separate resistor to regulate maximum power output. While I have been unable to confirm, I'd suspect that like the board requirement has been capped at between 3.3 and 3.6 volts, the optimal voltage range for many of the other components. Here's a close-up of the chip combination:

While I thought that this new release would be very disappointing for my hacking pleasure, there are clearly a few questions that need answering in relation to RAM and Flash. The wireless antenna situation can apparently be rectified, and apparently reduced power requirements make alternate power sources very tempting.

We hope that you have enjoyed our willful voiding of our warranty for your viewing pleasure! Any questions, comments or updates are appreciated. - Larry