Some proprietary firmwares are available to provide alot of useful features and options for the RTL8186-based accesspoints. Mine is Senao/Engenius NCB/ECB-3220. From examining the log produced by the firmware (Management->Log), one can see several lines mentioning the firmware, eg:
One of the most popular proprietary firmwares is AP router, however, cracking this firmware requires the availability of a serial connection to the accesspoint, a luxury i didn't have. So i searched for other firmwares, C3 popped up. C3 is a Brazilian-only rtl-8186 firmware, that supports much of the features provided by AP router (actually, there is great similarity between the two, even filenames of web server HTML files seem to be identical in a number of respects).
In addition cracking C3 firmware is alot easier than AP router and doesn't require the cable.
It seems that when unlicensed the firmware prevents any change to the flash of the accesspoint. upon uploading a firmware of any other accesspoint, the firmware will display Update successful and will change your accesspoint MAC address to that of the license file, disabling the protection on the flash memory of the AP. All you have to do is to change that MAC address to our original address and voila, you have cracked C3 firmware.
The Major disadvantage of C3 firmware is that it doesn't have English support and you
have to get accustomed to see the Portuguese equivalent for some words.
1. Obtain the MAC address of your AP, either from the default firmware or by using SSH
(eg by using Putty for example) Username and password are root, and writing,
write ur MAC address or save it somewhere safe.
* to install the c3 firmware, either select update firmware from original firmware or check this for the TFTP mode
** mind that there are 2 versions of c3 firmware, so select the one that suits ur AP, for me this one did the trick. this however is for Dlink G700AP)
2. select Upload de Licença and upload this file to it
3. Connect via Putty to the AP and write the following
4. Reboot ur AP, either from the web interface or by writing reboot at the SSH prompt.
5. Congrats ur done, grab a dictionary!
This work is done based on AreaWireless.Net efforts Smilar pages
8186NIC Ethernet driver v0.0.5 (Mar 3, 2006)
rtl8186_crypto_init()...
One of the most popular proprietary firmwares is AP router, however, cracking this firmware requires the availability of a serial connection to the accesspoint, a luxury i didn't have. So i searched for other firmwares, C3 popped up. C3 is a Brazilian-only rtl-8186 firmware, that supports much of the features provided by AP router (actually, there is great similarity between the two, even filenames of web server HTML files seem to be identical in a number of respects).
In addition cracking C3 firmware is alot easier than AP router and doesn't require the cable.
It seems that when unlicensed the firmware prevents any change to the flash of the accesspoint. upon uploading a firmware of any other accesspoint, the firmware will display Update successful and will change your accesspoint MAC address to that of the license file, disabling the protection on the flash memory of the AP. All you have to do is to change that MAC address to our original address and voila, you have cracked C3 firmware.
The Major disadvantage of C3 firmware is that it doesn't have English support and you
have to get accustomed to see the Portuguese equivalent for some words.
1. Obtain the MAC address of your AP, either from the default firmware or by using SSH
(eg by using Putty for example) Username and password are root, and writing,
flash get HW_NIC1_ADDR
flash get ELAN_MAC_ADDR (<- this line is not required for my AP type)
write ur MAC address or save it somewhere safe.
* to install the c3 firmware, either select update firmware from original firmware or check this for the TFTP mode
** mind that there are 2 versions of c3 firmware, so select the one that suits ur AP, for me this one did the trick. this however is for Dlink G700AP)
2. select Upload de Licença and upload this file to it
3. Connect via Putty to the AP and write the following
flash set HW_NIC1_ADDR [ur MAC address without brackets and semicolons]
flash set ELAN_MAC_ADDR [ur MAC address without brackets and semicolons]
4. Reboot ur AP, either from the web interface or by writing reboot at the SSH prompt.
5. Congrats ur done, grab a dictionary!
This work is done based on AreaWireless.Net efforts Smilar pages
posted by circoficus at 5:48 PM
8 Comments:
Good effort, Keep up the good work!
On versions 7,Your method does not work...:(
Hey Guy,
Can you post a link to download a older version that work with your method? The version that in www.cetres.com.br did not work anymore.
THX.
on version 7 use the menu gerenciamento > comandos do sistema intead of ssh(putty)
worked for me
Works for me using a comando do sistema. Thanks a lot.
License file is not online anymore.
This comment has been removed by the author.
Is there any possibility to have the firmware for the D-link DWL-G700AP?
The site cetres.com.br isn't up anymore...
Post a Comment
<< Home