amtm amtm 5.2 - the Asuswrt-Merlin Terminal Menu, February 09, 2025

[Jaime Alvarez]

Isn't .ch the Swiss TLD?

 

[Viktor Jaep]

Isn't .ch the Swiss TLD?

Oh whoops. I couldn't read it due to the dark red on black until zoomed in further.

Again, same reasoning stands - could be blocked. Try another mirror?

 

[Tech9]

I couldn't read it due to the dark red on black

No worries...

 

[Viktor Jaep]

No worries...

View attachment 64243

No wonder I can't see red. Lol

 

[elbubi]

You're trying to update through China. Perhaps something is getting blocked going that route?

Thanks for your reply Victor.
I did not quite get it though, my ISP is from Argentina, and I don't use a VPN to ruote through China.

Please tell me I'm not hacked (once) again...
In TOP I'm seeing a proccess I don't recall (bwdpi), I've read its related to TrendMicro, what intrigues me is its location (/tmp/bwdpi)

Do you see anything strange?

Thanks once again for your help.

 

[Viktor Jaep]

Thanks for your reply Victor.
I did not quite get it though, my ISP is from Argentina, and I don't use a VPN to ruote through China.

Please tell me I'm not hacked (once) again...
In TOP I'm seeing a proccess I don't recall (bwdpi), I've read its related to TrendMicro, what intrigues me is its location (/tmp/bwdpi)

View attachment 64250

Do you see anything strange?

Thanks once again for your help.

Sorry... You're not using the Chinese server - my mistake for not zooming in far enough.

In AMTM, try changing your source server. Perhaps something is blocking your route to the .ch server?

 

[elbubi]

Thanks once again for your reply Victor.
Tried to change server but did not find that option.
Nevertheless, I tried pinging diversion.ch and its reachable.

 

[Jaime Alvarez]

Thanks once again for your reply Victor.
Tried to change server but did not find that option.
Nevertheless, I tried pinging diversion.ch and its reachable

I noticed your router has an older firmware version (3004.388.7). You might want to try updating to the latest 3004.388.8_4 and see if you can update amtm.

 

[elbubi]

Hi Jaime. Yes, I've been on 388.8_4 before but I had some issues (my bad, dirty upgrade), so I reverted back to 388.7.
Now I'm abroad, so no chance to updagre from scratch. Do you think it might be fw related? I've updated amtm a few times under this fw version.

Regards and thanks for your help

 

[Jaime Alvarez]

Hi Jaime. Yes, I've been on 388.8_4 before but I had some issues (my bad, dirty upgrade), so I reverted back to 388.7.
Now I'm abroad, so no chance to updagre from scratch. Do you think it might be fw related? I've updated amtm a few times under this fw version.

I do dirty upgrades all the time without problems. But sometimes, when I have a strange issue that defies expalantions, I have resorted to a hard reset and configure everything from scratch.

Regards and thanks for your help

No problem. Greetings from Chile!

 

[dave14305]

Do you think it might be fw related?

Login via ssh and run this test:

curl -v -o /dev/null https://diversion.ch/

Post the full results.

# curl -v -o /dev/null https://diversion.ch/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 80.74.145.140:443...
* Connected to diversion.ch (80.74.145.140) port 443
* ALPN: curl offers http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2609 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=diversion.ch
*  start date: Feb 10 00:07:27 2025 GMT
*  expire date: May 11 00:07:26 2025 GMT
*  subjectAltName: host "diversion.ch" matched cert's "diversion.ch"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> GET / HTTP/1.1
> Host: diversion.ch
> User-Agent: curl/8.4.0
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [265 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [265 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0< HTTP/1.1 200 OK
< Server: nginx
< Date: Fri, 07 Mar 2025 15:09:43 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Encoding
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Expires: Fri, 06 Jun 1975 15:10:00 GMT
< Vary: User-Agent,Accept-Encoding
< Set-Cookie: PHPSESSID=2db7a7571b502e1d603fcda24ba510bf; path=/; HttpOnly
< Last-Modified: Fri, 07 Mar 2025 15:09:43 GMT
< Strict-Transport-Security: max-age=15768000; includeSubDomains
<
{ [15843 bytes data]
100  183k    0  183k    0     0   132k      0 --:--:--  0:00:01 --:--:--  169k
* Connection #0 to host diversion.ch left intact

 

[elbubi]

Login via ssh and run this test:

curl -v -o /dev/null https://diversion.ch/

Post the full results.

Hi Dave.
Thanks for your help.

Here's the output:

:/tmp/home/root# curl -v -o /dev/null https://diversion.ch/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 80.74.145.140:443...
* Connected to diversion.ch (80.74.145.140) port 443
* ALPN: curl offers http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2609 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=diversion.ch
*  start date: Feb 10 00:07:27 2025 GMT
*  expire date: May 11 00:07:26 2025 GMT
*  subjectAltName: host "diversion.ch" matched cert's "diversion.ch"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> GET / HTTP/1.1
> Host: diversion.ch
> User-Agent: curl/8.4.0
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [265 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [265 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx
< Date: Fri, 07 Mar 2025 16:43:51 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Encoding
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Expires: Fri, 06 Jun 1975 15:10:00 GMT
< Vary: User-Agent,Accept-Encoding
< Set-Cookie: PHPSESSID=de765b4a919b20095292770cf70e0675; path=/; HttpOnly
< Last-Modified: Fri, 07 Mar 2025 16:43:51 GMT
< Accept-Ranges: none
< Strict-Transport-Security: max-age=15768000; includeSubDomains
<
{ [15822 bytes data]
100  183k    0  183k    0     0  75499      0 --:--:--  0:00:02 --:--:-- 92149
* Connection #0 to host diversion.ch left intact

 

[dave14305]

Here's the output:

Looks normal, so what happens if you try to update amtm now?

Try running this command and post the output:

curl -fNL --connect-timeout 10 --retry 3 --max-time 12 https://fwupdate.asuswrt-merlin.net/amtm_fw/amtm.mod | grep "^version="
find /jffs/addons/amtm/ -type f -exec ls -l {} +

 

[elbubi]

Looks normal, so what happens if you try to update amtm now?

Same error as always:

Try running this command and post the output:

curl -fNL --connect-timeout 10 --retry 3 --max-time 12 https://fwupdate.asuswrt-merlin.net/amtm_fw/amtm.mod | grep "^version="
find /jffs/addons/amtm/ -type f -exec ls -l {} +

 curl -fNL --connect-timeout 10 --retry 3 --max-
time 12 https://fwupdate.asuswrt-merlin.net/amtm_fw/amtm.mod | grep "^version="
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   245    0   245    0     0    408      0 --:--:-- --:--:-- --:--:--   560
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0ve                                               rsion=5.2
100 38965  100 38965    0     0  17958      0  0:00:02  0:00:02 --:--:-- 63254

find /jffs/addons/amtm/ -type f -exec ls -l {} +
find: unrecognized: -type
BusyBox v1.25.1 (2024-04-26 14:22:44 EDT) multi-call binary.

Usage: find [-HL] [PATH]... [OPTIONS] [ACTIONS]

Search for files and perform actions on them.
First failed action stops processing of current file.
Defaults: PATH is current directory, action is '-print'

-L,-follow Follow symlinks
-H ...on command line only

Actions:
! ACT Invert ACT's success/failure
ACT1 [-a] ACT2 If ACT1 fails, stop, else do ACT2
ACT1 -o ACT2 If ACT1 succeeds, stop, else do ACT2
Note: -a has higher priority than -o
-name PATTERN Match file name (w/o directory name) to PATTERN
-iname PATTERN Case insensitive -name
-mtime DAYS mtime is greater than (+N), less than (-N),
or exactly N days in the past
If none of the following actions is specified, -print is assumed
-print Print file name
-print0 Print file name, NUL terminated
-exec CMD ARG ; Run CMD with all instances of {} replaced by
file name. Fails if CMD exits with nonzero

Inside that folder theres a file called "amtm.mod" which first lines are this:

#!/bin/sh
#bof
version=5.0
release="November 17 2024"
amtmTitle="Asuswrt-Merlin Terminal Menu"
rd_version=1.3 # Router date keeper
fw_version=1.2 # Firmware update notification
wl_MD5=1cbf962ffa4593150bd1612352b1d131 # shared-amtm-whitelist

Thanks for your help!

 

[dave14305]

Thanks for your help!

What’s curious is that it’s still running the 5.0 FW version, and not anything newer.

find /jffs/addons/amtm/ -exec ls -ld {} +
ls -l /opt/bin/curl /usr/sbin/curl
df /jffs

Might want to remove the amtm directory under addons and try again, but first run the commands above.
The next step would be to run the script like I show below. It will create a lot of output on the screen, and then prompt you for the menu choice. Enter u for update, let it scroll all the output, and when you get the menu prompt again, enter e for exit. Then PM me a pastebin link of the debug.log file. Your choice, if you want to go that far.

sh -x /usr/sbin/amtm 2>&1 | tee /tmp/debug.log

 

[elbubi]

Hi Dave. Thanks once again for your help.
I will be on the road for the next 2/3 days.
As soon as I'm settled anywhere I will try it, if its not a hassle or a pita for you, otherwise I´ll leave alone and live with it.

 

[dave14305]

otherwise I´ll leave alone and live with it.

I’m too invested in this mystery to give up now! Safe travels.