Release Asuswrt-Merlin 386.3 is now available

[BlezZ]

Since the upgrade I am not able to connect my Trust wallet (iPhone) through PancakeSwap, SushiSwap, Uniswap. It shows error or nothring happens. Going on 4G works straight away. I have disabled DNS and Trend filter with the same failing result.

 

[ColinTaylor]

I have the same problem as @Unetwork.

This is what my variable looks like (SSID and password redacted):

Do any of your SSIDs and passwords contain non-alphanumeric characters?

 

[XIII]

Do any of your SSIDs and passwords contain non-alphanumeric characters?

Yes; in my pass-phrase, but those (all) "have an encoding in the range of 32 to 126 (decimal), inclusive" (and thus satisfy the 802.11i-2004 specification)

 

[dave14305]

Yes; in my pass-phrase, but those (all) "have an encoding in the range of 32 to 126 (decimal), inclusive" (and thus satisfy the 802.11i-2004 specification)

It also has to pass the test of the httpApi.nvramGet function call, which I assume fails.

asuswrt-merlin.ng/release/src/router/www/device-map/router.asp at 8f4afe68909f16a5911f704ae50334418a1f7151 · RMerl/asuswrt-merlin.ng

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

If you load http://192.168.50.1/device-map/router.asp in a browser window and display the F12 console Network tab, then refresh the page, you should see some appGet.cgi calls. Check the Response of those queries to see if the nvram values are being fetched correctly.

 

[XIII]

Responses for both nvram_get and nvram_char_to_ascii show the correct pass-phrase (the latter URL-encoded).

 

[Wanabo]

Upgraded both routers from 386.3 to 386.3_2.
Upgrading went as smooth as always. Did not experience longer upgrade times or longer GUI access.
USB 3.0 is as always crashing and needs to be downgraded to version 2.0 for correct workings. Pitty, I could use the extra speed from USB 3.0.

 

[dave14305]

Responses for both nvram_get and nvram_char_to_ascii show the correct pass-phrase (the latter URL-encoded).

What about in the first query before the encoding? Something in the data must be breaking the results. What special chars are you using?

 

[XIII]

I'd rather not reveal the characters in my password, unless/until I find a single one causing it...

Would this work:

1. Modify nvram variable wl0_wpa_psk via SSH (but not restart the wireless service)
2. Check results in browser
3. Restore nvram variable wl0_wpa_psk via SSH

Or will all my devices still be disconnected after step 1/2?

 

[dave14305]

I'd rather not reveal the characters in my password, unless/until I find a single one causing it...

Would this work:

1. Modify nvram variable wl0_wpa_psk via SSH (but not restart the wireless service)
2. Check results in browser
3. Restore nvram variable wl0_wpa_psk via SSH

Or will all my devices still be disconnected after step 1/2?

That will work. Don’t use nvram commit either.

 

[dave14305]

Regarding the broken Wireless tab, it comes down to certain special characters returned in the appGet.cgi call breaking the json parser from the ajax call within httpApi.nvramGet. \ is a definite breaking character. Others are possible.

asuswrt-merlin.ng/release/src/router/www/js/httpApi.js at 8f4afe68909f16a5911f704ae50334418a1f7151 · RMerl/asuswrt-merlin.ng

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

 

[Unetwork]

Regarding the broken Wireless tab, it comes down to certain special characters returned in the appGet.cgi call breaking the json parser from the ajax call within httpApi.nvramGet. \ is a definite breaking character. Others are possible.

Thank you for this analysis. Will a future fix be possible to correct the problem ?

 

[dave14305]

Thank you for this analysis. Will a future fix be possible to correct the problem ?

An immediate fix / workaround is to not use special characters in SSIDs or passphrases. I use ! in one of my passphrases and it’s fine, however.

 

[sbsnb]

Will it work to transform the string via URL encoding, Base64, etc. before passing it to appGet.cgi and just unpack it there at some point?

 

[Hazel]

An immediate fix / workaround is to not use special characters in SSIDs or passphrases. I use ! in one of my passphrases and it’s fine, however.

I used to use special characters in my passwords myself, but at a certain point, when I experienced similar troubles, I researched what is actually the difference between the amount of time before something can be cracked by a brute force attack.

As a completely random and unguessable password like 'fnrw0UHUABS1y2iz' (16 chars alphanumerical, capital and lower capital, numbers but NO special characters) already takes literally centuries to crack, I figured I'll be safe, at least during my lifetime and certainly the lifespan of my equipment. These are estimates of course, but the reality is that some of us tend to overcomplicate things unnecessarily. A longer, more complicated isn't, contrary to what most think, necessarily a better, stronger password.

If anyones' interested in calculating password strengths, this is the tool I often use: https://bitwarden.com/password-strength/ (created by a Reddit user, who like me, got fed up with the Lastpass issues and developed his own password manager (free to use but with a very affordable Premium version which is worth every penny) and a complete suite along with it, for home as well as business users). There's no need to overcomplicate things, as you have experienced it can cause enough trouble to find the cause, which could be as simple as a backslash.

If you wish to generate password and see at the same time how much time it would to crack it (changes password regularly is a good habit btw), visit https://bitwarden.com/password-generator/

*Disclaimer: I'm in no way affiliated with Bitwarden, there are no hidden referral links above, I'm just an enthousiastic user hoping to prevent others from experiencing similar troubles.

Well, that'll be enough before I get corrected again for going off topic. Please read before it gets removed as I think it's relevant for all of us.

 

[Unetwork]

An immediate fix / workaround is to not use special characters in SSIDs or passphrases. I use ! in one of my passphrases and it’s fine, however.

Unfortunately this temporary solution does not work in my case. However the SSID is "test" and the password "123456789"

 

[sbsnb]

As a completely random and unguessable password like 'fnrw0UHUABS1y2iz' (16 chars alphanumerical, capital and lower capital, numbers but NO special characters) already takes literally centuries to crack, I figured I'll be safe, at least during my lifetime and certain the lifespan of my equipment.

For those that doubt, consider the distributed.net RC5-72 project. They've had decades of experience optimizing their code to maximize throughput brute-forcing keys. The project has been working on using thousands of computers to brute force a 72-bit key for over 18 years and they've only managed to try 7.9% of the possible keys. A 72-bit key is equivalent to 12.7 alphanumeric characters.

My Ryzen 3900X system is 'only' able to brute force ~500,000,000 keys per second. A 12-character alpha numeric password would take up to 24,000 years to brute force on my machine. Or it would take 24,000 of my CPUs a up to a year.

 

[sbsnb]

Unfortunately this temporary solution does not work in my case. However the SSID is "test" and the password "123456789"

For both 2.4 GHz and 5 GHz?

 

[Unetwork]

For both 2.4 GHz and 5 GHz?

Yes exactly, same problem for 2.4 GHz or 5 GHz.

 

[sbsnb]

Yes exactly, same problem for 2.4 GHz or 5 GHz.

I mean both of them are set to "test" "123456789"?

 

[evlo]

After updating my usb drive with addons does not show up, what could be the cause?

rt-ac86u

VPN director is pretty awesome feature

lol, someone dropped the usb-sata box drive was in so ssd fall off sata connector inside. Nothing wrong with wrt merlin