Custom firmware build for R7800 v. 1.0.2.25SF & v. 1.0.2.29SF

[Voxel]

Continuation of

https://www.snbforums.com/threads/custom-firmware-build-for-r7800.36859/
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-22sf.37222/
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-23sf-v-1-0-2-24sf.37477/

New version of my custom firmware build: 1.0.2.25SF.

Changes (vs 1.0.2.24SF):
1. sqlite3 package is upgraded 3130000->3160000.
2. libgcrypt package is upgraded 1.5.0->1.6.6.
3. libgpg-error package is upgraded 1.9->1.25.
4. sysstat package is upgraded 10.1.7->11.0.4.
5. lzo package is upgraded 2.09->2.10.
6. dbus package is upgraded 1.4.14->1.10.4.
7. libubox package is upgraded 2013-07-04->2016-02-26.
8. ubus package is upgraded 2013-01-13->2016-01-26.
9. libjson package is upgraded to libjson-c 0.9->0.12.1.
10. uci package is upgraded 2013-01-04->2016-02-02.
11. usbmode package moved to build tree.
12. dnscrypt-resolvers.csv is updated.
13. Host tools: four components are upgraded to most recent versions.
14. Toolchain: binutils is upgraded to version 2.28.

(Thanks to vladlenas for additional testing).

Updated: new version 1.0.2.29SF.
Changes (vs 1.0.2.25SF):
1. Integration of changes with stock v. 1.0.2.28:
http://kb.netgear.com/000037848/R7800-Firmware-Version-1-0-2-28
(but miniupnpd is still the same as in all previous versions of stock firmware, so it is strongly recommended to disable UPnP if you do not have real needs in UPnP)

The link is:

https://www.mediafire.com/folder/tyj61i5uc610w/voxel-firmware

No reset is needed to upgrade from my previous versions.

Entware-3x:

vladlenas (again, thanks to him) kindly has provided the space on his own site for Entware users and script for installation of Entware-3x, optimized for IPQ8060x CPU. The link is:

http://ownweb.eu/Downloads/Entware/

The name of script for Entware-3x installation is “entware-setup.sh”.

Voxel.

 

[sharpz44]

Continuation of

https://www.snbforums.com/threads/custom-firmware-build-for-r7800.36859/
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-22sf.37222/
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-23sf-v-1-0-2-24sf.37477/

New version of my custom firmware build: 1.0.2.25SF.

Changes (vs 1.0.2.24SF):
1. sqlite3 package is upgraded 3130000->3160000.
2. libgcrypt package is upgraded 1.5.0->1.6.6.
3. libgpg-error package is upgraded 1.9->1.25.
4. sysstat package is upgraded 10.1.7->11.0.4.
5. lzo package is upgraded 2.09->2.10.
6. dbus package is upgraded 1.4.14->1.10.4.
7. libubox package is upgraded 2013-07-04->2016-02-26.
8. ubus package is upgraded 2013-01-13->2016-01-26.
9. libjson package is upgraded to libjson-c 0.9->0.12.1.
10. uci package is upgraded 2013-01-04->2016-02-02.
11. usbmode package moved to build tree.
12. dnscrypt-resolvers.csv is updated.
13. Host tools: four components are upgraded to most recent versions.
14. Toolchain: binutils is upgraded to version 2.28.

The link is:

https://www.mediafire.com/folder/tyj61i5uc610w/voxel-firmware

No reset is needed to upgrade from my previous versions.

(Thanks to vladlenas for additional testing).


Entware-3x:

vladlenas (again, thanks to him) kindly has provided the space on his own site for Entware users and script for installation of Entware-3x, optimized for IPQ8060x CPU. The link is:

http://ownweb.eu/Downloads/Entware/

The name of script for Entware-3x installation is “entware-setup.sh”.

Voxel.

Hi, Is this easy to install, like the stock firmware and is the GUi still 192.168.1.1 to access, I`ve flashed asus with merlin firmware in the past, does it need a reset and would I need to install your first version.I use my R7800 mainly for gaming so use dynamic QOS ,is streamboost still in this firmware build and would I see better performance.
Thanks for your info on this in advance

 

[pege63]

It Works.........

 

[Voxel]

Hi, Is this easy to install, like the stock firmware and is the GUi still 192.168.1.1 to access, I`ve flashed asus with merlin firmware in the past, does it need a reset and would I need to install your first version.I use my R7800 mainly for gaming so use dynamic QOS ,is streamboost still in this firmware build and would I see better performance.
Thanks for your info on this in advance

Hi,
Installation is the same as it would be a stock firmware. If you have latest stock 1.0.2.20 then it is not necessary to perform reset: all your custom settings should be kept. GUI is still 192.168.1.1. QoS from Qualcomm is workable (plus latest QoS DB is already included into my build).

Performance: people say that my build is faster . In general CPU/FPU are used more properly to utilize their capabilities. You can see some discussion with benchmarks re: stock vs my build in the very first thread (link I referred above).

Voxel.

 

[sharpz44]

Hi,
Installation is the same as it would be a stock firmware. If you have latest stock 1.0.2.20 then it is not necessary to perform reset: all your custom settings should be kept. GUI is still 192.168.1.1. QoS from Qualcomm is workable (plus latest QoS DB is already included into my build).

Performance: people say that my build is faster . In general CPU/FPU are used more properly to utilize their capabilities. You can see some discussion with benchmarks re: stock vs my build in the very first thread (link I referred above).

Voxel.

Thank you and will give this a try

 

[ablatt]

Continuation of

https://www.snbforums.com/threads/custom-firmware-build-for-r7800.36859/
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-22sf.37222/
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-23sf-v-1-0-2-24sf.37477/

New version of my custom firmware build: 1.0.2.25SF.

Changes (vs 1.0.2.24SF):
1. sqlite3 package is upgraded 3130000->3160000.
2. libgcrypt package is upgraded 1.5.0->1.6.6.
3. libgpg-error package is upgraded 1.9->1.25.
4. sysstat package is upgraded 10.1.7->11.0.4.
5. lzo package is upgraded 2.09->2.10.
6. dbus package is upgraded 1.4.14->1.10.4.
7. libubox package is upgraded 2013-07-04->2016-02-26.
8. ubus package is upgraded 2013-01-13->2016-01-26.
9. libjson package is upgraded to libjson-c 0.9->0.12.1.
10. uci package is upgraded 2013-01-04->2016-02-02.
11. usbmode package moved to build tree.
12. dnscrypt-resolvers.csv is updated.
13. Host tools: four components are upgraded to most recent versions.
14. Toolchain: binutils is upgraded to version 2.28.

The link is:

https://www.mediafire.com/folder/tyj61i5uc610w/voxel-firmware

No reset is needed to upgrade from my previous versions.

(Thanks to vladlenas for additional testing).


Entware-3x:

vladlenas (again, thanks to him) kindly has provided the space on his own site for Entware users and script for installation of Entware-3x, optimized for IPQ8060x CPU. The link is:

http://ownweb.eu/Downloads/Entware/

The name of script for Entware-3x installation is “entware-setup.sh”.

Voxel.

Does your firmware address the UPNP Vulnerability described at https://community.netgear.com/t5/Ni...UPNP-vulnerability-CVE-2013-0230/td-p/1230658 ?

 

[xeqw]

Looks like there's a new official firmware version 1.0.2.28 that fixes "security issues".

The Netgear page still links to the 1.0.2.20 firmware though, you'll have to manually change the download link to 1.0.2.2.zip.
http://kb.netgear.com/000037848/R7800-Firmware-Version-1-0-2-28?cid=wmt_netgear_organic

Voxel, is your firmware numbering 1.0.2.xxSF intended to correspond with the official firmware numbering?

 

[Voxel]

Does your firmware address the UPNP Vulnerability described at https://community.netgear.com/t5/Ni...UPNP-vulnerability-CVE-2013-0230/td-p/1230658 ?

miniupnpd (UPnP daemon) is included into GPL source codes of a stock firmware in binary form (pre-compiled, no source codes are available). So my build uses this UPnP daemon w/o any changes. Thus the same report. In general, Netalyzr reports that “This system may be vulnerable to CVE-2013-0230”. Maybe yes, maybe not. It is known to Netgear only (maybe they already corrected it, and because of this it is in binary form only).

From the other hand, gold rule: do not use UPnP w/o real necessity. First time when I executed Netalyzr with UPnP switched off (my default settings) it displayed me all green results and one yellow warning regarding slow DNS respond (I use dnscrypt-proxy). When I stopped dnscrypt-proxy, all results were green. But when I enabled UPnP for testing, I got the same red message (UPnP). So… If you do not really need UPnP just disable it (dnscrypt-proxy is a bit slower, but I prefer to use it for my privacy).

Voxel.

 

[Voxel]

Looks like there's a new official firmware version 1.0.2.28 that fixes "security issues".

The Netgear page still links to the 1.0.2.20 firmware though, you'll have to manually change the download link to 1.0.2.2.zip.
http://kb.netgear.com/000037848/R7800-Firmware-Version-1-0-2-28?cid=wmt_netgear_organic

Voxel, is your firmware numbering 1.0.2.xxSF intended to correspond with the official firmware numbering?

Ugh... Again a lot of job. Next day after my release... Without a moment's rest...

Yes, my numbering corresponds to NG's. First release after stock 1.0.2.20 was 1.0.2.21SF (when I integrated stock 1.0.2.20). Now there should be 1.0.2.29SF (at least).

Voxel.

 

[eliz82]

Entware-3x:
vladlenas (again, thanks to him) kindly has provided the space on his own site for Entware users and script for installation of Entware-3x, optimized for IPQ8060x CPU. The link is:
http://ownweb.eu/Downloads/Entware/
The name of script for Entware-3x installation is “entware-setup.sh”.
Voxel.

it will be nice if he will keep a directory name of the entware with the date of the release, like you did in the latest releases.

so is the same release with this one https://www.mediafire.com/?h1031dvwkz0j2
(20)17.02.21 ?

 

[RMerlin]

miniupnpd (UPnP daemon) is included into GPL source codes of a stock firmware in binary form (pre-compiled, no source codes are available). So my build uses this UPnP daemon w/o any changes. Thus the same report. In general, Netalyzr reports that “This system may be vulnerable to CVE-2013-0230”. Maybe yes, maybe not. It is known to Netgear only (maybe they already corrected it, and because of this it is in binary form only).

If Netgear publishes it in binary-only form, it means they haven't made any change to it (or else the GPL licensing would require them to publish their changes). I'd say you should be fine replacing it with a newer version, if you're willing to go down that route. Unless someone missed the GPL licensing requirements on this specific component.

The last "major" vulnerability I remember for miniupnpd goes back to version 1.4-xxxxxxxx or something like that.

Might be time for you to get in touch with Netgear I think, so you can at least clarify these types of questions. Try pinging @NETGEAR Guy as a starting point If Netgear is anything like Asus there, they will most certainly welcome the chance to help you, if in the end it turns out you're actually helping them sell products.

 

[Voxel]

If Netgear publishes it in binary-only form, it means they haven't made any change to it (or else the GPL licensing would require them to publish their changes). I'd say you should be fine replacing it with a newer version, if you're willing to go down that route. Unless someone missed the GPL licensing requirements on this specific component.

The last "major" vulnerability I remember for miniupnpd goes back to version 1.4-xxxxxxxx or something like that.

Might be time for you to get in touch with Netgear I think, so you can at least clarify these types of questions. Try pinging @NETGEAR Guy as a starting point If Netgear is anything like Asus there, they will most certainly welcome the chance to help you, if in the end it turns out you're actually helping them sell products.

Well, you know, this version of miniupnpd was definitely changed. First, as I browsed this binary, it contains some Netgear's specific stuffs: contains text constants such as "http://www.netgear.com" or "Device NETGEAR WAN" or "NETGEAR R7800 Wireless Router" etc. Second, it is confirmed by Netgear in GPL file "r7800_gpl_source_list.txt" :

miniupnp, 20070127, BSD, Yes

what means: package: miniupnpd, version: 20070127, license: BSD, modified: Yes.

Regarding "time to get in touch with Netgear" I did four attempts. First: my mail to their GPL and sales, second and third: asking Peter Redmer, who is admin of myopenrouter.com to send my suggestions for cooperation to Netgear developers, fourth: one guy passed me e-mail of one from Netgear leader of development project. All this resulting nothing. I used the same words, it is common sense that my job helps them in sales. It is common sense that cooperation can improve stock firmware, I correct the same bugs after each new release of stock FW... And no interest in cooperation with me.

OK, fifths attempt (but the last one) : @NETGEAR Guy, could you please comment all this?

Voxel.

 

[Voxel]

it will be nice if he will keep a directory name of the entware with the date of the release, like you did in the latest releases.

so is the same release with this one https://www.mediafire.com/?h1031dvwkz0j2
(20)17.02.21 ?

IMO it is better just to have latest release. The same as Entware guys do.

Yes, it is the version 170221 (latest).

Voxel.

 

[RMerlin]

Well, you know, this version of miniupnpd was definitely changed. First, as I browsed this binary, it contains some Netgear's specific stuffs: contains text constants such as "http://www.netgear.com" or "Device NETGEAR WAN" or "NETGEAR R7800 Wireless Router" etc.

There are a few strings that can be either hardcoded in upnpdescstrings.h, or provided at runtime through the .conf file. As you can see, that file contains info such as the manufacturer name, its URL, etc... There's a good chance most of their changes are in that file, with no real code change. You could easily reproduce them (or change them, like I did here, through the conf file tho).

Another thing they might have changed too would be the name of the chains used to insert rules. Tomato/Asus did change these from the original miniupnpd code, Netgear might also have.

The most worrying part however is the fact they are using a 10 years old version. That one most likely has some known exploits

what means: package: miniupnpd, version: 20070127, license: BSD, modified: Yes.

Licensing ain't my strong point, it's possible that the BSD license allows them to modify the code without redistributing the changes.

Regarding "time to get in touch with Netgear" I did four attempts.

That's a shame.

 

[Even Miles]

Voxel and Vladlenas ... you are invited to a beer

 

[Voxel]

Voxel and Vladlenas ... you are invited to a beer

Beer would be nice, but Vladlenas and me are from different countries I guess you are from the third...

Voxel.

 

[bodean]

The most worrying part however is the fact they are using a 10 years old version. That one most likely has some known exploits




Licensing ain't my strong point, it's possible that the BSD license allows them to modify the code without redistributing the changes.



That's a shame.

Maybe more people need to email their support department and make them aware of this so it gets updated...

 

[vladlenas]

Voxel and Vladlenas ... you are invited to a beer

My participation in the development of the firmware equals 0.00%.
But I love beer .....

 

[Even Miles]

I know it ... a virtual beer then?

   oOoOo     
==|||||||
| |||||||
| |||||||
==|||||||
  =======

 

[RogerSC]

Voxel, thanks very much for getting the your firmware re-based (1.0.2.29SF) and out so quickly. Really appreciate your work!