“Factory” resetting an OpenWRT router

There are many reasons to re-flash your  home router with a different OS than the one the manufacturer has cobbled together, the Misfortune Cookie attack (US-CERT) is just one of them, Having been involved in the testing of a number of domestic xDSL routers, I have a rather low opinion on the amount of care put into the default security levels of consumer devices (but that is not what this post is about).

Image Credit: commons.wikimedia.org
Image Credit: commons.wikimedia.org

I have chosen to utilise OpenWrt on one of my internal wireless access points, and – during a reconfiguration of the network, I managed to bork the settings by not paying attention. With an out-of-the-box device, there is usually a ‘Reset’ button you can hold in while powering up the device which will clear all settings and return you to the initial un-configured state. This is not quite the case with OpenWrt, but it is still a fairly easy process to return your router to a known state, and begin the configuration process again.

  • Disconnect WAN cable
  • Unplug power to router
  • Set your computers IP address to:
    • IPv4 Address:
    • Netmask:
    • Gateway:
  • Re-power your router, pressing the ‘reset’ button when the status light begin blinking (fast)
  • Using PuTTY (or your favourite *TELNET* client), connect to and you should see the OpenWrt prompt. Type the commands below (in red) to reset the router to it’s initial, preconfigured state:
root@(none):/# mount_root
jffs2 is ready
jffs2 is ready
switching to overlay
root@(none):/# firstboot
This will erase all settings and remove any installed packages. Are you sure? [N/y]
/dev/mtdblock3 is mounted as /overlay, only erasing files
root@(none):/# reboot –f
  • Unset your static IP and have fun reconfiguring your router.

XBox Live via an OpenWRT router

One of the concerning requests of Xbox Live connectivity, is to enable UPnP or ‘Universal Plug and Play’ on your home router.

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network. In the past, I have advocated for this to be switched off by default in consumer grade routers and I explain the UPnP threat in another post.

Getting back on track, my security conscious view for our home network does nothing for a teenage boy who received an Xbox Live subscription for his birthday and, while some aspects of the Live subscription work, others – such as game sharing will fail. With this in mind, we need to setup port forwarding, rather than implement UPnP, to connect said teenager to his gaming buddies and keep our network free of the risks introduced by enabling UPnP.

Continue reading “XBox Live via an OpenWRT router”