Linksys, the GPL, and Open-Source Firmware

Date Posted: 13 March 2006
Last Updated: 14 March 2006


In the spring of 2004 I purchased a WRT54G router manufactured by Linksys. It's a combo 4-port 10/100 Ethernet switch, 802.11g (54mbps) wireless access point, and broadband firewall/NAT box. When I bought it, I threw in the wireless as a "why not?" -- I wasn't planning on using wireless to connect to it anytime soon, but figured it might come in handy down the road.

Lately I've had guests over that brought laptops and wanted Net access, so I figured I'd turn on the wireless for them. I quickly realized I didn't understand the security options presented to me in the configuration menus. As as security professional, I've come to realize that misunderstanding how to use security features, or the limitations of those features, is often worse than just being altogether ignorant of them. I realized it was time for some homework.

I learned that the 802.11 wireless world currently has three choices for link-level encryption: WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), and WPA2 (a certified form of the IEEE 802.11i standard). My reading suggested that WEP was pretty minimal (if not trivial) security, WPA was significantly better than WEP, and WPA2 was better than WPA. I figured a tradeoff of speed for security was one I was willing to make in this case, so I went about setting up WPA2.

I verified that my computer's wireless NIC supported WPA2. I then looked in the web interface for my Linksys box and found that it could do WPA but not WPA2. I got on the Linksys support site and downloaded the newest firmware, but no luck -- still no WPA2 support.

The Search Begins

Off to Google! A search for WRT54G and WPA2 revealed some interesting information. Turns out that there is firmware for my router that supports WPA2, but it's not released by Linksys. That confused me. How would someone have gotten their hands on the soure code for the firmware in my router, allowing them to add complicated functionality like a new link-level encryption system? Moreover, how did they do this and not get sued into oblivion by Linksys?

The Consequences of (Unauthorized) Code Lifting

Through some network testing, binary inspection, etc. (some of the early research is documented in this O'Reilly blog), some dedicated engineers discovered that several pieces of software used to build the firmware, as well as some software actually running on the router, were modified pieces of open-source software released under the GNU General Public License (GPL). The modified software included well-known packages such as the Zebra routing software and the GNU Compiler Collection (GCC). One of the primary conditions of the GPL is if you modify GPL-protected code, you have to turn around and make the source-code changes you made available to the public at large. Oops.

After receiving quite a bit of legal and media pressure, Linksys honored the software license and released the source code for their firmware to the public.

The Open-Source Community Picks Up The Ball

A couple separate groups took the original Linksys firmware and have been actively maintaining it, adding both reliability/stability as well as new features such as WPA2. The firmware I ended up flashing onto my WRT54G was DD-WRT v23.


My WRT54G now offers WPA2 authentication/encryption, as well as the ability to tweak just about any option I could ever desire (and some I'd never desire to tweak, such as TCP window settings). The most impressive tweakable-option to me: the transmit power of the antennas! The new firmware allows users to change the value dynamically, allowing you to go up from the default 28mW up to 250mW, almost nine times stronger. (Edit: further reading indicates the WRT54G shouldn't have its transmit power set above about 80 mW, due to a combination of FCC regulations and the danger of overheating the internal components of the router.) 28mW seems to be plenty for anywhere in my apartment, so I'm curious how far the signal would propogate at higher settings. Sounds like some experimentation is necessary. :)

All in all, a very cool experience! Also, it's nice knowing there's legal precedent for defending the GPL, as I've released an open-source project of my own that's covered by the GPL.

Copyright © 2005-2019, Terry D. Ott

Valid XHTML 1.0!