 to this topic is fantastic as it just says it all in its title today we're gonna be talking about ridiculous router by with Jean Eric so please give Jean a warm welcome thank you guys can you hear me okay cool you be quiet all right so the whole point of this particular talk is to go over open word and some of the things that maybe you didn't know that it could do things have changed a lot over the past few years and I've been playing with it quite a bit to see some of the really awesome crap you can do with the current hardware and current software that's got so who am I I'm a hacker I'm also really cheap so I like to play with things like open work where you don't spend a lot of money to get some really badass features so my inspiration from this is actually over the course of many years so when I started out all this open work stuff was kind of new there were other competing projects with DD Word and things like that and it was kind of a pain in the ass to get the software on your router and there were only a few routers that you could actually use but there was a great book that was put out back then by Paul Astori and Larry Pesci and a few other ghost contributors it's still kind of useful for doing embedded device and IoT security analysis so you might be interested in it but it is definitely dated so the other point of inspiration so this is from Tourcon 7 in 2005 this is Qui-Gon and Sisman giving their talk about how they solved the problems that open work was having at the time and they put out this awesome distribution called software USA for doing security analysis and just generally having more tools to play with on that environment it was a little rough to use because they only had like one version of the router that they supported but that was the time you had different CPUs and socks and things that you were using for different router versions so it was really hard to maintain back then not a lot of knowledge everything was still pretty black box but these guys kick butt and they helped me way back then and you know that they contributed to this talk just from teaching me alright so why bring up an old topic like open work well doesn't everybody know about it maybe not so much anymore because people don't really talk about it as much everybody's got a home router now I can't think of anybody that doesn't even if you don't have broadband you probably still have a router so I think it's a good topic to bring back especially for new people and people that may have forgotten and the world's changed quite a bit since since the last time I heard anything about open work so thought maybe we should have a new chat about it there's way way cooler stuff going on and you might not know some of the things you can do with it but the thing that I like to underline is there's enterprise features on here people are buying similar gear that does the same thing and spending way way way more money for less support so in my mind maybe you should actually consider it for some enterprise uses because it does a lot of stuff so hardware this is my hardware so this is what I actually use for this stuff and you can see that it's just a normal router it's got detachable antennas it's 802 11c AC but there are points for buying this particular one for me where it's got good specs it's not out of production it's cheap well supported Wi-Fi chips in the sock they're not the best Wi-Fi you can possibly get but it's pretty darn good it's got USB 3 support that was really big thing for me there's a lot of bandwidth that you can use that means you got a lot of opportunities to expand on it and you can really easily add a serial port to this thing to have an actual serial console which is important when you have an open work device things go wrong you mess up one configuration everything goes out the window or in my case for one of the routers that I had you plug in a USB device and suddenly the thing doesn't boot it's good to have a console so competition so this is a sonic wall device that is also very similar to that WRT that I just showed you but it's a commercial device meant for enterprise meant for entry level enterprise equipment this particular one's got almost the same specs it's an it's an 802 to 11 AC thing it's got removable antennas it's got a USB port it's a lot more expensive 575 was the check that I did yesterday for this hardware on Amazon and if you want updates for the thing you got to have a license otherwise you don't get updates and it's closed source so there's nothing you can do about it it's nothing you can really add to it it does have a CLI it's not well documented but you're kind of hosed if you want it to do more than what the company has decided you should do or in a different way this is just a little side-by-side comparison of these two devices the WRT device way faster CPU they've got the same number of ethernet ports USB 3 on the WRT one USB 2 on the other one console port on the enterprise device no console port out of the box on the WRT but you can add it really easy there's more RAM on the enterprise device but it's already a lot for what you're asking for 512 for a router is actually a stupidly large amount of RAM unless you're doing some really odd stuff with it and there's also a bit more storage like double on the WRT device so point of note the enterprise device has a USB port but it's also almost useless you can only use it for a few things that the company deems like ideal like there's some diagnostic thing that you can use it for you can plug in a few cellular modems into the USB but that's kind of it you can't use it for external storage so if you want to offshoot all of your logs from this router into an external storage device so you don't kill your router can't do it it's not an option so I actually modified my device to have a serial port on it and you can kind of see it in this picture all those cords hanging out of the back I did a pretty clean job installing it because it was so easy to do but you can see I've got a little adapter for the DB9 to go to RJ45 so it's basically like an enterprise console on the thing you can also see in this picture I've hung off an extra USB ethernet adapter and I have that on there actually for load balancing it allows me to do some cool stuff there with lack P and things like that so you can actually get some really badass stuff from the fact that this has got a USB device on it and it's well traveled at this point in open work so what can you do with this well you can do all the traditional router tasks that you could do with the enterprise device it runs routing protocols all the ones that you could possibly want to do it can do that so your discovery of routes not a big deal you can actually set that up it's got DHCP it's got DNS DNS caching and its own supplier of DNS on the device with DNS mask that's included by default and set up as part of the DHCP structure you can run multiple networks on the thing you're not locked into just one subnet you can tell it all about what kind of network you want to have and supports VLANs right out of the box and most of the onboard switching equipment that is actually part of the hardware includes support for doing VLAN tagging or not so you can have untagged VLANs untagged ports in different VLANs or you can have tagged ports and multiple VLANs you can have multiple VLANs on a single port all of that stuff is supported so the more advanced stuff that you can got so you can do load balancing with the thing like I said lack P is supported I actually use it Cisco gear I have a lack P balance of two cords into my Cisco switch and they're just very happy together and do VLAN trunking with 802.1q again I do that with my Cisco switch it's a good thing to have when you're talking about an enterprise network then you can have multiple routes you can have isolation and you can just do a whole lot more stuff if you can get encapsulation to the switch 802.1x it can be a client on the wired stuff and it's got a bunch of other things that can do it with 802.1x and wireless I haven't found a way yet to do it in wired so I don't know how you would really make that do that by itself as an 802.1x provider it can run free radius but you'd probably want to have the 802.1x management actually on your external like Cisco switch or whatever is downstream from there because I don't think the switch that's on board is going to be able to do that. Active failover there are ways you can actually set it up so that you can have multiple WRT devices that are actively communicating with each other with a virtual IP so that if one of them dies or reboots or I don't know you change the configuration that causes a reboot that's okay there's another one that's still waiting to go which is an enterprise feature you kind of have to have in the real world so there's lots and lots and lots of wireless stuff that you can do with this thing it's got basically any capability that you can imagine from host APD and one of the things that that includes is 80 megahertz bandwidth for a single channel in 802.11ac which is really cool when you're talking about streaming big stuff right so you don't have to have as much overhead of all the wireless crap to get your data there it's kind of similar to jumbo frames in like a layer one later to world 802.1x on the Wi-Fi like I mentioned so you can do WPA to enterprise with PKI from this little thing so you can have basically a big boy access point controller that's doing some crazy off for you you can have multiple Wi-Fi networks so you can have more than one SSID you can have different SSIDs for the 2.4 and 2.5 on this device you can have different ones for each VLAN your options are endless so again that's a bigger feature for people that are actually trying to use this in enterprise context that's something they might need I do this myself I have a guest network and I have a secure network guest network is WPA2 with password and the secure network is PKI they are on separate VLANs and they can't route to each other so that's a thing that I think everybody should look into but I'm a bit crazy when it comes to security you can set dynamic VLANs with the radius and 802.1x so if you see a particular certificate presented to you you know that user needs to be on VLAN block so you can have multiple VLANs on the enterprise on the enterprise WPA2 off one of the things that I found recently that I thought was just awesome is the ability to do capwap with this thing so if you've never heard of that it's basically the idea of you've got lightweight access points all over your network that you can roam from one to the other smoothly because they all have the same configuration and they're sharing some data back to the main controller. Capwap is the open version of Lwap that's controls you've actually put together but it took forever for me to actually find an implementation that works the ac2 one actually has its own like web interface that you can also load on this device so you can turn the radio that's on the router into a client to the capwap server and then add more access points from there so you've got a single point where you're managing all your SSIDs all your credentials and you can also do monitoring of your clients and things like that from a central point with capwap mesh networks are supported you can do bridging over wireless with the WDS for adder which basically means you can have a bunch of devices behind another Wi-Fi bridge and it doesn't care it'll authenticate and everybody will be happy your clients won't know they're on Wi-Fi it's a good feature to have so other stuff that you can do with this you can run a VPN on it I do you can run it as an IPsec or open VPN I do IPsec with IP2 for EAP TLS which means that you have to have a certain so does the server works great you can run attack tools from the thing so there are a bunch of projects that do building and drones from WRT devices there's an old example actually in the ultimate hacking guide of doing a kismet drone from a WRT device there are a bunch of commercial hacking appliances this is a good example of one but there are others rogui AP detection IDS and UPNP I know it sounds like a stupid thing to do on these routers but if you're actually using it in your home gaming it's it's a thing you're gonna want so so you can actually use this thing to do all kinds of things on your network you can run a phone system from it you can use it as your active directory system kind of sort of almost you can do captive portals whether they're for your own authentication or for a paid service like with Sputnik or what have you you can set it up to do centralized logging on your network which is a really cool thing to have starts eating up the processor power a little bit but you can do it and you can use it as your single point of identity management if you really wanted to again you're starting to add on features that are gonna tax this little device but you can do it other things you might want to know about it installation stupid easy with this particular device you literally just download the firmware and apply it through the normal UI and most of the time that's how it works now you don't have to fight to get this thing on your device to even play with it it's actively developed they have a lot of stuff around CI CD they have nightly builds so when things change you can just get the nightly copy of your router firmware if you want to it comes with a GUI doesn't sound great for you know more advanced people but if you're just trying to get started it's a fantastic thing to have to know you just load this firmware on it's still got the features that your old router had before you blew away the firmware it's got a pretty GUI that you can probably understand and you can SSH into the thing and throw commands at it that way so where do we want to leave off with well things have changed quite a bit since the days of Qui-Gon and Sissman with Faridouza it's not like that anymore they worked really hard to get their stuff working and now you don't have to work that hard so I'm encouraging everybody to actually just go do this package management it has package management and it's really stupid easy to use so use it install a console port you're gonna want it you might want to learn something about JTAG in case you're doing something more advanced and blow up your device bus pirate still your friend they have a fantastic SDK for this thing and I've actually made Docker images there existing Docker images for the thing but I felt needed a little more so I have some of my own I'm gonna be posting those up they're not up yet but I've been using it at home because I had to build some kernel modules to make that external USB thing actually work but I was able to do that it was really easy you can find older enterprise level switches pretty easy they're cheap if you look around I got mine for ten bucks you can't beat that with a stick I don't think I could buy anything at the store even like home user grade for ten bucks so the list of hardware is just up there so everything in its mother is supported you might have to learn a little bit about what hardware is actually inside that piece of plastic but it's probably supported so yeah get rid of the OEM firmware it's gonna fail you at some point in its life and open word is actively developed so if you can use it I highly recommend that you do there's constantly new routers coming out that have a lot more power than the one that I'm using but I like stability which is one of the other reasons that I chose the one that I have it's well known how to interact with that thing and it's known not to really crash very often and I've been living happily with the thing it doesn't ever reboot itself USB as I said I use it for an external adapter it's something that you're gonna want to have so here's a few places you can go to find more information go look up your own hardware if you got a router at home which you probably do and see if it supported it probably is you can find information on the embedded device here and you can find Docker images for building open word projects at that site alright that's it