Howto run OpenWRT on a Fritz!Box 7170 in a chroot environment

Monday, August 28, 2006 at 03:12 AM

I recently got an AVM Fritz!Box and I was curious how much effort it would take to extend the Linux system running on the box. I had no incentive to replace the original firmware by a completely different image since it does wonderful things such as VoIP and features a great web interface. There are a few modified images that are based on the original firmware floating on the net but I was looking for a less invasive way and would not want to rely on someone updating the firmware image each time AVM released an update.

The solution I came up with basically runs a second Linux distribution in a chroot environment on top of the one installed on the box. I chose OpenWrt for its Debian like ease of use, the numerous packages that are available and for its sparing use of system ressources. The distribution fits easily on a 32 MB USB stick and is straight forward to install.

Please be aware that you may void your warranty modifying the Fritz!Box. Use these instruction at your own risk!

Getting OpenWrt

On the first attempt I downloaded the OpenWrt image builder and ran make. This will create a file build_mipsel/linux-2.4-ar7/root.tar.gz which contains a complete OpenWrt base system that can be used as a chroot environment.

On the second attempt I got brave and used buildroot-ng from the OpenWrt svn to build the image. The advantage lies in the possibility to customize the image. Busybox which is used by OpenWrt and combines most unix system utilities in a single binary needs to be configured during compile time. Particularly the list of tools contained in the busybox binary has to be chosen then. The OpenWrt busybox binary is fairly complete (as is the one running on the Fritz!Box) but it lacks a few utilities such as adduser and swapon that I wanted to have.

Building the root image from source takes only a few steps provided that your work station has the necessary build tools installed (see for documentation):

svn co
cd openwrt
make menuconfig
* Target Images -> tgz
* Base system -> busybox -> Configuration

The generated image is located in bin/openwrt-rootfs.tgz.

Starting the chroot environment

The Fritz!Box kernel does not have support for ext2 which is needed to mount the partition that will contains the OpenWrt chroot environment. Since the kernel is able to load modules that can be fixed but a FAT16 partition is needed to do that boot strap. This partition is automatically mounted by the box when the usb stick is attached and contains:

  • ext2 module (ext2.o)
  • chroot executable (chroot)
  • start and stop scripts (,

The startup script loads the module and mounts the required file systems:

#!/bin/sh -e


mkdir $ROOT

insmod $SELF/ext2.o || true

mount /dev/scsi/host0/bus0/target0/lun0/part6 $ROOT
mount -t devfs none $ROOT/dev
mount -t proc none $ROOT/proc
mount -t usbdevfs none $ROOT/proc/bus/usb

$SELF/chroot $ROOT /bin/sh /etc/init.d/chroot start

The chroot executable and ext2 module can be obtained here:


Putting it all together

I created 3 partitions on the USB stick. The FAT16 partition for boot strapping, a swap partition and the ext2 root partition that contains the OpenWrt system:

# fdisk -l /dev/sda

Disk /dev/sda: 32 MB, 32112640 bytes
2 heads, 32 sectors/track, 980 cylinders
Units = cylinders of 64 * 512 = 32768 bytes

Device Boot Start End Blocks Id System
/dev/sda1 1 31 976 6 FAT16
/dev/sda2 32 980 30368 5 Extended
/dev/sda5 32 519 15600 82 Linux swap / Solaris
/dev/sda6 520 980 14736 83 Linux

The scripts used in these instructions expect exactly that disk layout.

Extract scripts.tar.gz to /dev/sda1 and root.tar.gz to /dev/sda6.

The root image has a few modifications compared to the one from the OpenWrt ImageBuilder:

  • Busybox commands (run busybox for full list): adduser, addgroup, hostname, swapon, swapoff…
  • Pre-installed packages (run ipkg list_installed for full list): strace, tcpdump, samba, bind-host…
  • These files have been edited:
    • /etc/init.d/chroot: commands run on startup
    • /etc/hosts: fritz has been added
    • /etc/ipkg.conf: has been added as a source
    • /etc/passwd: an empty password has been set for root
    • /etc/resolv.conf: has been set as nameserver
    • /etc/samba/smb.conf: samba configuration with user security

Starting the chroot environment

With the latest firmware AVM offers a convenient way to access the Fritz!Box. Just dial #96*7* from a phone directly connected to the box to start a telnet daemon (the daemon can be deactivated by dialing #96*8*).

Connect the USB stick to your Fritz!Box and telnet the box. The first partition on the stick should have been mounted to /var/media/ftp/MassStorageDevice-Partition-0-1. You can check that by running mount.

Start the chroot environment with this command:


Use ps ax to check if dropbear, the ssh daemon, is running. Now have fun logging into your Fritz!Box using ssh!

$ ssh root@
root@'s password:
sh: /usr/X11R6/bin/xauth: not found

BusyBox v1.2.1 (2006.08.27-01:41+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
KAMIKAZE (bleeding edge, r4681) -------------------
* 10 oz Vodka Shake well with ice and strain
* 10 oz Triple sec mixture into 10 shot glasses.
* 10 oz lime juice Salute!

The root password is empty by default. Make sure you change it using passwd.

In order to initialize the chroot environment when the Fritz!Box is restarted I modified the /var/flash/debug.cfg file which is run by /etc/init.d/rc.S (never use vi to edit files in /var/flash, always use nvi, cp, echo…):

echo "[ -f /var/media/ftp/MassStorageDevice-Partition-0-1/ ] && . /var/media/ftp/MassStorageDevice-Partition-0-1/" > /var/flash/debug.cfg

More fun

  • Run ipkg list for a list of available OpenWrt packages
  • Run Samba to share files in your local network
  • Run OpenVPN for remote access to your local network
  • Edit /etc/init.d/chroot to modify the commands that are run on startup

Entry filed under: Linux

No entries
Nothing found in the guestbook.