Monday, August 28, 2006 at 03:12 AM
I recently got an AVM Fritz!Box and I was curious how much effort it would take to extend the Linux system running on the box. I had no incentive to replace the original firmware by a completely different image since it does wonderful things such as VoIP and features a great web interface. There are a few modified images that are based on the original firmware floating on the net but I was looking for a less invasive way and would not want to rely on someone updating the firmware image each time AVM released an update.
The solution I came up with basically runs a second Linux distribution in a chroot environment on top of the one installed on the box. I chose OpenWrt for its Debian like ease of use, the numerous packages that are available and for its sparing use of system ressources. The distribution fits easily on a 32 MB USB stick and is straight forward to install.
Please be aware that you may void your warranty modifying the Fritz!Box. Use these instruction at your own risk!
On the first attempt I downloaded the OpenWrt image builder and ran
make. This will create a file
build_mipsel/linux-2.4-ar7/root.tar.gz which contains a complete OpenWrt base system that can be used as a chroot environment.
On the second attempt I got brave and used buildroot-ng from the OpenWrt svn to build the image. The advantage lies in the possibility to customize the image. Busybox which is used by OpenWrt and combines most unix system utilities in a single binary needs to be configured during compile time. Particularly the list of tools contained in the busybox binary has to be chosen then. The OpenWrt busybox binary is fairly complete (as is the one running on the Fritz!Box) but it lacks a few utilities such as adduser and swapon that I wanted to have.
Building the root image from source takes only a few steps provided that your work station has the necessary build tools installed (see openwrt.org for documentation):
svn co https://svn.openwrt.org/openwrt/branches/buildroot-ng/openwrt
* Target Images -> tgz
* Base system -> busybox -> Configuration
The generated image is located in
Starting the chroot environment
The Fritz!Box kernel does not have support for ext2 which is needed to mount the partition that will contains the OpenWrt chroot environment. Since the kernel is able to load modules that can be fixed but a FAT16 partition is needed to do that boot strap. This partition is automatically mounted by the box when the usb stick is attached and contains:
- ext2 module (ext2.o)
- chroot executable (chroot)
- start and stop scripts (start-chroot.sh, stop-chroot.sh)
The startup script loads the module and mounts the required file systems:
insmod $SELF/ext2.o || true
mount /dev/scsi/host0/bus0/target0/lun0/part6 $ROOT
mount -t devfs none $ROOT/dev
mount -t proc none $ROOT/proc
mount -t usbdevfs none $ROOT/proc/bus/usb
$SELF/chroot $ROOT /bin/sh /etc/init.d/chroot start
The chroot executable and ext2 module can be obtained here:
Putting it all together
I created 3 partitions on the USB stick. The FAT16 partition for boot strapping, a swap partition and the ext2 root partition that contains the OpenWrt system:
# fdisk -l /dev/sda
Disk /dev/sda: 32 MB, 32112640 bytes
2 heads, 32 sectors/track, 980 cylinders
Units = cylinders of 64 * 512 = 32768 bytes
Device Boot Start End Blocks Id System
/dev/sda1 1 31 976 6 FAT16
/dev/sda2 32 980 30368 5 Extended
/dev/sda5 32 519 15600 82 Linux swap / Solaris
/dev/sda6 520 980 14736 83 Linux
The scripts used in these instructions expect exactly that disk layout.
The root image has a few modifications compared to the one from the OpenWrt ImageBuilder:
- Busybox commands (run
busyboxfor full list): adduser, addgroup, hostname, swapon, swapoff…
- Pre-installed packages (run
ipkg list_installedfor full list): strace, tcpdump, samba, bind-host…
- These files have been edited:
/etc/init.d/chroot: commands run on startup
/etc/hosts: fritz has been added
downloads.openwrt.org/people/nbd/ar7/packageshas been added as a source
/etc/passwd: an empty password has been set for root
/etc/resolv.conf: 127.0.0.1 has been set as nameserver
/etc/samba/smb.conf: samba configuration with user security
Starting the chroot environment
With the latest firmware AVM offers a convenient way to access the Fritz!Box. Just dial
#96*7* from a phone directly connected to the box to start a telnet daemon (the daemon can be deactivated by dialing
Connect the USB stick to your Fritz!Box and telnet the box. The first partition on the stick should have been mounted to /var/media/ftp/MassStorageDevice-Partition-0-1. You can check that by running
Start the chroot environment with this command:
ps ax to check if dropbear, the ssh daemon, is running. Now have fun logging into your Fritz!Box using ssh!
$ ssh email@example.com
sh: /usr/X11R6/bin/xauth: not found
BusyBox v1.2.1 (2006.08.27-01:41+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
KAMIKAZE (bleeding edge, r4681) -------------------
* 10 oz Vodka Shake well with ice and strain
* 10 oz Triple sec mixture into 10 shot glasses.
* 10 oz lime juice Salute!
The root password is empty by default. Make sure you change it using
In order to initialize the chroot environment when the Fritz!Box is restarted I modified the
/var/flash/debug.cfg file which is run by
/etc/init.d/rc.S (never use vi to edit files in /var/flash, always use nvi, cp, echo…):
echo "[ -f /var/media/ftp/MassStorageDevice-Partition-0-1/start-chroot.sh ] && . /var/media/ftp/MassStorageDevice-Partition-0-1/start-chroot.sh" > /var/flash/debug.cfg
- Run ipkg list for a list of available OpenWrt packages
- Run Samba to share files in your local network
- Run OpenVPN for remote access to your local network
/etc/init.d/chrootto modify the commands that are run on startup
Entry filed under: Linux