I was very brave last night – I flashed my router with a firmware I’d hexedited!

I’ve got a Buffalo WYR-G54, which was very cheap, but has essentially does the job of connecting me to the Internet with wireless to boot. One of it’s big plusses is that it routes the external IP from inside, so if I try to connect to my address from the ISP, the router will forward it to using whatever port forwarding I’ve set up. So if I’ve forwarded port 80 to 192.168.2.1:80 I’m on 192.168.2.3, and try to connect to 80.1.2.3:80 (assuming that was my IP, which it’s not), it will connect through to 192.1687.2.1:80.

On the other hand, it’s not actually very good. In particular the wireless is shockingly unstable. The Wii can only get a connection for 30 seconds or so at a time, and the laptop is better, but only actually in the same room!

The last straw was when, quite bizarrely, my windows box stopped being able to connect to the net through it, while Linux was going as fast as ever. After the usual cable and driver troubleshooting, it seemed to me that rebooting the Buffalo caused the problems to go away for a bit.

I’m still not convinced it’s not my little switch that both the Linux and XP box are plugged into…

Anyway, I decided it was time to try and hunt down a new firmware again, and I came across this posting (from gadgetspeak) by “kye04”

hi there.found a new version,release 02-Nov.-06

http://www.buffalo-asia.com/file/download/WYR-G54_1.402.zip

Please tell me the changes beacuse the router is at my sister ,200km from home and i do not want to make an upgrade from here to mess everything up.

And this one, (in a different thread), by “humbletim”

Hi — I was about to toss out my WYR-G54 after its wireless support started flaking out and not finding any firmware upgrades beyond 1.402. However, after some desparate Googling I discovered an interesting post from japan claiming that the WYR-G54 has the same internals as some other OEM devices, namely the BLW-54PM from Planex…

http://raijo.aa0.netvolante.jp/computer/wyr_g54/

http://translate.google.com/translate?u=http%3A%2F%2Fraijo.aa0.netvolante.jp%2Fcomputer%2Fwyr_g54&sl=ja&tl=en

I EXPECTED to totally brick my device by following the roughly translated instructions, but instead am pleased to report that my device now believes it’s a BLW-54PM version 3.000 firmware Planex unit!

The wireless seems much more robust than before and the Planex web UI supports some formerly inaccessible options (like manually adding MAC addresses for access/routing). The rest of the web interface has a different theme but is essentially the same — you can preview it in the PDF manual from Planex (same link as below). That’s actually how I (informally) validated the possibility that these two devices are siblings.

So, if you have an old WYR-G54, and you don’t mind potentially killing it, the process I used was:

** DO NOT APPLY THIS UPGRADE IF YOU ARE NOT PREPARED TO BRICK (render useless) YOUR ROUTER. **

  1. Download WYR-G54_1.402.zip (the link in earlier post above still worked as of today)
  2. Download Planex BLW-54PM v3.000 firmware from: http://www.planex.net/download/router/blw-54pm.htm
  3. Extract both firmware .IMG files (WYR-G54_Eng_1402.img, BLW-54PM_Firmware_PCI_ENG_v3000.img). Write down the freshly extracted v3000.img file size — in bytes (mine was 720311).
  4. Use a hex editor to exactly clone (overwrite not insert) the first 52 bytes and the last 40 bytes from the WYR image to the BLW image. I used KHexEdit on linux, but you should be able to find a hex editor for any platform via google. Note that the last 40 bytes will _start_ at a different location in each file, so be sure to work backwards from the end of each file individually when cloning those.
  5. (not sure if this is needed): I saw “14 02” at offset 50 and also in the last 40 bytes of the WYR, along with “30 00” in the same locations in the BLW image, so assumed these were version markers. After cloning the WYR bytes over with “14 02” I then changed them both to be “14 03” (in case maybe the router consider this before upgrading).
  6. Save the resulting image as something memorable, I used “WYR1403.img”. As a high level check, make sure the original v3000 firmware and your transplanted image are exactly the same file size — if not the clone procedure removed or added bytes which is wrong so try again. For reference, with the #5 version change the md5sum of my image was: 7023cbc9946be3eb444ade76a3f82e57
  7. Backup your config settings (admcfg.cfg) and purchase a backup router and/or have a contigency plan ready (remember this could totally brick your device!)
  8. (optional — not sure if really needed) Reset your device to factory defaults
  9. Connect via cat5 and upgrade your WYR-G54 using the standard web UI and your new image.
  10. cross your fingers, let the firmware screen finish loading, and see if it worked!

NOTE: I did not reset my device to factory defaults before upgrading, but in hindsight it might have been a good idea. Looking at the saved config files (admcfg.cfg) before and after the upgrade, only a handful seem to mesh up — for example, it kept my admin password but none of the LAN or access point settings

The BLW-54PM docs say the factory admin login is a blank username and “0000” (four zeros) for the password, but as mentioned it actually kept my admin password so my login was blank username and my old password at 192.168.1.1 (vs. “root” before).

Good luck to anyone else daring enough to try this! 😉

Best regards,

-Tim

Well, I was brave/stupid enough, and I got the same results!

I haven’t extensively tested it yet, but the Wii seemed a whole lot happier!

Enjoy.