Tech

The Famous Router Hackers Actually Loved

1172361934_cf5251626a_o

A version of this post originally appeared on Tedium, a twice-weekly newsletter that hunts for the end of the long tail.

In a world where our routers look more and more like upside-down spiders than things you would like to have in your living room, there are only a handful of routers that may be considered “famous.”

Videos by VICE

Steve Jobs’ efforts to sell AirPort—most famously by using a hula hoop during a product demo—definitely deserve notice in this category, and the mesh routers made by the Amazon-owned Eero probably fit in this category as well.

But a certain Linksys router, despite being nearly 20 years old at this point, takes the cake—and it’s all because of a feature that initially went undocumented that proved extremely popular with a specific user base.

Let’s spend a moment reflecting on the blue-and-black icon of wireless access, the Linksys WRT54G. This is the wireless router that showed the world what a wireless router could do.

1988

The year that Linksys was formed by Janie and Victor Tsao, two Taiwanese immigrants to the United States who launched their company, initially a consultancy called DEW International, while working information technology jobs. (Victor, fun fact, was an IT manager with Taco Bell.) According to a 2004 profile in Inc., the company started as a way to connect inventors with manufacturers in the Taiwanese market, but the company moved into the hardware business itself in the early 1990s, eventually landing on home networking—a field that, in the early 2000s, Linksys came to dominate.

How black and blue became the unofficial colors of home networking during the early 2000s

Today, buying a router for your home is something that a lot of people don’t think much about. Nowadays, you can buy one for a few dollars used and less than $20 new.

But in the late 1990s, it was a complete nonentity, a market that had not been on the radar of many networking hardware companies, because the need for networking had been limited to the office. Which meant that installing a router was both extremely expensive and beyond the reach of mere mortals.

It’s the kind of situation that helps companies on the periphery, not quite big enough to play with the big fish, but small enough to sense an opportunity. During its first decade of existence, Janie and Victor Tsao took advantage of such opportunities, using market shifts to help better position their networking hardware.

In the early 90s, Linksys hardware had to come with its own drivers. But when Windows 95 came along, networking was built in—and that meant a major barrier for Linksys’ market share suddenly disappeared overnight, which meant there was suddenly a growing demand for its network adapters, which fit inside desktops and laptops alike.

While Victor was helping to lead and handle the technical end, Janie was working out distribution deals with major retailers such as Best Buy, which helped to take the networking cards mainstream in the technology world.

But the real opportunity, the one that made Linksys hard to shake for years afterwards, came when Victor built a router with a home audience in mind. With dial-up modems on their way out, there was a sudden need.

“As home broadband Internet use began to bloom in the late ’90s, at costs significantly higher than those for dial-up connections, Victor realized that people were going to want to hook all their small-office or home computers to one line,” the Inc. profile on Janie and Victor stated. “To do so they would need a router, a high-tech cord splitter allowing multiple computers to hook into one modem.”

The companies Linksys was competing with were, again, focused on a market where routers cost nearly as much as a computer itself. But Victor found the sweet spot: A $199 router that came with software that was easy to set up and reasonably understandable for mere mortals. And it had the distinctive design that Linksys became known for—a mixture of blue and biack plastics, with an array of tiny LED lights on the front.

In a review of the EtherFast Cable/DSL router, PC Magazine noted that Linksys did far more than was asked of it.

“A price of $200 would be a breakthrough for a dual Ethernet port router, but Linksys has packed even more value into the 1.8- by 9.3- by 5.6-inch (HWD) package,” reviewer Craig Ellison wrote. The router, which could handle speeds of up to 100 megabits, sported four ports—and could theoretically handle hundreds of IP addresses.

Perhaps it wasn’t as overwhelmingly reliable as some of its more expensive competitors, but it was reasonably priced for homes, and that made it an attractive proposition.

This router was a smash success, helping to put Linksys on top of a fledgling market with market share that put its competitors to shame. In fact, the only thing that was really wrong about the router was that it did not support wireless. But Linksys’ name recognition meant that when it did, there would be an existing audience that would find its low cost and basic use cases fascinating.

One router in particular proved specifically popular—though not for the reasons Linksys anticipated.

$500M

The amount that Cisco, the networking hardware giant, acquired Linksys for in 2003. The acquisition came at a time when Linksys was making half a billion dollars a year, and was growing fast in large part because of the success of its routers, among other networking equipment. In comments to NetworkWorld, Victor Tsao claimed that there was no overlap between the unmanaged networking of Linksys routers and the managed networking of Cisco’s existing infrastructure. They did things differently—something Cisco would soon find out the hard way.

image1.jpg
Not only was the WRT54G cheap, it was hackable. (Jay Gooby/Flickr)

How an accidental feature in Linksys’ wireless router turned a ho-hum router into an enthusiast device

In many ways, the WRT54G router series has become something of the Nintendo Entertainment System of wireless routers. Coming around relatively early in the mainstream history of the wireless router, it showed a flexibility far beyond what its creator intended for the device. While not the only game in town, it was overwhelmingly prevalent in homes around the world.

Although much less heralded, its success was comparable to the then-contemporary Motorola RAZR for a time, in that it was basically everywhere, on shelves in homes and small businesses around the world. The WRT54G, despite the scary name, was the wireless router people who needed a wireless router would buy.

And odds are, it may still be in use in a lot of places, even though its security standards are well past its prime and it looks extremely dated on a mantle. (The story of the Amiga that controlled a school district’s HVAC systems comes to mind.)

But the reason the WRT54G series has held on for so long, despite using a wireless protocol that was effectively made obsolete 12 years ago, might come down to a feature that was initially undocumented—a feature that got through amid all the complications of a big merger. Intentionally or not, the WRT54G was hiding something fundamental on the router’s firmware: Software based on Linux.

This was a problem, because it meant that Linksys would be compelled to release the source code of its wireless firmware under the GNU General Public License, which requires the distribution of the derivative software under the same terms as the software that inspired it.

Andrew Miklas, a contributor on the Linux kernel email list, explained that he had personally reached out to a member of the company’s staff and confirmed that the software was based on Linux … but eventually found his contact had stopped getting back to him.

Miklas noted that his interest in the flashed file was driven in part by a desire to see better Linux support for the still-relatively-new 802.11g standard that the device supported.

“I know that some wireless companies have been hesitant of releasing open source drivers because they are worried their radios might be pushed out of spec,” he wrote. “However, if the drivers are already written, would there be any technical reason why they could not simply be recompiled for Intel hardware, and released as binary-only modules?”

Mikas caught something interesting, but something that shouldn’t have been there. This was an oversight on the part of Cisco, which got an unhappy surprise about a popular product sold by its recent acquisition just months after its release. Essentially, what happened was that one of their suppliers apparently got a hold of Linux-based firmware, used it in the chips supplied to the company by Broadcom, and failed to inform Linksys, which then sold the software off to Cisco.

In a 2005 column for Linux Insider, Heather J. Meeker, a lawyer focused on issues of intellectual property and open-source software, wrote that this would have been a tall order for Cisco to figure out on its own:

The first takeaway from this case is the difficulty of doing enough diligence on software development in an age of vertical disintegration. Cisco knew nothing about the problem, despite presumably having done intellectual property diligence on Linksys before it bought the company. But to confound matters, Linksys probably knew nothing of the problem either, because Linksys has been buying the culprit chipsets from Broadcom, and Broadcom also presumably did not know, because it in turn outsourced the development of the firmware for the chipset to an overseas developer.

To discover the problem, Cisco would have had to do diligence through three levels of product integration, which anyone in the mergers and acquisitions trade can tell you is just about impossible. This was not sloppiness or carelessness—it was opaqueness.

Bruce Perens, a venture capitalist, open-source advocate, and former project leader for the Debian Linux distribution, told LinuxDevices that Cisco wasn’t to blame for what happened, but still faced compliance issues with the open-source license.

“Subcontractors in general are not doing enough to inform clients about their obligations under the GPL,” Perens said. (He added that, despite offering to help Cisco, they were not getting back to him.)

Nonetheless, the info about the router with the open-source firmware was out there, and Mikas’ post quickly gained attention in the enthusiast community. A Slashdot post could already see the possibilities: “This could be interesting: it might provide the possibility of building an uber-cool accesspoint firmware with IPsec and native ipv6 support etc etc, using this information!”

And as Slashdot commentators are known to do, they spoke up.

It clearly wasn’t done with a sense of excitement, but within about a month of the post hitting Slashdot, the company released its open-source firmware.

image2.jpg
A WRT54G removed from its case. The device, thanks to its Linux firmware, became the target of both software and hardware hacks. (Felipe Fonesca/Flickr)

To hackers, this opened up a world of opportunity, and third-party developers quickly added capabilities to the original hardware that was never intended. This was essentially a commodity router that could be “hacked” to spit out a more powerful wireless signal at direct odds with the Federal Communications Commission, developed into an SSH server or VPN for your home network, or more colorfully, turned into the brains of a robot.

It also proved the root for some useful open-source firmware in the form of OpenWrt and Tomato, among others, which meant that there was a whole infrastructure to help extend your router beyond what the manufacturer wanted you to do.

Cisco was essentially compelled by the threat of legal action to release the Linux-based firmware under the GPL, but it was not thrilled to see that the device whose success finally gave it the foothold in the home that had long evaded the company being used in ways beyond what the box said.

As Lifehacker put it way back in 2006, it was the perfect way to turn your $60 router into a $600 router, which likely meant it was potentially costing Cisco money to have a device this good on the market.

So as a result, the company “upgraded” the router in a way that was effectively a downgrade, removing the Linux-based firmware, replacing it with a proprietary equivalent, and cutting down the amount of RAM and storage the device used, which made it difficult to replace the firmware with something created by a third party. This angered end users, and Cisco (apparently realizing it had screwed up) eventually released a Linux version of the router, the WRT54GL, which restored the specifications removed.

That’s the model you can still find on Amazon today, and still maintains a support page on Linksys’ website—and despite topping out at just 54 megabits per second through wireless means, a paltry number given what modern routers at the same price point can do, it’s still on sale.

The whole mess about the GPL came to bite in the years after the firmware oversight was first discovered—Cisco eventually paid a settlement to the Free Software Foundation—but it actually informed Linksys’ brand. Today, the company sells an entire line of black-and-blue routers that maintain support for open-source firmware. (They cost way more than the WRT54G ever did, though.)

“We want this book to expand the audience of the WRT54G platform, and embedded device usage as a whole, unlocking the potential that this platform has to offer.”

— A passage from the introduction of the 2007 book Linksys WRT54G Ultimate Hacking, a book that played into the fact that the WRT54G was a hackable embedded system that was fully mainstream and could be used in numerous ways—both for fun and practical use cases. Yes, hacking this device became so common that there is an entire 400-page book dedicated to the concept.

Now, to be clear, most people who bought a variant of the WRT54G at Best Buy likely did not care that the firmware was open source. But the decision created a cult of sorts around the device by making it hackable and able to do more things than the box on its own might have suggested. And that cult audience helped to drive longstanding interest in the device well beyond its hacker roots.

It was an unintentional word-of-mouth play, almost. When the average person asked their tech-savvy friend, “what router should I buy,” guess which one they brought up.

image3.jpg
You know something has become a legendary hacking target when there’s a book about it. (via Bookshop)

A 2016 Ars Technica piece revealed the router, at the time, was still making millions of dollars a year for Linksys, which by that time had been sold to Belkin. Despite being nowhere near as powerful as more expensive options, the WRT54GL—yes, specifically the one with Linux—retained an audience well into its second decade because it was perceived as being extremely reliable and easy to use.

“We’ll keep building it because people keep buying it,” Linksys Global Product Manager Vince La Duca said at the time, stating that the factor that kept the router on sale was that the parts for it continued to be manufactured.

I said earlier that in many ways the WRT54G was the Nintendo Entertainment System of wireless routers. And I think that is especially true in the context of the fact that it had a fairly sizable afterlife, just as the NES did. Instead of blocky graphics and limited video output options, the WRT54G’s calling cards are a very spartan design and networking capabilities that fail to keep up with the times, but somehow maintain their modern charm.

In a world where routers increasingly look like set pieces from syndicated sci-fi shows from the ’90s, there is something nice about not having to think about the device that manages your network.

The result of all this is that, despite its extreme age and not-ready-for-the-living-room looks, it sold well for years past its sell-by date—in large part because of its reliance on open-source drivers.

If your user base is telling you to stick with something, stick with it.