t
o
n
y
a
n
g
'
s
 
w
e
b
l
o
g


my mother told me last night that she wasn't prepared to go into work today, and was planning on quarantining at home for a week first. this after she self-tested 3-4 times in taiwan and got a negative PCR test before flying back to boston. i told her that was pretty selfish as i'd been helping out at the cafe for more than 7 weeks while she was on vacation in taiwan, and now that she's back, she's planning on staying home for another week. whatever i said must've been effective because this morning she went to work for the very first time in nearly 2 months.

because the temperature was in the 60's today, i moved out all my seedlings so they can get used to be outside. it was nice seeing all the plants lined up on the deck bench.


so instead of going to the cafe this morning, i started working on converting the t-mobile TM-AC1900 to an asus RT-AC68U router. i got the router back in march ($37), and it'd been sitting on my coffee table ever since, gathering dust. i'd gotten a TM-AC1900 before - back in 2018 - and i was able to successfully convert it to an RT-AC68U router. a brand new asus RT-AC68U router sells for $130; while a TM-AC1900 - essentially just a firmware disabled RT-AC68U - can be had for less than $40. but the conversion steps are a bit technical, that's why i'd been procrastinating. but with the new wifi thermal receipt printer arriving today, i figured this was the perfect opportunity to swap out the cafe router as well.

back in 2018, i wrote a very detailed synopsis of how i converted the TM-AC1900 to RT-AC68U. i even had all the files i used on my laptop. i carefully read what i wrote, studied the online instructions, and even watched a video. at noontime i turned off my wifi and connected my macbook pro to the TM-AC1900 via thunderbolt-adapted ethernet.

the admin page for the TM-AC1900 is located at 192.168.29.1 with the username-password-combo of admin-password. the admin interface is identical to RT-AC68U, it's just called TM-AC1900 instead. the firmware that was installed on the TM-AC1900 was 3.0.0.4_376_1520.

the first step is to upload an older TM-AC1900 firmware (3.0.0.4_376_1703) that allows SSH to be enabled. the really weird thing is when i looked at the system tab, there was an option to enable SSH. out of curiosity i turned it on just to see if i could SSH into the router.

sure enough, i was able to SSH into the router, after i first erased the old RSA fingerprint key from the Users/tony/.ssh/known_hosts file for 192.168.29.1.

this didn't work:

ssh admin@192.168.29.1

i had to add an extra blob of text (i'm not even sure where i found it to begin with, but it was from my 2018 write-up, and it still works on the mac terminal):

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@192.168.29.1

i was even able to create the original_cfe.bin file with this command:

cat /dev/mtd0 > original_cfe.bin

however when i tried to copy the original_cfe.bin to my computer via scp, it didn't work at all:

scp -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@192.168.29.1:/tmp/home/root/original_cfe.bin original_cfe.bin

i tried various iterations but none of them worked. i finally gave up, decided to follow the instructions and upload an older version of the TM-AC1900 firmware (3.0.0.4_376_1703) that had SSH access. to do that i had to do a 10-10-10: hold the rest button 10 seconds, power off for 10 seconds while still holding the reset button, then power on for 10 seconds with the reset button still down. in had the terminal ping 192.168.29.1. the ttl of the ping will change from 64 to 100. once it says 100, i log into the admin page again via 192.168.29.1 - but now instead of the admin it's the mini-CFE webpage, which allows me to install a different firmware. i selected the TM-AC1900_3.0.0.4_376_1703-g0ffdbba.trx firmware file from my computer and allowed the router to install and then reboot. i went to the admin system tab to enable SSH.

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@192.168.29.1

cat /dev/mtd0 > original_cfe.bin

i SSH'ed into the router once again, created the original_cfe.bin, then tried to copy it onto my computer. once again, it didn't work. maybe it was an OS thing, maybe mojave has a higher security level that doesn't allow SSH or scp commands. i turned on remote login in the sharing preference panel but it still didn't work. i went online in search of answers but couldn't find anything. i kept banging my head on the problem, until it finally dawned on me: scp is issued from my macbook pro, but within the router via SSH. so i exited the router, then issued the scp:

# exit SSH before running!
scp -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@192.168.29.1:/tmp/home/root/original_cfe.bin original_cfe.bin

this time it worked flawlessly, copying to whatever directory i happen to be in. that also made me realize what i was doing earlier - logging into the router via SSH with the original 3.0.0.4_376_1520 firmware - was actually the correct step, and i didn't need to replace the firmware, since 3.0.0.4_376_1520 is actually older than 3.0.0.4_376_1703, so both of them allowed SSH access. so i basically spent more than an hour going around in a circle, not realizing my mistake was running scp instead of the router via SSH.

next step is to modify the original_cfe.bin from t-mobile to asus. there's a handy cfe editor website that will do this for you automatically. i uploaded original_cfe.bin and allowed it to converted to new_1.0.2.0_aimesh.bin (which i renamed new_cfe.bin).

i then put new_cfe.bin along with mtd-write and firmware file FW_RT_AC68U_30043763626.trx into the same folder so i can issue a scp command to upload them to the router:

# within the /upload directory (3 files to be uploaded)
scp -oKexAlgorithms=+diffie-hellman-group1-sha1 * admin@192.168.29.1:/tmp/home/root

next i SSH'ed back into the router and issued these 3 commands:

chmod u+x mtd-write
./mtd-write new_cfe.bin boot
mtd-write2 FW_RT_AC68U_30043763626.trx linux

i'm not entirely sure what these commands do, something about making mtd-write executable, writing the cfe.bin to boot, then flashing an asus firmware (3.0.0.4_376_3626). afterwards i needed to do a NVRAM reset: power off the router, wait 10 seconds, hold down the WPS button, power on the router with still holding down the WPS, then wait 15-20 seconds until the power LED starts blinking.

the asus firmware should have been flashed successfully, and to test this, i went to the admin page - which is now at the address 192.168.1.1 with username-password-combo admin/admin. the admin now says RT-AC68U. i went to the admin system page and enabled SSH, then SSH'ed back into the router:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@192.168.1.1

i then issued the following commands to fix the MTD5 partition. fixing the partition allows future firmware updates:

cat /dev/mtd5 > /jffs/mtd5_backup.bin
mkdir /tmp/asus_jffs
mount -t jffs2 /dev/mtdblock5 /tmp/asus_jffs
rm -rf /tmp/asus_jffs/*
sync && umount /tmp/asus_jffs
rm -rf /jffs/.sys/RT-AC68U
nvram unset fw_check && nvram commit && reboot

to check if the MTD5 has been cleared, i issued this command:

strings /dev/mtd5

it should be blank, but i had some garbage text, which meant the MTD5 wasn't fixed yet. to fix this, i first had to upgrade the firmware to 3.0.0.4_384_xxxxx. i had firmware file RT-AC68U_3.0.0.4_384_32799-gfe72567.trx which i downloaded back in 2018 and decided to reuse. i updated the firmware via the admin page in the firmware upgrade tab. i knew the update was successful because it told me about the new feature AiMesh.

once the firmware was updated, i SSH'ed back into the router and issued the following two commands:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@192.168.1.1

ln -s /sbin/rc mtd-erase
./mtd-erase -d asus

that emptied the MTD5, allowing me to further update the firmware. i ended up updating the RT-AC68U to the most up-to-date firmware, 3.0.0.4.386.48262 (2022-03-05).

it was nearly 2:30pm by the time i finally finished, almost 2-1/2 hours of router hacking. if i had to do it again, i could probably do it in 15 minutes.


i packed the router in my bag and rode to the cafe. it was my first time riding with the new seat post and saddle, it felt pretty good, i always feel like i have a new bike whenever i replace some bike part, no matter how small or large.

there wasn't any customers at the moment so i quickly swapped out the router, the dd-wrt flashed tp-link router with the asus RT-AC68U. i then made sure all the internet-dependent devices were working: square register, grubhub tablet, webcams, and internet phone.

my father told me when he checked the rabbit nest this morning, that all the rabbits were gone, except for one dead bunny. this weekend i hope to drive them out of the backyard.

i went over to my sister to install an eufy 2k indoor cam. the eufy solo 2K C24 outdoor cam is supposed to come tomorrow, still trying to figure out where to install that one, or even worth keeping.

back at the cafe, i demonstrating the rotisserie cage function of the air fryer by cooking up some sweet potato fries. later my mother told me she doesn't like sweet potatoes all that much. my mother also blamed me that she was back at work, said she'd rather be at home sleeping.

i left the cafe around 5:30pm. i found some plastic pots along the way and tossed them in the back of my rear baskets, home for future plants.

for dinner i made some more french bread pizza.

my 2nd aunt called me around midnight. she said she home tested today and her result was negative for covid. her PCR test is next monday, and once she's cleared, she should be able to return home on tuesday. anyway, the reason why she called was to ask me about the letter i wrote for my big aunt. she opened a savings account here in the US when she came to visit nearly 20 years ago. she'd now like to close the account, but instead of coming in person, she's doing it by notarized mail. i wrote her a letter explaining her request to the bank, but because it's all in english, she needs to understand what i wrote in order to explain to the notary public in taiwan.