Orwell's "1984" in Tomato by shibby

Discussion in 'Tomato Firmware' started by KurroHimenez85, Nov 20, 2012.

  1. KurroHimenez85

    KurroHimenez85 Serious Server Member

    M0g13r likes this.
  2. KurroHimenez85

    KurroHimenez85 Serious Server Member

    In this threat people are talking about possible backdoor in Tomato by shibby.
    Shibby want to know not only location - IP, but your router model and firmware version too.
  3. TexasFlood

    TexasFlood Network Guru Member

    Probably harmless but I suspect shibby underestimates the paranoia level of some of us, like me, hah. After all, just cause you're paranoid doesn't mean they aren't after you! But we could easily disable this once aware of it.
  4. M0g13r

    M0g13r Network Guru Member

    shibby is watching U *G*
  5. Mangix

    Mangix Networkin' Nut Member

    So further on in that thread he mentions ceasing the sending of MAC addresses(it was the first four octets originally).

    Considering this is completely open source(just a script), this is FUD.
    Techie007 likes this.
  6. Gitsum

    Gitsum LI Guru Member

    that link comes up in Polish. Your speaking/typing english here.
    How about you just explain what you found?

    After using Google translator, I find that "Shibby" is a pollock that wants to track his firmware usage by sending MAC addresses? Sketchy.
    Hmm, can't he do the same thing by monitoring the downloads of his firmware???
    Guess I'm done with shibby.
    Screw you buddy.
  7. Mangix

    Mangix Networkin' Nut Member

    I used Google translate as well as my basic knowledge of Slavic languages(I speak native Bulgarian).

    On pages 304 and 305 you will find codeboxes of what he wanted to do. The first codebox sends basic stats including the first four octets of your MAC address. The second codebox removed that and just sends a hash of the MAC address.

    Three notes,

    1: The first four octets are NOT uniquely identifiable information. At best, it just tells shibby what router you are using.
    2: In both codeboxes, a hash of the WAN MAC address get sent. Anyone who knows even a little bit about hashes should know that it's a one way function. Meaning, you can't re-create the plaintext from the hashtext. Although a GPU bruteforce attack is quite feasible. I need to figure out how long it would take though. Maybe a day or two.
    3: How is this any different from what multiple other products do? This just sends relatively anonymous data so that shibby can get an idea of who is using what where to better tailor his firmware.

    Besides the MD5 hash of the MAC address, I see nothing wrong with this.
  8. TexasFlood

    TexasFlood Network Guru Member

    Yes, I'm not really that concerned about it. It does seem like folks should be informed. So assuming that, the script is easy enough to disable/get rid of. But folks like their privacy so bound to be some negative reactions.
  9. TexasFlood

    TexasFlood Network Guru Member

    Compared to what google and other companies are gathering on all of us, this is nothing really.
  10. ghoffman

    ghoffman Network Guru Member

    shibby asked if readers of his board thought it was a good idea. read below for the full translation of his post. note that he stated his intention to make it completely optional. this seems harmless. shibby has done a great job with development - as have all tomatousb contributors.

    ---------------from shibby's board:
    I want to introduce a new version of tomato small little script that the router will start sending me info about the name of the router's MAC address and the partial installed version of tomato. In addition, a script will check and send info on the country. None, private data (passwords, configuration, etc.) will not be sent. The script code is open, unencrypted, an ordinary little script in bash, so that everyone could see what it really sends. In addition will be gui option through which you can disable the sending of anonymous data.

    The result will base routers running tomato to shibby. Why you ask? Well, purely for illustrative purposes only, and statistics. To know which version of tomato are the most / most installed. What are selling routers and users which countries use my tomato [​IMG]

    In the end, I want everyone to share access to the database via a web page, which will present all the data in tabular form. In addition, by clicking on the flag of the country will be able to view only the routers in this country.

    What do you say? [​IMG] Good idea?

    i say - idea ok; thank you shibby.
    Techie007 likes this.
  11. M0g13r

    M0g13r Network Guru Member

    i think it's a bad idea .... if people want that shibby know wich version/location/mac ... what ever they use .... they kan paste the script in script section

    or shibby can make it there default an people can delete it if they don't want it
  12. pharma

    pharma Network Guru Member

    Not a good idea ... should be removed or give router user option to disable -- script should be OFF by default. Privacy is very important and there is potential for others to misuse this info.

    Shibby, use your brains. Why include TOR software in your firmware if this will defeat the purpose? Many people are using PC software to hide there identity from repressive govts., torrent cops, etc ... -- leaking IP/MAC addresses is not good idea.

    Will stop using this firmware if it is included.

  13. TexasFlood

    TexasFlood Network Guru Member

    I'm probably nearly as paranoid as anyone. But if you read the description the script is open for examination and doesn't send any personally identifiable information, not your full MAC, not your IP. It's anonymous data intended to show what brands of routers are running what version of tomato in which countries. And it can be turned off in the GUI. I guess my preference would be to have it default to off but encourage folks to turn it on when comfortable but I can see the argument to have it on by default to get better data gathering. Still given the type of folks who are going to be running the firmware, level of skill and paranoia, hah, I think defaulting to off is the way to go. Just my two cents. It's shibby's work and decision.
  14. shibby20

    shibby20 Network Guru Member

    i read your posts and i`m in shock!! TomatoAnon is not for me, it`s for YOU people!!

    I want to make database about routers and tomato version used by you. Which router is the most popular in each country, Which Tomato version and/or buildtype is used by the most people and whoch of them are unused and no need to compile that buildtype no more.

    wantype will be also removed in final script. Well as you see i dont send MAC`s, IP`s and nothing with your private information.

    One word i have now in my mouth: ungrateful !!

    FYI I will be happy if others tomato developers will add this script into his mods in the future. For them i make variable $MOD. All they have to do is set MOD as Toastman, Victek etc.

    Script will be PROPABLY ENABLED by default, because i want to make the biggest database with tomato mod information. I believe that only 1% of users will disable this option. If i will disable it by default IMO only 1% will remember and enable it. This is not a good way for this project. All users will be send aboult this in changelog, news of release etc. Each of you have right to disable this script (nvram set tomatoanon=0 or administration -> admin access).

    Best Regards!
    Techie007 and crashnburn like this.
  15. shibby20

    shibby20 Network Guru Member

  16. JAC70

    JAC70 LI Guru Member

    What possible benefits to the end-user could override breaking their trust in open-source firmware?
  17. pharma

    pharma Network Guru Member

    Agreed. Their are no benefits to end-users of the firmware, only to the firmware developer. It's more of an ego-trip to see which mod is the most used, etc...

    What next ... advertisements based on what country we live, what router we use?

    FYI ... I hope the other Tomato developers do not add this code to their mods ...
    KurroHimenez85 likes this.
  18. kthaddock

    kthaddock Network Guru Member


    I'm one your thoughts, developers have to be satisfied with how many downloads of theirs software to starch theirs ego.
    I don't want that code in theirs mods...........:mad:

    KurroHimenez85 likes this.
  19. Monk E. Boy

    Monk E. Boy Network Guru Member

    So long as its announced in the release notes and done in an open manner, with the actual script being run posted for review, and users have the ability to disable it through a clearly labeled option ("send make/model information to shibby")... then who should care?

    If you're too lazy to read the release notes or don't spend the requisite 30 minutes poking through the interface to find it, you shouldn't care about whether it's enabled or not. When I setup a router the first time, or flash a new version of the firmware, I have the thing disabled and disconnected from the internet until I've investigated it.

    While I have a spare router at work specifically for this purpose, at home I just decide not to have internet access for a couple hours while I poke around. The entire world isn't going to come to a stop just because you have to spend time on a project that clearly matters to you.
  20. RMerlin

    RMerlin Network Guru Member

    Metrics can be interesting, but I can understand where people might be worried (with reason). A router is, after all partly a security device.

    My personal two cents: if you really want to have those metrics, you can do so in a mutually respectful method. Have the default nvram value set to "2" (meaning it hasn't been configured yet). If someone access the router webui and the value is set to "2", then open a popup (or redirect to another config page) where you explain the meaning of that setting, then ask the user to either enable (which will set it to 1) or disable (which will set it to 0). That way, you will ensure that people will know about the existence of this option, and they will take a conscious decision to either enable, or disable it. This is as far as you can go to ensure you get the maximum number of participants without having UNWILLING participants.
    arafey and dc361 like this.
  21. spicoli

    spicoli Network Guru Member

    Considering the now mostly incomplete definitive list of compatible hardware this makes sense to at least gather general info about what supports what and what and for any features that are majority ruling like say better 5Ghz support. Of course you'll have your average tin foil hat poster (pharma) but odds are they didn't read the bash script. You also have the option to disable it.

    I am opting in.
    Techie007 likes this.
  22. koitsu

    koitsu Network Guru Member

    I fully support Shibby and his efforts to do whatever he needs to do. I want to make that crystal clear here up front. I believe his motives (universally) are positive; there has been no reason to believe he has malicious intent.


    I do not agree with a firmware (or device of any kind for that matter) "phoning home" with usage statistical data without the user's manual interactive consent. Meaning: I am fine with his statistical tracking bits, as long as they default to OFF, and are enabled ONLY per opt-in.

    Rephrased: I'm fine with this feature existing in a firmware, and I trust Shibby as a developer (I see nothing Orwellian about him, and FYI 1984 is my #1 favourite book). But I strongly believe this feature should default to OFF. I fully understand Shibby's point here (2nd-to-last paragraph, re: if he makes the setting default to off he'll never get the statistics he wants), but I'm sorry, I do not agree with enable-by-default statistics like this. It's a principle/rights thing.

    The difference between me and paranoid tin-foil-hat-wearing nutballs is that I'm pragmatic/reasonable when it comes to such things (while paranoid nutballs will insist no such feature should be in a device at all). But I always feel these features should default to off.

    For example, we have similar for FreeBSD -- the default is off. Debian has something similar -- also defaults to off. Ubuntu, on the other hand, I believe has something similar that defaults to on, and that has resulted in a fairly large controversy. Be warned.
  23. kthaddock

    kthaddock Network Guru Member

    Well a couple of hour later I can say, If that option is OFF by deffault then maby it's okey to collect information.
    Open data base on web page so all can se what theirs router sending would be okey.
  24. koitsu

    koitsu Network Guru Member

    Shibby did provide this already in an earlier post: http://tomato.groov.pl/tomatoanon.php

    I will admit that this is the first time I've seen that URL however (no judgement being passed in this statement, BTW).
  25. Toastman

    Toastman Super Moderator Staff Member Member

    I understand what Shibby wants to do, but I personally think the whole thing is pointless.

    I know how many downloads every version of firmware has from my download site. And the whole thing is pointless if it can be turned off.... the stats are only useful if every router running the firmware reports itself.

    I will never use any software that does this sort of thing because it just annoys me. And I won't be adding anything like it.
    callous, koitsu, pharma and 3 others like this.
  26. KurroHimenez85

    KurroHimenez85 Serious Server Member

    Script is for US, but YOU want to make something. Small contrast in one your statement.
  27. shibby20

    shibby20 Network Guru Member

    i always MAKE something for YOU. BTW all what you said in this thread was a bullshit. I dont want to know IP`s or MAC`s of routers. I dont want to know his location (like city) only a country. I`m not a big brother, orwell etc. You even don`t have the courage and tell US that is your name on openlinksys forum. You was register on MONDAY only for make that thread and tell people you bullshit. Well get out of my face!

    IMO you don`t understand what i want to do. I dont need to know how many download of each firmware i have or from where people are. I have Google Analytics for that.

    Besides a browser send himself a lot of information like IP, OS system, browser name etc well what are you talking about privacy!!

    Even TOR can`t save your privacy. There is a way to detect your REAL IP address even if you have TOR enabled!!

    Few examples why Anon (from Anonymous) is a good idea:
    1) i`m a new and i want to by new extra router. I don`t have to open new boring thread on forum but i simple can enter on tomatoanon page, select my country and now i see which router is the most popular IN MY COUNTRY. In Poland most people use RT-N16, but maybe in other country more people loves E3000 because is cheaper than Asus? We dont know that but Anon can give as an answer.
    2) I open new thread because i want buy a new dual-band, gigabit router. Which one i should buy? Most people will vote on RT-N66u or E4200, BUT there are countries where Linksys E3200 is cheaper and may be a better choice than E4200 or N66u.
    3) Did you know that Motorola WR850G v2/v3 is supported by tomato? I didn`t!! This router is not exists on tomatousb router list. Now look here:
    http://tomato.groov.pl/tomatoanon.php?search=2&model=Motorola WR850G v2/v3

    in Poland is a person who used the newest tomato on this router! And this is a great information. Without Anon i will not know that. Well TomatoAnon may be also a great database of router supported by tomato! We don`t need routerlist nomore
    4) Toastman know how many users download his firmware. But is he know how many users of RT-N66u uses firmware 32K and 64K?? He doesn`t. Anon can help US (developers) decide which buildtypes we should compile and which one are unnecessary. I myself compile right now aboult 160 buildtypes!! (K24 EN, K24 PL, K26 EN, K26 PL, RT-N EN, RT-N PL). Each firmware take ~20min time for compilation. Well compile all firmwares takes ... yes ~35 hours!! You don`t see that. You can download a firmware for few seconds and you are happy. I have to spend a day and half before i will be ready release new version. Think about that!!

    I want to tell this one more time: All i want to do is make a database of routers with tomato firmware and if some of You still dont see a benefits well You should buy a glasses.

    I want to thanks Merlin for pretty nice idea. It not exacly what i want to do, but it is propably the best solution at the moment to HAPPY most people. After install new firmware, default value of tomatoanon will be -1 (unconfigred) and user will see a monit about that on overview page.


    After open TomatoAnon config page he will see:


    If he agree on decline TomatoAnon, popup on overview will disapear.

    The button [Checkout my router] allow you (and only you) to open tomatoanon database page and show only your router using routerid (knowed only by you/your router).

    Best Regards
    Techie007 and tkittich like this.
  28. Toastman

    Toastman Super Moderator Staff Member Member

    Apologies Shibby. I do see what u want to do. But I still think it's rather pointless. If it's disabled by default, the majority of users who are not technically inclined will leave it at the default setting and those will not be reported, even though they are probably the majority. If you enable it by default there will be hue and cry from many people.

    I think that the reaction you are getting is simply due to the aversion most of us have these days when stuff is constantly connecting to sites for reasons we do not know and have grave suspicions about.

    Good luck - it will be interesting to see what the conclusion is.
  29. shibby20

    shibby20 Network Guru Member

    thank you. I have people will trust me and finally will see there is nothing wrong in TomatoAnon database.
  30. rhester72

    rhester72 Network Guru Member

    To be perfectly honest here, I'm not sure the real issue is whether or not it's enabled by default, but (what appears to be the case) that you didn't actually tell anyone up-front that you were doing this and it had to be discovered by a user. That, in and of itself, is a HUGE violation of user trust.

    pharma likes this.
  31. shibby20

    shibby20 Network Guru Member

    i will tell anyone and TomatoAnon but you don`t give me a chance). It will be in Changelog with bold text. Problem is with @KurroHimenez85, who wrote that bullshit and planted the seed of uncertainty in all of you here. As @ghoffman said that was only an idea!! And i was want to know opinion of openlinksys.info users before i will start with that script. Well you can`t say "what if you didn`t tell anyone" because i told that before @KurroHimenez85 was started this thread.

    The real problem is why people trust unknown person as @KurroHimenez85 (as i said, register on Monday) but don`t want to trust me?
    Techie007 likes this.
  32. pharma

    pharma Network Guru Member

    If KurroHimenez85 did not tell us in this forum, when were you going to tell us? After you included it in the firmware and on-by-default?
  33. shibby20

    shibby20 Network Guru Member

    read and understand what i wrote please. That was only an idea. In time when @KurroHimenez85 was started this thread i was NOT even start write script!!

    I want ask polish users first. If they will tell me "bad idea" well i will never start this thread on this forum and leave Anon project. Because polish users (most on them) was agree with that idea, then i made a decision to inform You on linksysinfo forum. But @KurroHimenez85 was first. Why no one was didn`t inform me about this thread? Why i have to find out this myself on Wednesday?!?!?

    BTW I was always inform You before i add something to my tomato and always write all changes to changelog. And always push the fresh sources/changes to GIT. Am i?
    Techie007 likes this.
  34. shibby20

    shibby20 Network Guru Member

    maybe not all of you read @ghoffman post, well i think i should quote it one more time (and mold some texts). The most important test i change to RED.

    As you can see that was only a proposition!! And i made this before i start work on Anon project. Well please don`t write "what if" because opinion of people is very important to me!!
  35. lefty

    lefty Addicted to LI Member

    This type of data reporting is rather harmless, but if you visit the tomatoanon statistics page, you'll see some versions that are somewhat back dated, so this has been in there for a bit with not many people knowing? And no option in the previous builds to disable it and no noting of this script in any of the previous changelog build notes, those kinda facts alone could make some people a bit skittish within itself. I don't have a big problem reporting this kind of data,as like i said, it seems pretty harmless, but i also don't like the fact of it being something in my router's firmware that i have no knowing about and/or it not being disabled by default.

    As far as what build flavor is being used by which router from what country, i cannot see that it really matters. So far the project works pretty good as is, and i don't know what advantage knowing 'what country/what router/what build flavor' matters because once board detection is added to the build tree, it becomes pretty generic at that point - IE i can use a shibby build built for the E2500 on my E2000 by editing out the header info with a hex editor, matter of fact i sometimes do so i can use shibby RT-N builds on my E2000 and E3000 (yes i like RT-N builds), because you don't build generic nv60k builds as Toastman does, i have to improvise. And i also don't see what knowing the data will matter in the aspects that ok say the WNR3500L is the most used router, so does this mean you are only going to build for that unit and not support the building of other unit's firmware flavors that you have added to support with tomato? Wouldn't make much sense, and as i said, once board detection is added to the branch i could use a 'generic' (be it hex edited or not) build that would work on either 3500L or RT-N16.

    Be that as it may, i'd say alot more people will not want this type of reporting than those that do, and especially something that is enabled by default. But its your tomato builds, and you can shift it in a direction as you see fit to do, but i will say that i would rather not have something like this in the router firmware i use, but if it is there, i would like it not enabled by default and would like to know before hand that something like this is getting added in the first place.
  36. shibby20

    shibby20 Network Guru Member

    Because i release on wednesday a free script for people who want manually add his routers to database:

    look, there are routers with tomato 1.16, 1.19, 1.21!! I didn`t even know about tomato when those version was published :)

    we have to specify some of information.
    1) i wrote my idea about Anon on Friday 2012.11.16)
    2) @KurroHimenez85 was register here on Monday 19, and start this conversation on Tuesday
    3) On Wednesday i made a free script and publish on openlinksys.info
    4) When i had a working project (script and webGUI) i want to inform You, but @KurroHimenez85 was first...
  37. lefty

    lefty Addicted to LI Member

    @ shibby - ah ok. i'll still be using your builds (i use both your's and toastman's builds) regardless of whether the script is in there or not, and appreciate all your efforts towards the project.

    You also have to understand that people have to be educated about something like this so as to not raise any eyebrows, which you have pretty much educated the community with your intent in this thread. And with the added config choice in the webgui, i think that will pretty much solve those that want to report this type of data and those that rather not. :)
  38. digiblur

    digiblur Networkin' Nut Member

    I don't run your builds and would have no problem with the script in there.

    Sent from my SPH-L900
  39. Badders44

    Badders44 LI Guru Member

    @shibby: Will the script be embedded in the firmware or downloaded each time the router is rebooted?
  40. Mangix

    Mangix Networkin' Nut Member

    I tried this on four separate routers. Failed on two. One was an E1200 running your mod(version 101. 102's broken) and the other dd-wrt(for kicks :p)
  41. KurroHimenez85

    KurroHimenez85 Serious Server Member

    @shibby why you still lying to us?
    People here are not morons.

    Every connection to database can be logged - with time and IP, without displayed this on Anon website.
    Every big ISP in Poland (TPSA, Netia, Dialog, every 3G operators) and many ISP in the world using public IP for customers, not fixed, but still public. IP lease time can be 24h, maybe longer.
    Somebody can write, i'm wrong ?
    Script will be default ON from compilation 103 - this was your idea, you still fighting for this.
    From compilation 108, maybe 112, maybe 125, maybe later, will be "small bug" - access to telnet from WAN default ON, without any sign in GUI. Bug is bug, nobody is guilty, this software is without any warranty.
    Public IP & telnet access can give full control .
    For who?
    For man having info about this, info from database.
    And one more time - somebody can tell, i'm wrong ?
    Answer is very simply. I wrote truth, you not.
    And i don't want to add my private spyware to open source Tomato, you want.
  42. callous

    callous Network Guru Member

    The telnet bug isnt fixed yet?!
  43. Mangix

    Mangix Networkin' Nut Member

    Am I the only one seeing @KurroHimenez85 as a propagandist?

    Oh yes a "bug" will appear giving shibby full control. Ponies are gonna fly out of my mouth too.

    I see this as an insult to shibby and all his contributions to tomato and the community(which are vast). He has stated that he has good intentions with this database and there's no indication of any malice.
    Techie007 likes this.
  44. lefty

    lefty Addicted to LI Member

    Its most certainly a 'bad presentation' of the actual intent of what the script does. The original post does hype it out to be a bad thing, although really as i said, i don't see what it matters about which build is being used where with what router, the code itself seems pretty harmless. i would say if you don't like the thought of the script in the firmware either disable its reporting from the webgui as mentioned above, or simply don't use the builds.
  45. koitsu

    koitsu Network Guru Member

    @Mangix -- I am in agreement with you (mostly, not entirely). I don't necessarily see it as "an insult to shibby and his contributions" -- I am trying to take the pragmatic approach and acknowledging that this is a privacy concern to some degree. However, Shibby is being very helpful and open and communicative about what the script is used for, its defaults, etc. -- and that's very important to note. Like I said in an earlier post, Shibby is not Orwellian in nature, so I trust his intentions fully

    @KurroHimenez85 -- I understand your points, and I understand your concerns. You can read my posts above seeing that I have no problem with his script, just that I wish the default value was off/disabled (i.e. the script's transmission of information should be opt-in only, and should be done manually by the user).

    That said: I do not appreciate how you keep trying to make Shibby out to be some kind of wolf in sheep's clothing, or demonise him. Yeah, I wish this feature was made more apparent up front from the get-go, but that's in the past now -- we can't rewind time and do anything about that. Let's move forward in a positive manner.

    Everyone on the Internet has seen this kind of thing (companies or individuals doing statistics gathering in their software + "phoning home") many times over in the past 20 years. Yes, it's a problem, no argument there. But the true offenders are the ones who say nothing / do not respond to the concerns. The difference in this case is that Shibby is here, he's talking with us (think of how much time he's spending on this matter right now!), he's giving information, and he's telling us what his intentions are.

    I'm not a forum mod nor am I going to tell you what to do, but I'm asking you nicely/kindly as a developer myself to please settle down a bit. I know you're annoyed, concerned, and maybe even feel violated -- I really do understand -- but try to be more balanced/fair about the situation right now, okay? One thing you're definitely doing is stressing out the poor bloke, and nobody needs that (you, Shibby, me, or anyone else). Understood?
  46. lancethepants

    lancethepants Network Guru Member

    I think this thread would have played out very different had Shibby been allowed the time to first explain and ask us about his idea, rather than it being introduced in such a slanderous way. Whether you agree or not with the idea, I don't see any credibility issues with Shibby. It's just like he said, he will always inform us of changes. He's not going to try to sneak something in.
    Techie007 and koitsu like this.
  47. shibby20

    shibby20 Network Guru Member

    Every entering to web page can be logged. Even on this forum Administrators and (propably) moderators can see yours IP`s adressess. I see you haven`t knowledge about how many information send your browser when you enter on "no matter which" website. Maybe i should ask @Toastman about your IP on linksysinfo.org and compare it with openlinksys.info database? Or maybe just tell us: How are you and what you really want, because you definitely wont help people.

    No only propagandist. He is also a paranoid :)

    As you said: this WAS an IDEA! Merlin gives a pretty nice sotution (pop-up) to happy most of us. As we see, not all - yes i`m talking about you right now.

    OMG you really are a paranoid :D From where have you this stupid information :D I`m making tomato for You from hmm 2 years? This is my hobby and this make me happy. Why you think i want to do some "small bug"?? To take control over the world?? :D:D:D PLEASE :D Leave your sci-fi comics and go back to school!
    In my tomato mod telnet is default OFF (in others mods is ON). I always send full changes to GIT (before release new version) well anyone can check what kind of changes was i made and compare it with changelog.

    Thank you @koitsu for that words.
    Techie007 and koitsu like this.
  48. RMerlin

    RMerlin Network Guru Member

    So basically, KurroHimenez85 doesn't trust open-sourced projects like Tomato where every one can see the whole source code and know everything that the firmware does, however he has no problem trusting completely closed-source firmwares like his Blu-Ray or his game console has. Go figure.

    Some of these devices send information such as serial number or MAC address when looking for the availability of a firmware update. I can tell you from first-hand experience about a very popular media player that saw its firmware update actually upload activity logs to the manufacturer's servers. I've actually seen bits of these logs because they were left on an unsecured FTP server. Oops.

    And I'm talking about the original firmware for that device there, not even a third party one...
    Techie007 likes this.
  49. shibby20

    shibby20 Network Guru Member

    this is your decision and you have right to do this. Best Regards.

    on ddwrt it will not works because ddwrt have (propably) others nvram variable. I`m still working on Anon. As i promiss i removed WANTYPE and made model/buildtype detections. This is why "test tomatoanon.sh" script may not work correct. Please be patiens. I have all done in 99%. I will push soon changes to git and release new tomatoanon.sh script for users who want to be on Anon base and doesn`t want to upgrade tomato :)

    it will be included in tomato. Will not be downloaded. Only users who want to be in Anon base but wont upgrade tomato will have to download script manually. Script (at the moment) will be run by cru (scheduler) for each 6 hours but i want to make this interval configured by users and i want to make interval field with range 1-12hours. Then everyone can set interval what they want.
  50. shibby20

    shibby20 Network Guru Member

    not only firmware. TOR Project BEFORE start checkout new version! Well tor have to connect to torproject.org website!! If they want they can log IP and makes a pretty nice database of users using TOR with they real IP`s addresess.
    Techie007 and koitsu like this.
  51. KurroHimenez85

    KurroHimenez85 Serious Server Member

    @shibby why you starting private war against me here? Before you made it on your private board openlinksys.info, now you making it here.
    Every oppositions there were not tolerated. 96% votes "YES" for your project. Like Communist Party in Poland in 1945-1980.
    I started this thread, when this idea was only idea, and i wrote truth. And i'm bad guy, because i was first? Very good reason.
    You don't have 96% here, and you are angry. Here people thinking, not only applauding you.

    @RMerlin - can shibby give guarantee and take responsibility, like blue-ray and console manufacturers does? I'm sure - not. That is difference.
    And shibby's script is not used for looking for the availability of a firmware update. This script do nothing positive:
  52. pharma

    pharma Network Guru Member


    Remember, only the Shibby Tomato Mod will have this code. Toastman mentioned above he will not be adding it to Toastman Mod, and for the other Modders you'll have to wait to see whether they include it.

    Anyone who does not want the code can switch to Toastman or another Tomato mod. :)
  53. shibby20

    shibby20 Network Guru Member

    pushed to GIT:
    and little update

    everyone can look (and understand i hope) what Anon really do.

    If someone want test or use TomatoAnon on older Tomato version then can download:

    and add launch script to INIT script. Anon will add to cru (scheduler) and will be update information every 6h (by default). If someone will want to stop Anon, then anly what he has to do is delete anon from cru using command:
    "cru d tomatoanon"

    and remove launching script from INIT.

    If someone want use Anon on the other MOD, like Toastman, he has to edit script and change MOD name at first and propably fix a VER and BUILDTYPE variable!

    I the future i will add a button allowed to REMOVE router from Anon if someone will no want update info anymore. And i will add cleaning entires in database if router will not be update for long time.

    Best Regards.
  54. shibby20

    shibby20 Network Guru Member

  55. shibby20

    shibby20 Network Guru Member

  56. Daky

    Daky Network Guru Member

    sounds good to me, i am waiting for v103.

    good stuff shibby20
  57. kthaddock

    kthaddock Network Guru Member

    Thank you !
    This project will be included with Tomato by Shibby starting from v103. It will be DISABLED/unconfigured by default.
  58. RMerlin

    RMerlin Network Guru Member

    While the script does not specifically send the IP, you should point out that the IP is still being seen by your web server (as any web connection would). To appease users accusing you of having an hidden agenda, I would rephrase it like this:

    "...while your IP can be seen by the web server hosting the remote database as in any regular web-based connection, it will not be stored in the database"

    Just for the sake of precision. :)
    shibby20 and pharma like this.
  59. RMerlin

    RMerlin Network Guru Member

    Except that some of the information they take isn't necessary for offering an auto-update service, yet they still retrieve that information. And potentially other bits if information you might not even know about, because (unlike Tomato), their firmware isn't open to the public. Cases where companies have abused by compiling far more information than they needed have been exposed in the past. So no, hardware manufacturers offer no guarantee of honesty either - even far less than any open source developper who opens up all his code, showing you that they have NOTHING to hide.

    In fact, look at what Cisco tried to pull on their customers a few months ago with their new "cloud-enabled firmware" that was arbitrarily pushed to routers.

    EDIT: I dug out an article showing how far Cisco initially wanted to go with their firmware. It would be allowed to even track down WHICH SITES YOU VISITED...


    So please, that Orwells reference doesn't make any sense when compared to what commercial companies have tried to pull on you in the past. That proves that your feeling about commercial companies offering you better guarantees is unfounded - Cisco has flat out tried to SELL personal information such as which websites you were visiting.
    Techie007 and shibby20 like this.
  60. shibby20

    shibby20 Network Guru Member

    i promise i will not store IPs in database. you have my word.

    i do not start any of war. I want only know how are you. You and everyone know me, but no one know You.

    still bullshit. I never want store MACs (i mean full mac address), IPs and any private and personal data. You went here i told people some of story about big brother, Orwell, whois next!! When i went here to tell people about Anon and i saw this thread, my first reaction was WTF!! The only truth is:: any of your words was NOT true.

    Toastman and Merlin do not see any wrong in Anon script. They only not see a reason to integrade Anon into his mods. And that is a big difference!! I hope they will change his mind in near future,

    but maybe will... I dont know. We will see.
    Techie007 likes this.
  61. tvlz

    tvlz LI Guru Member

    Can you add a new search to the database "Search by Driver Type:"(K2.4, K2.6RT K2.6RT-N)
    right now there is not way to tell between RT & RT-N builds.
    shibby20 likes this.
  62. leandroong

    leandroong LI Guru Member

    I don't see any harm. I will participate and see how it goes.
  63. maurer

    maurer Network Guru Member

    so am I
  64. mvsgeek

    mvsgeek LI Guru Member

    The naysayers here have probably been spared the RPITA of using Sveasoft's firmware. It used to be a requirement to input your router's MAC address before you could even download the firmware image. And if you exceeded their arbitrary limit of 5 MAC addresses, you were at the mercy of Sveasoft to respond to your request to clear the addresses before you could add another router. That was the original reason why I switched to Tomato/Toastman, not for security issues, but just because of the unnecessary inconvenience. Wonder what Sveasoft did with those MAC addresses...don't really care.

    I'm not using Shibby's build, but if I were I'd have no objection to TomatoAnon. I see nothing sinister about it, and Shibby has make it perfectly clear from the outset that it's a strictly optional feature. And if Toastman were to incorporate something similar, I certainly wouldn't start looking for alternative firmware out of security concerns.

    Shibby, Toastman, and all the other developers deserve thanks and kudos for their efforts, not scare-mongering. Let's not forget that they make this stuff available to us for free.

    And now I'm going to log off and send a whole heap of program dumps to Microsoft. And make sure I leave the boxes checked (usually by default) on all the other software products that want to gather information about me.

    I rest my case.
  65. koitsu

    koitsu Network Guru Member

    Oh no, I remember the Sveasoft ordeal quite well. I've been "doing this firmware stuff" since roughly late 2003 (had to check some files/directories I have pertaining to my WRT54G serial port mod :) ).
  66. shibby20

    shibby20 Network Guru Member

    nice idea. I added WL driver right now. You can download new TomatoAnon.sh. I will add new search by driver in near future.

    Attention: after download TomatoAnon.sh, please change a PATH to anon in "cru a" command. This will add correct service to scheduler

    And one more thing: If someone made own tomato, please change VER and MODEL detection to correct and MOD name, because we have strange entries in base like
    | RT-N-sady-0115 K26 USB (1) | RT-N5x-Arctic K26 USB (6) |
  67. thepoch

    thepoch Serious Server Member

    Hi Shibby,

    I ran the script manually to test out the script. I did edit out the line that adds a scheduled job first.

    Is it possible to add a button to the UI to manually submit data? I don't really like the idea of something regularly pinging your server, but at the same time I don't mind contributing manually from time to time. I'd prefer a single button that I can just click to submit (probably after the agreement part). If only possible. If not, it's ok. :)

    I see I'm the only one who tested submitting from my country. Hehe. I wonder how many more of us are out there.
  68. shibby20

    shibby20 Network Guru Member

    i hope more, when i will release new version with build-in Anon.
  69. shibby20

    shibby20 Network Guru Member

    first i tried get wl driver version from dmesg:
    it works but only if we reboot router.After few days dmesg log is to big and line with eth detection disapear. Well i don`t know, where from i can find wl driver version. I tried modinfo (from busybox) but there is no version od module:
    The only way IMO to get driver version is about page but router has to download this file, well router need a password:
    but before i will pusha that code, maybe someone will have a better solution to get wl driver version? I dont see any wrong in this code but maybe some of you may have some problem with getting password from nvram, even if passwword will NOT be send.

    Or we can leave only:
    DRIVER=`dmesg | grep eth1 | grep Wireless | cut -d " " -f7`

    if it will be empty, then i will display "-" in Anon.

    What do you think?
  70. TomatoLover

    TomatoLover Serious Server Member

    I just use
    DRIVER=`wl ver | grep version | cut -d " " -f7`
    and I get for my Asus RT-N66U
  71. RMerlin

    RMerlin Network Guru Member

    ASUSWRT RT-AC66U_3.0.0.4 Wed Nov 21 06:30:24 UTC 2012
    admin@RT-AC66U:/tmp/home/root# wl ver
    6.30 RC39.16
    wl0: Aug 29 2012 12:34:30 version (r341183)
  72. leandroong

    leandroong LI Guru Member

    Tomato v1.28.0000 MIPSR1-102 K26 USB AIO
    root@BTRouter2:/tmp/home/root# wl ver
    5.10 RC147.0
    wl0: Mar 4 2010 00:00:47 version
  73. koitsu

    koitsu Network Guru Member

    Keep it simple. Don't bother doing the auto-HTTP-fetch-from-About-page nonsense, it makes a lot of assumptions about what wget will accept for parameters, doesn't properly handle situations where there are spaces in the password. An alternate might be to use dmesg and sed to pull out the exact string you want. I'd recommend just using the below.

    DRIVER="`/usr/sbin/wl ver | /usr/bin/head -1`"
    if [ x"$DRIVER" = x ]; then
    I ask nicely that you specify full pathnames to the commands -- failure to do so may result in odd results in some environments (aliases, dotfiles, other things mounted which come first in $PATH, etc.). It's always wise to specify fully-qualified paths when writing scripts.

    You might also wonder about the test/[] change above, re: using "x" in front of variables. This handles situations where $DRIVER, for reasons unknown, doesn't get set or gets set to an empty string. Note that I also changed the comparison from == to =. == in shell is a bash thing, while = works universally (classic sh with /bin/test, etc.).

    Also, cut is a bad habit to get into. I know, it's neat the first time you learn about it and it sticks with you, but it doesn't behave how you think it does when there are multiple delimiters are next to one another (I can give a simple example if need be). awk is one thing which does that correctly (i.e. awk '{ print $7 }'). cut is useful when you know the delimiter will always be formatted exactly a specific way, and with most strings these days, that isn't guaranteed.
  74. shibby20

    shibby20 Network Guru Member

    The simplest solutions are the best :) thank You
  75. s123044

    s123044 Serious Server Member

    RT-N5x-Arctic K26 USB is china http://hi.baidu.com/zengchen228/item/24aa73e88a07023b86d9deee

    RT-N-sady-0115 K26 USB is http://www.right.com.cn/forum/thread-54190-1-1.html

    They are from the forum http://www.right.com.cn/forum/forum-71-1.html

    other TOMATO master function is very powerful ARP firewall and WEP authentication function has been in firmware in http://www.router.tw/forum/forumdisplay.php?fid=4
  76. s123044

    s123044 Serious Server Member

    MY English is very poor and I hope that you can understand the translation software translation may not be accurate but I really like your firmware I hope you can increase the ARP firewall and WEP authentication function
  77. s123044

    s123044 Serious Server Member

  78. s123044

    s123044 Serious Server Member

  79. koitsu

    koitsu Network Guru Member

    You're welcome -- any time man!
  80. RMerlin

    RMerlin Network Guru Member

    BTW, driver version is kinda meaningless, as router manufacturers will sometime modify the code they get from Broadcom without bumping the revision number. I've frequently seen changes in filesize in the wireless driver binary blob between Asuswrt releases, for instance. So if you wanted any semi-useful information, you will probably need both the version and the date.
  81. koitsu

    koitsu Network Guru Member

    In that case, replace line 1 with this:

    DRIVER="`/usr/sbin/wl ver | /bin/egrep ^wl.:`"
  82. Poldekk

    Poldekk Serious Server Member

    Well, communists also said, that they do, what they do for the people.

    Shibby, tell me please why accounts of peple who are not supporting this idea on your forum are being banned by and administrator of openlinksys.info - ?
  83. dc361

    dc361 Network Guru Member

    Is it fair to assume that the driver would be the same for both radios in a dual radio box?
  84. koitsu

    koitsu Network Guru Member

    Excellent question -- and my answer is: I do not know, because I haven't gotten my hands on such hardware. My opinion/view, however, is that yes I imagine the same wireless chip in the SOC would be used for both radios. If you have access to one, please provide wl ver output so we can see.

    If multiple radios means multiple wlX devices (i.e. wl0 + wl1, etc.) then what's going to end up $DRIVER will be multiple lines concatenated with a space (due to sh/bash's $IFS functionality):

    DRIVER="wl0: Aug 9 2011 09:29:42 version wl1: Aug 9 2011 09:29:42 version"

    Sadly there is no other way to get this information out of the wireless driver. There is no cleanly-written /proc shim that I can find or otherwise.
  85. Mangix

    Mangix Networkin' Nut Member

    wl ver output of a belkin dual-band router running RT and an E2500 which recently got dual band support because of shibby's wl_high patch:

    root@Belkin:/tmp/home/root# wl ver
    5.10 RC147.0
    wl0: Mar  4 2010 00:00:47 version
    root@linksys:/tmp/home/root# wl ver
    5.100 RC138.20
    wl0: May 29 2012 08:48:50 version
    so no info from wl ver about the second radio.
  86. shibby20

    shibby20 Network Guru Member

    IMO this question you should write to me on PM but not on public forum.
    Answer: Not banned but tempbanned for 14days and not by me but by others administrators. Not for not supporting Anon but for inappropriate vocabulary. Well please dont tell people here not truth! You also doesn`t know nothing about Anon. You wrote yesterday on openlinksys forum: "you will not use my tomato build anymore because Anon will be enabled by defaut". You are wrong and anyone here know that. On tomato.groov.pl is news wroten by me 3 days ago about Anon. Well please get a correct information before you write anything on public forum.

    @koitsu - you have right with cut and awk. I will switch cut code to awk today.

    @RMerlin - you have right. I saw that also:

    But we don`t have to know a date of driver because we know a tomato version. Well if we will see "Asus RT-N16 K26USB AIO" we don`t know which tomato branch he uses. Drivers will help you know with branch people use: K26RT with driver or maybe K26RT-N with Because right now this information is not specify in Anon database.

    The same situation is with your code. Some people uses src-rt-6x on RT-N66u :)
  87. Poldekk

    Poldekk Serious Server Member

    I'm talking about the forum http://openlinksys.info/forum/index.php
    Owner and superadmin of this forum is Shibby.
    I posted there that it's not good idea to stitch up this script into firmware and force people to send data, they might not want to send or may even not be aware that they send.
    My login is banned for 14 days :)
  88. shibby20

    shibby20 Network Guru Member

  89. Buniaczek

    Buniaczek Networkin' Nut Member

    As @Shibby already mentioned: some people do not understand written messages (posts) :/
    This is the reason why we have so many misunderstandings and myths about tomatoanon project :/
    If you have any doubts please ask before you will start judging @Shibby or his project.

    Information for some people - this project still evaluating so if you have added this script:
    cd /tmp
    wget http://update.groov.pl/TomatoAnon.sh
    chmod +x TomatoAnon.sh
    Please download new script or you can modify script by adding:
    cd /tmp
    rm TomatoAnon.sh
    wget http://update.groov.pl/TomatoAnon.sh
    chmod +x TomatoAnon.sh
    This will download the newest script every time you will run it.
  90. Poldekk

    Poldekk Serious Server Member

    This couldn't be for the language, because I never used any kind of inappropriate language on your forum.
    Yes, I wrote there that I will not update to the next version of your Tomato if you put this script stitched into it. I also explained why I don't like the idea. After that my login got 14 days off...

    Shibby, I could'nt write you on PM, because my login is banned, and I can't log-in.
  91. mstombs

    mstombs Network Guru Member

    I've seen the "x" version many times but never really understood it (or the Yoda form with reversed args) what's wrong with just
    if [ "$DRIVER" = "" ]; then

    which seems to work fine in tomato with null assignment?

    I would also question why to parse the result with grep - why not just capture the full string, using sh ability to concatenate lines as above?

    You can also use script default to catch the null assignment, here's example which should use system path wl if defined.

    w=$(which wl)
    v=$($WL ver)
    echo $DRIVER
    ASUSWRT RT-N16_3.0.0.4 Tue Sep 25 03:41:55 UTC 2012
    admin@(none):/tmp/home/root# echo $DRIVER
    5.100 RC138.20 wl0: May 29 2012 08:58:33 version
    Tomato v1.28.7633 .3-Toastman-VLAN-IPT-ND ND VPN
    root@wrt54gs:/tmp/home/root# echo $DRIVER
    4.150 RC10.5 wl0: Apr 10 2008 11:52:33 version
  92. shibby20

    shibby20 Network Guru Member

  93. koitsu

    koitsu Network Guru Member

    I'm an old codger. Back before quotes were implemented, we used things like [ $foo = value ]. This became a problem when $foo was empty, and even bigger when $foo contained something like literally the string -e. You have to remember that [ as a test operator on some systems is still a non-builtin, i.e. /bin/[ really is a real thing (see FreeBSD). The solution was to therefore use [ x$foo = xvalue ]. It's become common habit (for some of us) to continue to use this model. :) Most of the shells (but hardly all) have some degree of handling for this now in different ways, usually via ${} modifiers. You have to keep in mind that some of us write shell scripts that are intended to work across multiple platforms; for example, Solaris /bin/sh often gives Linux-heads gigantic headaches, and I chuckle at that.

    Here's some reference material -- scroll down and read some of the upvoted comments, specifically the one that has 4.

    Partially for the reason I mention above, but for other reasons. For starters, I don't trust Busybox's stock shell, because that software suite has a history of horrible bugs beyond belief. So when I write shell, I tend to write it in a way that 1) ensures the underlying shell has little to no features, and 2) simultaneously is easier to understand/comprehend for someone reading the code. Regarding why not just use $IFS to concatenate lines / get rid of the grep: because we don't want the first line of output. I could have used sed to do the same thing but so what. What we really want is lines with the time/datestamps which also contain the driver version. Meaning: there is no reason to retain the first line of output. You could alternately do something like tail +2, but again, tail on many systems don't support the + and others do but through a different flags (like -A or -B), which circles back to my previous paragraph... :)

    No, do not do this. Just hard-code /usr/sbin/wl as the calling binary and be done with it. Using which makes very, very bad assumptions about $PATH and related bits, and there is always a good chance someone has a binary somewhere on a USB drive called wl (e.g. /opt/usr/sbin/wl). In fact, there's even a thread about this sort of problem (I'm speculating to some degree, but so far it's looking like that's the users' problem). Bottom line: do not use which, whereis, etc. when you know damn well where the binary you want is going to be at all times. So to summarise, I'd be fine with this:

    v="`/usr/sbin/wl ver | /bin/egrep ^wl.:`"
    unset v
    It just isn't as obvious to someone who isn't familiar with ${} expansion. Remember: this is an open-source project, which means there are many people who have eyes on it, and many people who may take over. Not everyone has the same skill set.
  94. Poldekk

    Poldekk Serious Server Member

    You can say most users on your forum, where you are superadmin are happy with the idea.
    You might also say, that people who wrote on your forum that don't like the project -> have the account on your forum banned and later removed if not said apology to the superadmin :)
    Probably it's just ridiculous. On the other hand, I don't think this is the way to go for the honest developers, who just want to collect some extra data from their users. There are so many projects started and developed on the truly open source principles, later gradually evolved into something commercial.
  95. shibby20

    shibby20 Network Guru Member

    @Poldekk - not banned but suspended. Not by me but by others admins. I didn`t know about this and didnt know about you. I revert today all suspended accounts to normal state. BUT all those accounts was suspended because they made some propagandist as @KurroHimenez85 did here.

    If you don`t want to use my tomato with including Anon (even if its disabled by default) this is your choice and you have right to do this. Free way. BUT dont start another propagandist. People here want to talk about Anon, they have a nice ideas, how to make Anon better.

    Admin was suspend 4 accounts because want to people will get a new breath, read a whole topic one more and understand Anon project before they will write another stupic posts.

    This is not truth.You said (from google translate):
    i asked nicely: Can you explain?

    And you said:
    I explain you, you are wrong, because script will be disabled by default. This information you can find here, on openlinksys and on tomato.groov.pl but you didn`t listen me and no one on forum. This is the true reason why admin suspend you account (correct) on 7 days. He want to give you time to read whole topic from start to the end.

    You could write PM to me here. As i said i didnt know that your account waq suspended. Allow anyone to make a choice and decide: i want or not enable Anon.

    Please stop bullshit. I didn`t suspend any of account but i did revert all to normal state. I didn`t want apology from no one but only from you, here (not on openlinksys) because you compare me to communists!
    Best Regards.
    Techie007 likes this.
  96. mpegmaster

    mpegmaster Addicted to LI Member

    P E A C E... :cool:
    shibby20 and Toxic like this.
  97. Poldekk

    Poldekk Serious Server Member

    Yes, I see, I see everything. Just please say what was so dangerous in my "not listening" that my login had to be suspended and now is removed completely for good.

    Now, I can see that when I compared to communists I was not that wrong. They also gaged people for not clapping their hands.
  98. Poldekk

    Poldekk Serious Server Member

    And the other 3 suspended accounts on your forum - they all belong to the supporters of your new "Anon" I suppose - ?
  99. Toxic

    Toxic Administrator Staff Member

    And if we continue down this line I'll do some banning of my own. READ THE FORUM RULES. look guys air your grievances in private not in public forums.

    thread closed for users to reflect on attitudes.
  100. Toxic

    Toxic Administrator Staff Member

    Thread unlocked. please keep posts on topic.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice