Jan 112015
 

Let me show you how to build you own Tor router for 15€.
my-box
TL;DR;
– Get your device, e.g. from Aliexpress
– Telnet to the device using “nexxadmin” as user and “y1n2inc.com0755” as password

- cd /tmp ; wget http://onionwrt.link/download/openwrt-ramips-mt7620n-wt3020-8M-squashfs-sysupgrade.bin
- mtdwrite write openwrt-ramips-mt7620n-wt3020-8M-squashfs-sysupgrade.bin mtd3
- reboot

Intro / Anonabox connection
Building your own wireless mini router that connects to the Tor network has been very popular since the NSA revelations. One guy (August Germar) even tried to rip people off by creating a kickstarter project called Anonabox where he claims to build a mini router for Tor, while the hardware was already present and the operating system (OpenWRT) freely available. On Kickstarter he was able to raise more than half a million US dollar before his account got suspended. He then moved on to Indiegogo and unfortunatelly was successful. He received 54.000 US Dollar funding. It is a shame and this guy should be suspended from Indiegogo, too!

The boxes on Aliexpress
wt1520aliexpress-nexx

The rip off by August Germar
anonabox-kickstarterindiegogo-anonaboxanonabox-commr-rip-off

History / Hardware
The hardware he is using is the Nexx WT3020 which came out roughly a year ago. It is the successor to the Nexx WT1520, which was hacked to run OpenWRT by “hackru” in March 2014.

The system itself it quite powerful and relies on the MediaTek MT7620n which runs at 580 Mhz with 64 MB RAM and 4-8 MB ROM.
open1open2

Installing OpenWRT (the backdoor)
Both devices the WT1520 and WT3020 have a serial UART interface on the board which can be accessed to get to the base linux system. But why bother, when you can telnet into the box using a hardcoded user? :) When hackru dumped the firmware he found a hardcoded user (nexxadmin) and his password (y1n2inc.com0755) which can be used to telnet directly to the box. Luckily this backdoor from the WT1520 is still present on the WT3020 and we don’t need to open the box and connect to the serial console. There is enough space to download OpenWRT and run it, so all you need to do is (this is for the 8MB version, please verify your’s, there is a 4MB WT3020, too):

– telnet into the device using nexxadmin/y1n2inc.com0755
– cd /tmp
– wget http://onionwrt.link/download/openwrt-ramips-mt7620n-wt3020-8M-squashfs-sysupgrade.bin (verfied working) or https://downloads.openwrt.org/barrier_breaker/14.07/ramips/mt7620n/openwrt-ramips-mt7620n-wt3020-8M-squashfs-sysupgrade.bin (should work)
– mtd_write -r write openwrt-ramips-mt7620n-wt3020-8M-squashfs-sysupgrade.bin mtd3 (unfortunatelly I did not screen record it, so please verify this. Its just from my memory)
– reboot

Installing Tor
The guys at onionwrt.link and onionwrt.us.to have a script to install and run Tor, but it seems the website is abandoned. I have mirrored the script here. So please log into the router, verify that OpenWRT is running and run "wget -qO - https://blog.wirhabenstil.de/wp-content/uploads/2015/01/onionwrt.txt | sh -" to install Tor and the needed iptables rules.

That’s it, Tor should take a few seconds to establish the circuits but you can verify your Tor connection by visiting the Tor project check site. Remeber that Tor is TCP only!

  20 Responses to “OnionWRT – Building your 15€ Tor Router on Nexx WT3020”

  1. Hi Great tutorial

    I keep getting the error on the installing Tor part “wget: bad address ‘blog.wirhabenstil.de’

    I try to set the router up as a bridged ap which works but I cannot access the LUCI interface or the device via telnet.

    Do you have any suggestions on how I could fix this?

    Thanks

    • Try connect the NEXX wifi with your wifi active internet connection and it will probably work

  2. Check if DNS and Internet is working (ping google.com and ping 8.8.8.8). The wget error indicates problems with internet connection on the device.

  3. Thanks for the reply

    It lets my ping the ip but not google.com.

    How did you connect your wt3020 to the internet?

    I was using a wireless bridge

    • (ROUTER’s LAN)[]=======[] (NEXX’s WAN) <- this is how u give your NEXX Internet.
      -AK

    • Your DNS resolution seems not working. Try adding the nameserver in resolv.conf:

      echo “nameserver 8.8.8.8” > /etc/resolv.conf

  4. Hi! I tried the process what you describe here and I get an error when I run the script

    “Error: Tor is not installed.”

    I think the problem is the TOR packet (in the script). It’s missing. Where Can I get this packet? How can I fix the problem?

    Regards

  5. I figured the problem out, my router was assigning a fixed address and I kept setting the IP to my wt3020 to 192.168.1.1

    I run the script through telnet but I also get the error: ” echo error: tor is not installed” half way through the script

    Anything I could do to fix this?

    Is there a tor package that does the same thing that I could install via LUCI?

    Regards

  6. Hi!
    Can you help with that TOR WT3020 router? I could install openWRT, but the script you posted doesnt find a lot of the parts so that the whole thing does not install TOR.
    You can also reach me with e-mail.

    Thanks

    Martin

  7. Hi!
    I am trying to run that script to install and run Tor, but I get the error:

    wget -qO - http://blog.wirhabenstil.de/wp-content/uploads/2015/01/onionwrt.txt | sh -
    : not found
    : not found
    : not found
    : not found
    sh: syntax error: unexpected word (expecting "}")

    What that means?

    • Something failed. You can open the onionwrt.txt and try the commands step by step to see where it fails

  8. I’ve found that script tries to install packages from absent http path – https://downloads.openwrt.org/snapshots/trunk/ramips/packages/base/
    Working path is https://downloads.openwrt.org/snapshots/trunk/ramips/mt7620/packages/base/, it should be written at /etc/opkg.conf.
    But after install tor (run script) it doesn’t start at all (ps | grep tor – none). Log is empty.

  9. For me the script worked fine after
    – telnet into the device using nexxadmin/y1n2inc.com0755
    – cd /tmp
    – wget http://downloads.openwrt.org/chaos_calmer/15.05/ramips/mt7620/openwrt-15.05-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin
    – mtd_write -r write openwrt-ramips-mt7620n-wt3020-8M-squashfs-sysupgrade.bin mtd3
    – reboot

    • sorry,
      mtd_write -r write openwrt-15.05-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin mtd3

    • It seems mt7620 is officially supported now. This is excellent! Thanks for the comment!

  10. If you are having trouble with the onionwrt.txt linked here, try

    wget -qO – http://onionwrt.us.to/install | sh –

  11. Some link may be broken, here is a current tutorial from 01/2016: http://www.securityskeptic.com/2016/01/how-to-turn-a-nexx-wt3020-router-into-a-tor-router.html

    • Hello
      I am not informatics guy but still like to learn stuff, so I have bought this nexx WT3020F, I have managed -reading and doing stp by step instructions- to install the Openwrt on it and I would like to install this TOR, but I ad no luck till now with the links given
      I get the same errors as stated previously from other users.
      Any updates on those non working links?PUTTY with ssh, logged in but the wget -qO – http://onionwrt.us.to/install | sh –
      doesn’t give any other answer than wget: bad address ‘onionwrt.us.to’
      Thank you all in advance for your helo and understanging..of my ignorance :D
      Georgios

      • Do you have Internet on the OpenWRT? I see 2 points where it may break. a) No DNS server b) no Internet connection

        ping onionwrt.us.to works?

Leave a Reply to MS Cancel reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)