Page 318 - Hacking Roomba
P. 318
Chapter 14 — Putting Linux on Roomba 299
Roomba. The Gumstix board has two main drawbacks, however: it cannot function as a USB
host, so you can’t add fun USB devices, and it’s a bit expensive for casual hacking.
Fortunately, a few other consumer electronics companies have shown the same foresight that
iRobot has by creating open systems that are amenable to hacking. The most famous of these is
Linksys and their WRT54G series of wireless routers, which you’ll be using next.
Wireless Routers as Hacker Toys
Most wireless routers in the home today use a CPU and board architecture created by Broadcom,
an innovative chipmaker who also supplies the video processor for the iPod and the Wi-Fi chips
in the Nintendo DS. The Broadcom chip used in these routers is a specialized version of the
MIPS32 processor, a RISC-architecture chip on which Linux also works well. The insides of
one of these routers look not much different from other SBCs like the Gumstix except they
have an added chip or two for the Wi-Fi radio.
The best part about these specialized wireless router SBCs is that they can be purchased at any
consumer electronics store for around $50. For the cost of a few weeks’ worth of Starbucks,
you can get a tiny Wi-Fi computer that runs a modern operating system and that you can
reprogram yourself.
Firmware Upgrade or Replacement
All SBCs need some way of loading software into them. The three most common ways are:
A bootloader (like in Arduino) sits on a serial or Ethernet port awaiting code.
A replaceable memory card is programmed and inserted into the SBC.
A special program is invoked from inside an old version of the software.
The last option is what is used normally with wireless routers, and you’ve likely seen how to
do this from the Upgrade Firmware section of your router’s web interface. Almost all SBCs
store their code in non-volatile flash memory so that it stays around if you unplug the box.
There is the possibility that if the user invokes Upgrade Firmware and then removes the
router’s power, the box will be only partially programmed and thus totally non-functional. This
is called bricking your router, and it’s a danger you face any time firmware upgrades are done.
To survive a bricking error, Linksys (and a few other vendors) provides a failsafe that isn’t
affected by bad or partial firmware. There is a special bootloader in ROM that knows enough
to get on your LAN (either via a static IP address or DHCP) and then receive a new firmware
through Trivial File Transfer Protocol (TFTP). TFTP is a rudimentary method of transferring
files with no error-correction like FTP. On an idle Ethernet LAN, transmission errors are vir-
tually non-existent so the lack of error correction is not an issue. After the bootloader has
received the new firmware via TFTP, it runs a checksum on it to verify it’s error-free, and then
programs the flash ROM and reboots.
This bootloader is called boot_wait by the router hacking community, after the variable used
to turn it on. Having boot_wait means hackers don’t need to fear inadvertently screwing up
their routers, which gives them (and you) the freedom to experiment.
