Full controlling the ASUS router via command line
How to full controlling the ASUS router with original firmware via a command line by the Telnet access protocol.
For get more opportunities to configure router, many people flash they routers by alternative firmware such as OpenWRT, DDWRT and others. But this is not always justified. The web interface of the original firmware may not contain certain triggers but the firmware contain many of the necessary tools.
So, we can try to implement all necessary manipulations over the router from the original firmware via a command line by the Telnet access protocol.
The most secure and powerful way is using the SSH protocol, but you have to use the insecure Telnet as that’s all ASUS routers ship with it by default.
If the web-interface of your ASUS router don’t have a trigger to enable a Telnet access protocol then read this article: «How to enable the Telnet server on the ASUS router».
Getting command line access
First of all, you need to connect to your router by use any Telnet client, for example the PuTTY or a command line client.
Domain, IP-address, username and password is same as in the web interface of the router.
- IP-address —
192.168.1.1(or whatever you set). - Domain —
router.asus.com(default for ASUS routers) - Port —
23(default for Telnet protocol). - Username —
admin(default for ASUS routers). - Password is whatever you set (default for ASUS routers is
admin).
To use a command line client:
1. Open Terminal App.
2. Connect to the router via Telnet access protocol by enter this command:
telnet 192.168.1.1
3. Login using username and password the same as in the web admin panel of the router.
Trying 192.168.1.1... Connected to 192.168.1.1. Escape character is '^]'. # |
Congratulations, now you in the command line of the Linux router!
Inside the router
Now we in the command line of the Linux router ASUS.
In general, the Linux router is very similar to Debian but has some its features. I’ll start with the general.
To show info about hardware and firmware of your router you can do by this way:
cat /proc/version
Linux version 2.6.30.9 (root@wireless-desktop) (gcc version 3.4.6-1.3.6) #4 Thu Jan 15 17:40:33 CST 2015
and this way:
cat /proc/cpuinfo
system type : RTL8196C processor : 0 cpu model : 52481 BogoMIPS : 389.12 tlb_entries : 32 mips16 implemented : yes
and this way:
cat /etc/version
RTL8196C v1.0 -- 1 15 17:38:00 CST 2015 The SDK version is: Realtek SDK v2.5-r Ethernet driver version is: - Wireless driver version is: - Fastpath source version is: - Feature support version is: -
To show all mounted volumes, run this:
mount
rootfs on / type rootfs (rw) /dev/root on / type squashfs (ro,relatime) proc on /proc type proc (rw,relatime) ramfs on /var type ramfs (rw,relatime)
How you see the squashfs volume is mounted in ro i.e. reed only. But the ramfs (/var) is rw i.e. read and write. So we can create and delete files in this directory. But after the reboot everything will be like before and new files will be deleted.
All initialization scripts are placed in the directory /etc/init.d/.
ls /etc/init.d/
rcS rcS_16M
This place is read only, so you can’t add your own script’s to this place.
On the router installed BusyBox. BusyBox — is a set of UNIX command line tools, is used as the primary interface in embedded operating systems. In different versions and builds it contain a different number of tools.
To get a list of the commands supported by this instance of BusyBox, run it without any arguments, or use the --list option:
busybox
BusyBox v1.13.4 (2015-01-15 17:36:18 CST) multi-call binary
Copyright (C) 1998-2008 Erik Andersen, Rob Landley, Denys Vlasenko
and others. Licensed under GPLv2.
See source distribution for full notice.
Usage: busybox [function] [arguments]...
or: function [arguments]...
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable. Most people will create a
link to busybox for each function they wish to use and BusyBox
will act like whatever it was invoked as!
Currently defined functions:
arp, ash, bunzip2, bzcat, cat, cp, cut, date, echo, expr, false,
free, grep, gzip, halt, head, hostname, ifconfig, init, ip, kill,
killall, klogd, ln, ls, mkdir, mount, ping, poweroff, ps, reboot,
renice, rm, route, sh, sleep, sync, syslogd, tail, telnetd, top,
true, umount, vconfig, wc, zcip
To see what an individual command does, use the --help option to that command:
busybox zcip --help
But not all programs in the firmware is a part of the BusyBox. So you may need to see a list of all programs:
ls -l /bin
lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Get_BootLoaderVersion -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Get_FWVersion -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Get_FwReadyStatus -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Get_MacAddr_2G -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Get_PINCode -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Get_RegulationDomain -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Get_ResetButtonStatus -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Get_SWMode -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Get_WanLanStatus -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Get_WpsButtonStatus -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Set_AllLedOff -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Set_AllLedOn -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Set_MacAddr_2G -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Set_PINCode -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Set_RegulationDomain -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Set_RestoreDefault -> ate lrwxrwxrwx 1 root root 3 Jan 15 12:38 ATE_Set_StartATEMode -> ate -rwxrwxrwx 1 root root 8476 Jan 15 12:38 acltd -rwxrwxrwx 1 root root 13540 Jan 15 12:38 acs lrwxrwxrwx 1 root root 7 Jan 15 12:38 arp -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 ash -> busybox -rwxrwxrwx 1 root root 21876 Jan 15 12:38 ate -rwxrwxrwx 1 root root 3324 Jan 15 12:38 atewatchdog -rwxrwxrwx 1 root root 177296 Jan 15 12:38 auth -rwxrwxrwx 1 root root 22836 Jan 15 12:38 brctl lrwxrwxrwx 1 root root 7 Jan 15 12:38 bunzip2 -> busybox -rwxrwxrwx 1 root root 284072 Jan 15 12:38 busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 bzcat -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 cat -> busybox -rwxrwxrwx 1 root root 37 Jan 15 12:38 connect.sh lrwxrwxrwx 1 root root 7 Jan 15 12:38 cp -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 cut -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 date -> busybox -rwxrwxrwx 1 root root 5096 Jan 15 12:38 ddns_inet -rwxrwxrwx 1 root root 12772 Jan 15 12:38 detectWAN -rwxrwxrwx 1 root root 28 Jan 15 12:38 disconnect.sh -rwxrwxrwx 1 root root 44260 Jan 15 12:38 dnrd -rwxrwxrwx 1 root root 207 Jan 15 12:38 dw lrwxrwxrwx 1 root root 7 Jan 15 12:38 echo -> busybox -rwxrwxrwx 1 root root 123 Jan 15 12:38 ew lrwxrwxrwx 1 root root 7 Jan 15 12:38 expr -> busybox -rwxrwxrwx 1 root root 110292 Jan 15 12:38 ez-ipupdate lrwxrwxrwx 1 root root 7 Jan 15 12:38 false -> busybox -rwxrwxrwx 1 root root 29 Jan 15 12:38 firewall.sh -rwxrwxrwx 1 root root 84720 Jan 15 12:38 flash lrwxrwxrwx 1 root root 7 Jan 15 12:38 free -> busybox -rwxrwxrwx 1 root root 7656 Jan 15 12:38 fwupgrade -rwxrwxrwx 1 root root 98 Jan 15 12:38 getmib -rwxrwxrwx 1 root root 98 Jan 15 12:38 getmib1 lrwxrwxrwx 1 root root 7 Jan 15 12:38 grep -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 gzip -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 halt -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 head -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 hostname -> busybox -rwxrwxrwx 1 root root 481996 Jan 15 12:38 httpd -rwxrwxrwx 1 root root 7592 Jan 15 12:38 httpdcheck -rwxrwxrwx 1 root root 104 Jan 15 12:38 ib -rwxrwxrwx 1 root root 104 Jan 15 12:38 ib1 -rwxrwxrwx 1 root root 105 Jan 15 12:38 id1 -rwxrwxrwx 1 root root 105 Jan 15 12:38 idd -rwxrwxrwx 1 root root 105 Jan 15 12:38 idd1 lrwxrwxrwx 1 root root 7 Jan 15 12:38 ifconfig -> busybox -rwxrwxrwx 1 root root 25264 Jan 15 12:38 igmpproxy -rwxrwxrwx 1 root root 16852 Jan 15 12:38 infosvr lrwxrwxrwx 1 root root 7 Jan 15 12:38 init -> busybox -rwxrwxrwx 1 root root 116 Jan 15 12:38 init.sh lrwxrwxrwx 1 root root 7 Jan 15 12:38 ip -> busybox -rwxrwxrwx 1 root root 72 Jan 15 12:38 ip_qos.sh -rwxrwxrwx 1 root root 321088 Jan 15 12:38 iptables lrwxrwxrwx 1 root root 13 Jan 15 12:38 iptables-restore -> /bin/iptables -rwxrwxrwx 1 root root 111 Jan 15 12:38 irf -rwxrwxrwx 1 root root 111 Jan 15 12:38 irf1 -rwxrwxrwx 1 root root 104 Jan 15 12:38 iw -rwxrwxrwx 1 root root 104 Jan 15 12:38 iw1 -rwxrwxrwx 1 root root 37424 Jan 15 12:38 iwcontrol -rwxrwxrwx 1 root root 27076 Jan 15 12:38 iwpriv lrwxrwxrwx 1 root root 7 Jan 15 12:38 kill -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 killall -> busybox -rwxrwxrwx 1 root root 301 Jan 15 12:38 killsh.sh lrwxrwxrwx 1 root root 7 Jan 15 12:38 klogd -> busybox -rwxrwxrwx 1 root root 27 Jan 15 12:38 l2tp.sh -rwxrwxrwx 1 root root 113968 Jan 15 12:38 l2tpd -rwxrwxrwx 1 root root 64352 Jan 15 12:38 lld2d lrwxrwxrwx 1 root root 7 Jan 15 12:38 ln -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 ls -> busybox -rwxrwxrwx 1 root root 97348 Jan 15 12:38 miniigd lrwxrwxrwx 1 root root 7 Jan 15 12:38 mkdir -> busybox -rwxrwxrwx 1 root root 182 Jan 15 12:38 mmd_cmdr -rwxrwxrwx 1 root root 196 Jan 15 12:38 mmd_cmdw lrwxrwxrwx 1 root root 7 Jan 15 12:38 mount -> busybox -rwxrwxrwx 1 root root 589 Jan 15 12:38 mp.sh -rwxrwxrwx 1 root root 31004 Jan 15 12:38 networkmap -rwxrwxrwx 1 root root 9156 Jan 15 12:38 notify_service -rwxrwxrwx 1 root root 6912 Jan 15 12:38 ntp_inet -rwxrwxrwx 1 root root 25084 Jan 15 12:38 ntpclient -rwxrwxrwx 1 root root 115 Jan 15 12:38 ob -rwxrwxrwx 1 root root 115 Jan 15 12:38 ob1 -rwxrwxrwx 1 root root 116 Jan 15 12:38 od -rwxrwxrwx 1 root root 116 Jan 15 12:38 od1 -rwxrwxrwx 1 root root 122 Jan 15 12:38 orf -rwxrwxrwx 1 root root 122 Jan 15 12:38 orf1 -rwxrwxrwx 1 root root 115 Jan 15 12:38 ow -rwxrwxrwx 1 root root 115 Jan 15 12:38 ow1 -rwxrwxrwx 1 root root 184 Jan 15 12:38 phyr -rwxrwxrwx 1 root root 151 Jan 15 12:38 phyw lrwxrwxrwx 1 root root 7 Jan 15 12:38 ping -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 poweroff -> busybox -rwxrwxrwx 1 root root 6520 Jan 15 12:38 ppp_inet -rwxrwxrwx 1 root root 276552 Jan 15 12:38 pppd -rwxrwxrwx 1 root root 30 Jan 15 12:38 pppoe.sh -rwxrwxrwx 1 root root 49 Jan 15 12:38 pppoe_conn_patch.sh -rwxrwxrwx 1 root root 87 Jan 15 12:38 pppoe_disc_patch.sh -rwxrwxrwx 1 root root 63784 Jan 15 12:38 pptp -rwxrwxrwx 1 root root 29 Jan 15 12:38 pptp.sh lrwxrwxrwx 1 root root 7 Jan 15 12:38 ps -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 reboot -> busybox -rwxrwxrwx 1 root root 11699 Jan 15 12:38 reload lrwxrwxrwx 1 root root 7 Jan 15 12:38 renice -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 rm -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 route -> busybox -rwxrwxrwx 1 root root 53887 Jan 15 12:38 routed -rwxrwxrwx 1 root root 48 Jan 15 12:38 rssi -rwxrwxrwx 1 root root 48 Jan 15 12:38 rssi1 -rwxrwxrwx 1 root root 108 Jan 15 12:38 setmib -rwxrwxrwx 1 root root 108 Jan 15 12:38 setmib1 lrwxrwxrwx 1 root root 7 Jan 15 12:38 sh -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 sleep -> busybox -rwxrwxrwx 1 root root 2406 Jan 15 12:38 snmpd.sh -rwxrwxrwx 1 root root 8492 Jan 15 12:38 start_mac_clone -rwxrwxrwx 1 root root 656 Jan 15 12:38 startup.sh lrwxrwxrwx 1 root root 7 Jan 15 12:38 sync -> busybox -rwxrwxrwx 1 root root 198664 Jan 15 12:38 sysconf lrwxrwxrwx 1 root root 7 Jan 15 12:38 syslogd -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 tail -> busybox -rwxrwxrwx 1 root root 259828 Jan 15 12:38 tc -rwxrwxrwx 1 root root 7592 Jan 15 12:38 tcpcheck lrwxrwxrwx 1 root root 7 Jan 15 12:38 telnetd -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 top -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 true -> busybox lrwxrwxrwx 1 root root 6 Jan 15 12:38 udhcpc -> udhcpd -rwxrwxrwx 1 root root 43595 Jan 15 12:38 udhcpd -rwxrwxrwx 1 root root 62408 Jan 15 12:38 udpxy lrwxrwxrwx 1 root root 7 Jan 15 12:38 umount -> busybox lrwxrwxrwx 1 root root 7 Jan 15 12:38 vconfig -> busybox -rwxrwxrwx 1 root root 38144 Jan 15 12:38 wanduck lrwxrwxrwx 1 root root 7 Jan 15 12:38 wc -> busybox -rwxrwxrwx 1 root root 31 Jan 15 12:38 wlanapp.sh -rwxrwxrwx 1 root root 281752 Jan 15 12:38 wscd lrwxrwxrwx 1 root root 7 Jan 15 12:38 zcip -> busybox -rwxrwxrwx 1 root root 100 Jan 15 12:38 zcip.sh
If, in the list, you see something like […] -> busybox, then this program is a part of the BusyBox.
If you don’t see the program that you need then you can download it from internet (or create it by cross compiling) and put in the temp directory (/tmp/). Also you can download full BusyBox from official website (http://www.busybox.net) and put it in the temp directory (/tmp/). But, how I write above, after the reboot everything will be like before and new files will be deleted.
For example, in my router built-in BusyBox (v1.13.4) doesn’t contain editor vi or nano.
NVRAM
And now about the its features of which I wrote above. All the settings of the router (settings editable through a web interface, user settings, startup scripts) are stored in nonvolatile memory - NVRAM (Non Volatile Random Access Memory). There is a special command to work with this memory - flash. The flash is already installed in original firmware.
Run it without any arguments to see all options:
flash
Usage: flash cmd
option:
cmd:
default -- write all flash parameters from hard code.
get [wlan interface-index] mib-name -- get a specific mib from flash
memory.
set [wlan interface-index] mib-name mib-value -- set a specific mib into
flash memory.
all -- dump all flash parameters.
gethw hw-mib-name -- get a specific mib from flash
memory.
sethw hw-mib-name mib-value -- set a specific mib into
flash memory.
allhw -- dump all hw flash parameters.
reset -- reset current setting to default.
set_mib -- get mib from flash and set to wlan interface.
As you can see there is a few options. The abbreviation hw means - hardware.
All the settings are stored in the variables.
To show all variables:
flash all
DEF_IP_ADDR=192.168.1.1 DEF_SUBNET_MASK=255.255.255.0 DEF_DEFAULT_GATEWAY=0.0.0.0 DEF_DHCP=2 DEF_DHCP_CLIENT_START=192.168.1.2 DEF_DHCP_CLIENT_END=192.168.1.254 DEF_DHCP_LEASE_TIME=0 DEF_DHCP_LEASE=86400 DEF_ELAN_MAC_ADDR=000000000000 DEF_DNS1=0.0.0.0 DEF_DNS2=0.0.0.0 DEF_DNS3=0.0.0.0 DEF_STP_ENABLED=0 DEF_DEVICE_NAME="RTL8196c" ....
And many more variables.
Note: All variables which started with
DEF_prefix is have a default value (original configuration). It’s enabled via pushing Reset button on the router or from the web interface of the router or via commandflashin the terminal.
Note: Not everyone of the listed variables are working. Variables like a
SAMBA_ENABLED=0is not working, because of the Samba is not installed.
To find variables with word NAME, use command flash together with the grep:
flash all | grep "NAME"
DEF_DEVICE_NAME="RTL8196c" DEF_DOMAIN_NAME="ASUS" DEF_SUPER_NAME="admin" DEF_USER_NAME="" DEF_PPP_USER_NAME="" DEF_PPTP_USER_NAME="" DEF_L2TP_USER_NAME="" DEF_DDNS_DOMAIN_NAME="" DEF_DDNS_SUGGEST_NAME="" DEF_HOST_NAME="" DEF_PPP_SERVICE_NAME="" DEF_PPTPD_USERNAME="" DEVICE_NAME="RT-N12LX" DOMAIN_NAME="asus.loc" SUPER_NAME="admin" USER_NAME="" PPP_USER_NAME="*****" PPTP_USER_NAME="" L2TP_USER_NAME="" DDNS_DOMAIN_NAME="" DDNS_SUGGEST_NAME="" HOST_NAME="" PPP_SERVICE_NAME="" PPTPD_USERNAME="" Aborted
Note: The names of all variables are written in top register.
To show the value of a specific variable (for example, name of administrator):
flash get SUPER_NAME
SUPER_NAME="admin"
To set the new value to a variable (for example, name of administrator):
flash set SUPER_NAME superadmin
Now, you have the new name of admin (login) and it improves the security.
But, for the changes to take effect you must reboot your router:
reboot
If you need to return the original settings (reset to original configuraton):
flash default
P.S. If you don’t find in this article the desired information then you may find it in the comments bellow.
If this article has helped you then please leave a comment 
Thanks for reading!
Arthur is a designer and full stack software engineer. He is the founder of Space X-Chimp and the blog My Cyber Universe. His personal website can be found at arthurgareginyan.com.
