Hacking the Microsoft MN-700

You’ve all heard of hacking the Linksys WRT54G routers.

But what about some other routers. I thought I’d try my luck with a router some consider to be one of the worst on the market the Microsoft MN-700. This router runs a version of Windows CE by default but we’ll see if we can change that.

Here’s what we’re going to need

This will void your warranty and could possibly destroy your router. Do not attempt these instructions unless you’re cofortable with hardware modification.

Thanks to James Couzens for all the help and research that went into this mod. Visit his site at http://6o4.ca

UPDATE

I’ve added some pictures of our JTAG cable HERE

Read on for instructions

The first thing that needs to be done is open up the router and attach a set of JTAG headers to the board. You have to solder pins to the board in the area indicated by the red circle.

Click on the Following picture for a full size wiring diagram for your JTAG cable.

Once you have the headers you can attach your JTAG cable. (make sure the router is off)
Then power on your router.


My JTAG connection

the next step is to upgrade the bootloader on the router (The current bootloader prevents us from running any non Microsoft firmware)

Download the reference firmware and configuration template from this website. Then download the nvserial program from the OpenWRT website.

Once you have these files modify the config template (mn700.txt) by replacing the two occurances of “@@MAC@@” with your MN-700′s MAC address (usually it starts with 00:0D:3A it should be printed on a sticker on the routers mainboard somewhere.

Once you’ve made these changes run the nvserial program on the mn700.bin file by executing the following command.

nvserial -i mn700.bin -o cfe.bin mn700.txt


my MN-700 having the bootloader flashed

the resulting cfe file is what we will use to replace the bootloader of our MN-700

the next step is to use the WRT54G program to flash the MN-700 with the new bootloader. This is acomplished with the following command (note you must have the cfe.bin and cfe.txt in the same folder as WRT54G)

./wrt54g -flash:cfe

Now sit back and wait for the program to finish running.

Once the bootloader has sucessfully been updated you can close the router up as you will no longer need to do any updates via the JTAG connector.

To update your firmware to openWRT, Olegs Custom Firmware or any other firmware compatable with the Asus WL500G you simply use the ASUS Firmware Restoration Tool for the WL-500g router which you can download from the ASUS website here
This utility must be run from a Windows machine connected to the router.

Congratulations if you’ve now successfully flashed your new firmware your Microsoft device is now running Linux and has gone from one of the worst routers available (IMHO) to something comparable to a Linksys WRT54G.

Here’s a screen of my MN-700′s new web interface

For all the pics of my mod in progress go to http://gallery.liamm.com/v/Tech-Stuff/MN700/

If you enjoyed this post, make sure you subscribe to my RSS feed!