Datto A62

Unnecessary rambling

Some time ago I came across a blog post which did something I had long wanted to do. As a user of Open-Mesh from day 1, I was very disheartened to see that they had been bought by Datto. I’d never heard of Datto before, so I was curious to see what they had in store for the future. To their credit, they kept the existing cloud-hosted service alive, cloudtrax, and in fact, it is still alive today. That was a really cool move on their part, one that scored them some brownie points in my book.

Unfortunately, as it goes when a company gets bought, there were more changes to come. One thing that Open-Mesh never did, which I am sure all of their users appreciated, was they never charged a monthly fee. You simply bought the hardware, and that got you access to the free cloud configuration tools. It was a great deal, for us the users, probably not so much for them once they started getting popular and saw those hosting bills.

As a poor person who relied on this service, I was sad to see it go. Datto would be retiring CloudTrax. They would also be retiring some of the older hardware. The OM2P was a great device in its day, but understandably, the future had come. I believe the last access point still branded under the Open-Mesh name was the A62, an 802.11AC capable device; one Datto would keep around for a long time. They haven’t end-of-life’d the device yet, but my understanding is that they no longer sell them.

Having bought several of these devices under the Open-Mesh brand, I was keen to keep using them. But I didn’t want to move to a monthly per device subscription fee. I just wanted to use the device on its own. This was entirely possible with the OM2P, using the ap51 flash tool. Since the Open-Mesh devices were running OpenWrt, it was possible to flash the device with the ap51 flash tool to a vanilla OpenWrt image.

This was my introduction to creating custom openwrt images. Something I dabbled with to create a dedicated ToR proxy anyone could attach to their home network. Long before anyone else started selling dedicated hardware for this purpose. Using the OM2P as kismet drones was another favorite. My house wasn’t large, but setting up my first wIDS with budget hardware was pretty cool.

Getting back to the topic at hand

While Brendan’s blog post was inspiration for my efforts. There were two things that still bothered me.

First, the bootloader was still locked. Admittedly, this is a rather trivial issue, since you can functionally do whatever you want within OpenWrt. But it just kinda rubs me the wrong way. I own the device, how dare I be locked out of it, in any form. So, naturally, I decided to spend entirely too long unlocking the bootloader

Since glitching the SPI chip on this device could just drop you into the uboot shell, the fix is trivial, although discovering it took some work. Suffice it to say, it took dumping the SPI flash and digging around in Ghidra to find the right instruction.

I had never used Ghidra before, so I don’t feel entirely qualified to go into much detail about that process. But with a lot of questions for my boy Claude, and a decent amount of testing, I was able to get the bootloader permanently unlocked.

The second issue that bothered me was the amount of space available to the rootfs. The stock firmware uses a dual partition scheme. But flashing the vanilla OpenWrt image to the device would leave you with only one of those partitions in use. The other partition was just ignored. Since the vanilla OpenWrt image doesn’t use the second partition, it is effectively wasted space. I aimed to correct this. Turns out to be a relatively trivial fix.