修改默认主题

  • E103-W20_Openwrt-23.05/feeds/luci/collections/luci-light/Makefile
  • E103-W20_Openwrt-23.05/feeds/luci/collections/luci-nginx/Makefile
  • E103-W20_Openwrt-23.05/feeds/luci/collections/luci-ssl-nginx/Makefile

替换上述三处的luci-theme-bootstrap为你想要的主题即可。


查看SPI Flash容量

OPENWRT里输入: dmesg | grep spi
输出:

[    0.434003] spi-mt7621 10000b00.spi: sys_freq: 191666666
[    0.465044] spi-nor spi0.0: w25q128 (16384 Kbytes)
[    0.470013] 7 fixed-partitions partitions found on MTD device spi0.0

可以看到Flash是16MB的。


网口led配置

  • 修改dts:E103-W20_Openwrt-23.05/target/linux/ramips/dts/mt7628an_hilink_hlk-7628n.dts
leds {
        compatible = "gpio-leds";

        wlan {
            label = "green:wlan";
            gpios = <&gpio 44 GPIO_ACTIVE_LOW>;
        };

        wan {
            label = "green:wan";
            gpios = <&gpio 43 GPIO_ACTIVE_LOW>;
        };

        lan1 {
            label = "green:lan1";
            gpios = <&gpio 42 GPIO_ACTIVE_LOW>;
        };

        lan2 {
            label = "green:lan2";
            gpios = <&gpio 41 GPIO_ACTIVE_LOW>;
        };

        lan3 {
            label = "green:lan3";
            gpios = <&gpio 40 GPIO_ACTIVE_LOW>;
        };

        lan4 {
            label = "green:lan4";
            gpios = <&gpio 39 GPIO_ACTIVE_LOW>;
        };
    };
  • 修改led脚本:E103-W20_Openwrt-23.05/target/linux/ramips/mt76x8/base-files/etc/board.d/01_leds

第42行开始:

hilink,hlk-7628n|\
skylab,skw92a)
    ucidef_set_led_netdev "wifi_led" "wifi" "green:wlan" "wlan0"
+    ucidef_set_led_switch "lan1" "lan1" "green:lan1" "switch0" "0x2"
+    ucidef_set_led_switch "lan2" "lan2" "green:lan2" "switch0" "0x4"
+    ucidef_set_led_switch "lan3" "lan3" "green:lan3" "switch0" "0x8"
+    ucidef_set_led_switch "lan4" "lan4" "green:lan4" "switch0" "0x10"
+    ucidef_set_led_switch "wan" "wan" "green:wan" "switch0" "0x01"
    ;;

配置Wifi是否开启、Wifi名和密码等

文件:E103-W20_Openwrt-23.05/package/kernel/mac80211/files/lib/wifi/mac80211.sh

206行左右:set wireless.${name}.disabled=0即可

    set wireless.${name}=wifi-device
    set wireless.${name}.type=mac80211
    ${dev_id}
    set wireless.${name}.country=CN    # 国家代码
    set wireless.${name}.channel=13    # 信道
    set wireless.${name}.band=${mode_band}
    set wireless.${name}.htmode=HT40    # 强制40MHz频宽
    set wireless.${name}.disabled=0    # 是否禁用wifi,0--否    1--是
    set wireless.${name}.cell_density=1    # 无线信号覆盖密度 0--禁用    1--正常    2--高    3--非常高

    set wireless.default_${name}=wifi-iface
    set wireless.default_${name}.device=${name}
    set wireless.default_${name}.network=lan
    set wireless.default_${name}.mode=ap
    set wireless.default_${name}.ssid=M.K    # Wifi名
    set wireless.default_${name}.encryption=1234567890    # Wifi密码
  • Openwrt-21.02版本:

              set wireless.radio${devidx}=wifi-device
              set wireless.radio${devidx}.type=mac80211
              ${dev_id}
              set wireless.radio${devidx}.channel=13
              set wireless.radio${devidx}.band=${mode_band}
              set wireless.radio${devidx}.htmode=HT40
              set wireless.radio${devidx}.disabled=0
              set wireless.radio${devidx}.txpower='15'
              set wireless.radio${devidx}.country='CN'
              set wireless.radio${devidx}.cell_density='1'
              set wireless.default_radio${devidx}=wifi-iface
              set wireless.default_radio${devidx}.device=radio${devidx}
              set wireless.default_radio${devidx}.network=lan
              set wireless.default_radio${devidx}.mode=ap
              set wireless.default_radio${devidx}.ssid=M.K
              set wireless.default_radio${devidx}.encryption=1234567890
              

UA2F(统一UA)

链接地址:https://github.com/Zxilly/UA2F

git clone https://github.com/Zxilly/UA2F.git package/UA2F
git clone https://github.com/lucikap/luci-app-ua2f.git package/luci-app-ua2f

编译选项:

  • UA2F: Network -> Routing and Redirection -> ua2f
  • luci-app-ua2f: LuCI -> 3. Applications -> luci-app-ua2f


RKP-IPID

链接地址:https://github.com/CHN-beta/rkp-ipid

编译选项:

- ipid: Kernel modules -> Other modules -> kmod-rkp-ipid

MTK_AES(MT7628硬件加密库)

链接地址:https://github.com/Mkiring/MTK_AES

这里采用本人Fork验证过的代码,原项目的代码有些小问题,不建议使用。

编译选项:

  • Kernel modules -> Cryptographic API modules -> kmod-crypto-hw-mtk-aes

修改登陆密码

位置:E103-W20_Openwrt-23.05/package/base-files/files/etc/shadow

$1$kQXijsev$6.WovY1Gu2SzE1cchNaJx/替换成你自己的加密后的口令即可。

如果不知道怎么生成口令,可以先编译一个初始版本固件,然后在其系统中执行passwd root

更改完密码后在/etc/shadow文件中复制即可。

  root:$1$kQXijsev$6.WovY1Gu2SzE1cchNaJx/::0:99999:7:::

修改NTP时钟服务和主机名

位置:E103-W20_Openwrt-23.05/package/base-files/files/bin/config_generate

  • 主机名 文件第312行开始:
        delete system.@system[0]
        add system system
        set system.@system[-1].hostname='LAPTOP-BQECF4'    # 主机名
        set system.@system[-1].timezone='CST-8'
        set system.@system[-1].zonename='Asia/Shanghai'
        set system.@system[-1].ttylogin='0'
        set system.@system[-1].log_size='64'
        set system.@system[-1].urandom_seed='0'
  • NTP:在文件第320行开始:
        delete system.ntp
        set system.ntp='timeserver'
        set system.ntp.enabled='1'
        set system.ntp.enable_server='1'    # 启用本地NTP服务器
        add_list system.ntp.server='ntp1.aliyun.com'
        add_list system.ntp.server='time1.cloud.tencent.com'
        add_list system.ntp.server='stdtime.gov.hk'
        add_list system.ntp.server='pool.ntp.org'
        set system.ntp.interface='lan'    # 绑定NTP服务器到LAN口

UA2F + IPID iptables默认规则

位置:Openwrt-19.07-10/package/network/config/firewall/files/firewall.user


# 通过 rkp-ipid 设置 IPID
iptables -t mangle -N IPID_MOD
iptables -t mangle -A FORWARD -j IPID_MOD
iptables -t mangle -A OUTPUT -j IPID_MOD
iptables -t mangle -A IPID_MOD -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A IPID_MOD -d 127.0.0.0/8 -j RETURN

# 注:注释掉即代表进程会代理/修改该ip数据包,否则代表不修改直接放行
# 由于本校局域网是A类网,所以我将这一条注释掉了,具体要不要注释结合你所在的校园网
# iptables -t mangle -A IPID_MOD -d 10.0.0.0/8 -j RETURN

# 由于本校局域网是C类网,所以我将这一条注释掉了,具体要不要注释结合你所在的校园网
# iptables -t mangle -A IPID_MOD -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A IPID_MOD -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A IPID_MOD -d 255.0.0.0/8 -j RETURN
iptables -t mangle -A IPID_MOD -j MARK --set-xmark 0x10/0x10

# ua2f 改UA
iptables -t mangle -N ua2f
# 由于本校局域网是A类网,所以我将这一条注释掉了,具体要不要注释结合你所在的校园网
# iptables -t mangle -A ua2f -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A ua2f -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A ua2f -d 192.168.0.0/16 -j RETURN # 不处理流向保留地址的包
iptables -t mangle -A ua2f -p tcp --dport 443 -j RETURN # 不处理 https
iptables -t mangle -A ua2f -p tcp --dport 22 -j RETURN # 不处理 SSH
iptables -t mangle -A ua2f -p tcp --dport 80 -j CONNMARK --set-mark 44
iptables -t mangle -A ua2f -m connmark --mark 43 -j RETURN # 不处理标记为非 http 的流 (实验性)
iptables -t mangle -A ua2f -m set --set nohttp dst,dst -j RETURN
iptables -t mangle -A ua2f -j NFQUEUE --queue-num 10010

iptables -t mangle -A FORWARD -p tcp -m conntrack --ctdir ORIGINAL -j ua2f
iptables -t mangle -A FORWARD -p tcp -m conntrack --ctdir REPLY


# 防时钟偏移检测
iptables -t nat -N ntp_force_local
iptables -t nat -I PREROUTING -p udp --dport 123 -j ntp_force_local
iptables -t nat -A ntp_force_local -d 0.0.0.0/8 -j RETURN
iptables -t nat -A ntp_force_local -d 127.0.0.0/8 -j RETURN
iptables -t nat -A ntp_force_local -d 192.168.0.0/16 -j RETURN
iptables -t nat -A ntp_force_local -s 192.168.0.0/16 -j DNAT --to-destination 192.168.1.1

# 通过 iptables 修改 TTL 值
iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64

# iptables 拒绝 AC 进行 Flash 检测
iptables -I FORWARD -p tcp --sport 80 --tcp-flags ACK ACK -m string --algo bm --string " src=\"http://1.1.1." -j DROP

修改内存和Flash大小

  • 内存(目前尚未用到)

    reg = <0x0 0x10000000>; // 256MB RAM
    reg = <0x0 0x8000000>; // 128MB RAM
    reg = <0x0 0x4000000>; // 64MB RAM
  • Flash

    //dts文件,spi flash路径下:
    partition@50000 {
                  compatible = "denx,uimage";
                  label = "firmware";
                  reg = <0x50000 0xfb0000>; //这里
              };
    //reg = <0x50000 0x7b0000>; // 8MB flash
    //reg = <0x50000 0xfb0000>; // 16MB RAM
    //reg = <0x50000 0x1fb0000>; // 32MB RAM