Thursday, May 13, 2010

DD-WRT - reset web GUI password and also http username

Suppose you want to change the password for your dd-wrt router. The simple way of doing this is via the web interface (web gui). There you have 3 fields:
  • Router username
  • Router password
  • Re-enter to confirm
If you think that by leaving the username field untouched and only changing the password would leave you with the username (the web gui username) unchanged, you're totally wrong! Doing this also changes the username to a value that seems to be specific to every installation.. not so good, because you will not be able to logon. At least not via the web gui.
What's to be done then?
Well.. if you're lucky enough and have either telnet or ssh enabled on the router, you can get a shell on the router and fix it. See the next steps for how you can do that. If neither telnet nor ssh are enabled, I'm not aware of another way to get into the router without resetting it to defaults.
For login via telnet or ssh you will use 'root' as the username and the new password that you have just changed.
The username used for web gui authentication is kept in nvram under http_username parameter. You can check this by issuing:
#nvram get http_username

Now, you can easily reset the username back to admin by issuing:
nvram set http_username $1$5pQBM5KU$L4pN31lcOJls.1.mVIOKb.

The gibberish string above is the equivalent for 'admin'. Make sure you copy the entire string, including the dollar sign from the begining and the dot at the end.
Now you'll be able to login via the web gui with 'admin' as the username and your new password.

And don't forget to also fill-in in the username next time you wish to change only your password on the dd-wrt router :-)

This behaviour is true for Firmware: DD-WRT v24-sp2

Best of luck!