The Linksys WRP400 is a Wireless-G Broadband Router with 2 Phone Ports.

By default, this box is locked down so tight that you can't even get into it by soldering on a SerialPort, however it turns out you can UnlockTheConsole and enable the TftpServer by using some SecretCGICommands. The KernelCmdline informs the kernel of the console lock state and the serial console driver is consequently enabled or disabled. It does have an interesting set of OpenPorts though.

An OpenWrt Forum thread at http://forum.openwrt.org/viewtopic.php?pid=67961 documents the initial investigations into the locking technology used in this device.

Here are some high resolution PhotosOfTheInternals, and the Linksys GPL SourceCode is available.

You can find an EncapsulatedFirmware image at http://firmware.linksys-cisco.cz/WRP400/WRP400_v1.00.04.c_ETSI.zip - this firmware has been verified to contain the same image contents as extracted from the BootFlash of a WRP400 purchased in Australia in May 2008, and has been found safe to use for a Web Firmware Upgrade (as can be seen by the UpgradeLog).

The firmware binary corresponding to the later version 1.00.6 source code has been located at ftp://ftp.linksys.com/downloads/NA/firmware/WRP400_v1%5B1%5D.00.06_fw.bin - this firmware has been flashed and will not undo any actions you've taken to UnlockTheConsole or apply the ShadowDataHack. You are also able to downgrade from 1.00.06 to 1.00.04c at any time.

BootLog?