The Ubiquiti UNIFI AP AC LITE is the smallest from Ubiquiti’s Access Points. At the moment it’s sold for roughly 75€.
The Access Point has the following key data:
SoC: Qualcomm Atheros QCA9563 Bootloader: UBoot CPU Frq: 775 MHz Flash: 16 MiB RAM: 128 MiB Gbit Ports: 1 GbE Wi-Fi Standards: 802.11 a/b/g/n/ac Wireless 2.4 GHz: 802.11n 6.5 Mbps to 300 Mbps (MCS0 - MCS15, HT 20/40) Wireless 5 GHz: 802.11ac 6.5 Mbps to 867 Mbps (MCS0 - MCS9 NSS1/2, VHT 20/40/80) Serial: Yes, for U-Boot PoE: 802.3af/A PoE & 24V PoE Antennas: 2 Dual-Band Antennas, 3 dBi Each
As we do not plan to use the Firmware from Ubiquiti we do not need to use this software and replace it with latest LEDE.
Happily LEDE Project and OpenWRT have merged back to a unified Project. So we can just use the newest stable LEDE 17.01.04 Release to flash the new firmware on it.
cave@laptop:~$ ssh email@example.com BusyBox v1.19.4 (2017-05-08 10:00:47 PDT) built-in shell (ash) Enter 'help' for a list of built-in commands. BZ.v3.7.58#
The Version seems to be pretty new. Sadly Ubiquiti uses OpenWRT for their modified firmware, but refuse to allow the community to install their own firmware. So they have modified U-BOOT Bootloader (GPLv2) and included some kind of RSA checksum which prevent installation of third party firmware. This check was introduced with FW >= 3.4.14
In the release notes:
Several changes to increase robustness of firmware upgrade process
So we need to downgrade to a version without this Lockout attempt. 3.4.7 firmware.bin
So download the firmware and scp it to your device into /tmp
cave@laptop:~$ scp firmware.bin firstname.lastname@example.org:/tmp
Log in back to your AP via SSH, go to /tmp and update the firmware.
BZ.v3.7.58# pwd /tmp BZ.v3.7.58# ls default.cfg firmware.bin rc.txt running.cfg sysinit.txt system.cfg BZ.v3.7.58# fwupdate.real -m firmware.bin part:fis:311326, block size:393216 Writing 'u-boot ' to /dev/mtd0(u-boot ) ... [%100] part:fis:6877320, block size:7929856 Writing 'kernel0 ' to /dev/mtd3(kernel1 ) ... [%100]
When the device reboots, you will loose connection. So log back in via ssh and check if the downgrade was successful.
cave@laptop:~$ ssh email@example.com BusyBox v1.19.4 (2015-09-11 16:51:29 PDT) built-in shell (ash) Enter 'help' for a list of built-in commands. BZ.v3.4.7#
Bingo, Version 3.4.7 is now shown in the prompt.
BZ.v3.4.7# uname -a Linux UBNT 3.3.8 #1 Fri Sep 11 17:02:52 PDT 2015 mips GNU/Linux BZ.v3.4.7# cat /etc/version BZ.v3.4.7
Download the newest stable LEDE Firmware and copy it to the device.
cave@laptop:~$ scp lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin firstname.lastname@example.org:/tmp lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite 100% 3776KB 1.8MB/s 00:02
And now do the update with the mtd command.
BZ.v3.4.7# mtd write /tmp/lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin kernel0 Unlocking kernel0 ... Writing from /tmp/lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin to kernel0 ... BZ.v3.4.7# BZ.v3.4.7# BZ.v3.4.7# mtd -r write /tmp/lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin kernel1 Unlocking kernel1 ... Writing from /tmp/lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin to kernel1 ... Rebooting ... Connection to 192.168.100.57 closed by remote host. Connection to 192.168.100.57 closed.
Now log in to your Device at IP 192.168.1.1 as you do with any other openWRT/LEDE Router. telnet or ssh into it and set a password.