And apparently, so is Asus’s new GT-BE19000AI router. We’re here because this is so stupid I got one to just see if it could be made useful. I wrote this as I dug through the bugs Asus shipped with it, one fix at a time. TL;DR: enabling USB SSDs + Docker.

This article is as messy as the firmware and OS that got shipped with the router. I had to fix 4 different bugs in the OS for the secondary SoC to be able to update firmware.

WHY? WHY DO WE NEED AI IN A ROUTER? Spoiler: we don’t. but now that it’s here…

This abomination has two SoCs. The first is a 4-core 2.6GHz Broadcom BCM4916 and this does what you’d expect a router to do. The second is a Synaptics SL1680 with 4GB RAM, 32GB EMMC, and a 7.9 TOPS Neural Processing Unit. Hilariously enough, Asus put an embedding model on it with HF and python behind the scenes for fully local “LM” setup assistance …this was neat in that they didn’t use a transformer LM at all (SL1680s are CNN-optimized), but it worked. Here’s where stuff gets weird:

The secondary SoC is …updated by the primary SoC that’s also the admin network interface? Naturally, the first question is: how are these things connected? As I’m digging around these menus, in Settings → Administration → System …enable SSH:

Three minutes later…

Ok, so this is definitely the primary Broadcom SOC (aes, crc32). Why isn’t it updating?

^ That’s what’s in the syslog when the Web UI is busy failing at life. So …what’s rc?

“What?” indeed. Let’s try infil from the other SoC’s side. A few minutes of digging around the menus, I found the main feature that made me buy this thing: the secondary SoC can run docker containers via Portainer under “AI Board”.

Cool, let’s install that and open it up:

Literally not even a minute later …Asus dun goofed:

Aight, bet. Basic privilege hijacking 101: run root, priv, host net, and elevated mounts:

And SSH in via the Portainer UI. And just like that, boom, we’ve got host OS root:

ls /host_root
chroot /host_root /bin/sh
ls /usr/bin
cat /usr/bin/fwupdate

Here, we find that there is definitely some kind of IPC bridge between the two:

This thing is remotely triggered by the host SOC, and monitored via IPC. Like this:

What. The. Actual. Fuqq? Yep, that’s the other SoC:

We fix the checksum, pull the firmware, and update the “AI Board” from within. Surely now I can spin up the containers I want and mount my USB dri- nope. The secondary SoC, you know the one with docker on it, can’t even access the USB ports. 🤦‍♂️

Let’s fix that. Question is, how? Asus managed to strip fuse/samba kernels out of the secondary SoC, and NFS kernels out of the primary. This was likely intentional …but that 700MB+ firmware file downloaded FAAAST. Way too fast for RS232 or anything of the sort. Some iptable and ndig later, we find that the secondary SoC has a local loopback (169.254* namespace) to the primary. Where there’s a will, there’s a way:

Ok, we have a viable pipe. Luckily, there was a BE19000 Merlin release 2 weeks ago so I didn’t have to splice cdc_acm, cp210x, and god knows what other kernels into it.

Entware it is, I suppose. Nuke a drive, format ext 4 + journal + bin, install it. AsusWRT is locked down with a read-only file system …so we’ll just bind-mount on top of it 😂

Boom! Our secondary SOC can now mount USB SSDs to Docker at native speeds:

The best part about this is that both SoCs can now use USB SSDs at the same time.

So why did I do this (outside of the fact that this is just what I do for fun)?

1. Attach a 4TB SSD on here and run Plex. On your router. With zero other hardware.

2. Your router is now also your local security camera recorder and viewer.

3. #2 lets you start using the SL1680 SoC for things it can be useful for, like running real-time local object detection and classification with Frigate - no more sending your home’s camera footage to Google Home, Amazon, or god knows who else.

4. You’re in charge of your data, it doesn’t leave your house. I plan to build on top of this with a PoE-based whole house automation system. 4GB RAM and 4 cores is more than enough to run hundreds of IoT devices, Home Assistant, HomeKit, etc.

5. From here, it’s trivial to socat one of those ports to make USB devices accessible to the SoC running docker containers. That means we can plug in a hub and get:

   1. 6000ft+ range on ZigBee, ZigBee2MQTT with the SMLIGHT-SLZB-MR1.

   2. Full home RF spectrum remote coverage with the Bond Bridge Pro.

   3. Full home Z-Wave and ZWLR coverage with the HAC ZWA-2.

   4. And bridge that mesh to also control Bluetooth with Shelly Gen4s.

That even covers Matter/Thread protocol, giving you everything you need to build a pleasant and convenient home that makes your life easy with just a router (which you need anyways) and some thingies plugged into it along with a tiny 400-500W UPS. No bulky servers. That $900 price tag, for a router, is partially justifiable …maybe.

Final verdict: Now that it’s fixed I actually quite like this thing, and it’s not necessarily because of the tech. This lets me create automation that makes my life easier and is reasonably transferrable to renters or buyers - I’d just be handing off a secure local enclave in the form of a house with really good, albeit minimal, networking equipment.