A few years ago I had fun doing some hacking on a wireless AP, The details are a bit hazy at the moment, but IIRC the device was an Edimax UltraWAP with a realtek Chipset… Something like RTL8186.
I read about some work others had done and this inspired me to hack the firmware. We were able to extract the filesystem and then mount it on a Linux box. If memory serves, it was a squashfs filesystem. mounting the filesystem on a Linux box enabled me to look through the various hidden web pages contained on the inbuilt web server. One was a transmit power page where it was possible to change settings not available in the standard web interface you would see while using the device normally. The open source SDK was also available for the device, but I never got around to trying to write software to run on it or anything much else.
I was also able to hook up a serial cable to it and access it through putty after figuring out where the serial connecter pins were on the mainboard. IIRC it ran a Busybox shell.
Some of the other devices I was looking at was a Microsoft MN-700 router, ASUS WL-500G, Some Linksys ones and my first ever outdoor wireless AP, a SVEC FD1811. I had (I think) OpenWRT installed on the ASUS WL-500G and as it had a built in 4-port switch, made it it perfect for putting on a mast in a weatherproof box containg it and a WRAP SBC with 2 500mW Senao MiniPCI cards. fun Times!
If I track down the info I wil post it up here.
Well after seeing some Embedded discussions going on at places like Hak5, PaulDotCom etc, I thought why not have a look at some current devices and see if anything has changed.
While shopping for USB Wireless Adapters, I thought I would pickup 10 Devices and try to pwn them.
Off to the local supplier of all things fun. I had gone through the catalog and chosen a mix of 10 various devices, adsl routers, 150Mbps wireless N routers, cable/dsl router, 300Mbps Wireless Routers, Wireless broadband Router and Wireless Broadband gigabit routers. They only had 5 of the devices I chose and some other higher end ones. In the interest of budget, I bought the 5 off my list plus 2 more that were in a bargain bin for about $20ea.
I shouldn’t be allowed within a Km of that place because I spotted the 27″ monitors and thought well it WOULD be easier to see disassembled code with one of those… so I brought home an ASUS 27″ VE278QHD, a six 4Gb SD cards for different Raspberry Pi images.
I will have a page for each device and add content as I start working on them.
HaQues Project Blog 
Any idea how to change the firmware of a Alcatel-Lucent 9361 Home Cell V2. I’d like to use it as an access point for phones that lack wi-fi.