Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2] 3

Author Topic: Boot log - HG658c with BCM63168 SoC  (Read 31119 times)

dmcdonnell

  • Member
  • **
  • Posts: 93
Re: Boot log - HG658c with BCM63168 SoC
« Reply #15 on: July 12, 2014, 12:48:04 PM »

Looking for JTAG on HG658c

Hi Kitizens, been out of action for a month after breaking fingers in a fall. I ordered an Altera USB Blaster for JTAG which has arrived. I would like to try to backup n then flash some alternative firmwares discover by Les-70.

First time I have tried this and I am stuck looking for the JTAG port on the HG658c, any ideas? The board pics are below.

TIA,

Dermot.


http://www.4shared.com/download/abEAbGY6ce/IMG_20140322_162443.jpg?lgfp=3000
http://www.4shared.com/download/dg0XLz4tba/IMG_20140322_162509.jpg?lgfp=3000

Logged

les-70

  • Kitizen
  • ****
  • Posts: 1254
Re: Boot log - HG658c with BCM63168 SoC
« Reply #16 on: July 12, 2014, 06:38:44 PM »

  I am not up to guessing where the Jtag is, but do you really need it?   I assume that powering with the reset held during the power on does not get an upgrade prompt - the NIC needs to have fixed IP eg 192.168.1.100 for this work. 

Howver unless the bootloader itself is locked, if you interrupt the boot at press any key to halt auto boot prompt you should get the boot loader prompt.   Typing in help should get something like

CFE> help
Available commands:
 
sm                  Set memory or registers.
dm                  Dump memory or registers.
w                   Write the whole image start from beginning of the flash
e                   Erase [n]vram or [a]ll flash except bootrom
r                   Run program from flash image or from host depend on [f/h] fl
ag
p                   Print boot line and board parameter info
c                   Change booline parameters
f                   Write image to the flash
i                   Erase persistent storage data
b                   Change board parameters
reset               Reset the board
flashimage          Flashes a compressed image after the bootloader.
help                Obtain help for CFE commands

  The "f" command is for a compressed image.   It does not do the checking that happens though other upgrade options so a bad image will part brick it.  I think you have a copy of the correct image for backup  should that happen.  Flashing this way can't over write the boot loader so it should not fully brick anything. It works fine with Hg612's and Hg622's.  I recall that "help f" will give details.  You set up a tftp server and give the f command the local adaptor IP.  If the boot loader itself  is locked and you have already said so my apologies but I am hols and this is a quick reply.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Boot log - HG658c with BCM63168 SoC
« Reply #17 on: July 12, 2014, 07:17:41 PM »

Just wondering about those five solder pads at the top of the board.  :-\

I know that Asbokid has written a guide on how to determine the pin identities of an unmarked jtag port . . . but I just can't put my paws upon it. It is either here, in the Kitz forum, or in one of his WordPress blogs.

Edit: Having typed the above, I then found this link.
« Last Edit: July 12, 2014, 07:22:16 PM by burakkucat »
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

les-70

  • Kitizen
  • ****
  • Posts: 1254
Re: Boot log - HG658c with BCM63168 SoC
« Reply #18 on: July 16, 2014, 09:43:29 AM »

  I assume your already using the serial pins that B'cat notes.   In the boot log you have the text "*** Press any key to stop auto run (1 seconds) ***", does pressing any key really not work to give a bootloader prompt?  It is often a very tight time interval and easily missed. Even if it does give a prompt the prompt can be set to time out very quickly needing a very immediate paste of the command line text to execute a command.   Otherwise I guess your correct that device is really fully locked down.

  The set of 2x5 pins on the on the left hand side of top face may be worth a try, they don't have any components right next to them and at least look easy to solder to. There is another pair of 2x5 pins but the fact that they look a pair puts me off.   The reference B'cat notes is http://hackingbtbusinesshub.wordpress.com/2012/01/26/discovering-jtag-pinouts/ and references in that.

   That aside "usually" trying to flash a dodgy image via the web gui will not brick a device unless there is only something quite subtle wrong with the image. More often the flash fails harmlessly.  That said I can see why you would like a back up.
Logged

dmcdonnell

  • Member
  • **
  • Posts: 93
Re: Boot log - HG658c with BCM63168 SoC
« Reply #19 on: July 16, 2014, 12:34:32 PM »

The HG658c bootloader is locked similarly to the ZyXel, a password is required to unlock it. Sadly I cannot find a published method to unlock the Huawei. Any idea welcome.

I thank you for the guide to finding JTAG, I shall try it, and other suggestions, this weekend.
Logged

dmcdonnell

  • Member
  • **
  • Posts: 93
Re: Boot log - HG658c with BCM63168 SoC
« Reply #20 on: July 22, 2014, 12:31:49 PM »

I was able to find with a google on the web a Turkish Firmware (defaults to English language) which seems to be somewhat less locked that other flavours. I attach a couple of screenshots.
« Last Edit: September 01, 2014, 06:51:21 PM by kitz »
Logged

dmcdonnell

  • Member
  • **
  • Posts: 93
Re: Boot log - HG658c with BCM63168 SoC
« Reply #21 on: September 01, 2014, 01:55:17 PM »

An unlocked firmware for the HG658c is available http://www.o2online.ie/o2/uploads/HG658cV100R001C59B012_upgrade_main.bin

Flash it. Login using your existing username and password. Reset the modem to default settings under the Maintenance -> Device menu. The HG658c will reboot. Your new username and password will both be "admin".
« Last Edit: September 01, 2014, 05:03:19 PM by dmcdonnell »
Logged

Cagey

  • Just arrived
  • *
  • Posts: 1
HG658c hidden telnet option
« Reply #22 on: November 17, 2014, 05:21:37 PM »

Hi there

You may already be aware of this but telnet is easily accessed on (some/my) hg658c router - but on a different IP address.  On my router the default gateway and web interface are on 192.168.1.1 but telnet is available only on the "secret" ip address of 192.168.1.82.  I found this using fing when I was trying to work out what the strange device was on my network.  I spent a long time trying to crack the password in telnet when I eventually found out that you just need to log in as the user "root" and no password is required.  :-[

I have been using the admin/admin1234 user ID for things like parental controls but I would really like to get the "superuser" password.  Is there any way to determine/modify this under root?

I'm looking for this as  am trying to update that SIP settings.  I can get the "QOS" menu to appear by changing the CSS attributes to make that hidden option visible (and also modify some of the hidden DDNS options) but whenever I do this for "CWMP", "VOIP" or "Voice" and select those options, then it just kicks me back out to the login screen for some reason.

Maybe there is some other way to create SIP entries from within root but ideally I would like to do this through the web interface.

I'm a bit reluctant to reflash it as described oreviously in case I lose connectivity with or support from vodafone.  (If I had a second one spare then that wouldn't bother me!)  Any other suggestions welcome!

Cheers
« Last Edit: November 17, 2014, 05:23:50 PM by Cagey »
Logged

dmcdonnell

  • Member
  • **
  • Posts: 93
Re: HG658c hidden telnet option
« Reply #23 on: November 22, 2014, 11:07:11 AM »

Hi there

You may already be aware of this but telnet is easily accessed on (some/my) hg658c router - but on a different IP address.  On my router the default gateway and web interface are on 192.168.1.1 but telnet is available only on the "secret" ip address of 192.168.1.82.

Hi Cagey,

very interesting. I did not have an HG658c when you posted this but I got hold of one last night, Vodafone Ireland branded. Sadly, telnet is not available on 192.168.1.82. I flashed the O2 Ireland firmware (Huawei labelled) and tried that but without success.

Worth a try.

Cheers, Dermot
Logged

Ayosi

  • Just arrived
  • *
  • Posts: 5
Re: Boot log - HG658c with BCM63168 SoC
« Reply #24 on: March 22, 2015, 10:17:38 PM »

I wrote a Python program that decrypts and encrypts the configuration file. It can
be downloaded from http://hg658c.wordpress.com.

You can use it to change the "superuser" account password.

Once you log in as "superuser" you have access to a few extra menus such as
CWMP, VOIP and VOICE. You can also do bridging and other stuff that is
disabled in the other accounts.


Logged

kitzuser87430

  • Reg Member
  • ***
  • Posts: 432
Re: Boot log - HG658c with BCM63168 SoC
« Reply #25 on: March 23, 2015, 08:21:08 AM »

Quote
I wrote a Python program

I did try this on a config file from a hg635 and got (an expected error) "Signature not ok...exiting".

What do you (or I) need to be able to modify your script to work with the hg635 (talk talk super router)?

There are a couple of config files on the forum http://forum.kitz.co.uk/index.php/topic,14185.msg273545.html#msg273545

and source code http://consumer.huawei.com/en/support/downloads/detail/index.htm?id=28981

Ian
Logged

npr

  • Reg Member
  • ***
  • Posts: 265
Re: Boot log - HG658c with BCM63168 SoC
« Reply #26 on: March 23, 2015, 05:09:06 PM »

Any help getting this script to work with a HG635 .conf file would be much appreciated.  :)

Logged

Ayosi

  • Just arrived
  • *
  • Posts: 5
Re: Boot log - HG658c with BCM63168 SoC
« Reply #27 on: March 23, 2015, 10:37:10 PM »

Any help getting this script to work with a HG635 .conf file would be much appreciated.  :)

I'll take a look to see if they code is similar.
Logged

dmcdonnell

  • Member
  • **
  • Posts: 93
Re: Boot log - HG658c with BCM63168 SoC
« Reply #28 on: March 24, 2015, 10:17:24 AM »

I wrote a Python program that decrypts and encrypts the configuration file. It can
be downloaded from http://hg658c.wordpress.com.

You can use it to change the "superuser" account password.

Once you log in as "superuser" you have access to a few extra menus such as
CWMP, VOIP and VOICE. You can also do bridging and other stuff that is
disabled in the other accounts.
Well done! Woud you be so kind as to post a generic HG658c config, pleasse? The O2 config is curtailed, I can telnet, login and get the ASP> prompt but not the busybox shell.

Greatly appreciate your excellent work.
Logged

Ayosi

  • Just arrived
  • *
  • Posts: 5
Re: Boot log - HG658c with BCM63168 SoC
« Reply #29 on: March 25, 2015, 09:01:17 PM »

Well done! Woud you be so kind as to post a generic HG658c config, pleasse? The O2 config is curtailed, I can telnet, login and get the ASP> prompt but not the busybox shell.

Greatly appreciate your excellent work.

I did some testing on the O2 firmware and it seems that you also have to change ConsoleEnable="" to
ConsoleEnable="HG658A6da668BbDFC2F889a805469AcE" in order to access the
busybox shell. Also, the telnet port was still blocked so i had to start telnetd on a different port using
the traceroute exploit.

Logged
Pages: 1 [2] 3