Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 [3] 4 5 6

Author Topic: Getting extra DSL stats from TP-Link modem/routers  (Read 50084 times)

ejs

  • Kitizen
  • ****
  • Posts: 1393
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #30 on: March 31, 2015, 10:18:11 PM »

I should write a guide, I'll try and do it soon.

However:
  • Check the OpenWRT wiki - you might not want to upgrade the firmware depending on what it already has, in case you want to try installing OpenWRT on it.
  • VDSL2: it could do it, but without flashing some other firmware, it won't do it well. The TP-Link 8970 firmware does include the VDSL firmware, but the driver and firmware don't support vectoring. And trying to load the newer dsl driver and firmware extracted from the 9980 firmware off a USB stick doesn't work, because the 9980 firmware also contains a newer "MEI" driver, and that's built into the kernel. The source code for the newer Lantiq dsl and other drivers doesn't seem to be available anywhere (yet).
  • I installed the TD-W8970_V1_140613 firmware. That's the latest, not counting a couple of United Kingdom specific versions which are mostly just default setting changes and setup wizard ISP information.
Logged

Intikhab

  • Just arrived
  • *
  • Posts: 3
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #31 on: April 01, 2015, 04:39:18 AM »

I have seen the wiki before coming and it requires a wired serial console connection which I don't have wire or plug to do. Your method don't require any physical connection to maintain at least what I read in this topic I understood.

Will I be okay installing TD-W8970_V1_140613 firmware with bug fixes and not installing further then this? cause in global section it only gives me this and 2 uk firmware. But I am in Pakistan every settings I put in is manual settings, cause no one seems to be using our settings for any kind of quick setup help.

I am trying to understand how you people write things for routers and modem etc. I have only ever wrote things for pc's so far or android phones. Never wrote except for car's OBDII embedded device, it will be a blast learning this :)
« Last Edit: April 01, 2015, 04:41:20 AM by Intikhab »
Logged

hacktrix2006

  • Reg Member
  • ***
  • Posts: 150
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #32 on: April 01, 2015, 05:03:29 PM »

@ejs does this effectively mean the W8980 and W9980 now has root access using your tool?

Just tried to decypt the file conf.bin and it failed on the MD5 hash check, I will be willing to help test this out as i have a serial connection if needed.
« Last Edit: April 01, 2015, 05:11:21 PM by hacktrix2006 »
Logged

ejs

  • Kitizen
  • ****
  • Posts: 1393
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #33 on: April 01, 2015, 09:44:58 PM »

@Intikhab

Apparently older firmware versions allowed custom firmware to be uploaded via the web pages the same way as for original TP-Link firmware, but newer firmware versions stopped that.

@hacktrix2006

I have root shell access on my 8970, but it may not work on other models or newer firmware versions. The config file decryption method was from http://teknoraver.net/software/hacks/tplink/ - perhaps try it manually? I did find the same 8 bytes of the key in the cli program from both 8970-140613 and 9980-141215 firmwares. But I'm not sure if the cli program is even used to backup and restore the config, I wouldn't expect it to be.
Logged

Intikhab

  • Just arrived
  • *
  • Posts: 3
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #34 on: April 01, 2015, 10:46:25 PM »

just setup the 8970 using quick setup the firmware it is showing is firmware version :0.6.0 2.1 v000c.0 Build 130415 Rel.34164n. hardware version is v1. So will this be considered older version of firmware or never one? not planning to update if it is older one and I might be able to update it to custom one :).

PS. I just decrypt conf.bin after backing up the router settings and it did it the first time though. no idea what to do next. just looking forward to that instructions/tutorial :)
« Last Edit: April 01, 2015, 10:53:49 PM by Intikhab »
Logged

ejs

  • Kitizen
  • ****
  • Posts: 1393
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #35 on: April 02, 2015, 07:23:33 AM »

130415 is older than 130828 (YYMMDD) mentioned on the OpenWRT wiki, so it would be easier to upload OpenWRT or other customised firmware it you don't update it.

Also, older firmware versions might have given root shell access over telnet anyway, there used to be "enable" and "sh" commands in the TP-Link telnet cli, but not in newer versions.
« Last Edit: April 02, 2015, 07:28:57 AM by ejs »
Logged

ejs

  • Kitizen
  • ****
  • Posts: 1393
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #36 on: April 09, 2015, 09:51:51 PM »

Now that I've flashed the 9980 141215 firmware onto my 8970, yes I can see that the saved config file is still scrambled in some way after being decrypted. It looks like the decryption algorithm and key is still the same because you can see readable strings in the decrypted output. But the output is not currently editable.
Logged

L4ky

  • Just arrived
  • *
  • Posts: 9
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #37 on: May 07, 2015, 09:30:21 AM »

Hi ejs. I really appreciate you hard work on this.
I have a W8970 build 140613.
The shell is not longer accessible.
I read you unlocked it through the config file, i tried to decrypt but i cannot find any string that is amenable to telnet shell.
Can you help me?
Logged

hacktrix2006

  • Reg Member
  • ***
  • Posts: 150
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #38 on: May 07, 2015, 03:44:16 PM »

I think he downloaded the config.bin file from the WebGUI, Then Decrypted it using his TP-Link Stat Grabber and then made the changed there. After that he would of encrypted it and then used the restore config function in the GUI to restore the modded file with the new settings.
Logged

ejs

  • Kitizen
  • ****
  • Posts: 1393
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #39 on: May 07, 2015, 07:06:14 PM »

A line needs to be added:
Code: [Select]
<X_TPLINK_DevManufacturerURL val="http://www.tp-link.com`telnetd -p 1023 -l login`" />
It needs to go in the DeviceInfo section, I usually put it immediately before the <X_TPLINK_LogCfg> opening tag.

I think it works because the value stored for X_TPLINK_DevManufacturerURL gets copied into the command line used to start the upnpd process, which is then passed to the shell, and `telnetd -p 1023 -l login` runs a sub-shell to start another telnet process. I used port 1023, but you can pick any port number that's not already in use, the TP-Link telnet cli is still running on port 23. Login user/pass is admin/1234.

Please note: The added line usually gets removed when you change any setting via the web interface. And restoring a newly modified config file to re-apply it requires rebooting the device. So to avoid repeating the process and rebooting it a lot, try to get the general config sorted out as much as possible first.
Logged

L4ky

  • Just arrived
  • *
  • Posts: 9
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #40 on: May 08, 2015, 08:34:40 AM »

A line needs to be added:
Code: [Select]
<X_TPLINK_DevManufacturerURL val="http://www.tp-link.com`telnetd -p 1023 -l login`" />
It needs to go in the DeviceInfo section, I usually put it immediately before the <X_TPLINK_LogCfg> opening tag.

I think it works because the value stored for X_TPLINK_DevManufacturerURL gets copied into the command line used to start the upnpd process, which is then passed to the shell, and `telnetd -p 1023 -l login` runs a sub-shell to start another telnet process. I used port 1023, but you can pick any port number that's not already in use, the TP-Link telnet cli is still running on port 23. Login user/pass is admin/1234.

Please note: The added line usually gets removed when you change any setting via the web interface. And restoring a newly modified config file to re-apply it requires rebooting the device. So to avoid repeating the process and rebooting it a lot, try to get the general config sorted out as much as possible first.

I'm not at home now, i'll try it as soon as possible.
Thank you in advance!

Is there any chance to make this mod permanent? Maybe through shell we could make a cron job that at every boot starts a telnet process on a specified port. What do you think?
Logged

ejs

  • Kitizen
  • ****
  • Posts: 1393
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #41 on: May 08, 2015, 07:13:43 PM »

The filesystem is readonly, and doesn't contain cron. The system is pretty minimal, it doesn't even have the mv or ln commands (but there is cp and rm). Most of the TP-Link specific firmware functionality is not readily accessible from the busybox shell. The config xml is saved to a separate mtd partition of the flash.

Even if the config addition is removed, the shell access will remain until the device reboots. Making it more permanent would probably require flashing a custom firmware.

The config addition also works if you add Description instead of X_TPLINK_DevManufacturerURL, I can't remember if this is more permanent, I don't think it is, and seeing "300Mbps Wireless N Gigabit ADSL2+ Modem Router`telnetd -p 1023 -l login`" in the web interface looks ugly.
Logged

ejs

  • Kitizen
  • ****
  • Posts: 1393
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #42 on: May 10, 2015, 01:52:21 PM »

It appears altering the Description value is less likely to be wiped, but looks ugly in the web interface. I have not yet discovered if adding some HTML code can hide the extra bit from being displayed in the web interface, without the HTML code causing other side effects.
Best I have found so far is:
Code: [Select]
<Description val="&lt;!--`telnetd -p 1023 -l login`--&gt;300Mbps Wireless N Gigabit ADSL2+ Modem Router" />The telnetd part is not visible in the web UI, telnetd is started on port 1023, but it has the side effect that the upnpd process does not get started, so UPnP won't work, although this could be considered a good thing. Probably the semicolons are breaking up the upnpd command line, in the shell you can put multiple commands on one line separated with semicolons.

This is not accepted by the firmware, since the config is stored as XML.
Code: [Select]
<Description val="<!--`telnetd -p 1023 -l login`-->300Mbps Wireless N Gigabit ADSL2+ Modem Router" />
Logged

Mooingall

  • Member
  • **
  • Posts: 45
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #43 on: May 13, 2015, 08:21:55 PM »

Neat trick, it just might do as a ghetto startup script (killing junk processes) since everything is read only.
Logged

Mooingall

  • Member
  • **
  • Posts: 45
Re: Getting extra DSL stats from TP-Link TD-W8970
« Reply #44 on: May 20, 2015, 07:07:57 PM »

Ejs, do you have a unencrypted config you could share?

Just wanted to have a quick look at whats in it.

Thanks
Logged
Pages: 1 2 [3] 4 5 6