Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2]

Author Topic: Examining a Huawei HG8240 GPON Terminal  (Read 11534 times)

raburton

  • Just arrived
  • *
  • Posts: 2
Re: Examining a Huawei HG8240 GPON Terminal
« Reply #15 on: March 25, 2017, 10:54:16 PM »

I picked one of these up recently - fancied a play. Unfortunately it appears BT has locked them down further!
I don't know when the one I picked up was last used and updated, but it claims to have the same version of firmware as yours, only the build date is newer.

Code: [Select]
*******************************************
--==      Welcome To EchoLife WAP      ==--
--==   Huawei Technologies Co., Ltd.   ==--
*******************************************
WAP Ver:V100R005C00B010
WAP Timestamp:2014/12/22 02:12:48
*******************************************

There is no logon prompt and serial communication appears to be transmit only, doesn't respond to any input at all. I have the latest official unbranded non-BT firmware from Huawei (as well as a matching new one intended for BT, but I don't know if they actually rolled it out) which I wanted to try installing, but so far I've had no luck breaking into the device. I've attached a serial capture of the full boot process from this version. Any thoughts? JTAG occured to me, but from what I've read zJTAG doesn't support the HiSilicon chip on this device.
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 18790
  • Over the Rainbow
    • The ELRepo Project
Re: Examining a Huawei HG8240 GPON Terminal
« Reply #16 on: March 25, 2017, 11:27:41 PM »

Welcome to the Kitz forum.  :)

I must confess that I failed to complete the write-up of my experimental findings, due to something else requiring my immediate attention . . .  :-[  One day, I hope to finish the report.

Presumably you have checked that your serial interface is operating correctly? (Loop TxD to RxD and confirm that local input is displayed.) And is connected correctly?  :-\

As a very quick check, I performed a difference between my console boot log file and your capture file. The result is attached, below.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

raburton

  • Just arrived
  • *
  • Posts: 2
Re: Examining a Huawei HG8240 GPON Terminal
« Reply #17 on: March 26, 2017, 08:20:41 AM »

Yes, there is quite a bit of difference between the two. I didn't spot it initially, but the kernel has been rebuilt (but supposedly from the same version), it's not just a repackage with login disabled. I have tried two different ttl serial adapters (funnily enough one of which does fail the loopback test now that I try it, but the other is fine), same result with both.

I note in your firewall rules that telnet is allowed to pass through if the packets are MARKed with 0x102001, but I can't see anywhere that these are getting marked. I suspect that the default iptables -L isn't showing all the tables. Any chance of a iptables-save output, or looking at the contents of /bin/sec_init.sh or /etc/wap/sec_init ? These files contain the iptables rules in the extracted rootfs from the latest version (V100R006C00SPC122), but they they don't have as many rules in them as the deployed BT version you have on yours (and specifically don't include the marked packet filters). On the other hand, I don;t see any sign of a device at 192.168.100.1 at all, but I'll switch to testing from Linux when I get chance because I don't trust networking in Windows 10.
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 18790
  • Over the Rainbow
    • The ELRepo Project
Re: Examining a Huawei HG8240 GPON Terminal
« Reply #18 on: March 26, 2017, 10:44:07 PM »

I note in your firewall rules that telnet is allowed to pass through if the packets are MARKed with 0x102001, but I can't see anywhere that these are getting marked. I suspect that the default iptables -L isn't showing all the tables. Any chance of a iptables-save output, or looking at the contents of /bin/sec_init.sh or /etc/wap/sec_init ?

A PM has been sent, specifying from where the requested information may be downloaded.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.
Pages: 1 [2]