Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Bald_Eagle1]

I wasn't using the original unlocked firmware, there was a modified one floating around from around March bcm96368MVWG_fs_kernel_HG612V100R001C01B028SP10ulk003-1364525729, this still updated to the latest firmware.

That's the one with the 'new' BLOB that I mentioned above.

[Ronski]

Well BT's new firmware doesn't discriminate, as that's what I was using when it updated at home the other night.

[burakkucat]

Isn't there an easier way to get the image?
Maybe it is possible to observe the update process to get the download link to the image?
Possibly some log files are generated during the update?

Please remember that we do not know how Beattie's busy-body (the BT Agent) operates. Perhaps it uses a VPN or VLAN to contact the Evil Empire?

All suggestions are welcome. 

I agree that a simpler way of obtaining a copy of the image may be possible . . . However the 'recipe' that I spelt out, above, is a 'sure fire' method and is based on previous successful work.

[burakkucat]

I wonder if the firmware update GUI is part of the bootloader, separate from the interface to the operational firmware? As protection against a corrupt firmware update "bricking" the modem? The style of the update webpage is different to the normal ones, and there is no mention of the modem make or model - it might be generic to the Broadcom chipset.

There are (were) two separate firmware upload methods, each requiring a different format of the firmware image. The first is from the bootloader and the second from the GUI.

All firmware images that Asbokid has provided are in the first format, for upload via the bootloader.

Yes, you are correct GB, the firmware upload page via the bootloader is the generic Broadcom offering.

(As an aside I'll comment that the absence of such a method for uploading firmware, via the bootloader, with the ECI B-FOCuS devices makes them more problematical to research.    )

[Chrysalis]

I've had two modems update now at separate locations (home & work) both on ECI cabs.

I did post a link on TB to my logs, but here's my band plans.

Code: [Select]

Discovery Phase (Initial) Band Plan
US: (6,31) (882,1193) (1984,2770)
DS: (33,857) (1218,1959) (2795,4083)
Medley Phase (Final) Band Plan
US: (6,31) (882,1193) (1984,2702)
DS: (41,857) (1218,1959) (2795,3924)

thanks very much, looks like the discovery phase still uses over 4000 on ECI then, thats good news.

I think I am going to enable tr-069 on my hg612.  The web gui is very conveniant for very fast access to check things, but if telnet still works isnt the endof the world and I guess I will need to update to the latest monitoring tools as still using the older modem stats app.

But there is still some concern, all 3 DS on your band plan have had some tones chipped off.

Discovery Phase (Initial) Band Plan
US: (0,95) (880,1195) (1984,2771)
DS: (32,859) (1216,1959) (2792,4083)

yours
DS: (33,857) (1218,1959) (2795,4083)

[Greybeard33]

I wonder if the firmware update GUI is part of the bootloader, separate from the interface to the operational firmware? As protection against a corrupt firmware update "bricking" the modem? The style of the update webpage is different to the normal ones, and there is no mention of the modem make or model - it might be generic to the Broadcom chipset.

There are (were) two separate firmware upload methods, each requiring a different format of the firmware image. The first is from the bootloader and the second from the GUI.

All firmware images that Asbokid has provided are in the first format, for upload via the bootloader.

Yes, you are correct GB, the firmware upload page via the bootloader is the generic Broadcom offering.

(As an aside I'll comment that the absence of such a method for uploading firmware, via the bootloader, with the ECI B-FOCuS devices makes them more problematical to research.    )

Ah, thanks. Perhaps that might explain something that has been puzzling me? Boe323 has reported that he lost Telnet access after a hard reset, yet a firmware upload in itself resets the firewall configuration when carried out via the bootloader (it is not necessary to do a hard reset after loading Asbokid's unlocked firmware). Do you think it is possible that Telnet access is blocked by default in the new firmware, but that Beatie's remote upload process normally leaves the pre-existing modem configuration data unchanged, until a hard reset is carried out to load the new defaults?

[Howlingwolf]

<snip>
Do you think it is possible that Telnet access is blocked by default in the new firmware, but that Beatie's remote upload process normally leaves the pre-existing modem configuration data unchanged, until a hard reset is carried out to load the new defaults?

It certainly looks that way.

I've built a new firmware image with just the firewall level changed so, fingers crossed etc. I may get an update. Hopefully sooner rather than later.

[krypton]

Since then I've been trying to find a way of extracting the updated firmware from the flashmem via telnet. If I can do that then I'll let the spare update itself and grab it.

Have you already found a way to grab an image via telnet?
I don't have the HG612 but maybe this works on it as well: On my bcm6368 based device I can dump the mtdblock* devices and piece the parts together to get the flashable image.

[Howlingwolf]

Since then I've been trying to find a way of extracting the updated firmware from the flashmem via telnet. If I can do that then I'll let the spare update itself and grab it.

Have you already found a way to grab an image via telnet?
I don't have the HG612 but maybe this works on it as well: On my bcm6368 based device I can dump the mtdblock* devices and piece the parts together to get the flashable image.

It was getting the modem tftp client and the host server to cooperate which was the problem. Having done that I was able to dump and examine the mtdblock devices.

Unfortunately, it seems that only the root filesystem is available that way so I may have to use the JTAG port to extract the rest of it.

That will take a while...

[burakkucat]

Ah, thanks. Perhaps that might explain something that has been puzzling me? Boe323 has reported that he lost Telnet access after a hard reset, yet a firmware upload in itself resets the firewall configuration when carried out via the bootloader (it is not necessary to do a hard reset after loading Asbokid's unlocked firmware). Do you think it is possible that Telnet access is blocked by default in the new firmware, but that Beatie's remote upload process normally leaves the pre-existing modem configuration data unchanged, until a hard reset is carried out to load the new defaults?

Nods in tentative agreement. 

I have a vague recollection (which can be clarified by reading Asbokid's entire Huawei HG612 Hacking blog from the beginning) that there are two copies of the code saved in the flash memory. It is only by performing a 'long reset' are they both synchronised. 

(But there again, I may just be caterwauling from the top of the pole from which my drop-cable originates . . .  )

[Chrysalis]

it also could be the OTA flash preserves all settings.  Including the firewall.  But the defaults get changed in the event of a hard reset,

[ryant704]

I have the firmware update, my cabinet hasn't received an update unless they did it at the same time!

I'm on an ECI cabinet.

Old

Discovery Phase (Initial) Band Plan
US: (0,95) (880,1195) (1984,2771)
DS: (32,859) (1216,1959) (2792,4083)
Medley Phase (Final) Band Plan
US: (0,95) (880,1195)
DS: (32,859) (1216,1959)

New

Discovery Phase (Initial) Band Plan
US: (6,31) (882,1193) (1984,2770)
DS: (33,857) (1218,1959) (2795,4083)
Medley Phase (Final) Band Plan
US: (6,31) (882,1193)
DS: (41,857) (1218,1551)

Bit swaps are back up to 54 standard not moving compared to 0 not moving hours on previous.

My whole entire BitLoading is classed as Other data.

Current line/signal

  Line Attenuation(dB):    6.3    53.0    64.0     N/A     N/A    23.0    66.2     N/A   
Signal Attenuation(dB):    6.3    52.8     N/A     N/A     N/A    29.6    66.1     N/A   
      SNR Margin(dB):    6.3    5.5     N/A     N/A     N/A    14.4    14.5     N/A   
       TX Power(dBm):    1.9    6.0     N/A     N/A     N/A    11.2    3.0

Previous 23/23, any ideas of the potential cause?

Positive thing Bitswaps per tone now works again! My overall opinion of the firmware update, total dog c**p.

It's worth noting the attenuation has been added to this update, I think in the future we could potentially see more ISPs display stats.

[boe323]

Anyone know know is sedrop and CoMinMgn was on before the update?, as there both off now, I thought they were all enabled by default before.

[NewtronStar]

Positive thing Bitswaps per tone now works again! My overall opinion of the firmware update, total dog c**p.

are you going to stick with the new firmware or go back ?

[ryant704]

Positive thing Bitswaps per tone now works again! My overall opinion of the firmware update, total dog c**p.

are you going to stick with the new firmware or go back ?

Stick with it for the moment, perform a few tests that I want to do and If anything else needs to be tested I'm happy being the lab rat.