i need your help
i will tell u all the situation so u can figure out what is best to be done
i work in a mini isp
and we have the employee of the year challenge
it is about the hg532 / hg531 v1 routers
the admin would set a random pppoe user& pwd
then change the admin pwd and we are supposed to get the pppoe data
the challenge has many levels
in the 1st level i was able to get the data using the upnp tools
then the admin disabled it and i was challenged one more time
i used some tr064 actions i found in a Russian cd i got of the internet
the tr064 client with this cd only works with the normal dslf-config user of the tr064 and not the dslf-reset
and i was able to get to the web interface but not to extract the pppoe pwd
then being able to some how do the web level actions on the router i developed a way to enable the upnp using the cookie acquired by the tr064
in the current level the upnp is disabled & the tr064 pwd is changed also
so i am trying to get any tr064 client that works with the dslf-reset account of the tr064 that as i red must have a static pwd which i can figure out or search for
but this way isn't giving me much
so i am thinking in one of other 2 solutions i thought of
1- to decrypt the .conf file and get the pppoe data of it or to edit it making the upnp enabled
2-to edit the firmware of the router to make the upnp always on ignoring the setting added by the .conf file
this is an uncompressed firmware image along with a conf file
https://www.dropbox.com/s/q3y6lia8fvui9pp/532.rar?dl=0the open ports of the routers are
tcp/udp 53 dns
tcp 80 http
tcp 37215 the upnp port wich the traffic directed to from the udp 1900
tcp 37443 unknown wasnt able to get any info about this port
if u can help me please decrypt the conf file or force the upnp to be always on
here is a link to the open source for the 532 firmware
https://www.dropbox.com/s/48k2w1wnki38f1m/opensource_hg532.tar.gz?dl=0thanks in advance