Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: peri on October 09, 2013, 10:55:40 PM
-
On coming back from work, I found myself no longer able to log into my unlocked HG612 through the web interface. Telnet access still works and a "xdslcmd --version" produces the following output:
# xdslcmd --version
xdslcmd version 1.0
DSL PHY: AnnexA version - A2pv6C038m.d24j
******* Pass *********
The only plausible explanation that comes to mind is that the firmware has been updated by BT some time earlier today. I wonder if this has happened to anyone else?
-
It was always possible that this would happen. I have DSLstats set up to issue the command killall -KILL start btagent every time it starts recording. This completely disables the BTAgent processes which support remote upgrades. You can of course also issue the command manually from the telnet interface.
Hopefully you can restore the unlocked firmware from the telnet interface.
-
I will leave mine turned ON for the mean while, but if it does happen it's an easy.
If you can't turn it off via telnet then re-install the old firmware, do as followed.
Disconnect the DSL cable, then just re-unlock it from a hard reset. Install the firmware, then disable BT Agent through the website interface then put the DSL cable back in, job done.
-
Thanks for the suggestions. As telnet access is still working, and I can use DSLstats, I am inclined to leave the new firmware on for a while and see how it behaves.
-
I appear to have had the same thing happen yesterday, but it stopped HG612 Stats from logging - I've just posted here (http://forum.kitz.co.uk/index.php/topic,13041.0.html). It's currently in the wrong forum :-[ but I've asked Kitz to move it.
-
It looks as if it's a case of The Evil Empire Strikes Back*. :-\ :-X >:(
----------
* Registered Office: 81 Newgate Street, London, EC1A 7AJ
-
<snip> then disable BT Agent through the website interface <snip>
Are you absolutely sure that will work? :-\
May I suggest an experiment?
- Access your HG612 via telnet and obtain a 'busybox' shell.
- Examine the processes currently active (use the ps command).
- From the GUI, go to the relevant page and attempt to disable the BT Agent.
- Go back to the 'busybox' shell and execute ps, once again.
- Compare the output of 2. with that of 4.
- Still at the 'busybox' shell, terminate the BT Agent and its respawners by invoking killall -KILL start btagent (suggested by Eric).
- List the processes status yet again.
- Compare the output of 2. with that of 7.
-
You are correct cat!
It didn't kill it via GUI but it does with a command.
Attached the notepad file if any want to see the evidence or all the tasks it removed from the comparison's.
-
Just purrfect. :)
Thank you for performing the experiments and showing the result.
-
My modem has also received this update, concurrent with a change to the band plan of the Huawei DSLAM - see this post: http://forum.kitz.co.uk/index.php/topic,13041.msg246175.html#msg246175 (http://forum.kitz.co.uk/index.php/topic,13041.msg246175.html#msg246175) .
Might it not be a little rash to assume that the sole reason for the update is an attempt by BTOR to sabotage user harvesting of the modem stats, and to immediately reinstall the old firmware and block future updates? Might the new firmware offer performance improvements, or even be necessary for compatibility with changes being made at the cabinet end?
The telnet port and CLI have not been blocked, and BE's HG612_current_stats program works with the new firmware. I would have thought it might be possible to "tweak" the other monitoring programs to make them compatible.
-
The telnet port and CLI have not been blocked, and BE's HG612_current_stats program works with the new firmware. I would have thought it might be possible to "tweak" the other monitoring programs to make them compatible.
As far as I know, DSLstats should work with the new firmware. I'd appreciate it if someone could check.
-
As far as I know, DSLstats should work with the new firmware. I'd appreciate it if someone could check.
It does work with the new firmware, no problems at all.
-
Thanks for that, peri.
-
My modem has also received this update, concurrent with a change to the band plan of the Huawei DSLAM - see this post: http://forum.kitz.co.uk/index.php/topic,13041.msg246175.html#msg246175 (http://forum.kitz.co.uk/index.php/topic,13041.msg246175.html#msg246175) .
Might it not be a little rash to assume that the sole reason for the update is an attempt by BTOR to sabotage user harvesting of the modem stats, and to immediately reinstall the old firmware and block future updates? Might the new firmware offer performance improvements, or even be necessary for compatibility with changes being made at the cabinet end?
The telnet port and CLI have not been blocked, and BE's HG612_current_stats program works with the new firmware. I would have thought it might be possible to "tweak" the other monitoring programs to make them compatible.
I'm of the same opinion, that the firmware update is for improvement, or future improvements. Would BT really go to the trouble of upgrading firmware just to block a tiny fraction of the installations from accessing the modem?
It's now happened to our works connection, and both of BEs programs have stopped working, as they have at home. Both installations are on ECI cabs though.
-
I don't think it's that, the HomeHub 5 will have various line stats displayed but will not show the full spectrum (pointless in my opinion then).
-
My own Huawei band plans changed this morning, but it appears that the modem's firmware hasn't yet updated as the data stored in the logs is still in the original format.
Product type EchoLife HG612
Hardware version VER.B
Software version V100R001C01B028SP10
Firmware version A2pv6C030b.d22g
Batch number BC1P10.028.A2pv6C030b.d22g
System up time 16 days 22 hours 36 minutes 29 seconds
My programs are still working as intended, but I am already working on the necessary adjustments that will accommodate the firmware updates.
Going off what I have read so far, I expect the modem's firmware to be updated over the next couple of days or so.
It appears that GRAPH6.EXE can still plot the 'current' data from a Huawei DSLAM, but not when it has been obtained from an ECI DSLAM.
That looks like a very minor tweak is needed at first glance, which I'll hopefully sort out this evening.
Ongoing data harvesting via HG612_stats.exe needs some adjustment to work with the new data format(s) in various areas of the harvested data.
I expect that to take a little longer, but I'll get stuck in tonight & release updated programs a.s.a.p.
-
You can flash back the old firmware, we just need someone to patch the new one.
-
You can flash back the old firmware, we just need someone to patch the new one.
Once you have re-flashed the hacked firmware on, load up telnet and run the following command.
killall -KILL start btagent
The modem won't be allowed to update anymore, at least that is what I believe. I have BT Agent disabled and still haven't been updated but depending on location it can take a while.
-
Thanks, im thinking at the moment whether to let it update again, I only need telnet access. There must be a way to disable the firewall using telnet?, I presume its been turned back on by the new firmware, that's why web ui is blocked again I recon.
-
As far as I can tell (from data posted by other users since their dual firmware updates), telnet access is still available, despite the GUI being disabled.
The GUI's URL was http://192.168.1.1/html/content.asp pre-modem firmware update.
I wonder if entering that directly would bring up the GUI?
I can't test it as only the DSLAM has updated on my connection, so far.
-
As far as I can tell (from data posted by other users since their dual firmware updates), telnet access is still available, despite the GUI being disabled.
The GUI's URL was http://192.168.1.1/html/content.asp pre-modem firmware update.
I wonder if entering that directly would bring up the GUI?
I can't test it as only the DSLAM has updated on my connection, so far.
No. The error message varies with the browser (e.g. "Internet Explorer cannot display the webpage") but diagnostics shows that the HTTP port is closed. Ping still works.
-
Cant you add the http access using telnet, or disable the firewall through telnet?, there must be a way, everything else is configurable through telnet?
-
Cant you add the http access using telnet, or disable the firewall through telnet?, there must be a way, everything else is configurable through telnet?
Once the root of the problem has been found it's very likely it can be...
-
I had this happen to me a couple of weeks ago... The day before my line failed altogether ???
So I had to restore the original locked firmware, jump through BT's hoops in the right order, wait for an engineer to come out...
That took six days and while he was here, he decided to swap out the modem because he "didn't like how long it was taking to sync". Left me with an older rev 2B instead of the rev 3B which was originally installed.
So I decided to get a spare from a certain online market we all know, unlock that and keep BT issued one "untainted" in case of further problems.
While I was at it, I rebuilt the rootfs to completely disable BTAgent using asbokid's toolkit. That took a while as the 64bit version of mksquashfs doesn't work properly and the damn thing won't compile. Fortunately asbokid had provided a compiled 32bit version. I just had to build a 64bit virtual machine, install the 32bit compatibility libraries, etc...
As the saying goes. It never rains, but it pours :-X
Since then I've been trying to find a way of extracting the updated firmware from the flashmem via telnet. If I can do that then I'll let the spare update itself and grab it.
-
^-^ Wolfy. It's been a while since you've been seen here. ;)
-
^-^ Wolfy. It's been a while since you've been seen here. ;)
heh, I've been lurking...
Seriously, I always check in but until now I've had nothing to contribute. My research on the HH3B is on hold as I simply wasn't getting anywhere.
-
yay, does this mean you will be patching the new firmware seeing as you know what to do? :whip:
-
yay, does this mean you will be patching the new firmware seeing as you know what to do? :whip:
:whip: <-- You can keep that infernal device to yourself :-\
Greybeard33 mentions here [1] he couldn't find the web interface files, so it may not be possible to patch this one. Extracting the new PHY driver blob should be fairly trivial but more than that I can't say until I get a look at the thing.
[1] - http://forum.kitz.co.uk/index.php/topic,13041.msg246275.html#msg246275 (http://forum.kitz.co.uk/index.php/topic,13041.msg246275.html#msg246275)
-
This would make sense if they had to change other things in the new firmware. I seem to recall it mentioned that the flash chip in the HG612 is very small so it makes no sense including a potentially large web interface when its not going to be used.
From what was posted earlier it also appears things have changed in xdslcmd which could perhaps have broken the web interface stats. Much easier to just drop the whole thing than fix something which again is not even being used. Its not that brilliant for us though.
I assume they will be releasing the source code of the changes though?
-
This would make sense if they had to change other things in the new firmware. I seem to recall it mentioned that the flash chip in the HG612 is very small so it makes no sense including a potentially large web interface when its not going to be used.
It's only small, relatively speaking, because of the dual image configuration. There are some fairly sophisticated devices with NAS-like capabilities, media streaming, bittorrent and a whole host of other bells and whistles on the market using 8MB flash.
From what was posted earlier it also appears things have changed in xdslcmd which could perhaps have broken the web interface stats. Much easier to just drop the whole thing than fix something which again is not even being used. Its not that brilliant for us though.
I assume they will be releasing the source code of the changes though?
If they do, it won't contain any of the Broadcom or Openreach internal source.
-
Just out of a curiosity, how would one start BT agent again via command?
-
That will take a little bit of working out. I'll see what I can do, but no promises.
-
It can be done via telnet using the detach modifier (&).
- Open a telnet connection and log in.
- Enter sh at the ATP prompt.
- Change to the /BTAgent/ro directory.
- Enter './start &'.
If you don't want it to restart when it exits, you'll need to set the path manually, then run './btagent &'.
-
It can be done via telnet using the detach modifier (&).
- Open a telnet connection and log in.
- Enter sh at the ATP prompt.
- Change to the /BTAgent/ro directory.
- Enter './start &'.
If you don't want it to restart when it exits, you'll need to set the path manually, then run './btagent &'.
Thank you, didn't need to set the path manually. Worked fine without a restart!
-
Thank you, didn't need to set the path manually. Worked fine without a restart!
I meant BTAgent. The script contains a loop construct which restarts ./btagent whenever it exits.
-
Looks like my HG612 has had a firmware update the HG612 UI (192.168.1.1) is unavailable and stats stopped working sat 2:08 am :comp:
edit:
the upside is my download and upload speed has increase by 6 mbps DS and 1 mbps US
-
Still no update after reflashing old firmware, do you think ive been crossed off?, like the remote server as marked me as updated?.
-
Wow... looks like I've missed a few ongoings recently whilst I've moved.
I can't access my parents stats on the fly now (bit hard when you're at the other end of the country!) but I'm calling back this weekend so it'll be interesting to have a look (ECI cab, HG modem) for any changes.
Also... coming from 70mb to an estimated 7mb - gonna be hard :'(
-
Still no update after reflashing old firmware, do you think ive been crossed off?, like the remote server as marked me as updated?.
No, it will eventually be updated. They have a weird system in-place to up to date, it's geographically done normally.
-
Still no update after reflashing old firmware, do you think ive been crossed off?, like the remote server as marked me as updated?.
I will not be going down the reflashing path as you all know the reason for any update is stability for incoming hardware that my be introduced in the future it could even be the Vectoring as they did say the firmware on the Fttc modem would need to be updated for it to work.
-
As anyone got a modified version on d24j yet?. What is vectoring?.
-
As anyone got a modified version on d24j yet?. What is vectoring?.
it's like noise reduction software/hardware from what I read into it
http://www.ispreview.co.uk/index.php/2013/08/bt-make-final-adjustments-for-faster-fttc-broadband-vectoring-trial.html
http://www.ispreview.co.uk/index.php/2013/06/bt-prep-uk-superfast-broadband-fttc-vectoring-trial-for-late-july.html
-
Still no update after reflashing old firmware, do you think ive been crossed off?, like the remote server as marked me as updated?.
I will not be going down the reflashing path as you all know the reason for any update is stability for incoming hardware that my be introduced in the future it could even be the Vectoring as they did say the firmware on the Fttc modem would need to be updated for it to work.
We don't know anything of the kind so let's not leap to any conclusions here.
The vectoring trial has only just started and has at least another month to run if all goes well. The cabinet upgrades will obviously take much longer if/when BT start rolling it out.
I'm also rather reluctant to trust anything the ISPReview or the BT community forums has to say on the matter. Some of those people have been off their medication for a long, long time now.
Of course, not all 'updates' are about 'stability'. Greybeard33 posted earlier about the web interface files being missing so it's entirely possible that this update is aimed, at least in part, at preventing the modem from being unlocked.
Personally, I'm going to wait until I've got a copy of the update and can see what has changed before I make a decision.
-
Personally, I'm going to wait until I've got a copy of the update and can see what has changed before I make a decision.
Me to but it all look very interesting with some possiblities thrown in, I can't see why oprenreach would send a firmware update to lock us out as they have more urgent things to fix than stopping us logging the stats and they should know it will be hacked again in a matter of weeks so why bother :P
-
Over in the Thinkbroadband Fibre Broadband (http://forums.thinkbroadband.com/fibre.html?view=collapsed) Forum Ronski (http://forum.kitz.co.uk/index.php?action=profile;u=6805) posted a query (http://forums.thinkbroadband.com/fibre/t/4274705-re-locked-out-of-web-interface-on-hg612-can-telnet-though.html) --
I haven't seen anyone that says they've extracted the new firmware, is that even possible?
A certain black neko responded (http://forums.thinkbroadband.com/fibre/t/4274922-locked-out-of-web-interface-on-hg612-can-telnet-though.html) thus --
Yes, it is possible.
(1) Connect an unlocked HG612 to a line carrying a VDSL2 service.
(2) Wait. Once per day, check the firmware version via telnet access.
(3) When the new firmware is seen to be in situ, power down and disconnect the HG612.
(4) Dismantle the HG612 and carefully remove the flash chip from the PCB.
(5) Mount the flash chip in a suitable cradle and connect to an appropriate reader.
(6) With a system running Unix (or a Linux kernel based OS), suck the data from the flash chip via the reader to a file.
A copy of the firmware image can then be 'broken down' into its component parts. Of particular interest will be the new Broadcom binary blob.
Etc. ;)
Once the new Broadcom binary blob has been isolated, Wolfy (a.k.a. Howlingwolf (http://forum.kitz.co.uk/index.php?action=profile;u=6710)) could perhaps insert that driver into his customised firmware package . . . :-\
One must remember that the source code (made available by both Huawei and Beattie) only contains the source files to those components of the firmware which are covered by the GPL (http://en.wikipedia.org/wiki/GPL) and not the Broadcom proprietary driver nor Beattie's proprietary code (i.e. her busybody, the BT Agent), etc. :-X
-
<snip> I can't see why oprenreach would send a firmware update to lock us out as they have more urgent things to fix than stopping us logging the stats and they should know it will be hacked again in a matter of weeks so why bother :P
Par for the course I'm afraid. These sort of decisions are often made by beancounters who don't understand the technology and don't trust those who do. :-\
Over in the Thinkbroadband Fibre Broadband (http://forums.thinkbroadband.com/fibre.html?view=collapsed) Forum Ronski (http://forum.kitz.co.uk/index.php?action=profile;u=6805) posted a query (http://forums.thinkbroadband.com/fibre/t/4274705-re-locked-out-of-web-interface-on-hg612-can-telnet-though.html) --
I haven't seen anyone that says they've extracted the new firmware, is that even possible?
A certain black neko responded (http://forums.thinkbroadband.com/fibre/t/4274922-locked-out-of-web-interface-on-hg612-can-telnet-though.html) thus --
Yes, it is possible.
(1) Connect an unlocked HG612 to a line carrying a VDSL2 service.
(2) Wait. Once per day, check the firmware version via telnet access.
(3) When the new firmware is seen to be in situ, power down and disconnect the HG612.
(4) Dismantle the HG612 and carefully remove the flash chip from the PCB.
(5) Mount the flash chip in a suitable cradle and connect to an appropriate reader.
(6) With a system running Unix (or a Linux kernel based OS), suck the data from the flash chip via the reader to a file.
A copy of the firmware image can then be 'broken down' into its component parts. Of particular interest will be the new Broadcom binary blob.
Etc. ;)
Ah, yes...
Now I remember why I rarely visit the TBB forums these days...
Once the new Broadcom binary blob has been isolated, Wolfy (a.k.a. Howlingwolf (http://forum.kitz.co.uk/index.php?action=profile;u=6710)) could perhaps insert that driver into his customised firmware package . . . :-\
heh. I shall certainly try once I can get my hands on a copy. I may need to use the jtag port as there doesn't seem to be any way to access the kernel mtdblock from the running system.
-
ronski you seem tthe only one on here who has the changes on a eCI cabinet, did the band plans change on ECI?
Also with the web interface gone does that include the web interface for the modem flash page?
-
Firmware update page is still there, I flashed back to modded firmware, I don't believe the webui as been removed, maybe just moved somewhere else, how is bt going to check the modem and configure certain parts without the interface, yes theres telnet, but I think firewall and a few others cant be set through telnet, if im wrong please correct.
-
Also with the web interface gone does that include the web interface for the modem flash page?
It doesn't appear to as I was able to restore the original firmware prior to the engineer's visit.
EDIT: Beat me to it Boe ;D
I would hazard a guess that anything they needed to do would be done via their 'spy-in-the-box', BTAgent.
-
Yes, it is possible.
(1) Connect an unlocked HG612 to a line carrying a VDSL2 service.
(2) Wait. Once per day, check the firmware version via telnet access.
(3) When the new firmware is seen to be in situ, power down and disconnect the HG612.
(4) Dismantle the HG612 and carefully remove the flash chip from the PCB.
(5) Mount the flash chip in a suitable cradle and connect to an appropriate reader.
(6) With a system running Unix (or a Linux kernel based OS), suck the data from the flash chip via the reader to a file.
A copy of the firmware image can then be 'broken down' into its component parts. Of particular interest will be the new Broadcom binary blob.
Etc. ;)
Isn't there an easier way to get the image?
Maybe it is possible to observe the update process to get the download link to the image?
Possibly some log files are generated during the update?
-
Just been into HG612 using Telnet it's not my favourite way to access it and having to learn a whole host of new commands and yes it looks like the new firmware has added more parameters from the looks of it, and the version I see is AnnexA Version A2PV6C038.D24J yet the Mode shows as VDSL2 Annex B
-
Just been into HG612 using Telnet it's not my favourite way to access it and having to learn a whole host of new commands and yes it looks like the new firmware has added more parameters from the looks of it
? Such as the ones BE posted?
the version I see is AnnexA Version A2PV6C038.D24J yet the Mode shows as VDSL2 Annex B
My version is A2pv6C035m.d22g (Non updated) though the mode has always shown VDSL2 Annex B.
-
? Such as the ones BE posted?
.
not the ones BE1 has posted but my own.
BusyBox v1.9.1 (2013-06-01 18:30:08 CST) built
Enter 'help' for a list of built-in commands.
# xdslcmd info -- version
xdslcmd: too many parameters
# xdslcmd info --version
xdslcmd: ADSL driver and PHY status
Status: Showtime
Retrain Reason: 0
Last initialization procedure status: 0
Max: Upstream rate = 6697 Kbps, Downstream
Bearer: 0, Upstream rate = 6678 Kbps, Downstre
xdslcmd version 1.0
DSL PHY: AnnexA version - A2pv6C038m.d24j
******* Pass *********
-
My version is A2pv6C035m.d22g (Non updated) though the mode has always shown VDSL2 Annex B.
Ah, that's the 'new' BLOB that asbokid provided a while ago.
I wonder if using that BLOB has actually blocked the HG612's firmware update?
e.g:-
if A2pv6C030b.d22g (original unlocked firmware) then update
else do nothing.
-
My version is A2pv6C035m.d22g (Non updated) though the mode has always shown VDSL2 Annex B.
Ah, that's the 'new' BLOB that asbokid provided a while ago.
I wonder if using that BLOB has actually blocked the HG612's firmware update?
e.g:-
if A2pv6C030b.d22g (original unlocked firmware) then update
else do nothing.
I had a similar thought a moment ago, I wouldn't imagine it would block it. (My MSAN hasn't been updated yet so I doubt it!)
Some people are reporting no access to Telnet after the update perhaps depending on the firmware you had before could be the cause of this. (Unlikely but a possibility)
-
My question is can I turn my HG612 leds back on using Telnet commands and if so could you post the the required telnet paramaters, just incase I need them back online while the GUI to Hg612 is being fixed :-[
-
My question is can I turn my HG612 leds back on using Telnet commands and if so could you post the the required telnet paramaters, just incase I need them back online while the GUI to Hg612 is being fixed :-[
Everything that was available in GUI is accessible through telnet, there are more options. It's just finding and knowing the commands... I'm sure Roseway or Wolf will be able to help you out!
-
Also with the web interface gone does that include the web interface for the modem flash page?
It doesn't appear to as I was able to restore the original firmware prior to the engineer's visit.
I wonder if the firmware update GUI is part of the bootloader, separate from the interface to the operational firmware? As protection against a corrupt firmware update "bricking" the modem? The style of the update webpage is different to the normal ones, and there is no mention of the modem make or model - it might be generic to the Broadcom chipset.
-
Everything that was available in GUI is accessible through telnet, there are more options. It's just finding and knowing the commands... I'm sure Roseway or Wolf will be able to help you out!
Cheers ryant704 i feel very vulnerable at the moment without the GUI it was my first port of call to see whats going on and then do a graph with BE1 & Co software to look deeper into the stats, and fired up DSLstats software as Graphing (ongoing stats) has not been working since Friday.
-
ronski you seem tthe only one on here who has the changes on a eCI cabinet, did the band plans change on ECI?
Also with the web interface gone does that include the web interface for the modem flash page?
I've had two modems update now at separate locations (home & work) both on ECI cabs.
I did post a link on TB to my logs, but here's my band plans.
Discovery Phase (Initial) Band Plan
US: (6,31) (882,1193) (1984,2770)
DS: (33,857) (1218,1959) (2795,4083)
Medley Phase (Final) Band Plan
US: (6,31) (882,1193) (1984,2702)
DS: (41,857) (1218,1959) (2795,3924)
My version is A2pv6C035m.d22g (Non updated) though the mode has always shown VDSL2 Annex B.
Ah, that's the 'new' BLOB that asbokid provided a while ago.
I wonder if using that BLOB has actually blocked the HG612's firmware update?
e.g:-
if A2pv6C030b.d22g (original unlocked firmware) then update
else do nothing.
I wasn't using the original unlocked firmware, there was a modified one floating around from around March bcm96368MVWG_fs_kernel_HG612V100R001C01B028SP10ulk003-1364525729, this still updated to the latest firmware.
-
I wasn't using the original unlocked firmware, there was a modified one floating around from around March bcm96368MVWG_fs_kernel_HG612V100R001C01B028SP10ulk003-1364525729, this still updated to the latest firmware.
That's the one with the 'new' BLOB that I mentioned above.
-
Well BT's new firmware doesn't discriminate, as that's what I was using when it updated at home the other night.
-
Isn't there an easier way to get the image?
Maybe it is possible to observe the update process to get the download link to the image?
Possibly some log files are generated during the update?
Please remember that we do not know how Beattie's busy-body (the BT Agent) operates. Perhaps it uses a VPN or VLAN to contact the Evil Empire?
All suggestions are welcome. :)
I agree that a simpler way of obtaining a copy of the image may be possible . . . However the 'recipe' that I spelt out, above, is a 'sure fire' method and is based on previous successful work.
-
I wonder if the firmware update GUI is part of the bootloader, separate from the interface to the operational firmware? As protection against a corrupt firmware update "bricking" the modem? The style of the update webpage is different to the normal ones, and there is no mention of the modem make or model - it might be generic to the Broadcom chipset.
There are (were) two separate firmware upload methods, each requiring a different format of the firmware image. The first is from the bootloader and the second from the GUI.
All firmware images that Asbokid has provided are in the first format, for upload via the bootloader.
Yes, you are correct GB, the firmware upload page via the bootloader is the generic Broadcom offering.
(As an aside I'll comment that the absence of such a method for uploading firmware, via the bootloader, with the ECI B-FOCuS devices makes them more problematical to research. :( )
-
I've had two modems update now at separate locations (home & work) both on ECI cabs.
I did post a link on TB to my logs, but here's my band plans.
Discovery Phase (Initial) Band Plan
US: (6,31) (882,1193) (1984,2770)
DS: (33,857) (1218,1959) (2795,4083)
Medley Phase (Final) Band Plan
US: (6,31) (882,1193) (1984,2702)
DS: (41,857) (1218,1959) (2795,3924)
thanks very much, looks like the discovery phase still uses over 4000 on ECI then, thats good news.
I think I am going to enable tr-069 on my hg612. The web gui is very conveniant for very fast access to check things, but if telnet still works isnt the endof the world and I guess I will need to update to the latest monitoring tools as still using the older modem stats app.
But there is still some concern, all 3 DS on your band plan have had some tones chipped off.
Discovery Phase (Initial) Band Plan
US: (0,95) (880,1195) (1984,2771)
DS: (32,859) (1216,1959) (2792,4083)
yours
DS: (33,857) (1218,1959) (2795,4083)
-
I wonder if the firmware update GUI is part of the bootloader, separate from the interface to the operational firmware? As protection against a corrupt firmware update "bricking" the modem? The style of the update webpage is different to the normal ones, and there is no mention of the modem make or model - it might be generic to the Broadcom chipset.
There are (were) two separate firmware upload methods, each requiring a different format of the firmware image. The first is from the bootloader and the second from the GUI.
All firmware images that Asbokid has provided are in the first format, for upload via the bootloader.
Yes, you are correct GB, the firmware upload page via the bootloader is the generic Broadcom offering.
(As an aside I'll comment that the absence of such a method for uploading firmware, via the bootloader, with the ECI B-FOCuS devices makes them more problematical to research. :( )
Ah, thanks. Perhaps that might explain something that has been puzzling me? Boe323 has reported that he lost Telnet access after a hard reset, yet a firmware upload in itself resets the firewall configuration when carried out via the bootloader (it is not necessary to do a hard reset after loading Asbokid's unlocked firmware). Do you think it is possible that Telnet access is blocked by default in the new firmware, but that Beatie's remote upload process normally leaves the pre-existing modem configuration data unchanged, until a hard reset is carried out to load the new defaults?
-
<snip>
Do you think it is possible that Telnet access is blocked by default in the new firmware, but that Beatie's remote upload process normally leaves the pre-existing modem configuration data unchanged, until a hard reset is carried out to load the new defaults?
It certainly looks that way.
I've built a new firmware image with just the firewall level changed so, fingers crossed etc. I may get an update. Hopefully sooner rather than later.
-
Since then I've been trying to find a way of extracting the updated firmware from the flashmem via telnet. If I can do that then I'll let the spare update itself and grab it.
Have you already found a way to grab an image via telnet?
I don't have the HG612 but maybe this works on it as well: On my bcm6368 based device I can dump the mtdblock* devices and piece the parts together to get the flashable image.
-
Since then I've been trying to find a way of extracting the updated firmware from the flashmem via telnet. If I can do that then I'll let the spare update itself and grab it.
Have you already found a way to grab an image via telnet?
I don't have the HG612 but maybe this works on it as well: On my bcm6368 based device I can dump the mtdblock* devices and piece the parts together to get the flashable image.
It was getting the modem tftp client and the host server to cooperate which was the problem. Having done that I was able to dump and examine the mtdblock devices.
Unfortunately, it seems that only the root filesystem is available that way so I may have to use the JTAG port to extract the rest of it.
That will take a while...
-
Ah, thanks. Perhaps that might explain something that has been puzzling me? Boe323 has reported that he lost Telnet access after a hard reset, yet a firmware upload in itself resets the firewall configuration when carried out via the bootloader (it is not necessary to do a hard reset after loading Asbokid's unlocked firmware). Do you think it is possible that Telnet access is blocked by default in the new firmware, but that Beatie's remote upload process normally leaves the pre-existing modem configuration data unchanged, until a hard reset is carried out to load the new defaults?
Nods in tentative agreement. :)
I have a vague recollection (which can be clarified by reading Asbokid's entire Huawei HG612 Hacking blog (http://huaweihg612hacking.wordpress.com/) from the beginning) that there are two copies of the code saved in the flash memory. It is only by performing a 'long reset' are they both synchronised. :-\
(But there again, I may just be caterwauling from the top of the pole from which my drop-cable originates . . . :blush: )
-
it also could be the OTA flash preserves all settings. Including the firewall. But the defaults get changed in the event of a hard reset,
-
I have the firmware update, my cabinet hasn't received an update unless they did it at the same time!
I'm on an ECI cabinet.
Old
Discovery Phase (Initial) Band Plan
US: (0,95) (880,1195) (1984,2771)
DS: (32,859) (1216,1959) (2792,4083)
Medley Phase (Final) Band Plan
US: (0,95) (880,1195)
DS: (32,859) (1216,1959)
New
Discovery Phase (Initial) Band Plan
US: (6,31) (882,1193) (1984,2770)
DS: (33,857) (1218,1959) (2795,4083)
Medley Phase (Final) Band Plan
US: (6,31) (882,1193)
DS: (41,857) (1218,1551)
Bit swaps are back up to 54 standard not moving compared to 0 not moving hours on previous.
My whole entire BitLoading is classed as Other data.
Current line/signal
Line Attenuation(dB): 6.3 53.0 64.0 N/A N/A 23.0 66.2 N/A
Signal Attenuation(dB): 6.3 52.8 N/A N/A N/A 29.6 66.1 N/A
SNR Margin(dB): 6.3 5.5 N/A N/A N/A 14.4 14.5 N/A
TX Power(dBm): 1.9 6.0 N/A N/A N/A 11.2 3.0
Previous 23/23, any ideas of the potential cause?
Positive thing Bitswaps per tone now works again! My overall opinion of the firmware update, total dog c**p.
It's worth noting the attenuation has been added to this update, I think in the future we could potentially see more ISPs display stats.
-
Anyone know know is sedrop and CoMinMgn was on before the update?, as there both off now, I thought they were all enabled by default before.
-
Positive thing Bitswaps per tone now works again! My overall opinion of the firmware update, total dog c**p.
are you going to stick with the new firmware or go back ?
-
Positive thing Bitswaps per tone now works again! My overall opinion of the firmware update, total dog c**p.
are you going to stick with the new firmware or go back ?
Stick with it for the moment, perform a few tests that I want to do and If anything else needs to be tested I'm happy being the lab rat.
-
Positive thing Bitswaps per tone now works again! My overall opinion of the firmware update, total dog c**p.
are you going to stick with the new firmware or go back ?
Stick with it for the moment, perform a few tests that I want to do and If anything else needs to be tested I'm happy being the lab rat.
same here will wait for a few weeks and see if the Interleaving drops back to the norm or maybe the firmware is saying to the DLM "this line needs 1215 I depth" and be stuck on it for the duration of the 40/10 life span :-\ and two weeks feels like an eternity
PS I whish I had never gone down the Modem Stats hobby as it can take over your life :lol:
-
PS I whish I had never gone down the Modem Stats hobby as it can take over your life :lol:
LOL, you do eventually get over it, until the recent problems I'd often go days without looking at the stats, maybe even a week! I tended to just check the BQM ping monitor, can see straight away if anything untoward has happened.
-
PS I whish I had never gone down the Modem Stats hobby as it can take over your life :lol:
LOL, you do eventually get over it, until the recent problems I'd often go days without looking at the stats, maybe even a week! I tended to just check the BQM ping monitor, can see straight away if anything untoward has happened.
A week with out looking at stats :o well my normal quick glance was 192.168.1.1 but thats gone now, and BE1 ongoing stats won't work, so it's a quick Icon to DSLstats
-
So this morning my modem has been attacked by BT with new firmware. i lost gui (The connection has timed out
The server at 192.168.1.1 is taking too long to respond.) and Telnet (C:\>Telnet 192.168.1.1
Connecting To 192.168.1.1...Could not open connection to the host, on port 23: C
onnect failed).
Is there anything i can do to get telnet back?
Forgive my ignorance i am learning
-
So this morning my modem has been attacked by BT with new firmware. i lost gui (The connection has timed out
The server at 192.168.1.1 is taking too long to respond.) and Telnet (C:\>Telnet 192.168.1.1
Connecting To 192.168.1.1...Could not open connection to the host, on port 23: C
onnect failed).
Is there anything i can do to get telnet back?
Forgive my ignorance i am learning
I had the same thing happen. See this thread for a possible solution:
http://forum.kitz.co.uk/index.php/topic,13067.0.html
BBN
-
A quick FYI: I was running the last firmware package with the new blob and after receiving the update, telnet is still available at a manually configured address. Needless to say, it was the disappearance of the web interface that alerted me to the update.
-
A quick FYI: I was running the last firmware package with the new blob and after receiving the update, telnet is still available at a manually configured address. Needless to say, it was the disappearance of the web interface that alerted me to the update.
For the benefit of future readers of this thread: telnet remains available after the update if any change to the default modem configuration has previously been saved. However, a "long reset" (holding the reset button for several seconds) will load the new default configuration and all LAN access will then be blocked. See this post by Howlingwolf for the technical explanation: http://forum.kitz.co.uk/index.php?topic=13130.msg247609#msg247609 (http://forum.kitz.co.uk/index.php?topic=13130.msg247609#msg247609)
-
I still have telnet access despite the fact that I did a long reset - more than once, after I lost the GUI. In my case I had also changed the address from 192.168.1.1 to 192.168.1.101 for router compatibility. My changed address has not been affected by the BT software change or the resets
-
I still have telnet access despite the fact that I did a long reset - more than once, after I lost the GUI. In my case I had also changed the address from 192.168.1.1 to 192.168.1.101 for router compatibility. My changed address has not been affected by the BT software change or the resets
Hi Piatoakside - welcome to the forum, and apologies for not replying sooner.
From your description it appears that you did not actually succeed in resetting the modem to the default configuration - this should definitely change the IP address back to 192.168.1.1. The "long reset" requires the reset button on the modem to be firmly depressed for at least 10 seconds continuously, starting with the modem powered and booted up. A shorter press will just trigger a reboot without changing the configuration.
-
We assumed they removed the Web GUI so we can't access the line stats anymore, though If I thought if they were attempting to achieve this...
Why on earth would they add the formula for the Line Attenuation? I feel the removel of the WebGUI was for a different purpose...
-
We assumed they removed the Web GUI so we can't access the line stats anymore, though If I thought if they were attempting to achieve this...
Why on earth would they add the formula for the Line Attenuation? I feel the removel of the WebGUI was for a different purpose...
Ermm...
'we' didn't assume anything of the kind. It was an initial assessment I made after my initial examination of the new firmware. That's why I used the terms 'preliminary results' in the title and 'first look' in the post body.
Since then it's become obvious that while most of the config changes are aimed solely at blocking access, (there are only two which refer to anything else), the removal of the web interface is at least partially due to space considerations. My rebuilt images with the web interface restored encroach the 'spare flash area' by either one or two blocks depending on the presence of the BTAgent.
I'm fairly sure the line attenuation bug you mention is a separate issue as this is somewhere in the underlying interface/driver layer, not the web interface which works normally for non VDSL2 connections.
Of course, it's entirely possible that it's a combination of both which might explain why downstream is now available and upstream is not.
BTW: The only changes I made to the web interface were removing the non-functional BTAgent interface components to reduce the size of the webimg file and some minor cosmetic changes. Engrish spelling and grammar to English.
-
whats bigger in the firmware then to make it go over the limit?
My ultimate firmware would be the old firmware with the new blob and btagent removed.
-
whats bigger in the firmware then to make it go over the limit?
Ah... Now this is one of those things which can sneak up and bite you on the arse if you're not paying proper attention.
One of the tests I ran while investigating this was to remove all of the files missing in B030 from B028 and the one extra file from B030, then build new squash filesystems. The B030 squashfs file was 128K bigger than B028 despite having the 'same' files in both filesystems.
What's changed is obviously the compressibility of those files.
As it happens, the total size of the changed files is actually smaller than those in B028 :)
My ultimate firmware would be the old firmware with the new blob and btagent removed.
That doesn't appear to be possible. Although, I must admit I only ran one test with the new blob in the B028 firmware right at the beginning and moved on when I saw it caused xdslcmd to seg-fault during the boot process.
-
ok I dont blame you, at least you tried tho.
-
ok I dont blame you, at least you tried tho.
I was fairly sure it wouldn't work when I saw that the kernel, the bcm/adsl drivers and the xdsl components had all been rebuilt, but it's something which needed to be tested at least once.
-
Looks like we will be seeing a new remote update in the reasonably near future by BT/HUAWEI. I just thought I'd see what had been gpoing on with this HG612 firmware as I was going to go back to my testing and then I found RevK's blog (http://revk.www.me.uk/2013/11/bt-huawei-working-with-us.html) which indicates they have found a bug and are working on a fix, so this will get rolled out again as a new update I presume at some stage.
Stuart
-
I flashed my modem now, I got too curious.
Sadly there is no immediate benefit on my line, long term I may get benefit, perhaps lower error rates etc, but nothing immediate.
US attainable is around the same as before.
DS attainable has dropped by yet another mbit.
After 40 mins uptime 7 crc errors on DS 7 also on US. That would work out at approx 10 hour, 240 per day. On previous firmware before I powered down modem was averaging 300-400 per day.
for the curious I flashed this file.
bcm96368MVWG_fs_kernel_HG612V100R001C01B030SP06_unlockedgui-nobtagent
-
update, error rate is defenitly higher.
even with lower sync speed I am getting over 1000 errors a day with this firmware.