Kitz Forum

Broadband Related => Broadband Hardware => Topic started by: lloyd on December 04, 2016, 11:29:35 AM

Title: VMG8924-B10a disable TR-069
Post by: lloyd on December 04, 2016, 11:29:35 AM
I'm just looking at swapping by Billion 8800 for a ZyXel VMG8924-B10a (for the 5G wifi).  Does anyone know how to disable TR-069 and TR-064?

Thanks
Title: Re: VMG8924-B10a disable TR-069
Post by: broadstairs on December 04, 2016, 11:34:34 AM
Its an option in the maintenance menu, and on mine both the 069 and 064 were disabled by default on install.

Stuart
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 04, 2016, 11:39:43 AM
Its an option in the maintenance menu, and on mine both the 069 and 064 were disabled by default on install.

What sub-menu under maintenance? - I must be going blind.
Title: Re: VMG8924-B10a disable TR-069
Post by: broadstairs on December 04, 2016, 11:51:18 AM
Is yours an original ZyXEL or a rebranded Eircom F1000? On mine under (well above the way the menu works  ;) ) there are two options a TR-069 client and a TR-064 listed. Assuming yours is a standard ZyXEL on the later firmware (I'm running V15 see elsewhere on here for details) then it should be there.

Stuart
Title: Re: VMG8924-B10a disable TR-069
Post by: Ronski on December 04, 2016, 11:58:09 AM
It's there on mine which is a rebranded F1000 running FW V15
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 04, 2016, 12:12:45 PM
Strange.  I don't have those two items. I have just upgraded to v15 - showing as 1.00(AAKL.15)C0 - but not there.

I've not connected it to the DSL line yet - surely the menu visibility is not a factor of that?
Title: Re: VMG8924-B10a disable TR-069
Post by: broadstairs on December 04, 2016, 12:24:21 PM
I wonder if it only shows under other not yet set conditions. I would suggest making sure all your settings are correct for connecting (but dont connect yet) and try again. I cannot test with mine as it's live.

Stuart
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 04, 2016, 12:30:42 PM
I wonder if it only shows under other not yet set conditions. I would suggest making sure all your settings are correct for connecting (but dont connect yet) and try again. I cannot test with mine as it's live.
It's ready to go, and I had it connected earlier.  Few more minor details to sort. It''ll probably be another week now before I try again (not my highest priority at the moment) - I'll report back if that changes anything.
Title: Re: VMG8924-B10a disable TR-069
Post by: j0hn on December 04, 2016, 03:37:50 PM
http://forum.kitz.co.uk/index.php/topic,18552.0.html
have a look here ^^^
we've come across this a few times


imo, and it's only my opinion, they removed the options from newer retail models. Initially the modem was only supplied to ISP's. No matter what firmware you flash there seems to be no way to get the option to appear. It's not just missing from the GUI, the telnet commands also don't work.
Title: Re: VMG8924-B10a disable TR-069
Post by: broadstairs on December 04, 2016, 03:57:08 PM
All I can suggest is ask ZyXEL themselves. The latest User Guide I can find from 2015 still shows the options and screens for 069 client and 064.

Stuart
Title: Re: VMG8924-B10a disable TR-069
Post by: npr on December 04, 2016, 04:30:31 PM
Are you logged in with "administrator group" privileges or "user group" privileges or something in between?

You can check your username privilege level at maintenance > user account.
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 04, 2016, 06:45:25 PM
Are you logged in with "administrator group" privileges or "user group" privileges or something in between?

Not in a position to be able to check at the moment, but would expect the standard admin account (which is what I'm using) to give me everything.

Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 05, 2016, 01:11:48 PM
All I can suggest is ask ZyXEL themselves. The latest User Guide I can find from 2015 still shows the options and screens for 069 client and 064.

Ticket raised with Zyxel.  Initial response from them is to clear cache etc., and open in an incognito window.  I will go through the motions later.
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 05, 2016, 07:08:24 PM
Ticket raised with Zyxel.  Initial response from them is to clear cache etc., and open in an incognito window.  I will go through the motions later.

Ticket updated with the expected result. (Also tried factory reset but still no good.)

I have not tried it again on a DSL line yet, but judging by j0hn's comments, I don't think that will do the trick.
Title: Re: VMG8924-B10a disable TR-069
Post by: broadstairs on December 05, 2016, 08:51:32 PM
Just one thought which you may have done.... did you do a full factory reset after installing V15 f/w? I know its a pain having to set everything up again but it might be worth it if you did not do that, or if you did then did you check for the menu before reloading any settings?

As I said if you did all this then ignore me thinking out loud  ;)

Stuart
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 05, 2016, 09:10:59 PM
Just one thought which you may have done.... did you do a full factory reset after installing V15 f/w? I know its a pain having to set everything up again but it might be worth it if you did not do that, or if you did then did you check for the menu before reloading any settings?

As I said if you did all this then ignore me thinking out loud  ;)

Stuart
It's a good point, but yes, did that this evening (and saved the config beforehand to make reloading easier). No joy.
Title: Re: VMG8924-B10a disable TR-069
Post by: npr on December 06, 2016, 09:42:26 AM
You could try loading the config file which comes zipped with the firmware.
For the 15C0 fw, the file is named 1.00(AAKL.15)C0.rom.

Alternatively compare that and your saved config using a text editor (preferably notepad++), you'll see the privilege for each user near the beginning of the file.


Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 06, 2016, 10:00:10 AM
Well Zyxel wanted a copy of my config file, and it has note been escalated to an 'expert'. To be fair to Zyzel, they have been very responsive so far.

I actually only want to confirm that they are turned off (I'm sure you've seen the press regarding vulnerability with TR-064), so may just do a port scan.
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 06, 2016, 06:51:07 PM
Another interesting observation - hardware reset does not work under v15.  Downgrade to v14 and it does.

Now when I do a hardware reset, the default johnlewis auto connect settings are restored in the WAN configuration, so something is not being fully reset, or there is another ROM that the ISP has access to.  I beginning to get suspicious that the ISP has control of these menu entries.  (And interestingly Zyxel support have asked if the router is ISP provided.)
Title: Re: VMG8924-B10a disable TR-069
Post by: broadstairs on December 06, 2016, 08:40:14 PM
the default johnlewis auto connect settings are restored in the WAN configuration

Well that kind of does indicate to me that this is not a retail router and could well explain why you have these issues. I suspect the router does have the 069 and 064 stuff enabled and the fact that no menu item exists is probably to stop you messing with it.

Stuart
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 06, 2016, 09:07:58 PM
Well I'm not prepared to potentially become part of a Mirai botnot, so for the moment this router will stay in its box.  Unless I can block TR-069 with its own firewall?
Title: Re: VMG8924-B10a disable TR-069
Post by: broadstairs on December 06, 2016, 09:13:46 PM
As a matter of interest where did you get the router from? Was it supplied by John Lewis?

Stuart
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 06, 2016, 09:15:57 PM
As a matter of interest where did you get the router from? Was it supplied by John Lewis?

Stuart

Yes, just changed contract from BT.
Title: Re: VMG8924-B10a disable TR-069
Post by: broadstairs on December 06, 2016, 10:31:42 PM
I'm afraid that is not uncommon with ISP provided routers, they mess them about so they can do what they want with them. I suspect if you invest in a retail 8924 it will work as mine.

Stuart
Title: Re: VMG8924-B10a disable TR-069
Post by: aam on December 06, 2016, 10:45:33 PM
Today I tried a Zyxel VMG3925 provided by KCOM and various menu items were missing under maintenance when logged-in using the admin user account. Remote management, TR-069, TR-064 and even the firmware upgrade options were missing. Previously the KCOM supplied units, such as the VMG8924, had all of these options present.
Title: Re: VMG8924-B10a disable TR-069
Post by: broadstairs on December 06, 2016, 11:05:59 PM
Its the main reason I will always use my own router where I have total control, if an ISP didn't allow it I would not use them.

Stuart
Title: Re: VMG8924-B10a disable TR-069
Post by: Adco on December 06, 2016, 11:22:15 PM
I've had a couple of these Zyxel ex ISP routers and have always had to clear out the ROM D which has the ISP config details. There is a guide on how to do this on the Andrews & Arnold site but it does require telnet access. The guide is for the VMG1312-B10A but works for the VMG8924-B10 as well.
http://support.aa.net.uk/VMG1312:_Factory_Reset

Doug
Title: Re: VMG8924-B10a disable TR-069
Post by: j0hn on December 07, 2016, 12:56:54 AM
I've had a couple of these Zyxel ex ISP routers and have always had to clear out the ROM D which has the ISP config details. There is a guide on how to do this on the Andrews & Arnold site but it does require telnet access. The guide is for the VMG1312-B10A but works for the VMG8924-B10 as well.
http://support.aa.net.uk/VMG1312:_Factory_Reset

Doug
I can confirm this works. send the telnet command save_default clean, then reset the modem via the pin hole reset button
Title: Re: VMG8924-B10a disable TR-069
Post by: kitz on December 07, 2016, 01:26:04 AM
Both options are there in mine and disabled.

If you dont have the option, then you should be able to set rules in the firewall to block port 7547.

Firewall > Protocol

Add UDP Port 7547
Add TCP Port 7547

Then in Firewall > Access Control

Add ACL rules for TCP 7547 and UDP 7547
Direction WAN to router
DROP
From Any IP


Same applies to the ex-Zen VMG1312's
B*cat has some screen shots that he may kindly share,  as he's already done this.
I'd do a proper tutorial, but unfortunately Im really bogged down with other things right now :/
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 07, 2016, 01:12:29 PM
Thanks everyone, that is just the info I was after.

Having told Zyxel that this is an ISP supplied device, they have offered to swap it out (!?).  As long as the suggestions here work, I can see no reason to do so, so I'll give those a go first.

What does concern me is that v15 would not react to a press of the hardware reset button (but downgrade to v14 made it work).  I don't suppose anyone can confirm if they have been successful with this?
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 07, 2016, 06:33:11 PM
Well cleared the ROM.  Reset the router.  The ISP config details are no longer there.  But guess what?   No TR-069 or TR-064 menu entries.  Using the telnet connection I can see that TR-064 is disabled, but can't find a command to check TR-069.
Title: Re: VMG8924-B10a disable TR-069
Post by: polymath on December 07, 2016, 08:07:39 PM
Response to #28 Kitz. Regarding the Zylex vmg1312-Bx0D. I have been looking at the manual, version 5.11, edition 2 03/2016.

There is no explicit means of enabling/disabling TR069 AND 064. But there is the firewall protocol / access control route.

However in the NAT chapter 11 (page 157), figures 78, 80, 83 are screen shots of the screens for port forwarding, applications and port triggering. These contain a Note that "The TCP port 7547 is reserved for TR069 connection request port".

The note might suggest port 7547 is treated differently to other ports and I wonder if the protocol / access control in the firewall settings is available (i.e works for) for this port.

Btw A search of the 1312 pdf manual for strings related to TR069 and 64 gives no results because the only place they appear is in the screen shots, so no text to find.
Title: Re: VMG8924-B10a disable TR-069
Post by: central scrutiniser on December 08, 2016, 11:50:34 AM
Don't know if you've sorted this out or not but here's a screenshot of mine with the relevant firmware showing in background.

(https://forum.kitz.co.uk/proxy.php?request=http%3A%2F%2Fi66.tinypic.com%2F673voj.jpg&hash=f724ab36a1022e29eea9c340f638bff9)

I cannot see how it's possible not to have the maintenance menu showing in the modem home screen, perhaps a fresh install of the relevant firmware may help from a different source ?.

Here's where I got mine :-

http://www.zyxel.com/euosearch/dl-search.aspx?mci_country=uk&access=p&entqr=0&getfields=*&sort=date:D:S:d1&output=xml_no_dtd&ie=UTF-8&btnG=Submit&client=uk-en-dl&q

C S
Title: Re: VMG8924-B10a disable TR-069
Post by: kitz on December 10, 2016, 01:53:59 AM
Quote
The note might suggest port 7547 is treated differently to other ports and I wonder if the protocol / access control in the firewall settings is available (i.e works for) for this port.

It works for the VMG1312, so I see no reason why it shouldn't on the VMG8324.
I have the TR-069 option in the menu so I cant test it on my VMG824.   
Title: Re: VMG8924-B10a disable TR-069
Post by: aruba on December 10, 2016, 07:29:24 AM
I had the missing options issue with a VMG8324 I purchased from Eclipse in 2015. There is a way of solving it, by erasing the ROM-D, but ZyXel support at the time didn't recommend it.

[original post with Telnet code] (http://forum.kitz.co.uk/index.php/topic,14367.msg301359.html#msg301359)
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 10, 2016, 08:21:46 AM
I had the missing options issue with a VMG8324 I purchased from Eclipse in 2015. There is a way of solving it, by erasing the ROM-D, but ZyXel support at the time didn't recommend it.

[original post with Telnet code] (http://forum.kitz.co.uk/index.php/topic,14367.msg301359.html#msg301359)

Been there (see previous post). Cleared the ROM. Still no good. Off to the Post Office to send back to Zyxel this morning.
Title: Re: VMG8924-B10a disable TR-069
Post by: Ronski on December 10, 2016, 08:37:49 AM
It's very good that they are willing to sort it out for you  :fingers:
Title: Re: VMG8924-B10a disable TR-069
Post by: aam on December 10, 2016, 10:05:07 AM
Been there (see previous post). Cleared the ROM. Still no good. Off to the Post Office to send back to Zyxel this morning.
Just out of interest, can you login to the web GUI using the 'supervisor' account instead of admin as that should show various other options not shown to admin users. 
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 10, 2016, 12:02:24 PM
Just out of interest, can you login to the web GUI using the 'supervisor' account instead of admin as that should show various other options not shown to admin users.

Sealed in the box now, but what would the password be?  I did try supervisor with 1234 but no joy.
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 10, 2016, 12:03:39 PM
It's very good that they are willing to sort it out for you  :fingers:

I've been pleasantly surprised at their support - very responsive, and I certainly did not expect to be able to return it when I told them it was ISP provided.
Title: Re: VMG8924-B10a disable TR-069
Post by: tubaman on December 13, 2016, 07:33:55 PM
I've recently picked-up one of these (from Ebay - where else :-[).
It's working great on my line but I'm having similar issues to lloyd in that some of the menu options are missing (TR069 and VOIP to name two).

Mine is an ex John Lewis broadband version - clear from the login details it had in it that remained after defaulting it.

I've cleared the ROM-D and that has got rid of the JL login details but I still have missing menus.

I suspect if I could login as the supervisor user I could do something about it but I can't find what the password is (not 1234, password, supervisor, zyad1234).

I know the supervisor user exists because if I try to create it when in as the admin user it tells me so!

I'd like to check that TR069 is off and I'd like to get to the other menus because now I know that they are there!

Any ideas will be much appreciated


Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 18, 2016, 11:47:00 AM
Well fantastic service from Zyxel router sent Monday 2nd class, new one in my hands Friday lunchtime.

The new one is running 1.00(AAKL.5).  The TR-069  and TR-064 menu items are present.  In addition there is a whole menu for VoIP and a quick start wizard, neither of which I remember being present before.

Upgrade to 1.00(AAKL.15), they are still there.

Restore from my old config file they have gone, as have VOIP and Quick Start!

Factory reset, and this time they reappear. (Note that before the router was swapped out even a factory reset did not result in them reappearing.)  Not a huge amount of work to re-enter the config.

Once again, really good service from Zyxel. :) ;D
Title: Re: VMG8924-B10a disable TR-069
Post by: burakkucat on December 18, 2016, 02:11:52 PM
Once again, really good service from Zyxel. :) ;D

Yes, that is very good customer relations/service.  :thumbs:
Title: Re: VMG8924-B10a disable TR-069
Post by: digitalis on December 18, 2016, 05:12:51 PM
Anyone have the supervisor password? I have a few KCOM zyxels now that are missing the remote management option, pain in the arse!
Title: Re: VMG8924-B10a disable TR-069
Post by: j0hn on December 20, 2016, 10:10:02 PM
I just did this on a 2nd Zyxel, and it didn't work 1st time like my main unit.
i had to follow these steps:

1) upgrade to latest v15 firmware
2) restore default settings from within the GUI
3) open telnet and run the command "save_default clean"
after clearing the romd from telnet do not power off the modem. if i reboot at this point it wouldn't work
4) insert a paperclip into the reset hole for around 10 seconds, or until the lights go out and the unit starts to reboot

all menus should now appear, including voip/tr-069/tr-064
hope this helps anyone
Title: Re: VMG8924-B10a disable TR-069
Post by: tubaman on December 21, 2016, 07:56:23 AM
J0hn,

Thanks - I'll give this a go when I get a chance.
Did you run the "save_default_clean" through the admin user, as the supervisor user has been mentioned previously but I can't access that?
Also, do the extra menus persist after a power off when using your method?
 :)
Title: Re: VMG8924-B10a disable TR-069
Post by: tubaman on December 21, 2016, 10:20:32 AM
I've just given J0hn's steps a go but no joy unfortunately  :(
I suspect that clearing the ROMD via the admin user is not doing the whole job.
I think I just need that supervisor password.
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 21, 2016, 01:02:58 PM
I just did this on a 2nd Zyxel, and it didn't work 1st time like my main unit.
i had to follow these steps:

1) upgrade to latest v15 firmware
2) restore default settings from within the GUI
3) open telnet and run the command "save_default clean"
after clearing the romd from telnet do not power off the modem. if i reboot at this point it wouldn't work
4) insert a paperclip into the reset hole for around 10 seconds, or until the lights go out and the unit starts to reboot

all menus should now appear, including voip/tr-069/tr-064
hope this helps anyone

Can you confirm that these were ISP supplied 8924s?
Title: Re: VMG8924-B10a disable TR-069
Post by: burakkucat on December 21, 2016, 04:14:24 PM
I suspect that clearing the ROMD via the admin user is not doing the whole job.

Here's a quick method of checking if the ROM-D has been cleared --
If the following is displayed, then the ROM-D has been cleared --

Code: [Select]
$ hexdump -C /dev/mtdblock3
00000000  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
*
00100000
$

Please note that the above is a valid method for the VMG1312-B10D but I also expect it to work on other ZyXEL VMGxxxx devices.
Title: Re: VMG8924-B10a disable TR-069
Post by: tubaman on December 21, 2016, 04:56:51 PM
That gives the error - "hexdump: /dev/mtdblock3: No such device or address"
I can see mtdblock3 in the /dev directory but can't do anything with it.
 :(
Title: Re: VMG8924-B10a disable TR-069
Post by: burakkucat on December 21, 2016, 05:50:45 PM
That gives the error - "hexdump: /dev/mtdblock3: No such device or address"
I can see mtdblock3 in the /dev directory but can't do anything with it.
 :(

So you can see the existence of the device node (/dev/mtdblock3) but do not have any utility available to check its contents. Hmm . . .  :-\

Does your ZyXEL VMGxxxx device have the cat utility available? Try cat /etc/passwd and see what is displayed. If there is no error, you could try cat /dev/mtdblock3 and see what is produced.

Note: On ZyXEL VMGxxxx devices, the contents of the /dev/mtdblock3 node is predominantly ASCII (or UTF-8), with just a few binary characters at the beginning. So it would be reasonable to invoke a cat of the device.

If the ROM-D has not been cleared, you will see a mass of readable ASCII (or UTF-8) text displayed.

If the ROM-D has been cleared, you will see something like that shown in the following attachment --
Title: Re: VMG8924-B10a disable TR-069
Post by: tubaman on December 21, 2016, 06:33:16 PM
That errors too - see the attached screenshot which shows the error and the existence of mtdblock3.
'Cat' works fine on files but clearly this is something else.
 ???
Title: Re: VMG8924-B10a disable TR-069
Post by: burakkucat on December 21, 2016, 06:50:30 PM
Then I'm all out of suggestions and therefore, perhaps, best that I stop this hi-jack of lloyd's thread.  :-X
Title: Re: VMG8924-B10a disable TR-069
Post by: tubaman on December 21, 2016, 06:56:29 PM
That's a fair one burakkucat!
I'll desist on this one too.
 :blush:
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 21, 2016, 07:00:25 PM
Then I'm all out of suggestions and therefore, perhaps, best that I stop this hi-jack of lloyd's thread.  :-X
Don't stop on my account guys.  Although I'm sorted, I'm still intrigued to see where this ends up.
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 21, 2016, 07:15:49 PM

I think I just need that supervisor password.

Just a thought.  Has anyone tried logging into the cli with admin, entering busybox and then changing the supervisor password  (passwd supervisor)?
Title: Re: VMG8924-B10a disable TR-069
Post by: tubaman on December 21, 2016, 07:25:09 PM
Just a thought.  Has anyone tried logging into the cli with admin, entering busybox and then changing the supervisor password  (passwd supervisor)?

Hi lloyd,
Yes, I tried that earlier - sorry I should have mentioned it.
It goes through the motions and says that the password has been changed but I still can't log in with it (not to the CLI or the GUI).
It's a real mystery.
 ???
Title: Re: VMG8924-B10a disable TR-069
Post by: lloyd on December 21, 2016, 07:38:08 PM
I assume you have the same info in /etc/image_version - 4126BVMG8924-B10A2101150    ?
Title: Re: VMG8924-B10a disable TR-069
Post by: tubaman on December 21, 2016, 07:44:41 PM
I assume you have the same info in /etc/image_version - 4126BVMG8924-B10A2101150    ?

Yes, the exact same.

It's not the end of the world as this router loves my line (or is it the other way around?) but it'd be nice to have some more settings to fiddle with. >:D
Title: Re: VMG8924-B10a disable TR-069
Post by: burakkucat on December 21, 2016, 08:43:56 PM
Don't stop on my account guys.  Although I'm sorted, I'm still intrigued to see where this ends up.

I was just trying to confirm whether or not tubaman had successfully cleared the ROM-D of his VMGxxxx device.  :)

Working with only my knowledge of a VMG1312-B10D, I was fumbling about almost blindfolded.
Title: Re: VMG8924-B10a disable TR-069
Post by: j0hn on December 28, 2016, 10:21:04 PM
Sorry about the late reply. I did it from the admin account. I didn't actually log in to telnet myself, instead sending the command through DslStats "send custom command" screen. I have no idea if it was an ISP supplied modem, but the VOIP, TR-069 & TR-064 were all missing before and are now all showing.
Title: Re: VMG8924-B10a disable TR-069
Post by: tubaman on December 29, 2016, 09:45:02 AM
Thanks for the clarification J0hn.
I'm not sure why mine refuses to play ball.  I might have another play at some point, but at the moment it's running well and I don't really want to disconnect it.
 :)
Title: Re: VMG8924-B10a disable TR-069
Post by: digitalis on December 29, 2016, 02:15:58 PM
Anyone have the supervisor password? I have a few KCOM zyxels now that are missing the remote management option, pain in the arse!

Nevermind, clearing the ROM-D has resolved the issue as described in my other thread  http://forum.kitz.co.uk/index.php/topic,18552.0.html
Title: Re: VMG8924-B10a disable TR-069
Post by: nix on December 31, 2016, 09:52:10 AM
@digitalis
Please can you share how you enabled the 'save_default clean' command in telnet.
I have a KCOM VMG3925-B10B which I recently bought on ebay, I didn't know it was an ISP locked version when I bid on it, I have got it to work with my ISP and it is running smoothly, but I would like to install the stock firmware and have all the options, I'm also concerened about unwanted access via TR-069 etc.
When I try to access the device via telnet I get busybox and it doesn't recognise the 'save_default clean' command, am I doing something wrong?
TIA
Title: Re: VMG8924-B10a disable TR-069
Post by: Ronski on December 31, 2016, 12:39:15 PM
There is a thread on here somewhere with instructions on how to install stock firmware, but I can't currently find it.
Title: Re: VMG8924-B10a disable TR-069
Post by: nix on December 31, 2016, 01:16:31 PM
Thanks Ronski, this VMG3925-B10B is a cracking little router spoilt a bit by the locked gui, doesn't even give the option of updating the firmware.
When I look at the screenshots of the telnet access of other VMGs it's unclear whether they are in busybox or not...
Title: Re: VMG8924-B10a disable TR-069
Post by: Dray on December 31, 2016, 01:39:32 PM
This? http://forum.kitz.co.uk/index.php/topic,13939.0.html
Title: Re: VMG8924-B10a disable TR-069
Post by: nix on December 31, 2016, 02:14:41 PM
Thanks Dray, looks complicated... Don't want to brick my little VMG...

digitalis has successfully cleared the ROM-D on KCOM ZyXels using the 'save_default clear' I just wondered if I could do the same...
Title: Re: VMG8924-B10a disable TR-069
Post by: Ronski on December 31, 2016, 03:56:25 PM
Yes that's the one, thanks Dray.

I've no idea how easy/hard the process is as I purchased mine unbranded from dmcdonnell. The link for the password generator no longer works, so unlocking may well not be an option anyway.
Title: Re: VMG8924-B10a disable TR-069
Post by: broadstairs on December 31, 2016, 04:08:27 PM
I've no idea how easy/hard the process is as I purchased mine unbranded from dmcdonnell. The link for the password generator no longer works, so unlocking may well not be an option anyway.

Are you meaning the cfe_password_generator? The link is here (http://forum.kitz.co.uk/index.php/topic,17361.msg317430.html#msg317430) and it compiles OK

Stuart
Title: Re: VMG8924-B10a disable TR-069
Post by: skyeci on December 31, 2016, 05:48:37 PM
Thanks Ronski, this VMG3925-B10B is a cracking little router spoilt a bit by the locked gui, doesn't even give the option of updating the firmware.
When I look at the screenshots of the telnet access of other VMGs it's unclear whether they are in busybox or not...

Out of interest have you tried either of the 2 stats programs to see if it will work? - thanks
Title: Re: VMG8924-B10a disable TR-069
Post by: nix on December 31, 2016, 06:20:52 PM
Thanks skyeci, what are the 2 stats programs?
Title: Re: VMG8924-B10a disable TR-069
Post by: skyeci on December 31, 2016, 06:27:29 PM
If you time/spare pc or laptop if you could try this it would be great
http://www.kitz.co.uk/routers/hg612stats.htm
http://www.kitz.co.uk/routers/hg612stats_setup.htm

Be worth trying it as a vmg8324 or 8924 - be great to know if it works, thanks..
Title: Re: VMG8924-B10a disable TR-069
Post by: roseway on December 31, 2016, 06:32:00 PM
See http://www.kitz.co.uk/routers/monitor_linestats.htm for a choice of monitoring programs.

Title: Re: VMG8924-B10a disable TR-069
Post by: nix on December 31, 2016, 06:44:52 PM
I did try sending a command through DSLstats but got the same message as with telnet (-sh: save_default: not found)
 I think digitalis sent the commands through DSLstats... maybe I'm not logging in correctly.

Thanks roseway, I have DSLstats and hg612stats, dunno how to send commands with hg612stats...
Title: Re: VMG8924-B10a disable TR-069
Post by: skyeci on December 31, 2016, 07:04:03 PM
You just create a task in hg612stats, no manual commands to send from the program
Title: Re: VMG8924-B10a disable TR-069
Post by: burakkucat on December 31, 2016, 07:07:34 PM
I did try sending a command through DSLstats but got the same message as with telnet (-sh: save_default: not found)
 I think digitalis sent the commands through DSLstats... maybe I'm not logging in correctly.

With my VMG1312-B10D, I had to invoke zycli save_default clean.

Here follows a log of my actions --

admin@ap's password:


BusyBox v1.20.1 (2016-10-18 15:41:48 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

$ zycli
zycli help
wan
ethwanctl
dns
pppoectl
vcautohuntctl
sys
tr069
wlan
cfgupdate
save_default
$ zycli save_default clean
== Clean ROMD. ==
$ hexdump -C /dev/mtdblock3
00000000  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
*
00100000
$


I logged into the device via ssh, induced the zycli command to tell me its various options, used the correct incantation to clear the ROM-D and then, with the aid of the hexdump utility, confirmed that mtdblock3 (a.k.a. ROM-D) had been cleared.

Please take care, as it is possible that none of the above will be relevant for your device.
Title: Re: VMG8924-B10a disable TR-069
Post by: nix on December 31, 2016, 07:15:42 PM
Thanks skyeci, I'll have looksee...

Thanks burakkucat, that looks really promising as I've just telnetted my device with the zycli command and got the same menu...
Title: Re: VMG8924-B10a disable TR-069
Post by: burakkucat on December 31, 2016, 08:25:22 PM
Thanks burakkucat, that looks really promising as I've just telnetted my device with the zycli command and got the same menu...

Excellent progress!

One other step which is not documented in that snippet from my log file and which I failed to mention, above, is that once ROM-D has been cleared it is imperative that a hardware-level reset is performed on the device. So once the zycli save_default clean incantation has been issued, with the use of your favourite straightened-out paper-clip, press and keep pressed the reset button for around 20 - 30 seconds. Once the reset button has been released, leave the device alone for at least five minutes. Finally, I would recommend that you perform a controlled power-cycle of the device.
Title: Re: VMG8924-B10a disable TR-069
Post by: nix on December 31, 2016, 08:52:54 PM
Well, that worked pretty well, thank you burakkucat  :)

I followed your advice, used ssh via PuTTY, invoked the 'zycli save_default clean' command, got the == Clean ROMD. == message and then entered 'hexdump -C /dev/mtdblock3' to verify the ROMD was clear, then hard reset the device with a pointy thing and hey presto! I have stock firmware on my machine  ;D

The maintenance menu now includes Firmware Upgrade and Remote Management but no TR-069 or TR-064 control, dunno if ZyXEL have removed them in the firmware...

I have used the Firmware Upgrade to successfully install the latest firmware V5.11(AAVF.3)C0

I'm well pleased as I got the VMG3925-B10B for a song on ebay, it's almost new and it's a lovely little router ;D

Thanks evryone for all your help, special thanks to burakkucat  :)
Title: Re: VMG8924-B10a disable TR-069
Post by: burakkucat on December 31, 2016, 09:20:06 PM
Well, that worked pretty well, thank you burakkucat  :)

<snip>

Thanks evryone for all your help, special thanks to burakkucat  :)

You're welcome.  :blush:
Title: Re: VMG8924-B10a disable TR-069
Post by: broadstairs on December 31, 2016, 10:03:35 PM
According to the User Guide I just downloaded for the VMG3925-B10B it should have the TR-064 and TR-069 screens to configure these options.

Stuart
Title: Re: VMG8924-B10a disable TR-069
Post by: Ronski on December 31, 2016, 10:24:22 PM
Are you meaning the cfe_password_generator? The link is here (http://forum.kitz.co.uk/index.php/topic,17361.msg317430.html#msg317430) and it compiles OK

Stuart

The link in the first post in the link below, and in later posts in the same thread

http://forum.kitz.co.uk/index.php/topic,13939.0.html

If the link Stuart posted is correct then the posts could do with editing to reflect the updated source.
Title: Re: VMG8924-B10a disable TR-069
Post by: nix on December 31, 2016, 11:11:36 PM
According to the User Guide I just downloaded for the VMG3925-B10B it should have the TR-064 and TR-069 screens to configure these options.

Stuart

Thanks Stuart, yes I saw them in the User Guide, can't seem to get them to appear, I tried the j0hn method of updating the firmware, resetting from within the gui, telnet the 'save_default clean' command then finally hard resetting... Didn't work for me...
Title: Re: VMG8924-B10a disable TR-069
Post by: soydemadrid on February 16, 2017, 11:19:09 PM
To get all the menus for the admin user you can also just export the router config from the GUI and then add under privileges:

Quote
<X_5067F0_Login_Group instance="1">
<GroupKey>0</GroupKey>
<Privilege>
broadband,wireless,homeNetworking,usbService,powerManagement,routing,dnsroute,vlangroup,qos,nat,dns,halfBridge,igmpSetting,intfGrp,firewall,macFilter,parentalControl,schedulerRule,certificates,ipsecVPN,pptpVPN,sip,phone,callRule,callHistory,log,trafficStatus,voipStatus,arpTable,routeTable,igmpGroupStatus,xdslStatistics,3gStatistics,system,userAccount,remoteMGMT,tr069Client,tr064,time,emailNotification,logSetting,firmwareUpgrade,configuration,reboot,disagnostic,HelpDesk,wizard,status,snmp
</Privilege>

Then just reimport the config and all the menus options will be there!
Title: Re: VMG8924-B10a disable TR-069
Post by: NiceButDim on March 10, 2017, 12:09:03 AM
I just picked up a new Zyxel VMG3925-B10B on Ebay for not a lot of money.  I set it up and then wanted to check the firmware version, but couldn't find the firmware upgrade or the TR069 menus so then did a search and came here. 

I was just about to get a serial connection setup and unlock the unit, when I decided to setup a user (ie. not administrator ) account.  I then logged out and back in again with the new user account and I can see both the menus.  Fortunately my firmware is already at the latest V5.11(AAVF.3)C0 .

Title: Re: VMG3925-B10B disable TR-069
Post by: NiceButDim on March 13, 2017, 12:26:50 AM
This is hopefully of use to anyone using a VMG-3925-B10B and either can't access the firmware update menu and/or can't see the TR-069 menu.

I have two of these boxes now. Both were customised for KCOM.

On the first box:
I created an account with "user" access and when you log in the TR069 and firmware upgrade become available. This box already had the latest firmware.  I was able to toggle TR-069 using CWMP Active menu option.  I can confirm that it does open/close port 7547 when testing with Shields up.

On the second box:
This had older firmware.
I telnet'd into this box and cleaned ROM-D using save_default clean.  After a reboot, from the admin login this exposed the firmware upgrade menu but not the TR-069 menu. I then updated the firmware to the latest.
Still no TR069 menu but it appears to default to closed.  After the update, still no sign of the TR-069 menu.  further more, the "user" account no longer includes the TR-069 menu.  It seems that is included in the KCOM config which is wiped by save_default clean.

I'd really like it to be stealth not closed and will be contacting ZyXel to ask why it is isn't, but the important thing is that it is closed to ISP's trying to access your modem.


 


Title: Re: VMG8924-B10a disable TR-069
Post by: ejsolutions on May 28, 2017, 01:32:15 PM
@NiceButDim:
You've likely tried this..
Could you save the configuration of the working TR-069 menu, then import it to the non-working one, to see if it appears?
Title: Re: VMG8924-B10a disable TR-069
Post by: Chrysalis on July 28, 2017, 11:45:04 PM
I can confirm this works. send the telnet command save_default clean, then reset the modem via the pin hole reset button

doesnt work here on my kcom zyxel, the supervisor password doesnt work.

Am I in the position of having to beg zyxel for this password or is there another way?

I tried NiceButDim's method but command isnt found.

$ save_default clean
sh: save_default: not found

Ok I logged in as a new user and that seems to have worked but where do I find the "1.00(AAKL.5)" firmware?

The firmware on zyxel site and my device is "V5.11(AAVF.3)C0" a completely different numbering scheme.
Title: Re: VMG8924-B10a disable TR-069
Post by: Chrysalis on July 29, 2017, 12:26:16 AM
Here's a quick method of checking if the ROM-D has been cleared --
  • Login as admin
  • At the busybox shell prompt, issue the command hexdump -C /dev/mtdblock3
If the following is displayed, then the ROM-D has been cleared --

Code: [Select]
$ hexdump -C /dev/mtdblock3
00000000  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
*
00100000
$

Please note that the above is a valid method for the VMG1312-B10D but I also expect it to work on other ZyXEL VMGxxxx devices.

I see this but it seems not all is what it seems.

This is what I have managed to do.

I created a new account, which added the firmware upgrade option, but no options to disable tr options.

I flashed a firmware from zyxel's site and selected reset to defaults as well, I assumed an entire new firmware would fix all this.
However after the flash it was locked again.
Remade a new user account and firmware upgrade is visible but no tr options.
Made a new admin account, same as admin except firmware upgrade visible but no TR options (or VOIP).

I ran your hexdump command which shows the exact output you pasted.

I have ran the save_default clean (which worked after I flashed new firmware) and did a pin reset, but still a restricted interface.

To get all the menus for the admin user you can also just export the router config from the GUI and then add under privileges:

Then just reimport the config and all the menus options will be there!

interesting but is no privileges section in my exported config.

I suspoect your trick has been closed off in the newer firmware, as I see this line

Code: [Select]
"Privilege":"_encrypt_QYgPXv7+tjfYdxBKWq1gpoRpSktHo7\/nOHxelBC44t0=",
Seems they now encrypted the field.
Title: Re: VMG8924-B10a disable TR-069
Post by: burakkucat on July 29, 2017, 05:02:27 PM
I suspoect your trick has been closed off in the newer firmware, as I see this line

Code: [Select]
"Privilege":"_encrypt_QYgPXv7+tjfYdxBKWq1gpoRpSktHo7\/nOHxelBC44t0=",
Seems they now encrypted the field.

That looks like a base64 encoded string.

Code: [Select]
[Duo2 ~]$ echo -n "QYgPXv7+tjfYdxBKWq1gpoRpSktHo7\/nOHxelBC44t0="
QYgPXv7+tjfYdxBKWq1gpoRpSktHo7\/nOHxelBC44t0=[Duo2 ~]$ echo -n "QYgPXv7+tjfYdxBKWq1gpoRpSktHo7\/nOHxelBC44t0=" | base64 -d -i | hd
00000000  41 88 0f 5e fe fe b6 37  d8 77 10 4a 5a ad 60 a6  |A..^...7.w.JZ.`.|
00000010  84 69 4a 4b 47 a3 bf e7  38 7c 5e 94 10 b8 e2 dd  |.iJKG...8|^.....|
00000020
[Duo2 ~]$

Confirmed, yes it is.  :(
Title: Re: VMG8924-B10a disable TR-069
Post by: j0hn on July 29, 2017, 09:34:36 PM
Chrysalis, I must say you've lost me with your last 2 posts.
Quote
The firmware on zyxel site and my device is "V5.11(AAVF.3)C0"
This makes me think you're discussing the VMG3925-B10B, as the firmware you mention matches that device, however
Quote
Made a new admin account, same as admin except firmware upgrade visible but no TR options (or VOIP).
The VMG3925-B10B does not have any VOIP menus, it has no VOIP ports.

This thread was specifically for the VMG8924-B10A, but you're discussing VMG3925-B10B firmware numbers, but your looking for VOIP menus.
Can you confirm which device you're asking about?
Title: Re: VMG8924-B10a disable TR-069
Post by: Chrysalis on July 29, 2017, 10:34:49 PM
yes it is VMG3925-B10B, I will keep discussion on it in the right thread from now on sorry.
Title: Re: VMG8924-B10a disable TR-069
Post by: Chrysalis on August 04, 2017, 11:48:48 AM
ok turns out my 8324 is actually a 8924, was misadvertised on ebay :)

I didnt upgrade the firmware, used dumpmdm to get the supervisor password, configured bridge etc. and is now on my line.

Runs closer to the 8800nl than the 3925 but still a bit less SNRM on US and DS, so seems on my line zyxel units no longer outperform the billion, I also suspect if U upgrade the firmware then US sync will regress with more aggressive UPBO.

No analysis of ES yet tho although I do expect US ES to revert to 8800nl levels.