Kitz Forum

Broadband Related => Broadband Hardware => Topic started by: Rorton on July 03, 2020, 01:50:06 PM

Title: VMG8324 confused ;)
Post by: Rorton on July 03, 2020, 01:50:06 PM: Had delivered a was John Lewis VMG8324, its on Firmware 1.00(AAKL.24)C0.

I managed to ssh into the box using admin account, running the echo $(cat /var/csamu) to get the base64 listing for the passwords, used an online site to convert the base64, and now I have a working supervisor password (phew, first hurdle over!)

What do I do with the box now?!!? Do I need to do the rom_d thing first, then add in the modded firmware?

Been reading the forum for a few hours, and feel like I have gone round in circles and eyes are hurting now!

Thanks
Title: Re: VMG8324 confused ;)
Post by: Rorton on July 03, 2020, 01:52:57 PM: Im guessing I deed to disable TR069 Inform, and actually disable TR069 too?
Title: Re: VMG8324 confused ;)
Post by: Rorton on July 03, 2020, 03:17:02 PM: Answering as I go here ;)

Ive disable both TR069 options, so deactivated it and switched off the inform.

Ive also reset the rom_d from the cli, did a pin reset, then rebooted, and im back on the device and in the broadband settings, for the wan vdsl interface all the John Lewis settings had gone.

Ive changed my wan to be bridge mode, as that's all I need, set the lan to 101 and 802.1p to 2, which matches what's currently set on my hg612 Openreach Modem.

Do I need to load any newer firmware?

Interestingly, when I reset the device after the rom_d, the supervisor password changed again, I had to go to cli again as admin, and rerun echo $(cat /var/csamu) to get a newly generated supervisor password - will they always keep changing, and will there come a point in time when I lock myself out from the box from uploading something and then can't run that command?
Title: Re: VMG8324 confused ;)
Post by: burakkucat on July 03, 2020, 05:15:32 PM: If you now change the supervisor "password" to a string of your own making then I believe it will not be modified by any later firmware upgrades.
Title: Re: VMG8324 confused ;)
Post by: tubaman on July 03, 2020, 06:07:52 PM: Quote from: burakkucat on July 03, 2020, 05:15:32 PM
If you now change the supervisor "password" to a string of your own making then I believe it will not be modified by any later firmware upgrades.
I can't comment on the above as I've not tried it, but if you save your own config back to ROMD the Supervisor password should then stay the same (at least that is the experience with my VMG8924).
The newest firmware (V28) did patch some vulnerabilities so I think it's worth upgrading.
:)
Title: Re: VMG8324 confused ;)
Post by: ejs on July 03, 2020, 07:04:50 PM: I could not find any facility to change the supervisor password on my VMG8924, it doesn't appear to allow you to.
Title: Re: VMG8324 confused ;)
Post by: banger on July 03, 2020, 07:10:57 PM: Quote from: ejs on July 03, 2020, 07:04:50 PM
I could not find any facility to change the supervisor password on my VMG8924, it doesn't appear to allow you to.

I found that too, but upgrading from V24 to V28 didnt change Super password.
Title: Re: VMG8324 confused ;)
Post by: Rorton on July 04, 2020, 01:14:51 PM: Ok great thanks for the replies. So I’m ok to now load the latest Zyxel genuine firmware (28) and shouldn’t risk getting locked out of supervisor or no way to retrieve?

I just remember reading threads where people had said “you shouldn’t have done that yet, or shouldn’t have upgraded yet” etc, so just want to make sure I’m doing this in the right sequence.

I read about a modded firmware too, is that worth installing or just stick with latest genuine firmware?
Title: Re: VMG8324 confused ;)
Post by: ejs on July 04, 2020, 03:14:46 PM: The supervisor password can be easily obtained on v28.