Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 ... 7 8 [9] 10 11 ... 21

Author Topic: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B  (Read 207724 times)

waltergmw

  • Kitizen
  • ****
  • Posts: 2776
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #120 on: April 10, 2012, 06:57:58 PM »

@ uklad & asbokid,

As you are aware we shall be ready and waiting in Ewhurst when eventually we have some service availability.

VERY well done !

Kind Regards,
Walter
Logged

ben1066

  • Member
  • **
  • Posts: 74
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #121 on: April 10, 2012, 07:15:33 PM »

Seems my serial adapter will be just for my benefit, unless there is still something I could help with. Nice work none the less.
Logged

nimda

  • Member
  • **
  • Posts: 14
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #122 on: April 10, 2012, 07:24:21 PM »

Well done, the pair of you!  I'll be following suit as soon as my serial link arrives.

The next step [ed.] chapter, surely, is to have something completely Free on there?
« Last Edit: April 10, 2012, 10:38:48 PM by nimda »
Logged

asbokid

  • Kitizen
  • ****
  • Posts: 1286
    • Hacking the 2Wire
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #123 on: April 10, 2012, 08:56:06 PM »

Seems my serial adapter will be just for my benefit, unless there is still something I could help with. Nice work none the less.

Hi Ben,

If you fancy a look, AlphaNetwork's tweak of the LZMA algorithm needs documenting with the aim of reverse engineering it. It is used in dozens of different routers to lock down the file systems.

Or maybe you're interested in the btagent remote management tool that is found in the ECI firmware?  The same tool is used in the Huawei HG612, the Home Hub 3.0a (and probably the Business Hub 3.0 and maybe the HH 3.0b).  The tool relies on an RSA-1024 key for security, so a brute-force attack is "currently infeasible", but maybe there are implementation flaws  :no:

Lots of exciting opportunities!

cheers, a
Logged

uklad

  • Member
  • **
  • Posts: 55
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #124 on: April 10, 2012, 09:00:45 PM »

Great work guys  ;)

Would it be possible to unlock the modem via the second Lan port?

It maybe possible to squirt a modified firmware using Tftp at initial power up via uboot, right now Its not worth me looking into that until we have a working unlocked firmware something that asbokid is still working on
Logged

asbokid

  • Kitizen
  • ****
  • Posts: 1286
    • Hacking the 2Wire
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #125 on: April 10, 2012, 11:11:53 PM »

Great work guys  ;)

Would it be possible to unlock the modem via the second Lan port?

Hi Josh,

Probably not. Not unless the bootloader has a network backdoor.  Another possibility is to crack the btagent remote management tool (which is accessible LAN-side via udp/161).  Slim prospect of success there though.

For those who don't want to solder to the PCB, maybe a strip of right angled header pins could be taped temporarily to the solder pads for the UART port.

cheers, a

EDIT:  port 161 not 169..
« Last Edit: April 16, 2012, 12:41:56 AM by asbokid »
Logged

JoshShep

  • Reg Member
  • ***
  • Posts: 266
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #126 on: April 11, 2012, 07:36:12 AM »

Cheers a,

guess I'm out of luck then lol, I am terrible with a soldering iron.  :lol:

waltergmw

  • Kitizen
  • ****
  • Posts: 2776
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #127 on: April 11, 2012, 07:52:28 AM »

@ asbokid,

I think you've just invented a reason for somebody to develop a conducting glue to be dispensed from a hypodermic type of applicator.

Kind regards,
Walter
Logged

uklad

  • Member
  • **
  • Posts: 55
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #128 on: April 11, 2012, 02:39:32 PM »

@ asbokid,

I think you've just invented a reason for somebody to develop a conducting glue to be dispensed from a hypodermic type of applicator.

Kind regards,
Walter

already exists !!

http://www.ecrater.co.uk/p/7983362/silver-conductive-glue
Logged

waltergmw

  • Kitizen
  • ****
  • Posts: 2776
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #129 on: April 11, 2012, 05:21:37 PM »

Quite astonishing UKLad !

Now all we need is the robot and surgeon's microscope.

Kind regards,
Walter

Logged

ben1066

  • Member
  • **
  • Posts: 74
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #130 on: April 11, 2012, 05:23:47 PM »

Right so, got myself a uart connection, YAY. I've modded the config file as per the wordpress guide (you missed gzipping the config file btw). Is there anyway to set the web interface to lan 2 and the bridge to lan 1, or vice versa? I have it up on lan 1 currently, which is great, until I want to use the internet.
« Last Edit: April 11, 2012, 06:24:47 PM by ben1066 »
Logged

uklad

  • Member
  • **
  • Posts: 55
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #131 on: April 11, 2012, 06:33:00 PM »

Right so, got myself a uart connection, YAY. I've modded the config file as per the wordpress guide (you missed gzipping the config file btw) but I can't work out how to connect to the web interface...

Make sure you are connected to Lan2 and the dsl is not connected !! see below..

I think I may have found a flaw in our unlock, it looks like when the Home hub or any other router establishes the PPPOE connection to BT via lan 1 the br0 ip address get changed thus loosing connectivity to the web interface on Lan 2 going to try and look into this tonight..
Logged

ben1066

  • Member
  • **
  • Posts: 74
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #132 on: April 11, 2012, 07:11:07 PM »

Hmm, well what I've done has given me the web interface on lan 1....
Logged

uklad

  • Member
  • **
  • Posts: 55
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #133 on: April 11, 2012, 07:13:01 PM »

Hmm, well what I've done has given me the web interface on lan 1....

You should all so get it on Lan2 but I fear you may loose if once connected to the internet..
Logged

ben1066

  • Member
  • **
  • Posts: 74
Re: Hacking the ECI model B-FOCuS V-2FUb/I Rev.B
« Reply #134 on: April 11, 2012, 07:43:31 PM »

It's all good, with a bit of OpenWRT foo I've succeeded in being able to access the lan 1 web interface while also using lan 1 for PPPoE. http://wiki.openwrt.org/doc/howto/access.modem.through.nat The test_agent executable is interesting too... test_agent config seems to reveal the tr-069 url, maybe we could fake the server by running a dns server locally and "fool" the modem into taking our commands? Also, is there any way to get like stats? I haven't found any xdsl binary.
« Last Edit: April 11, 2012, 08:02:49 PM by ben1066 »
Logged
Pages: 1 ... 7 8 [9] 10 11 ... 21