Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2] 3

Author Topic: DLink DSL-320B-Z1 first impressions.  (Read 19214 times)

G.DMT

  • Member
  • **
  • Posts: 76
Re: DLink DSL-320B-Z1 updated scrape script for Newer Firmware Versions.
« Reply #15 on: February 26, 2016, 12:04:19 PM »

Here is an updated shell script which uses curl and MD5 to scrape ADSL Statistics from the web GUI

This is required for newer firmware versions.

[root@k8 scripts]$ ./login-dsl-320b.sh                                                                                                       
   ADSL Statistics                                                                                                                           
   Mode:                              G.DMT                                                                                                   
   Type:                              ANNEX_A                                                                                                 
   Status:                            Showtime                                                                                               
                                                                                                                                             
                            Downstream Upstream                                                                                             
   Rate (Kbps):             3776 kbps 448 kbps                                                                                               
                                                                                                                                             
   SNR Margin (dB):         9.0       17.0                                                                                                   
   Attenuation (dB):        63.5      31.5
   Output Power (dBm):      18.5      12.5

   Super Frames:            563509    563509
   RS Correctable Errors:   53456     195
   RS Uncorrectable Errors: 2398      180

   HEC Errors:              25175     121
   Total Cells:             442118    254083
   Data Cells:              2523309   141559
   Bit Errors:              0         0


[edit: removed attachment  login-dsl-320b.sh.txt after noticing a login bug]
[edit: improved version http://forum.kitz.co.uk/index.php/topic,17065.msg314608.html#msg314608 ]
« Last Edit: February 26, 2016, 09:40:56 PM by G.DMT »
Logged

G.DMT

  • Member
  • **
  • Posts: 76
Re: DLink DSL-320B-Z1 updated Telnet Script.
« Reply #16 on: February 26, 2016, 12:34:26 PM »

Here are updated scripts that use plink and pcregrep to
collect modem data via telnet.

Expand the zip archive into its own folder.
cd into the folder containing the .sh files

For portability ( for anyone without a proper shell e.g. using plink.exe ) the telnet cli commands are
 stored in separate files in the directory  ./telnet-commands

ATM the password is sent from the first line of each *.telnet file
so ensure this will match with your admin password.

For flexibility each command is implemented as a separate .sh file.

usage: ./get-stats.sh

[root@k8 plink-stats]$ ./get-stats.sh
 system up time:    42:23:33 (e8dec6 ticks)
ADSL uptime     2:34:48
--- error-down ---
FEC error interleaved: 51806
CRC error interleaved: 2286
HEC error interleaved: 24044
--- error-up ---
FEC error interleaved: 188
CRC error interleaved: 170
HEC error interleaved: 114
--- error-second ---
Error second in 15min           : 21
Error second in 24hr            : 162
Error second after power-up     : 162
--- margin ---
noise margin downstream: 8.5 db
--- rate-down ---
 3776 kbps
--- rate-up ---
 448 kbps


[edit:]
Just in case it is not immediately obvious why I wrote this:
you need to know the  Errored Seconds count and the Uptime to calculate MTBE
http://www.kitz.co.uk/adsl/DLM.htm#MTBE

And none of that is available in the GUI.  :(

 [edit: More data collection added. updated scripts at:]
http://forum.kitz.co.uk/index.php/topic,17065.msg314808.html#msg314808
« Last Edit: February 27, 2016, 11:10:01 PM by G.DMT »
Logged

Chunkers

  • Reg Member
  • ***
  • Posts: 525
  • Brick Wall head-banger
Re: DLink DSL-320B-Z1 first impressions.
« Reply #17 on: February 26, 2016, 02:31:26 PM »

Thanks for all the cool info, I have transferred my attentions to trying my new Zyxel VMG8324 for the time being whilst I make a few further checks on my D-Link and come back to it.  I already had the latest firmware but i want to double check on the vulnerabilities after you're rather worrying notes above.

On the plus side it was very easy to set up and seemed to be performing well on my line, shame about the security issues.

Thanks again!

Chunks

Logged

aesmith

  • Kitizen
  • ****
  • Posts: 1216
Re: DLink DSL-320B-Z1 first impressions.
« Reply #18 on: February 26, 2016, 07:50:57 PM »

If the D-Link is acting as a modem, I don't see how a private IP address on it can be a security issue.  Doesn't the PPPoE traffic pass straight through, and only appear as IP once it hits the router.  Even if it could see the private address, that's not reachable over the Internet in any case.  Or am I missing something?
Logged

G.DMT

  • Member
  • **
  • Posts: 76
Re: DLink DSL-320B-Z1 first impressions.
« Reply #19 on: February 26, 2016, 08:27:57 PM »

If the D-Link is acting as a modem, I don't see how a private IP address on it can be a security issue.  Doesn't the PPPoE traffic pass straight through, and only appear as IP once it hits the router.  Even if it could see the private address, that's not reachable over the Internet in any case.  Or am I missing something?

@aesmith.
Indeed so.
But it appears that You are assuming that your ISPs network is secure... that a malicious attacker cannot inject carefully crafted Packets (perhaps upstream of or on the PPP gateway) or carefully crafted ATM frames ( perhaps on the ISP network between the gateway and DSLAM)  that would be assembled at the PPP client to target a directly attached non routeable address.
As I understand it that is not impossible.
 
However if the (non routeable) 'Private IP' is visible on the LAN then the device is still open to attach from the LAN, and one of the successful exploits is a  browser x-site scripting attack.
i.e. from your LAN.

Hence the belt+braces advice to NOT use the default IP or password.
 ;D
« Last Edit: February 26, 2016, 09:01:39 PM by G.DMT »
Logged

G.DMT

  • Member
  • **
  • Posts: 76
Re: DLink DSL-320B-Z1 first impressions.
« Reply #20 on: February 26, 2016, 08:51:53 PM »

Thanks for all the cool info, I have transferred my attentions to trying my new Zyxel VMG8324 for the time being whilst I make a few further checks on my D-Link and come back to it.  I already had the latest firmware but i want to double check on the vulnerabilities after you're rather worrying notes above.

On the plus side it was very easy to set up and seemed to be performing well on my line, shame about the security issues.

Thanks again!

Chunks

Similarly, I have transferred my attentions to the Billion 8800NL that arrived today.  ;D

I would be interested to hear how you fare with your Zyxel.  :)

I should have posted up more details on the dlink, but I've posted loads already!  :-[
I did take some notes so if I find the time I might get round to whipping them into some sort of shape fit enough to post.

Oh and whilst writing the web scraper script posted above, I discovered that the 'authentication' appears to not properly block bogus requests.

What seems to happen is that the first successful 'login' from an IP appears to put that IP onto some sort of a whitelist, because subsequent requests can be made from the same IP with bogus credentials, and they will succeed until some timeout has expired.  :(

Oh and because of that I didn't immediately notice that I borked a login parameter in the scraper script- because it always succeeds if you have 'logged in' from your browser.

[edit: attached an updated script version which now does  'login' then web scrape then 'logout']

« Last Edit: February 26, 2016, 09:47:28 PM by G.DMT »
Logged

G.DMT

  • Member
  • **
  • Posts: 76
Re: DLink DSL-320B-Z1 changes in reported firmware version numbers
« Reply #21 on: February 26, 2016, 10:00:52 PM »

For the record, and in case anyone is interested.

Here is a record of the changes visible to binary blob versions
when I installed the latest update image from d-link.
 
[root@k8 plink-stats]# ./sys-version.sh
 RAS version: v1.03
 System   ID: $2.12.116.0(F04.ZZ.5)3.22.2.0 20130325_v006  [Mar 25 2013 13:59:45]
 romRasSize: 1296358
 system up time:    34:14:59 (bc23b9 ticks)
 bootbase version: VTC_SPI1.26 |  2012/12/26

[root@k8 plink-stats]# ./adsl-version.sh                                       
DMT FwVer: 3.22.2.0_A60394 HwVer: T14F7_12.0                                     


Installed updated firmware.

[root@k8 plink-stats]# ./adsl-version.sh
DMT FwVer: 3.22.7.0_A60394 HwVer: T14F7_12.0

[root@k8 plink-stats]# ./sys-uptime.sh
 system up time:     0:03:24 (4fd1 ticks)

[root@k8 plink-stats]# ./sys-version.sh
 RAS version: v1.06                                                           
 System   ID: $2.12.161.0(F04.ZZ.5)3.22.7.0 20140313_v004 [Mar 13 2014 10:50:19]
 romRasSize: 1353830
 system up time:     0:06:14 (9234 ticks)
 bootbase version: VTC_SPI1.26 |  2012/12/26
Logged

G.DMT

  • Member
  • **
  • Posts: 76
Re: DLink DSL-320B-Z1 looking at the ROM image with binwalk.
« Reply #22 on: February 26, 2016, 10:21:12 PM »

So just to set the scene:

[root@k8 admin]# dnf info binwalk.x86_64
Installed Packages
Name        : binwalk
Arch        : x86_64
Epoch       : 0
Version     : 2.0.0
Release     : 6.fc23
Size        : 581 k
Repo        : @System
From repo   : fedora
Summary     : Firmware analysis tool
URL         : http://www.binwalk.org/
License     : MIT
Description : Binwalk is a tool for searching a given binary image for embedded files and
            : executable code. Specifically, it is designed for identifying files and code
            : embedded inside of firmware images. Binwalk uses the python-magic library, so
            : it is compatible with magic signatures created for the Unix file utility.

[root@k8 admin]#


So I used binwalk to search through the ROM image.

Unfortunately the output does not read well on a terminal <100 chars wide. 
so I captured the output oto a file with:
 

[root@k8 admin]# binwalk DSL-320B_Z1_FW_V1\ 06 > 'binwalk-DSL-320B_Z1_FW_V1 06.out'
                                          ^^   Note space in the name :-(  ^^                                                 


and will attach it here.
« Last Edit: February 26, 2016, 11:22:22 PM by G.DMT »
Logged

G.DMT

  • Member
  • **
  • Posts: 76
Re: DLink DSL-320B-Z1 first impressions.
« Reply #23 on: February 26, 2016, 10:30:27 PM »

And just for comparison and to maybe help give an idea of the layout

Here is the binwalk for the ROM image for the previous hardware version
which is the Broadcom Based ver D2
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: DLink DSL-320B-Z1 first impressions.
« Reply #24 on: February 26, 2016, 10:37:06 PM »

@g.dmt  - many, many thanks for the huge amount of work you have put in and for the extremely valuable info you have dug up. Much appreciated.
Logged

G.DMT

  • Member
  • **
  • Posts: 76
Re: DLink DSL-320B-Z1 the infamous zynos RomPager
« Reply #25 on: February 26, 2016, 10:48:54 PM »

[root@k8 scripts]$ curl 192.168.0.6/Allegro
<html>
<head>
<title>Allegro Copyright</title></head><body>
RomPager Advanced Version 4.07<br>(C) 1995 - 2002 Allegro Software Development Corporation
</body></html>


you can read about a recent Zynos security problem here:

"Misfortune Cookie (CVE-2014-9222) Demystified"
http://cawanblog.blogspot.co.uk/2015/02/misfortune-cookie-cve-2014-9222.html

There are date strings sprinkled throughout the latest ROM image, including firmware version dates and software compile dates.
We can observe from  these that the Zynos ROM image has been composed from pieces of quite old software. :(

Logged

G.DMT

  • Member
  • **
  • Posts: 76
Re: DLink DSL-320B-Z1 first impressions.
« Reply #26 on: February 26, 2016, 10:56:32 PM »

@g.dmt  - many, many thanks for the huge amount of work you have put in and for the extremely valuable info you have dug up. Much appreciated.

Thanks Weaver!  :-[

I was doing my due diligence anyway.
I decided it would be better to share the knowledge this time.  ;D

Actually there _is_ maybe one thing that YOU could do.

I seem to vaguely recall you saying in a prevoius thread that you had bought quite a few of these devices?

Do you have one that you could take apart- just open the case?
A dead one maybe or an unused spare?

All that is needed is to open the case and take pictures of the PCB.

The hardware and the OS both support a serial port. (and possibly a USB header too).
So if you can see a serial port (or a USB header) on the board, then I might consider investigating using it to get at the boot prompt.

 ;D


 
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: DLink DSL-320B-Z1 first impressions.
« Reply #27 on: February 26, 2016, 11:21:37 PM »

@G.DmT - Will take one apart if I am able. I had seven devices, last count!
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: DLink DSL-320B-Z1 first impressions.
« Reply #28 on: February 27, 2016, 12:09:42 AM »

See http://forum.kitz.co.uk/index.php/topic,16693.msg307788.html#msg307788

I was hoping you could check a couple of things out for me:

* You said that the bitswap-enable UI control was effective, ticking it produced a worthwhile improvement. Can you tell me whether this was true when in modem-only mode?
 
* Similarly, is the ADSL2+ tickbox effective (assuming you have an ADSL2+ line to test) when in modem-only mode? That is ADSL2+ ticked vs unticked, with ADSL2 ticked in modem-only mode.

I should be able to check this out for myself, but my health difficulties are making it difficult for me.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: DLink DSL-320B-Z1 first impressions.
« Reply #29 on: February 27, 2016, 12:55:58 AM »

@G.DMT - (rather belated posting) I notice you posted a very impressive d/s sync rate of 4224 considering your high d/s attn (63.5 dB - which we take to be fake seeing as you are running on G.DMT), although your line is not incredibly long. (Mine is 4.55 mi, 7322 m, 21CN ADSL2+, d/s attn. of 65 - 67 dB, d/s sync ~2900 kbps.)

The line seems to be unstable at that high sync rate though, (perhaps needing a load of interleave?) - because of the very bad news >2000 d/s HEC errors. Is it locked into fastpath somehow? Is that the source of the corruption?  :no:

I realise there's no point me asking you in that earlier post to test out ADSL2+ vs ADSL2 comparison for me if you don't have ADSL2+. Doh.  :blush: Sorry.
« Last Edit: February 27, 2016, 01:11:31 AM by Weaver »
Logged
Pages: 1 [2] 3