Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 ... 6 7 [8] 9

Author Topic: Hacking TP Link TD-W9970  (Read 83659 times)

Dray

  • Kitizen
  • ****
  • Posts: 2361
Re: Hacking TP Link TD-W9970
« Reply #105 on: October 31, 2017, 11:41:27 AM »

I think DLM gets upset if you mess with the snr. It’s prohibited in one of the BT SINs
Logged

sagittarius

  • Just arrived
  • *
  • Posts: 3
Re: Hacking TP Link TD-W9970
« Reply #106 on: October 31, 2017, 06:08:25 PM »

Thank you Dray for the explanations even though I'm in France.

I'm still interested for some feedback about the xdslctl configure -snr parameter with a VDSL2 profile.
« Last Edit: October 31, 2017, 06:14:01 PM by sagittarius »
Logged

kitzuser87430

  • Reg Member
  • ***
  • Posts: 432
Re: Hacking TP Link TD-W9970
« Reply #107 on: October 31, 2017, 08:45:45 PM »

As far as I know in the UK the "xdslctl configure -snr" command does not work on VDSL2 cabinets; the dslam just ignores the command.

Some ASUS xDSL routers (spawn of the devil) can override the dslam SNR and power back off.

Perhaps you could experiment for us and see if the "xdslctl configure -snr" command works in France.

The table on this page http://www.kitz.co.uk/routers/dg834GT_targetsnr.htm may give you some assistance.

Ian
Logged

user555

  • Just arrived
  • *
  • Posts: 1
Re: Hacking TP Link TD-W9970
« Reply #108 on: December 24, 2017, 02:32:37 PM »

Hello.
I've got W9970 v2.
By default, tp-link connects to VDSL2 with a profile 17a.
How to change a connection profile?
« Last Edit: December 24, 2017, 02:34:40 PM by user555 »
Logged

rafik24

  • Just arrived
  • *
  • Posts: 1
Re: Hacking TP Link TD-W9970
« Reply #109 on: December 28, 2017, 01:32:30 PM »

Hi All,

And a big thank you for your contribution to this thread.

I managed to get telnet access by following this thread and i was hopping i could install lede or other custom firmware on the 9970 but it seem like no trace on the net on what is supported and some kind of howto.

Would you happen to know where i can find this ?

Thanks,
Rafik
Logged

dgilbert2

  • Member
  • **
  • Posts: 27
Re: Hacking TP Link TD-W9970
« Reply #110 on: January 07, 2018, 08:53:38 PM »

Thank you for all the hard work in this thread  :)

I have just setup my W9970 V2 by following the post and files referenced below;

http://forum.kitz.co.uk/index.php/topic,17108.msg315358.html#msg315358

I then used custom command xdslctl in DSLstats and all seems sorted  :)

Just a note to say that it seems you need you use StatPOSTer-test3.jar now as test2 gave me a checksum error.
Logged

Flossies

  • Just arrived
  • *
  • Posts: 3
Re: Hacking TP Link TD-W9970
« Reply #111 on: March 30, 2018, 08:05:28 PM »

Hello, I'd like thank all (especially ejs) for the guidance...
I've recently acquired a TP-Link TD-W9970 V1.

I wanted a way to extract the conf.bin on GNU/Linux, so I had a look at the compression format.  It wasn't obvious so it took me a little time, largely because I don't know much about compression.  But in the end I managed to write a Python 3 utility to uncompress and compress the TP-link TD-W9970's config files; so config files can do a complete round trip from bin to xml and back.

It's a command line utility and should work on any OS/platform that can handle Python 3:
https://github.com/sta-c0000/tpconf_bin_xml

I also posted a little bit of extra information in the readme there about controlling the LEDs, timings, and where to get a couple of extra tools.
Fun stuff, hopefully someone else finds this useful, cheers.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Hacking TP Link TD-W9970
« Reply #112 on: March 30, 2018, 08:24:21 PM »

Welcome to the Kitz forum.  :)

Thank you for writing the utility and making it available. I'm sure it will prove useful.

Python is a language with which I am not familiar, so your code, having taken a look, remains a mystery to me.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Flossies

  • Just arrived
  • *
  • Posts: 3
Re: Hacking TP Link TD-W9970
« Reply #113 on: April 07, 2018, 01:15:56 PM »

Adding a little extra information here in case anyone else is interested:

The reason the description field gets executed is because it is quoted when the router launches the plug-and-play daemon, regardless if upnp is disabled in the configuration:
Code: [Select]
sh -c upnpd  -L  br0  -W  ppp1  -en  0  -nat 1 -port 80  -url  "http://www.tp-link.com"  -ma  "TP-LINK"  -mn  "TD-W9970"  -mv  "1.0"  -desc  "300Mbps Wireless N USB VDSL/ADSL Modem Router" &
Appears to only be two DES key(s) in firmware:
47 8D A5 0B F9 E3 D2 CF
   rdp_backupCfg & rdp_restoreCfg (conf.bin)
   rdp_saveModem3gFile > rsl_3g_saveModem3gFile
47 8D A5 0F F9 E3 D2 CB
   dm_loadCfg (/etc/default_config.xml) > dm_decryptFile
   dm_init (/etc/reduced_data_model.xml) > dm_decryptFile

For now, I have chosen to simply kill many of the obvious processes I don’t need, and running my own instead:
killall -1 upnpd
killall ushare cwmp noipdns dyndns

This frees up more than half the ram.

Using latest busybox-mips, I’m running my own web server (httpd) on the router and several other misc. services managed by inetd.
Simple example: I wanted to be able to quickly get internet IP address from router, so…
inetd.conf line:
Code: [Select]
9970 stream tcp nowait admin /var/usbdisk/sda1/inetd/get-external-ip.shget-external-ip.sh:
Code: [Select]
ifconfig ppp1 | awk -F"[: ]+" '/inet addr:/ {print $4}'Then, to get internet IP address on my PC (or wherever inside LAN) I simply run:
Code: [Select]
nc gateway 9970
Looks like we can even run websocket.sh, fun.

Router is much more useful to me now, Thanks.
Happy hacking!
Logged

Koroshiya

  • Just arrived
  • *
  • Posts: 1
Re: Hacking TP Link TD-W9970
« Reply #114 on: April 28, 2018, 02:43:48 PM »

Hello and thanks guys.  ;)
I tweaked my snr margin (i have a poor adsl connection).

i earned 1mb/s in dl so i don't need to return my TD-W9970v2 to Amazon lol. Tanks for all. ^^
Logged

Flossies

  • Just arrived
  • *
  • Posts: 3
Re: Hacking TP Link TD-W9970
« Reply #115 on: September 03, 2018, 05:29:52 PM »

I've updated the README and added pre-compiled OpenSSH_7.8p1 sshd server binary for the TP-Link TD-W9970 if anyone is interested:
https://github.com/sta-c0000/tpconf_bin_xml

Since we can't easily run OpenWRT on this Broadcom based xDSL modem, I used Buildroot to cross-compile several useful tools like curl, rsync, knockd, etc. for the modem.  At first I was using dropbear to connect to the device using SSH, but then I was also wanting chrooted sftp to access the drive using sshfs... so I applied a simple patch for OpenSSH to work on the TP Link TD-W9970.  It does consume more RAM than dropbear, but it's not that bad.
I though running an ssh and chrooted sftp service might be of interest to others.

I know in this day of cheap SBCs it makes more sense to run services on one of those, but since the modem is already powered, I figure why not use it...
« Last Edit: September 03, 2018, 06:40:58 PM by Flossies »
Logged

stretch

  • Just arrived
  • *
  • Posts: 1
Re: Hacking TP Link TD-W9970
« Reply #116 on: November 15, 2018, 10:16:36 AM »

Can anyone recommend a base os that can be used to build a factory image from the GPL? or what dependencies will be required to do so.

I tried fedora 14 as per the readme but this failed.
Logged

stormswift

  • Just arrived
  • *
  • Posts: 2
Re: Hacking TP Link TD-W9970
« Reply #117 on: January 11, 2021, 06:00:54 PM »

Hi all.

Many thanks for the information here - allowed me to (belatedly it seems) hack my TD-W9970 v2 config to allow for telnet (and using DSLstats).

The strange side affect seems to be that the Web interface on the router no longer responds. Port scanning can see that httpd is running, and ps reveals it running as well under a telnet session, however it just never responds (browsers eventually timeout trying to get the page being served up).

I'm on the latest (2020) firmware so not sure if that might be the issue?  Going to have to hard reset router back to default firmware to get back into it I think...

Any thoughts/help gratefully accepted.
Logged

stormswift

  • Just arrived
  • *
  • Posts: 2
Re: Hacking TP Link TD-W9970
« Reply #118 on: January 11, 2021, 10:28:12 PM »

Hard reset and reloaded last good conf. Realised that I'd picked up a more complex Description string from posts and this was causing the web interface to hang/become unresponsive. Simple string worked and then I tried a lot of combinations and it seems like trying to put a < > in to hide the telnetd in any way (including encoding as &lt;) causes the unhappiness.

In the end settled for:
<Description val="Modem Router (running:`telnetd -p 1023 -l login`)" />

Thanks again for everyone's posts and contributions here.
Logged

sasuke0

  • Just arrived
  • *
  • Posts: 1
Re: Hacking TP Link TD-W9970
« Reply #119 on: January 25, 2021, 10:09:52 PM »

Hey all,

Just wanted to update everyone on the new batch of W9970 V4, after my V2 developed a fault.

Seems like they changed the hardware, producing way more errors (had 0 with V2 for months) :(

The device itself feels lights and now takes a lower power adapter 9V 0.85A, no idea what chip they are using now.
Logged
Pages: 1 ... 6 7 [8] 9