Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 ... 15 16 [17] 18 19 ... 32

Author Topic: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)  (Read 117064 times)

jhm

  • Member
  • **
  • Posts: 25
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #240 on: September 10, 2018, 07:53:49 PM »

Look a little closer and you will see that is only an initial set-up of the "passwd" file with a descrypt() encrypted string. Further manipulation then takes place.

Ah, but couldn't I add something in the bootup script(s) run as root to zap the passwd file each time ? :)

Now, if what you imply is true, someone who knows their descrypt() from many years ago would recognise "3G" as the salt and "nc.CJE1790M" as the perturbation resulting from an operation with a string of length no more than eight characters.  ;)

That reminds me of the days when 56-bit DES was US export restricted. :D
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #241 on: September 10, 2018, 08:31:21 PM »

Yes, I remember it well.  ;)

For amusement, here is a quick and dirty piece of C source code --

Code: [Select]
#define _XOPEN_SOURCE
#include <unistd.h>

#include <stdio.h>
#include <stdlib.h>

/* Link with -lcrypt. */

int main()
{
char *key = "zyad1234";
char *salt = "3G";

printf("crypt(%s, %s) returns %s\n", key, salt, crypt(key, salt));

printf("supervisor:3Gnc.CJE1790M:0:0:Administrator:/:/bin/sh\n");

exit(EXIT_SUCCESS);
}

Compiled and executed it returns --

Code: [Select]
crypt(zyad1234, 3G) returns 3Gnc.CJE1790M
supervisor:3Gnc.CJE1790M:0:0:Administrator:/:/bin/sh

Confirming what, I believe, you already know.  :D
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

jhm

  • Member
  • **
  • Posts: 25
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #242 on: September 10, 2018, 09:00:22 PM »

Confirming what, I believe, you already know.  :D

Very good. ;D

I will take a look at the 3925 source when I get it from Zyxel. :)
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #243 on: September 10, 2018, 10:08:30 PM »

All ZyXEL CPEs (initially) have a supervisor password of "zyad1234". Subsequent manipulation transforms it into a 8-character string (taken from the set of lower-case hexadecimal digits).

I believe that if one quotes the device serial number (or is it the MAC?) to ZyXEL, they are able to provide the supervisor password. I'm quite sure it is not a case of a look-up in a very big list -- just a software transformation. So that is a nice project for someone . . .  :-X
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #244 on: September 11, 2018, 09:43:38 PM »

@jhm - sorry, my post was rather misleading. I have an FB2500 which acts as a standby / backup against lightning damage. (The FB2500 was indeed called in from retirement to report for duty a while ago when a port on my FB2700 got zapped. Then AA simply gave me a free, newFB2700 as a replacement, so I didn’t even need to claim on insurance. Even restarted the clock on the warranty I think, iirc. Incredible.)

I have four modems going into a small ZyXEL switch acting as a VLAN MUX/de-MUX, the MUX being needed because there are not enough free ports on the Firebrick. Distinct VLAN tag numbers are associated with each line, which The Brick understands.
« Last Edit: September 11, 2018, 10:35:05 PM by Weaver »
Logged

jhm

  • Member
  • **
  • Posts: 25
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #245 on: September 11, 2018, 10:13:48 PM »

@weaver - a free FB2700 as a replacement is great service!  With my FB2900, I only got a free cuddly dragon. :D  I have a similar setup as yours but with only two lines - HG612s (to be replaced with VMG3925-B10Bs) to a Zyxel switch and then a FB2900 and some MikroTik WAPs around the house.

Back OT: it took two days but I now have the firmware source from Zyxel for the VMG3925-B10B.  Time to have a look what's inside...
Logged

jhm

  • Member
  • **
  • Posts: 25
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #246 on: September 12, 2018, 11:25:00 PM »

Back OT: it took two days but I now have the firmware source from Zyxel for the VMG3925-B10B.  Time to have a look what's inside...

OK - thanks to my brother, the VMG3925-B10B is working now with baby jumbo frames in bridge mode with the latest firmware V5.13(AAVF.11)C0 (which has Broadcom firmware version A2pv6F039x1).

The build process and the jumbo patch required for the VMG3925-B10B firmware is different from the VMG1312-B10D build process and the Olipro jumbo patch.

Zyxel supplied firmware source (request here) with baby jumbo frames enabled:
https://github.com/trejan/VMG3925-B10B

Changes to the two files (README.md and bcmsdk-416L05-AAVF-config-3.4):
https://github.com/trejan/VMG3925-B10B/commit/1b41dc24b9e382dd8e12d5367dec229ab0d82e22

Compiled firmware image with baby jumbo frames in bridge mode:
https://github.com/trejan/VMG3925-B10B/releases

The Zyxel supplied firmware image (w/o baby jumbo frames in bridge mode) in case you want to restore:
ftp://ftp.zyxel.com//VMG3925-B10B/firmware/VMG3925-B10B_5.13(AAVF.11)C0.zip

It works fine here but obviously use at your own risk etc.
« Last Edit: September 12, 2018, 11:49:47 PM by jhm »
Logged

jhm

  • Member
  • **
  • Posts: 25
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #247 on: September 12, 2018, 11:42:06 PM »

I got 3 Mbps (so far at least) more out of my line by switching from the HG612 to the VMG3925-B10B. :)

I have another VMG3925-B10B on the way to replace the HG612 remaining on the other line of the bonded pair.  That other modem will be used for some digging around to see if the supervisor password can be recovered/set without cracking the hash...
Logged

jhm

  • Member
  • **
  • Posts: 25
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #248 on: September 14, 2018, 01:50:29 AM »

That other modem will be used for some digging around to see if the supervisor password can be recovered/set without cracking the hash...

A new version of the VMG3925-B10B firmware is now up on:

https://github.com/trejan/VMG3925-B10B

This contains (i) the jumbo frames patch; and (ii) a mechanism to sync the admin user password to supervisor + root.

Quote
The supervisor and root passwords are reset every startup by a big closed source Zyxel shared library (/lib/private/libzcfg_be.so) that handles all of the initialisation and configuration tasks in this router. The library calculates a new root + supervisor password based on the serial number or MAC address with an unknown algorithm. There is now a cronjob that will sync the admin user password to the root + supervisor accounts every minute. Don't try to directly change the root or supervisor account passwords as they will get overwritten.
Logged

johnson

  • Reg Member
  • ***
  • Posts: 838
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #249 on: September 18, 2018, 11:51:42 AM »

Awesome work jhm (and brother)!

Is there any reason you are running the password copy script in a cron job that often? Does the zyxel management stuff generate the supervisor password other times than at boot?
Logged

jhm

  • Member
  • **
  • Posts: 25
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #250 on: September 18, 2018, 12:27:12 PM »

Is there any reason you are running the password copy script in a cron job that often? Does the zyxel management stuff generate the supervisor password other times than at boot?

I think it's only generated at boot by the Zyxel binary.  The only reason for having the cron job run every minute is in case the admin password is changed by the user so that it can be synced across to supervisor and root within a minute (rather than requiring a reboot of the modem).
Logged

johnson

  • Reg Member
  • ***
  • Posts: 838
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #251 on: September 18, 2018, 12:35:58 PM »

Ah, good point!
Logged

j0hn

  • Kitizen
  • ****
  • Posts: 4093
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #252 on: September 21, 2018, 03:13:43 PM »

BCM63168 + extra common mode noise filter:
      VMG1312-B10A
      VMG3925-B10B
      VMG8x24-B10A

BCM63381:
      VMG1312-B10D

https://forum.kitz.co.uk/index.php/topic,18246.msg383403.html#msg383403

I'm not convinced the VMG3925-B10B has the filter as you mentioned. I assume you got that info from the AA page?
Logged
Talktalk FTTP 550/75 - Speedtest - BQM

jhm

  • Member
  • **
  • Posts: 25
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #253 on: September 21, 2018, 03:26:14 PM »

I'm not convinced the VMG3925-B10B has the filter as you mentioned. I assume you got that info from the AA page?

Yes, and noted the questions you've raised on this in the other thread on here and on TBB.  Thank you - I will be keen to hear!
Logged

GigabitEthernet

  • Kitizen
  • ****
  • Posts: 2243
Re: BCM63168 Modems that Support Baby Jumbo Frames (Bridge Mode)
« Reply #254 on: January 17, 2019, 06:03:27 PM »

I flashed the VMG1312 firmware from GitHub on my modem and 1500 MTU isn't working :(
Logged
Pages: 1 ... 15 16 [17] 18 19 ... 32
 

anything