Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2 3 ... 5

Author Topic: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?  (Read 16406 times)

meritez

  • Content Team
  • Kitizen
  • *
  • Posts: 1623
VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« on: November 01, 2018, 06:44:01 PM »

Hi,

anyway, just reading through the new firmware revision stuff:

Versions:
Bootbase version: V1.61 | 05/25/2018 17:08:36
Firmware version : V5.13(AAXA.8)C0
Kernel version: 3.4.11
DSL modem code version: A2pvI042r
DSL driver version: d26s
WLAN code version: 7.14.164.20.cpe4.16L05.0-kdb
3G WWAN package version: 1.18

nothing wow and came across:

Modifications in V5.13(AAXA.8)b1
Based on V5.13(AAXA.7)C0 to release V5.13(AAXA.8)b1 [Feature Modification]
5. [GUI] New GUI 2.0 design.

The GUI is actually functional, it does not take forever to do anything..



Logged

tiffy

  • Kitizen
  • ****
  • Posts: 1319
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #1 on: November 01, 2018, 08:02:17 PM »

You may already be aware, the previous (current) FW revision V.5.13(AAXA.7) of 25/12/17 had to be avoided if Busybox access was required (such as running DSLStats) as this was disabled with this revision, 1312-B10D users had to stick with the previous (previous) FW revision V.5.13(AAXA.5) of 20/07/17 if running DSLStats was a requirement.

Will be interesting to see if this feature has now been re-enabled in FW revision V.5.13(AAXA.8), I do have a spare 1312-B10D where I can try the new FW out when I get some time.

Quote
The GUI is actually functional, it does not take forever to do anything..

Not sure what you mean ref. the GUI being non-functional / slow ?
I generally find it to be just the same speed as my 1312-B10A, certainly not slow.

I did have an unusal issue with my 1312-B10D where the GUI was completely non-functional, just sat at the first page with the busy icon churning away for ever, eventually found that this was only using Win 10 with MS Edge browser combination, any other browser on Win 10 and any browser on my Win 8.1 desktop PC worked perfectly !
This is documented here:
https://forum.kitz.co.uk/index.php/topic,22543.msg385504.html#msg385504

Edit:  Apologies for not noticing earlier, welcome to the kitz forum
Logged
BT FTTP 150/30, BT Smart Hub 2

tiffy

  • Kitizen
  • ****
  • Posts: 1319
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #2 on: November 02, 2018, 01:19:08 PM »

Decided to try out the new 1312-B10D FW, V.5.13(AAXA.8)C0 on my spare unit, not line commected.

Yes, completely different GUI appearance which I took an instant dislike to, all the same features are still there, just different access navigation, certainly not an improvement in my opinion.

Before hurriedly "trying" to get back to FW rev. V.5.13(AAXA.5) made the following observations:
Telnet/Busybox access is available.
None of my PW's had changed, still had full supervisor access.
The "passwd" file appears to no longer contain the crypted PW character strings, "cat /var/passwd" produces this:-

BusyBox v1.20.1 (2018-08-24 13:58:33 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
$ cat /var/passwd
nobody:x:99:99:nobody:/nonexistent:/bin/false
root:x:0:0:root:/home/root:/bin/sh
supervisor:x:12:12:supervisor:/home/supervisor:/bin/sh
admin:x:21:21:admin:/home/admin:/usr/bin/zysh


Tried to roll back FW to revision V.5.13(AAXA.5)
Warning appeared advising that some "feature may be different", OK to continue or Cancel to go back, only problem being there were no OK or Cancel links/buttons in the window, enter or escape wouldn't work either !
On aborting and re-trying the same revision, this time advised that the (same) file was now an "illegal image, failed".

Decided to try rolling back to the previous FW revision, V.5.13(AAXA.7)
Did not display any errors as such but just sat with the busy icon continually spinning, gave up after considerable waiting time and closed the window.
Much to my surprise when re-connecting, had gone back to V.5.13(AAXA.7)
Checked Telnet/Busybox access on this revision and found that this now worked, no Busybox access had been a known issue with this revision, the "passwd" file content still looked the same as V.5.13(AAXA.8)C0.

Now was able to roll back to revision V.5.13(AAXA.5) without any issues.

The new 1312-B10D GUI interface is not for me, I much prefer the existing ZyXEL GUI appearance and functionality.
There certainly appears to be some bugs associated with V.5.13(AAXA.8)C0 FW upgrading/rolling back operations.
Location of encrypted PW's appears to have changed, perhaps the PW encryption policy/method has changed ?

Edit: Typo corrected.

« Last Edit: November 02, 2018, 05:23:59 PM by tiffy »
Logged
BT FTTP 150/30, BT Smart Hub 2

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #3 on: November 02, 2018, 06:05:24 PM »

The "passwd" file appears to no longer contain the crypted PW character strings, "cat /var/passwd" produces this:-

BusyBox v1.20.1 (2018-08-24 13:58:33 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
$ cat /var/passwd
nobody:x:99:99:nobody:/nonexistent:/bin/false
root:x:0:0:root:/home/root:/bin/sh
supervisor:x:12:12:supervisor:/home/supervisor:/bin/sh
admin:x:21:21:admin:/home/admin:/usr/bin/zysh


The x in the second field of each line indicates that a shadow file is now being used. Where will it be located? Probably in the /var/ directory, along with the passwd file.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

tiffy

  • Kitizen
  • ****
  • Posts: 1319
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #4 on: November 02, 2018, 07:31:03 PM »

The x in the second field of each line indicates that a shadow file is now being used. Where will it be located? Probably in the /var/ directory, along with the passwd file.

Ahh, something else I've learned, I would have been surprised if you had not come up with an answer !

I still have the 1312-B10D running off line but have reverted back to the original FW I was using, V.5.13(AAXA.5) as explained, the latest FW revision although enabling Busybox again still appears to be very much a "work in progress" and the GUI in my opinion is awful, much prefer the existing GUI, hope ZyXEL don't intend pushing the new GUI out to other models with FW updates.
When I get some time, I will temporarily re-load revision V.5.13(AAXA.8)C0 again and have a poke around in the file structure to see if I can find the "shadow" file you mention and report back.

Did you note that the Busybox access appeared to be enabled in FW revision V.5.13(AAXA.7) as reported while migrating back from V.5.13(AAXA.8)C0 towards V.5.13(AAXA.5), strange, as this was known not to be the case when this revision was released and all DSLStats users had to remain on (AAXA.5) revision ?

Also the passwd file listing in revision V.5.13(AAXA.7) is the same format as V.5.13(AAXA.8)C0, ie., neither being the same as V.5.13(AAXA.5) where the PW strings are displayed.
Logged
BT FTTP 150/30, BT Smart Hub 2

tiffy

  • Kitizen
  • ****
  • Posts: 1319
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #5 on: November 02, 2018, 08:26:24 PM »

Went ahead and re-loaded V.5.13(AAXA.8)C0 FW.
Listing of /var directory: (apologies for the format, just a copy from Win cmd window)

$ chdir /var
$ ls
cache            log              ppp              spool
cert             mcpd_igmp.conf   ptmx             state
dhcp6s.conf      mcpd_mld.conf    public_key.pem   syslog-ng.conf
dnsmasq          mdkshell_sock    radvd_br0.conf   tmp
fuse             modules.alias    run              tx
fw               modules.dep      samba            udhcpd
group            modules.symbols  shadow           url_list
home             mount            shadow-          usb
iproute2         net-snmp         shm_size         wwan
lib              passwd           siproxd          zebra
lock             passwd-          snmpd.conf



There is indeed a "shadow" file (and a shadow- file) but I can't cat/open as per the "passwd" file, permission denied.
I did login to Busybox as "supervisor", perhaps "root" access would work ?


Logged
BT FTTP 150/30, BT Smart Hub 2

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 2054
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #6 on: November 02, 2018, 08:38:30 PM »

Wrap it in code tags (the # button in the toolbar)

Code: [Select]
$ chdir /var
$ ls
cache            log              ppp              spool
cert             mcpd_igmp.conf   ptmx             state
dhcp6s.conf      mcpd_mld.conf    public_key.pem   syslog-ng.conf
dnsmasq          mdkshell_sock    radvd_br0.conf   tmp
fuse             modules.alias    run              tx
fw               modules.dep      samba            udhcpd
group            modules.symbols  shadow           url_list
home             mount            shadow-          usb
iproute2         net-snmp         shm_size         wwan
lib              passwd           siproxd          zebra
lock             passwd-          snmpd.conf
Logged
Broadband and Line rental: Zen Unlimited Fibre 2, Mobile: Vodaphone
Router: Fritz!Box 7530

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 2054
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #7 on: November 02, 2018, 08:40:01 PM »

I've tried to upgrade mine but got the attached. I'm currently on .7.

Any ideas?
Logged
Broadband and Line rental: Zen Unlimited Fibre 2, Mobile: Vodaphone
Router: Fritz!Box 7530

tiffy

  • Kitizen
  • ****
  • Posts: 1319
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #8 on: November 02, 2018, 08:42:13 PM »

Quote
There is indeed a "shadow" file (and a shadow- file) but I can't cat/open as per the "passwd" file, permission denied.
I did login to Busybox as "supervisor", perhaps "root" access would work ?

To answer my own question, yes, root access did permit listing of the "shadow" file, as below:

# cat /var/shadow
root:$6$xLQ5LS29AWQ3PFyY$xx/.yhjeBLVjz5hnZWekoEB/RyOWlOgX26gEBYML.C2D7TglGub7ibZ
F.1R.YVxFP5YdqDg.DxQ/FediPQ7Ip.:0::::::
supervisor:$6$ockB3m/vx9pPP0lf$BY6lRm1W9.hDMzVtDZPxdI40Oo.Wr.P.ybMrtrd4MJOwpEEFW
LtO/EGjbcPsjG/ANwomEiJnBrsO.mPFh/KPH/:0::::::
admin:$6$xstsmqPExqn6Omf7$mj0Ty1xsy88MMU7FJs/5u9U9nrniZlfUGjw6CXbwIMAwnk.Pl0xBx4
FYoa4UWwJS0gfeWtpigD60/IA2SbwtG.:0::::::


The encrypted character string format looks different to me from that produced by FW revision V.5.13(AAXA.5), I'am sure b*cat can give a more informed opinion on that.

Logged
BT FTTP 150/30, BT Smart Hub 2

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #9 on: November 02, 2018, 08:42:32 PM »

There is indeed a "shadow" file (and a shadow- file) but I can't cat/open as per the "passwd" file, permission denied.
I did login to Busybox as "supervisor", perhaps "root" access would work ?

The permissions on that file will be 0000 and that explains why only root wil be able to read its contents. The shadow- file is the immediate chronological predecessor of the shadow file.

You might be interested to see what a ls -l /var/*- command discloses.  :)

On a system using a Linux kernel, I see the following (in the /etc/ directory) --

[Duo2 etc]$ ls -l passwd* group* *shadow*
-rw-r--r--. 1 root root  938 Oct 13  2017 group
-rw-r--r--. 1 root root  949 Oct 13  2017 group-
----------. 1 root root  776 Oct 13  2017 gshadow
----------. 1 root root  784 Oct 13  2017 gshadow-
-rw-r--r--. 1 root root 1654 Oct 13  2017 passwd
-rw-r--r--. 1 root root 1689 Oct 13  2017 passwd-
----------. 1 root root 1134 Oct 13  2017 shadow
----------. 1 root root 1256 Oct 13  2017 shadow-
[Duo2 etc]$
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #10 on: November 02, 2018, 08:44:00 PM »

Wrap it in code tags (the # button in the toolbar)

Or use [tt][/tt] tags.  ;)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

tiffy

  • Kitizen
  • ****
  • Posts: 1319
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #11 on: November 02, 2018, 08:51:29 PM »

Wrap it in code tags (the # button in the toolbar)

Code: [Select]
$ chdir /var
$ ls
cache            log              ppp              spool
cert             mcpd_igmp.conf   ptmx             state
dhcp6s.conf      mcpd_mld.conf    public_key.pem   syslog-ng.conf
dnsmasq          mdkshell_sock    radvd_br0.conf   tmp
fuse             modules.alias    run              tx
fw               modules.dep      samba            udhcpd
group            modules.symbols  shadow           url_list
home             mount            shadow-          usb
iproute2         net-snmp         shm_size         wwan
lib              passwd           siproxd          zebra
lock             passwd-          snmpd.conf

Thanks for the tip, showing my ignorance of the system again.

Ref. your next post and error displayed.
Yes, I got this error also but only when trying to roll back from (AAXA.8) to (AAXA.5), had to roll back in two stages as explained earlier, have upgraded twice now from (AAXA.5) to (AAXA.8)C0 without any issues.
Logged
BT FTTP 150/30, BT Smart Hub 2

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #12 on: November 02, 2018, 09:00:44 PM »

The encrypted character string format looks different to me from that produced by FW revision V.5.13(AAXA.5), I'am sure b*cat can give a more informed opinion on that.

Here follows the NOTES section from the crypt manual page --

Quote
NOTES
   Glibc Notes
       The glibc2 version of this function supports additional encryption algorithms.

       If salt is a character string starting with the characters "$id$" followed by a string terminated by "$":

              $id$salt$encrypted

       then  instead of using the DES machine, id identifies the encryption method used and this then determines how the rest of the password
       string is interpreted.  The following values of id are supported:

              ID  | Method
              ---------------------------------------------------------
              1   | MD5
              2a  | Blowfish (not in mainline glibc; added in some
                  | Linux distributions)
              5   | SHA-256 (since glibc 2.7)
              6   | SHA-512 (since glibc 2.7)

       So $5$salt$encrypted is an SHA-256 encoded password and $6$salt$encrypted is an SHA-512 encoded one.

       "salt" stands for the up to 16 characters following "$id$" in the salt.  The encrypted part of the password string is the actual  com-
       puted password.  The size of this string is fixed:

       MD5     | 22 characters
       SHA-256 | 43 characters
       SHA-512 | 86 characters

       The  characters  in "salt" and "encrypted" are drawn from the set [a–zA–Z0–9./].  In the MD5 and SHA implementations the entire key is
       significant (instead of only the first 8 bytes in DES).

So looking at the contents of your shadow file --

root:$6$xLQ5LS29AWQ3PFyY$xx/.yhjeBLVjz5hnZWekoEB/RyOWlOgX26gEBYML.C2D7TglGub7ibZF.1R.YVxFP5YdqDg.DxQ/FediPQ7Ip.:0::::::
supervisor:$6$ockB3m/vx9pPP0lf$BY6lRm1W9.hDMzVtDZPxdI40Oo.Wr.P.ybMrtrd4MJOwpEEFWLtO/EGjbcPsjG/ANwomEiJnBrsO.mPFh/KPH/:0::::::
admin:$6$xstsmqPExqn6Omf7$mj0Ty1xsy88MMU7FJs/5u9U9nrniZlfUGjw6CXbwIMAwnk.Pl0xBx4FYoa4UWwJS0gfeWtpigD60/IA2SbwtG.:0::::::


-- we see that the second field of each line begins with $6$. That is the "fingerprint" of SHA-512 crypt.

Let's look at the second field of the second line --

$6$ockB3m/vx9pPP0lf$BY6lRm1W9.hDMzVtDZPxdI40Oo.Wr.P.ybMrtrd4MJOwpEEFWLtO/EGjbcPsjG/ANwomEiJnBrsO.mPFh/KPH/

The segment in green is the salt and the segment in red is the encrypted (password) string.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

tiffy

  • Kitizen
  • ****
  • Posts: 1319
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #13 on: November 03, 2018, 11:23:45 AM »

@b*cat

Many thanks for the excellent explanation of the "new" crypt format, font of knowledge as always.

My previous experience obtaining the supervisor PW when running FW revision V.5.13(AAXA.5) this used MD5 (22 character format) encrypted string, it would now appear that from FW revision V.5.13(AAXA.7) onwards that SHA-512 (86 character format) has been adopted.

With respect to any future PW decrypt attempts using Hashcat, with a lot of help from yourself I have just about got to grips with the MD5 (22 character) format and Hashcat search command line options using different operating systems / hardware, would I be correct in assuming that a SHA-512 crypt will be more difficult / time consuming to decrypt ?
Logged
BT FTTP 150/30, BT Smart Hub 2

tiffy

  • Kitizen
  • ****
  • Posts: 1319
Re: VMG1312-B10D new Web GUI 2.0 on V5.13(AAXA.8)C0?
« Reply #14 on: November 03, 2018, 12:11:52 PM »

Having now rolled back from FW revision V.5.13(AAXA.8)C0 to V.5.13(AAXA.7) I can confirm that the location and the format of the encrypted PW's is the same as V.5.13(AAXA.8)D0, ie., /var/shadow & SHA-512 format.

For reference, have found that to get back to FW revision V.5.13(AAXA.5) from V.5.13(AAXA.8)C0, this must be done in two steps to avoid fatal error windows appearing, ie., roll back to V.5.13(AAXA.7) first.
This initial roll back does appear to "lock up" and never complete, however, on closing the browser window and re-logging have found that the migration has completed successfully.

The roll back from FW revision V.5.13(AAXA.7) to V.5.13(AAXA.5) does complete normally with the router re-booting and displaying the login page again.
Have completed these FW revisions "up-down" migrations twice and the results are repeatable.

The initial reason for avoiding FW revision V.5.13(AAXA.7) was that Busybox access was disabled, now appears to be available again on this revision !

Edit: Still hate the new (AAXA.8) GUI won't be going there.
        Apologies to meritez for appearing to take over this thread. 
« Last Edit: November 03, 2018, 12:17:58 PM by tiffy »
Logged
BT FTTP 150/30, BT Smart Hub 2
Pages: [1] 2 3 ... 5