OZOnet Wiki

User Tools

Site Tools

Trace:
welcome

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
welcome [2017/01/27 20:25]
alex [ZTE ZXHN H108NS unlocking howto] 		welcome [2024/02/23 15:49]
192.168.1.23 [Converting from German to International firmware]
Line 1869: Line 1869:
   CFE> reset    CFE> reset 
 On the above setup the tftp server is on 192.168.1.10. OpenWrt powers finally the Compex C-54PWE Rev A6.1 On the above setup the tftp server is on 192.168.1.10. OpenWrt powers finally the Compex C-54PWE Rev A6.1
 +
 +** I had issues with the above procedure (jffs2 errors). For best results use the upgrade procedure bellow. **
 <code> <code>
 LZMA loader for WP54G-WRT, Copyright (C) 2007 OpenWrt.org LZMA loader for WP54G-WRT, Copyright (C) 2007 OpenWrt.org
Line 2019: Line 2021:
 mtd write -r openwrt-adm5120-wp54g-wrt-jffs2.trx mtd1 <-- new format mtd write -r openwrt-adm5120-wp54g-wrt-jffs2.trx mtd1 <-- new format
 </code> </code>
 +<code>
 +update 06/2017
  
 +root@LEDE:/tmp# cat /proc/mtd 
 +dev:    size   erasesize  name
 +mtd0: 00050000 00010000 "cfe"
 +mtd1: 003a0000 00010000 "trx"
 +mtd2: 00010000 00010000 "nvram"
 +mtd3: 00001048 00001048 "loader"
 +mtd4: 000e479c 00010000 "kernel"
 +mtd5: 002ba800 00010000 "rootfs"
 +mtd6: 001e0000 00010000 "rootfs_data"
 +mtd7: 001e0000 00010000 "rootfs_data"
 +
 +root@LEDE:/tmp# mtd -r write  lede-adm5120-router_le-wp54g-wrt-squashfs.trx trx
 +Unlocking trx ...
 +
 +Writing from lede-adm5120-router_le-wp54g-wrt-squashfs.trx to trx ...     
 +Rebooting ...
 +</code>
 ======Avila gateworks====== ======Avila gateworks======
  
Line 2895: Line 2916:
 </code> </code>
 *** Another silly issue that I recently bumped on is that some times is better to start the tftp transfer before getting the Bullet-M on tftp ready status, otherwise the tftp transfer may fail. *** Another silly issue that I recently bumped on is that some times is better to start the tftp transfer before getting the Bullet-M on tftp ready status, otherwise the tftp transfer may fail.
 +
 +
 +===A few issues as of May 2017 with lede/openwrt===
 +
 +1). the on-board ethernet wrongly identifies the network connection as Gbit. I believe the device does not support Gbit, just fast ethernet. Thereof prior to flashing, an off/on is recommended just on the ethernet port @ the poe or switch.
 +
 +2). After the above procedure, it's recommended to first start the tftp on the server before starting the tftp transfer procedure at the bullet-m.
 +
 +===Further annoying issues as of October 2017==
 +
 +1). to avoid any networking locking issues it's better to connect the device on a fast 100Mbit switch.
 +
 +2). start the tftp (I use atftp)
 +
 +3). cold reboot the Bullet-M 
 +
 +4). either hold the reset for 10 seconds and then release it or start the urescue from the U-boot menu on the serial console.
  
 ====== bullet 5 Openwrt ====== ====== bullet 5 Openwrt ======
Line 3210: Line 3248:
   * setup dnsmasq on a linux system (liveCD or liveUSB is fine too, check [[http://www.sysresccd.org/Sysresccd-manual-en_How_to_install_SystemRescueCd_on_an_USB-stick|sysresccd]])   * setup dnsmasq on a linux system (liveCD or liveUSB is fine too, check [[http://www.sysresccd.org/Sysresccd-manual-en_How_to_install_SystemRescueCd_on_an_USB-stick|sysresccd]])
   * select from bootloader to boot from ethernet   * select from bootloader to boot from ethernet
 +
 +Update (2017): Lede firmware moved from yaffs2 to ubi file-system.
 +
 +  * netboot the device, use [[http://www.ozo.com/airo/openwrt/firmware/lede-ozonet-2017/ar71xx/r5112/targets/ar71xx/mikrotik/lede-ar71xx-mikrotik-vmlinux-initramfs-lzma.elf|this image]]
 +  * after net_booting wget or scp [[http://www.ozo.com/airo/openwrt/firmware/lede-ozonet-2017/ar71xx/r5112/targets/ar71xx/mikrotik/lede-ar71xx-mikrotik-nand-64m-squashfs-sysupgrade.bin|this image]] on /tmp
 +  * finally issue: sysupgrade /tmp/lede-ar71xx-mikrotik-nand-64m-squashfs-sysupgrade.bin and enjoy the power, beauty and magic of open source transforming an ancient device to a brand new !
 +
 +Older instructions: (kept for historical and scientific reasons)
 +
   * netboot the device, use [[http://wifi.ozo.com/airo/openwrt/firmware/kamikaze/2.6/ar71xx/RB/26744/openwrt-ar71xx-nand-vmlinux-initramfs.elf|this image]]   * netboot the device, use [[http://wifi.ozo.com/airo/openwrt/firmware/kamikaze/2.6/ar71xx/RB/26744/openwrt-ar71xx-nand-vmlinux-initramfs.elf|this image]]
   * follow the next steps:   * follow the next steps:
Line 3242: Line 3289:
   opkg install kmod-madwifi   opkg install kmod-madwifi
   opkg install quagga-bgpd   opkg install quagga-bgpd
 +  
 +====== rb711 serial pins ======
 +{{http://wiki.ozo.com/rb711-5hn-m_s.jpg?140 }}
 +
 +
 +====== rb711 flash howto ======
 +a full detailed picture of the board [[http://wiki.ozo.com/rb711-5hn-m.jpg|here]]
 +
 +Connect ethernet to the RouterBoard device 
 +
 +Hold the S301 button pressed while booting it up. LED LD301 starts lighting up, then flashing and then turns off. 
 +
 +After this you can release the button. The router will start looking for a TFTP server providing an initramfs-elf image.
 +
 +After successful openwrt/lede flashing, router will "beep" and listen for ssh @ 192.168.1.1
 +
 +cd /tmp; wget lede-ar71xx-mikrotik-nand-64m-squashfs-sysupgrade.bin; sysupgrade /tmp/lede-ar71xx-mikrotik-nand-64m-squashfs-sysupgrade.bin
      
 ====== ZTE ZXHN H108NS unlocking howto ====== ====== ZTE ZXHN H108NS unlocking howto ======
  
-It's annoying to have anyone pocking any settings on your network setup. At some point my second adsl started having problems with packet loss on the LAN. It was that bad that I had to switch to a backup standby adsl device that I always keep for such times. I never used to worry about my adsl setup as long as it's stable with decent bandwidth, decent low latency and 0% packet loss.+It's annoying to have anyone pocking any settings on your network setup. At some point my second adsl started having problems with packet loss on the LAN. It was that bad that I had to switch to a backup standby adsl device that I always keep for such occasions. I never used to worry about my adsl setup as long as it's stable with decent bandwidth, decent low latency and 0% packet loss.
  
 The latest firmware for this box provided by otenet that has changed couple of names and I think lately goes by cosmote is called: H108NSV1.0.7u_ZRD_GR2_A68_20150720 The latest firmware for this box provided by otenet that has changed couple of names and I think lately goes by cosmote is called: H108NSV1.0.7u_ZRD_GR2_A68_20150720
Line 3251: Line 3315:
 it has a royal disabled web functionality with most menus locked down, telnet/ssh is also disabled and nmap/scan show couple of "unfriendly" ports listening. it has a royal disabled web functionality with most menus locked down, telnet/ssh is also disabled and nmap/scan show couple of "unfriendly" ports listening.
  
-Searching the web I bumped on [[https://vasvir.wordpress.com/2015/03/08/reverse-engineering-trendchip-firmware-zte-h108ns-part-i/|vasvir page]], a kind soul that had similar experiences and feelings about this device. His work and documentation helped me greatly in order to extract, modify and create a decent new firmware that unlocks and restors total control to the device. I will document here the steps that I followed in order to do this:+Searching the web I bumped on [[https://vasvir.wordpress.com/2015/03/08/reverse-engineering-trendchip-firmware-zte-h108ns-part-i/|vasvir page]], a kind soul that had similar experiences and feelings about this device. His work and documentation helped me greatly in order to extract, modify and create a decent new firmware that unlocks and restores total control to the device. I will document here the steps that I followed in order to do this:
  
   - compile and install [[https://github.com/rampageX/firmware-mod-kit|firmware-mod-kit]]   - compile and install [[https://github.com/rampageX/firmware-mod-kit|firmware-mod-kit]]
Line 3269: Line 3333:
 do your thing, edit, delete, put new files do your thing, edit, delete, put new files
 ... ...
 +cd /tmp
 mksquashfs-lzma _tclinux.bin.extracted/squashfs-root /tmp/squashfs-root.sp-1.7u mksquashfs-lzma _tclinux.bin.extracted/squashfs-root /tmp/squashfs-root.sp-1.7u
 dd if=tclinux.bin of=kernel-1.7u skip=256 count=`binwalk tclinux.bin | awk '/Squash/ {print $1 - 256;}'` bs=1 dd if=tclinux.bin of=kernel-1.7u skip=256 count=`binwalk tclinux.bin | awk '/Squash/ {print $1 - 256;}'` bs=1
Line 3311: Line 3376:
 <code> <code>
 adslphxcmd info --show adslphxcmd info --show
 +</code>
 +
 +attetunation/noise margin:
 +<code>
 +wan adsl linedata near
 +cat /var/log/messages
 +
 +wan adsl chandata
 +cat /var/log/messages
 +</code>
 +
 +errors:
 +<code>
 +wan adsl perfdata
 +cat /var/log/messages
 +</code>
 +
 +various:
 +<code>
 +wan ghs show vendor
 +cat /var/log/messages
 </code> </code>
  
Line 3335: Line 3421:
 </code> </code>
  
-===== it's all Greek to me =====+===== embed startup commands =====
  
-<code> +  - ROMFILE backup (Maintainace -> Firmware -> Romfile backupsave asromfile.cfg 
-Παράδειγμα +  - romfile.cfg is a non-valid XML. text editing is ok
-Για να μειώσετε από 9 dB σε 6 dB, θα πρέπει να μειώσετε κατά 3 dB (δηλαδή -3 dB): wan dmt2 set snrmoffset +1536 +1536+
  
-Ενώ για να τεθεί σε λειτουργία η νέα ρύθμιση, πρέπει να γράψετε: wan adsl reset (κάνοντας επανασυγχρονισμό).+the /etc/autoexec.sh:
  
-Σημείωση: Κάτι που παρατήρησα είναι ότι αν και ο συγχρονισμός πραγματικά αλλάζει (το ίδιο και οι ταχύτητες κατεβάσματος), το web interface συνεχίζει να δείχνει στατιστικά SNR βάσει του αρχικού SNRM (πχ 9.5 dB αντί αντί για 3.5 dB κλπ).+<code> 
 +w dmt2 db tlb 2b 
 +wan ghs set multi_number 9 3 
 +wan dmt2 set largeD 2 
 +w dmt eoc dyingasp off 
 +w dmt2 set lpr off 
 +echo 1 > /proc/tc3162/port_reverse 
 +</code>
  
-Επιπλέον, μπορεί να οριστεί το νέο default snrm στο startup (για να μην γράφετε τις παραπάνω εντολές κάθε φορά που κάνετε restart το modem) με την εξής διαδικασία:+the code in romfile.cfg:
  
-ελέγχουμε το autoexec.net με: sys view autoexec.net +<code> 
-sys edit autoexec.net +<Autoexec> 
-(προαιρετικό) πατάμε n αν θέλουμε να κάνουμε προσθήκη/αλλαγή μετά από μια άλλη γραμμή +        <Entry cmd1="w dmt2 db tlb 2b" 
-πατάμε i (ή r για replace) και γράφουμε δίπλα την εντολή (πχ wan dmt2 set snrmoffset 1536 1536 για -dB SNRM) +cmd2="wan ghs set multi_number 9 3" cmd3="wan dmt2 set largeD 2" 
-πατάμε x +cmd4="w dmt eoc dyingasp off" cmd5="w dmt2 set lpr off" 
-ελέγχουμε το autoexec.net με: sys view autoexec.net+cmd6="echo 1 &gt; /proc/tc3162/port_reverse" /> 
 +</Autoexec> 
 +</code>
  
 +you may add any commands you wish and push the romfile.cfg back to the device
 +===== it's all Greek to me =====
  
 +Παράδειγμα
 +Για να μειώσετε από 9 dB σε 6 dB, θα πρέπει να μειώσετε κατά 3 dB (δηλαδή -3 dB): 
 +<code>
 +wan dmt2 set snrmoffset +1536 +1536
 +</code>
  
-Μπορώ να δω το system log; +Ενώ για να τεθεί σε λειτουργία η νέα ρύθμισηπρέπει να γράψετε: wan adsl reset (κάνοντας επανασυγχρονισμό).
-Ναι, μέσω telnet (telnet 192.168.1.1): sys log disp+
  
-Ίσως να υπάρχει κι άλλο log, που δεν έχω βρει ακόμα ή το συγκεκριμένο έχει περιορισμένο αριθμό γραμμών+Σημείωση: Κάτι που παρατήρησα είναι ότι αν και ο συγχρονισμός πραγματικά αλλάζει (το ίδιο και οι ταχύτητες κατεβάσματος), το web interface συνεχίζει να δείχνει στατιστικά SNR βάσει του αρχικού SNRM (πχ 9.5 dB αντί αντί για 3.5 dB κλπ).
  
-Μπορώ να ενεργοποιήσω / απενεργοποιήσω το WiFi μέσω telnet και να αλλάξω την ένταση του σήματος; +μέσω telnet (telnet 192.168.1.1): 
-Ναι, μέσω telnet (telnet 192.168.1.1): +
- +
-Ενεργοποίηση WiFi: rtwlan enableap +
-Απενεργοποίηση WiFi: rtwlan disableap +
- +
- +
-Επιπλέον, φαίνεται να έχει 2 ρυθμίσεις (50% και 100%) για αλλαγή σήματος αλλά δεν νομίζω πως λειτουργούν. Θα αλλάξει μεν την ένδειξη έντασης στο web interface, αλλά πρακτικά δεν παρατήρησα διαφορά σύμφωνα με πρόχειρες μετρήσεις που έκανα. Μέσω telnet (telnet 192.168.1.1): +
- +
-WiFi power 50%: rtwlan txpower 50 +
-WiFi power 100% (default): rtwlan txpower 100+
  
 +<code>
 +sys ? 
 +</code>
  
 +  * Μπορώ να δω το γράφημα/φάσμα συχνοτήτων (για τυχόν gaps), όπως με το DMT σε άλλα modems;
  
-Μπορώ να δω το γράφημα/φάσμα συχνοτήτων (για τυχόν gaps), όπως με το DMT σε άλλα modems; 
 Ναι (thanks gio7 (https://www.adslgr.com/forum/showpost.php?p=3852304&postcount=84)), κατεβάζοντας το OrbMT (http://download.orbmu2k.de/files/OrbMT.zip) και επιλέγοντας P-653HWI ως Modem Type. Ναι (thanks gio7 (https://www.adslgr.com/forum/showpost.php?p=3852304&postcount=84)), κατεβάζοντας το OrbMT (http://download.orbmu2k.de/files/OrbMT.zip) και επιλέγοντας P-653HWI ως Modem Type.
- 
-Ενδεικτικό γράφημα: 
-http://www7.pic-upload.de/21.06.11/fzoguoeg93g.png 
  
 Το γράφημα μεταξύ άλλων δείχνει πάνω δεξιά και σε τι DSLAM chipset βρισκόμαστε (Broadcom, Globespan, Infineon κλπ). Το γράφημα μεταξύ άλλων δείχνει πάνω δεξιά και σε τι DSLAM chipset βρισκόμαστε (Broadcom, Globespan, Infineon κλπ).
  
-Μπορώ να δω σε τι μάρκας DSLAM είμαι συνδεδεμένος; +  * Μπορώ να δω σε τι μάρκας DSLAM είμαι συνδεδεμένος;
-Ναι, με την εντολή "wan adsl farituid", βλέπουμε το vendor ID σε Hex. Για παράδειγμα:+
  
 +Ναι, με την εντολή:
 +<code>
 +wan adsl farituid
 +</code>
  
-ID|ATUC|Manufacture+βλέπουμε το vendor ID σε Hex. Για παράδειγμα: 
 + 
 +=== ID|ATUC|Manufacture === 
 +<code>
 41 4C 43 42|ALCB|Alcatel 41 4C 43 42|ALCB|Alcatel
 41 4E 44 56|ANDV|Analog Devices (ADI) 41 4E 44 56|ANDV|Analog Devices (ADI)
Line 3396: Line 3492:
 54 4D 4D 42|TMMB|Thomson Multimedia Broadband 54 4D 4D 42|TMMB|Thomson Multimedia Broadband
 54 53 54 43|TSTC|Texas Instruments 54 53 54 43|TSTC|Texas Instruments
 +</code>
  
 Διαφορετικά η πιο απλή λύση είναι με το OrbMT, που το αναφέρει πάνω δεξιά. Διαφορετικά η πιο απλή λύση είναι με το OrbMT, που το αναφέρει πάνω δεξιά.
  
-Μπορώ να χρησιμοποιήσω την Port #4, εάν δεν έχω IPTV δέκτη;+  * Μπορώ να χρησιμοποιήσω την Port #4, εάν δεν έχω IPTV δέκτη; 
 Ναι με την εξής διαδικασία από το web interface και θα λειτουργεί ως κανονικό switch port μετά (ενώ για να βάλετε IPTV δέκτη, αντιστρέφετε την διαδικασία): Ναι με την εξής διαδικασία από το web interface και θα λειτουργεί ως κανονικό switch port μετά (ενώ για να βάλετε IPTV δέκτη, αντιστρέφετε την διαδικασία):
  
-Advanced > Port Mapping: +  * Advanced > Port Mapping: 
-Group Index: 2 -> ξετσεκάρισμα του Ethernet Port #4 -> Submit +  Group Index: 2 -> ξετσεκάρισμα του Ethernet Port #4 -> Submit 
-Group Index: 1 -> τσεκάρισμα του Ethernet Port #4 -> Submit +  Group Index: 1 -> τσεκάρισμα του Ethernet Port #4 -> Submit 
-Basic > DHCP -> σεκάρισμα Ethernet Port #4 -> Submit +  Basic > DHCP -> σεκάρισμα Ethernet Port #4 -> Submit 
-</code>+ 
 +====== FRITZ!Box WLAN 3370 ====== 
 +==== Converting from German to International firmware ==== 
 + 
 +you will need a linux box & a windows, preferably a win7 box (side by side) 
 + 
 +if you are familiar with windows & ftp and are able to find an ftp client with similar features to the lftp under linux, you may well skip the linux box 
 + 
 +searching the netland about this, I bumped on the [[https://help.axcient.com/x360recover-faqs-specific-to-linux/lftp4win-linux-ftp-client-for-windows|LFTP4WIN]] 
 + 
 +my advice is to go with a linux/lftp box or even use the [[https://www.system-rescue.org/Download/|systemrescue Live usb]] linux 
 + 
 +it's recommended to network connect all the devices through a simple hub 
 + 
 +if you have flashed your Fritz with an alternative firmware, you will need to get back to your official firmware using the [[https://download.avm.de/archive/fritz.box/fritzbox.wlan_3370/x_misc/deutsch/|German recovery utility]] 
 + 
 +on the linux box, set a secondary ip 192.168.178.10/24 
 + 
 +get lftp if not already installed and issue the following: 
 +  lftp 
 +  set net:timeout 1; 
 +  set net:max-retries 80; 
 +  set net:reconnect-interval-multiplier 1; 
 +  set net:reconnect-interval-base 1; 
 +  open 192.168.178.1 
 +  user adam2 adam2 
 +you may now enter the following command and very quickly power on your Fritz box 
 +  quote GETENV firmware_version 
 +   
 +if the result is: 
 +  firmware_version avm 
 +that means, your Fritz box is the German version and you may switch it to the intentional one by issuing the following command: 
 +  quote SETENV firmware_version avme 
 +that's it !  you have now switched your German Fritz box to an International Fritz box 
 + 
 +you can even power off and then power on again your device and without disconnecting your linux lftp, issue the  
 +  quote GETENV firmware_version 
 +in-order to confirm that your Fritz returns the international ID 
 +  firmware_version avme 
 +you may now use the [[https://download.avm.de/archive/fritz.box/fritzbox.wlan_3370/x_misc/english/|international recovery tool]] to flash your Fritz box with the international firmware which supports both Annex A & Annex B 
 + 
 +the above steps, successfully converted my two German Fritz 3370 to the international version. this same procedure may or may not work on your similar but nox exact Fritz box 
 + 
 +Good Luck       
welcome.txt · Last modified: 2024/02/27 20:02 by 192.168.1.23

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki