Open jnschulze opened 1 year ago
simonebortolin
commented
1 year ago @benoitm974 has worked with the device, we are interested in this and if you provide us with a dump we are ready to analyse it.
please note that if they are highly ISP-specific credentials, you should not publish them here.
benoitm974
commented
1 year ago @jnschulze I only knew from CE marking that 1&1 provides the same ONT but have no information.
So far we're stuck with:
This device is very promising when you see the spec of the CPU, yet depending on the kernel and binary available in the firmware the use cases would be: 1) being able to change Serial number and model number to allow it to authenticate to wider range of OLT/ISP to replace buggy boxes.... currently I'm able to use it as replacement for my french ISP box only because my specific area is only using PLOAM 20hex password authentication 2) being able to add igmp proxy since currently it seems not to work for IPTV it simply bridge optic and ethernet 3) at last the CPU is quite powerfull and if sercom have implemented hardware / NAT fast path it could make a autonomous NAT gateway below 4w power consumption .... (this same CPU is currently use in high end ISP box supporting multi-gig ethernet) yet here the limitation would be the realtek 2.5G chipset which is not the best ever chipset that probably would be limiting factor between 1.8 and 2.0 Gb/s... (still ...)
NB1: All the testing before was done on 2 different telekom modem in case one has failure and end up with same / consistant results.
NB2: At last this device can be order as refurbished for a good price (below 40euros) on a famous worldwide website french and german sites.
jnschulze
commented
1 year ago @benoitm974 Thanks for your extensive response. I also tried shortening the data lines of the flash chip during boot which gave me the same results. As my device doesn’t even allow accessing the status endpoint without authentication, I decided to buy a Telekom-branded device for now. Looks like desoldering and dumping the flash chip is the way to go. But given that I don‘t have the necessary equipment I‘ll put the 1&1 one into a drawer for now.
benoitm974
commented
1 year ago Hi @jnschulze please double check that your current 1&1 is only using PLOAM password too as it is the only think you'll be able to change on an out of the box Telekom modem 2.
jnschulze
commented
1 year ago @benoitm974 Yes, it worked given that 1&1 uses Telekom's GPON infrastructure. There's a web-based configuration wizard which allows you to specify the ONT's serial number.
benoitm974
commented
1 year ago Hi @jnschulze thanks just to confirm the web page is on the Telekom service ? You can register the ONT serial number you'll connect ? Or are you talking about the ONT telekom interface where to my knowledge you can only change the PLOAM password. Thanks.
jnschulze
commented
1 year ago Hi @benoitm974 exactly, it‘s a Telekom web service which allows you to map the ONT‘s serial number to a specific „home ID“ :)
benoitm974
commented
1 year ago Hi @jnschulze would it be possible for you to connect the 1&1 device on ethernet and give the Login pages/Url used for the login process. And possibly any network calls made for the web auth process when you submit a login pass (even a false one, I'm just interesting in the URL and POST structure/variables) ?
benoitm974
commented
1 year ago Hi @simonebortolin
We made progress on this device thanks to great contributor on the French forum mentioned on the GPON page. I'm willing to contribute those progress back in the page and would like guidance on option to distribute the (currently javascript) code which do very simple GET and POST on 2 ONT's URL to enable telnet/root access. As we discussed last time we can't add those JS on the gpon pages itself, since HTTPS to HTTP on different IP/url won't work. Is there a "gpon hack way" to store/distribute those piece of code and make it as easy to use as possible for others? I can see some Huawei have a python git with some tools
at last I'm looking for the template since the one you shared last time is 404 now : https://raw.githubusercontent.com/hack-gpon/hack-gpon.github.io/refactor-ont/_ont/ont-template.md
@jnschulze if you're interested/willing to test those code on the 1&1, it uses some JS/UI from the original sercomm interface which seems to still exists on the Deucth Telekom and allowed us to enable telnet/root access.
Have a great week-end.
simonebortolin
commented
1 year ago @benoitm974
at last I'm looking for the template since the one you shared last time is 404 now : https://raw.githubusercontent.com/hack-gpon/hack-gpon.github.io/refactor-ont/_ont/ont-template.md
yes indeed the template has now been approved and all pages modified, you can see the new template here https://raw.githubusercontent.com/hack-gpon/hack-gpon.github.io/main/_ont/ont-template.md
We made progress on this device thanks to great contributor on the French forum mentioned on the GPON page. I'm willing to contribute those progress back in the page and would like guidance on option to distribute the (currently javascript) code which do very simple GET and POST on 2 ONT's URL to enable telnet/root access. As we discussed last time we can't add those JS on the gpon pages itself, since HTTPS to HTTP on different IP/url won't work. Is there a "gpon hack way" to store/distribute those piece of code and make it as easy to use as possible for others? I can see some Huawei have a python git with some tools
I recommend a python script similar to how it was done for the zte f601
Hi, I've just received a Sercomm FG1000B.11 provided by 1&1. As opposed to the Telekom-branded variant ("Glasfaser Modem 2"), my device runs a firmware (the stock one?) which has a password-protected web interface.
I tried to access the serial console in order to gain access to the device, however, it has the same issue as the Telekom firmware - keyboard input gets ignored.
Please let me know if there's anyone out there who
Thanks for your help.