Closed diegoe closed 3 years ago
There are two different formats for userif
, but only one of these is used by the gen2pslc
profile. It's possible that this causes your issues.
I can send my .bin file if it helps.
Yes please, just send it via email!
Thanks for this tool. The code and research is great.
Thanks :)
Hi, I've added a profile for your device, that fixes the userif
issue. Since the current method of profile detection doesn't take into account the magic value, bcm2cfg
can't discern between a file from a fast3286
or fast3686
. This means that you'll have to manually specify -P fast3286
, otherwise it's detected as fast3686
.
Thank you! It seems to work just fine, but it still can't read the firewall group (although I suspect I don't have one because I have the firewall off).
Do you have any clue what's the telnet su
password? I don't see a listing for it in userif
and none of the passwords seem to be good enough.
Also: Is there any other useful thing I could do with the modem, to improve on the quirks/info for the repo?
Thank you! It seems to work just fine, but it still can't read the firewall group (although I suspect I don't have one because I have the firewall off).
There are two totally different firewall
groups, and bcm2cfg
currently doesn't have a definition for the other one. That's why parsing it fails!
Do you have any clue what's the telnet
su
password? I don't see a listing for it inuserif
and none of the passwords seem to be good enough.
Have you tried $agem001
and sagem
?
Also: Is there any other useful thing I could do with the modem, to improve on the quirks/info for the repo?
A firmware dump would be interesting. Are you using telnet, or a serial connection?
Thank you! It seems to work just fine, but it still can't read the firewall group (although I suspect I don't have one because I have the firewall off).
There are two totally different
firewall
groups, andbcm2cfg
currently doesn't have a definition for the other one. That's why parsing it fails!
Do you want me to enable the firewall and export a .bin with that? I can produce a few versions if it helps you figure out the format.
Do you have any clue what's the telnet
su
password? I don't see a listing for it inuserif
and none of the passwords seem to be good enough.Have you tried
$agem001
andsagem
?
I grepped the source code and found these. It's $agem001 for this modem. Thanks!
Also: Is there any other useful thing I could do with the modem, to improve on the quirks/info for the repo?
A firmware dump would be interesting. Are you using telnet, or a serial connection?
I would prefer to do it via telnet. Should I just follow the current instructions?
I would prefer to do it via telnet. Should I just follow the current instructions?
Using the latest commits, try the following command:
$ bcm2dump -P generic -O 'bfc:su_password=$agem001' -L io.log dump <IP>,<USERAME>,<PASSWORD> flash image1,auto image1.bin
If dumping flash doesn't work, you can try dumping the image currently loaded in RAM.
$ bcm2dump -P generic -O 'bfc:su_password=$agem001' -L io.log dump <IP>,<USERAME>,<PASSWORD> ram 0x80004000,32M image1.raw
In case of errors, please submit the io.log
file.
Do you want me to enable the firewall and export a .bin with that? I can produce a few versions if it helps you figure out the format.
Yes, that would certainly help, even more so with a firmware dump!
Sorry for the delay. The low/medium/high policy isn't actually located in the firewall
group, but the csp
group! Unfortunately, the firmware dumps you sent a few months ago were empty, which was caused by a bug in bcm2dump
. This has since been fixed, and dumping the images should now work!
Closing due to inactivity. Also check out #30.
I happen to have a Sagem 3286, and its GatewaySettings.bin is perfectly read by bcm2-utils, except for the userif and firewall sections:
From decrypting the file myself (with XOR - 0x80), I can read my admin username and password:
(Of course were "REDACTED" is my password / MAC auto password thing)
The header of my decrypted file looks like this:
(Seems to be:
FAST3286TLF056t9p48jp4ee6u9ee659jy9e-54e4j6r0j06
)I can send my .bin file if it helps.
Thanks for this tool. The code and research is great :star: