search

logon84 / Hacking_Huawei_HG8012H_ONT

Steps to hack a HG8012H, access it and mod the firmware
278 stars 67 forks source link

Login PTVDF #2

Open tdisport4r opened 5 years ago

tdisport4r commented 5 years ago

I can give original login and pass for HG8012H PTVDF-Firmware for test if you want logon84.

logon84 commented 5 years ago

Hi, in my unit it was "80%V0d@%W31%12" as you can read in the article, but the problem is that this is not a superuser account.Is yours the same?

megaraider commented 5 years ago

About a year ago made a service upgrade and had to return a similar unit [HG8012H PTVDF custom] but not without dumping the flash before...! Following your excellent work(!) found some minor differences:

  1. F/W version: V300R013C10SPC108B137;
  2. V300R013C00SPC007B056.xml can not be decrypted successfully using "aescrypt2_huawei" tool;

The default root password is the same "80%V0d@%W31%12" and UserLevel="1". Therefore, confirmed!

Although being happy with the HG8247Q [PTVDF custom] overall performance, I'll try to negotiate its replacement with the newest HS8247W [PTVDF custom]. Nevertheless, i might soon try to get my hands on one HG8012H just to play around.

crazygsm commented 5 years ago

Hi, also interested.

Had in past that HG8012H and they replaced by the new HG8247Q from VDFPT customization with a lot of limitations.

Already discarded those open doors, everything seems closed and not so sure if I manager to dump this flash 29F1G08 from Micron.

@megaraider have you managed to go further?

Let me know and maybe we can work together.

megaraider commented 5 years ago

@crazygsm Yes, all the way, up until i had to have a unit for testing...! Haven't been able to get my hands on a HG8012H to play around, in fact i stopped looking for one ;)

estimadarocha commented 5 years ago

Hi, also interested.

Had in past that HG8012H and they replaced by the new HG8247Q from VDFPT customization with a lot of limitations.

Already discarded those open doors, everything seems closed and not so sure if I manager to dump this flash 29F1G08 from Micron.

@megaraider have you managed to go further?

Let me know and maybe we can work together.

That flash model is the one of 8247q?

crazygsm commented 5 years ago

Hi, The flash model from HG8247Q is the same as 8247H, Micron/ADM 29F1G08 128Mb.

regards

estimadarocha commented 5 years ago

Did you tried dump?

crazygsm commented 5 years ago

I did it using jtag

estimadarocha commented 5 years ago

and any luck?

estimadarocha commented 5 years ago

@crazygsm any development??

crazygsm commented 5 years ago

no, and due lack of time will not allocate more effort on it.

tiagofreire-pt commented 5 years ago

@megaraider, did you get hands on the HS8247W?

megaraider commented 5 years ago

@megaraider, did you get hands on the HS8247W?

no, and due to lack of time won't be any time soon...!

SambasOnFire commented 5 years ago

Hi, I have HG8247Q and get some info via browser... var CfgMode ='PTVDF2'; var OnlinedFlag = '1'; var PWDHEXINIT = '40314756295A3C21'; ################################### var PWDINIT = '@1GV)Z<!';

SambasOnFire commented 5 years ago

Hi, The flash model from HG8247Q is the same as 8247H, Micron/ADM 29F1G08 128Mb.

regards

If you don't mind, can you send me the dump?!

hubbathegit commented 4 years ago

Did anyone had any luck with root access to the newer HS8247W ? I'm looking at PTVDF, but any info would be useful. Thank you very much.

estimadarocha commented 4 years ago

dont think so

SambasOnFire commented 4 years ago 
2. V300R013C00SPC007B056.xml can _not_ be decrypted successfully using "aescrypt2_huawei" tool;

After decrypt your need use gzip (gzip -d file.xml) I caught this in my router H8247H, Vodafone PT.