meh301 / HG8045Q

Pwning the Nuro issued Huawei HG8045Q
193 stars 17 forks source link

The master account issue is fixed ? #1

Open dafeiroc opened 3 years ago

dafeiroc commented 3 years ago

Checked my router's log: 2020-12-08 03:53:14 [Error][アラームログ] アラームID:104510,アラームレベル:エラー,ソフトウェアのアップグレードに成功しました。元のバージョン:V300R016C00SPC110B094 更新後のバージョン:V300...

meh301 commented 3 years ago

Hi, it seems the latest update does not change the master password as that is hard-coded, rather it updates the hw_ctree.xml config file and disables the master account entirely.

dafeiroc commented 3 years ago

Do you know how to enable it again?

meh301 commented 3 years ago

For the moment, the only way I found to re-enable it was to flash the NAND chip with a few bit flips. I am also looking into other attack vectors

dafeiroc commented 3 years ago

I see. thanks. Do you know if there is some way we can rollback to the previous firmware V300R016C00SPC110B094 ?

meh301 commented 3 years ago

Huawei does not publicly provide the required firmware files to roll-back the update sadly

dafeiroc commented 3 years ago

Which means Huawei did resolve this master account issue. lol

meh301 commented 3 years ago

Well I would say "good job" if it weren't for the fact that I recently found evidence of various Nuro ONUs being illegally accessed by a 3rd party meaning someone somewhere has discovered a remote attack exploit :/

shooter556 commented 3 years ago

2020.1.14 I'm new to NURO and get this model HG8045Q and find it has been updated to a new version of firmware as soon as I connect to the internet. All the issues you mention are seemed to be all gone. But actually I want to make it working under bridge mode instead of route mode. Besides, its web management port 80 can be only visited locally. This is also something I won't expect to. Anyway, fixing exploits will always be safer than function expeditions.

mark-omarov commented 3 years ago

Hi everyone,

It's really troublesome and a shame. I've moved and decided to use NURO instead of NTT this time.

My plan were to make a home lab, obviously I don't want it to be behind ISP issued router, originally I thought they just give me modem, and then I'll connect my router, I figured they give their modem and route in-one solution, I thought I'll be able to bridge it and configure everything on my router. How little I knew.

I have no idea how to proceed from there TBH. I'm a software engineer, not very good with networks and hardware, so dumping memory or whatever is not really an option to me. It seems NURO doesn't enable bridge mode by a request neither.

If anyone have any information on how to make it work, legally, please let me know! I'd really love to get my home lab instead of using AWS/DO services. 😒

UPD: So far the only possibility I see is to proceed in the following manner: 1) Disconnect everything from the NURO router and disable it 2) Connect my router, LAN on NURO router to WAN on my router 3) Enable NURO router, once it's booted - enable my router 4) Configure DMZ on the NURO router to release all ports for the new router 5) Configure my router and APs, connect my devices to the new router 6) Disable WiFi on the NURO router completely

I'm not sure if that's going to resolve all my problems, but it's best what I know so far.

pkishino commented 3 years ago

@InkFaust yeah, for most people (including your case) that is actually good enough.. you could go the way of purchasing the same modem on aliexpress, this will be unlocked and work with Nuro.. but not sure it would be worth it..or you could try just an ONT unit I'm running my network setup behind the Huawei Nuro and no issues really.. Letsencrypt/Plex/HomeAssistant/Various other services etc all run fine behind it, via DMZ in Nuro and my Asus AC68u behind it.. in the real world you will most likely not notice much difference..

mark-omarov commented 3 years ago

Hi guys,

It's me again. Do you know if this model supports LACP? The information on their website requires having an account, I've tried to find the answer in other sources but no luck figuring it out, some description stated that layer 3 features Multiple services on one WAN port suggests support for LACP, but I'm not sure.

mark-omarov commented 1 year ago

As for my last question regarding LACP - no, it does not support LACP. My biggest problem was that the ONT has 1Gbps ports while I have a 2Gbps (down) line, and running my setup behind Huawei Nuro with 1 line wasn't a great option. To overcome this issue, I used pfSense with their Dual-WAN and two lines running from the ONT to the pfSense, which works beyond my expectations, and I'm thrilled I got pfSense instead of UDM.

RW21 commented 1 year ago

@mark-omarov Could you provide more information on how you were able to achieve 2 Gbps in your setup? From my understanding, even when using multiple WAN connections with load balancing on pfSense, it is not possible to surpass the 1 Gbps limitation of each individual connection.

mark-omarov commented 1 year ago

@RW21 Sure. You're right, it's not possible to surpass 1Gbps per connection. In my case it doesn't matter as long as I can share the bandwidth between multiple devices. I should also note that I haven't tested the utilization yet. I have to get a new switch and AP to finish the setup, and then I'll do the full test between multiple devices. Currently I have only one device connected to pfSense and other devices on WiFi connected to the NURO ONT, I did a test and results were positive, but it's not quite what I'm going for. As soon as I complete the setup I'll provide more information on this solution.

RW21 commented 1 year ago

@mark-omarov I see. Thanks for sharing. For myself, I think I'll stick with the HG8045Q or perhaps get the 2gbps onu/router down the line. HG8045Q is still able to work with a shared bandwith of 2gbps if router properly.

edwynchan commented 1 year ago

@mark-omarov i just signed up. I can’t login at all Would love to disable it

edwynchan commented 1 year ago

Hi everyone,

It's really troublesome and a shame. I've moved and decided to use NURO instead of NTT this time.

My plan were to make a home lab, obviously I don't want it to be behind ISP issued router, originally I thought they just give me modem, and then I'll connect my router, I figured they give their modem and route in-one solution, I thought I'll be able to bridge it and configure everything on my router. How little I knew.

I have no idea how to proceed from there TBH. I'm a software engineer, not very good with networks and hardware, so dumping memory or whatever is not really an option to me. It seems NURO doesn't enable bridge mode by a request neither.

If anyone have any information on how to make it work, legally, please let me know! I'd really love to get my home lab instead of using AWS/DO services. 😒

UPD: So far the only possibility I see is to proceed in the following manner:

  1. Disconnect everything from the NURO router and disable it
  2. Connect my router, LAN on NURO router to WAN on my router
  3. Enable NURO router, once it's booted - enable my router
  4. Configure DMZ on the NURO router to release all ports for the new router
  5. Configure my router and APs, connect my devices to the new router
  6. Disable WiFi on the NURO router completely

I'm not sure if that's going to resolve all my problems, but it's best what I know so far.

Could you give a little more detail on how you got this to work ?

In particular:

  1. Configure DMZ on the NURO router to release all ports for the new router

How can I get access to the settings now that the master account is turned off.

Appreciate the help!

mark-omarov commented 1 year ago

Hi @edwynchan , while the master account is turned off, you can still login with the admin account. Navigate to your router login page, username is likely to be admin, and the password should be somewhere on papers ISP gave you, or try default one that you can find online, I don't remember which was it exactly. Before enabling DMZ, make sure that your other router or firewall is configured correctly.

5n1perwo1f commented 1 year ago

Hi @edwynchan , while the master account is turned off, you can still login with the admin account. Navigate to your router login page, username is likely to be admin, and the password should be somewhere on papers ISP gave you, or try default one that you can find online, I don't remember which was it exactly. Before enabling DMZ, make sure that your other router or firewall is configured correctly.

Are you using your router (not nuro router) to distribute DHCP addresses? Also, did you set your NURO router to a static local IP address when plugging it into your routers WAN port?

5n1perwo1f commented 1 year ago

I have an AX4200, and usually don't have issues like this when I can bridge the modem/router supplied by the ISP. But in this case, bridged mode is completely non-existent. I run servers and such within my network that I'd like accessible from outside the network, but DMZ is not allowing me to accomplish this. Even when i forward the ports going from the LAN port of my HG8045Q to the WAN port on my AX4200, the ports remain closed.

Is there a workaround or solution to this? Would upgrading to Smart Life provide me with a router than can be bridged? Thanks for the help. I appreciate it.

If I connect my AX4200 router from LAN to LAN on the Nuro router and set the AX4200 to bridged mode, I can connect to my Servers from outside the network, but I lose all functionality of the Router at the same time. There must be something I can do to get this to work, my apologies as this issue is very frustrating.

-----Update---- Found a workaround solution, and it seems to be working.

pkishino commented 1 year ago

I have the same hg router and dmz works just fine. I run several open services no problem

On Fri, 8 Sep 2023 at 17:22, Wo1f @.***> wrote:

I have an AX4200, and usually dont have issues like this when I can bridge the modem/router supplied by the ISP. But in this case, the bridged mode is completely non-existent. I run servers and such within my network that I'd like accessible from outside the networl, but DMZ is not allowing me to accomplish this. Even when i forward the ports coming in from the LAN port of my HG8045Q to the WAN port on my AX4200, the ports remain closed.

Is there a workaround or solution to this? Would upgrading to Smart Life provide me with a router than can be bridged? Thanks for the help. I appreciate it.

— Reply to this email directly, view it on GitHub https://github.com/meh301/HG8045Q/issues/1#issuecomment-1711274108, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA7OFYV7S3PRTWSXMIM24RTXZLIU7ANCNFSM4UURZGKQ . You are receiving this because you commented.Message ID: @.***>

mark-omarov commented 1 year ago

Are you using your router (not nuro router) to distribute DHCP addresses? Also, did you set your NURO router to a static local IP address when plugging it into your routers WAN port?

Yes, and yes.

Is there a workaround or solution to this?

It looks like you have already figured it out. I don't expose my homelab, so I never ran into this issue.