search

seud0nym / tch-gui-unhide

Modify Telstra-branded Technicolor devices to access hidden features
GNU General Public License v3.0
119 stars 15 forks source link

Server doesn't respond to BOOTP requests (macOS) #194

Closed Photon9 closed 1 month ago

Photon9 commented 3 months ago

So, I have followed the instructions (I believe, I changed the commands to use ifconfig rather than ip because I don't have ip on my mac). Got the firmware to downgrade to.

When running the command to downgrade firmware I get the first part of the expected output:

❯ cd release
❯ sudo ifconfig en5 inet 192.168.0.254 netmask 255.255.255.0
❯ sudo ./tch-exploit-macos --ip=192.168.0.254 --tftp=./vcnt-a_20.3.c.0389-MR20-RA.rbi
Password:
Technicolor OpenWRT Shell Unlocker v2.0.2-seud0nym By BoLaMN

* Connect network cable from your computer to a LAN (yellow) port of the modem
* Change your computers network card to be a static ip address

  IPv4 Address: 192.168.0.254
  Subnet Mask: 255.255.255.0
  Default Gateway\Router: 192.168.0.254

Starting tftp server, listening on 192.168.0.254:69
Waiting for DHCP request... 0.0.0.0:67

Wireshark pcap shows I am receiving all of the BOOTP packets.

I can see tftp.coffee is instantiating the tftp server.

So that means that my computer simply isn't responding to the BOOTP packets... well that means I gotta look at bootpd.

If anyone has any advice on how to configure bootd on macOS to do this I would be very appreciative.

pencilhead1 commented 3 months ago

Sorry, I can't help with macOS. I had troubles on windows getting pc to recognise bootp ip address. I tried hard code IP / network but wasn't being recognised. My network is in 192.168.1.x. I had to change my network to 192.168.0.x, reboot pc so it picked up a new 192.168.0.x ip address, then manually set ip address as per instructions.

seud0nym commented 3 months ago

Sorry, I can't help you with macOS either. And I know only a little bit about networking.

However, it is actually waiting to respond to a DHCP request. Your device won't be able to download the firmware unless it gets an IP address from tch-exploit.

The DHCP response is also the key to making the exploit work to get root access.

stale[bot] commented 2 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.