dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



It is normally set with an engineering Username and Password that has never been released. There are a few 5200s (depending on the Firmware) that use the Telco's name as the Username and Password also, but this doesn't matter now that a BBR Member has written a utility that allows you to set the FTP Username and Password to your liking using SNAP. You can read about it HERE and also download it. Development info on the utility plus a few Telnet commands are HERE. Thanks to ICGabe.

The utility is available from this web site.
»www.gabrielstrong.com/

Note: Also is reported to work with the 5100 Speedstream.

Feedback received on this FAQ entry:
  • I have a C implementation of this inspired by the packet structure provided. It doesn't work here, but I suspect it may be because of the telco lockdown (bell canada). /* speedstream 5200 password reset utility * * inspired from: http://www.gabrielstrong.com/ * * specifically, data structure taken from http://www.gabrielstrong.com/ethernet_packet.php * * this *may* be an implementation of SNAP: https://en.wikipedia.org/wiki/Subnetwork_Access_Protocol * * GPL-v3 */ #include #include #include #include #include #include #include /* should be prompted, but i couldn't be bothered with getopt... */ /* those two are stripped at 14 chars */ char *login = "admin"; char *password = "admin"; /* * used to route the packet to the right interface by the kernel make * sure you choose an IP that will make the packet go out on the right * interface */ char *target_ip = "192.168.2.1"; uint8_t sender_mac[6] = { 0x00, 0x00, 0x24, 0xcc, 0x93, 0x44}; /* 00:00:24:cc:93:44 */ uint8_t target_mac[6] = { 0x00, 0x0b, 0x23, 0x9d, 0x83, 0x1a}; /* 00:0b:23:9d:83:1a */ /* no serviceable parts below */ int target_port = 7; /* echo port, ignored */ typedef struct _arp_pkt arp_pkt; struct _arp_pkt { uint8_t sender_mac[6]; uint8_t target_mac[6]; uint16_t plen; /* 0x006E */ uint16_t unknown1; /* 0xAAAA */ uint8_t control; /* 0x03 */ uint8_t vendor[3]; /* 0x0020EA */ uint16_t htype; /* 0x0202 */ uint8_t unknown2[10]; /* 0x00000103006000000001 */ uint8_t sender_mac2[6]; uint8_t unknown3[8]; /* C0A8000DFFFFFF00 */ uint8_t target_mac2[6]; uint8_t unknown4[8]; /* C0A8000DFFFFFF00 */ uint8_t login[14]; uint8_t unknown5[18]; /* 0000... */ uint8_t password[14]; uint8_t unknown6[32]; /* 000... */ }; const uint8_t vendor[3] = { 0x00, 0x20, 0xEA }; const uint8_t unknown2[10] = { 0x00, 0x00, 0x01, 0x03, 0x00, 0x60, 0x00, 0x00, 0x00, 0x01}; const uint8_t unknown3[8] = { 0xC0, 0xA8, 0x00, 0x0D, 0xFF, 0xFF, 0xFF, 0x00 }; const uint8_t unknown4[8] = { 0xC0, 0xA8, 0x00, 0x0D, 0xFF, 0xFF, 0xFF, 0x00 }; int main(int argc, char **argv) { int sd, i, bytes; arp_pkt pkt; struct ifreq ifr; uint8_t *ptr; struct sockaddr_in sin; if ((sd = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { perror ("socket() failed to get socket descriptor for using ioctl() "); exit (EXIT_FAILURE); } // Copy source MAC address. memcpy (pkt.sender_mac, sender_mac, 6 * sizeof (uint8_t)); memcpy (pkt.sender_mac2, sender_mac, 6 * sizeof (uint8_t)); // Report source MAC address to stdout. printf ("Source MAC address is "); for (i=0; i<5; i++) { printf ("%02x:", sender_mac[i]); } printf ("%02x\n", sender_mac[5]); memcpy (pkt.target_mac, target_mac, 6 * sizeof (uint8_t)); memcpy (pkt.target_mac2, target_mac, 6 * sizeof (uint8_t)); // Report target MAC address to stdout. printf ("Target MAC address is "); for (i=0; i<5; i++) { printf ("%02x:", target_mac[i]); } printf ("%02x\n", target_mac[5]); /* clear memory of those just to be safe */ for (i=0; i sizeof(pkt.login) ? sizeof(pkt.login) : strlen(login))); memcpy (pkt.password, password, ( strlen(password) > sizeof(pkt.password) ? sizeof(pkt.password) : strlen(password))); memcpy (pkt.vendor, vendor, sizeof(pkt.vendor)); memcpy (pkt.unknown2, unknown2, sizeof(pkt.unknown2)); memcpy (pkt.unknown3, unknown3, sizeof(pkt.unknown3)); memcpy (pkt.unknown4, unknown4, sizeof(pkt.unknown4)); pkt.plen = 0x006E; pkt.unknown1 = 0xAAAA; pkt.control = 0x03; pkt.htype = 0x0202; for (i=0; i2013-12-15 23:42:20


Expand got feedback?

by Doctor Olds See Profile
last modified: 2006-10-14 17:14:51