dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
25582
share rss forum feed


derekm

join:2008-02-26
kudos:1

4 edits

Sagemcom F@st 2864 unlock on *nix

With all credit due to lawrenson and this thread (now locked), here is the procedure I followed to achieve the same results without the Telnet.zip file:

Download Config
curl http://admin:admin@192.168.2.1/save_rg_conf.cgi > download.txt
 
Edit Config
replace:
(telnets(ports))
 
with:
(telnets
  (ports
    (0
      (port(23))
      (ssl_mode(none))
      (remote_access(0))
    )
  )
)
 
Post File
curl --data-urlencode new_rg_conf@download.txt http://admin:admin@192.168.2.1/replace_rg_conf.cgi
 

I would have added this to the other thread, but unfortunately, it's locked.

Also, this device contains a ton of GPL'd software. Shouldn't the source for this device be available ala WRT54g? Does anyone know who was responsible for the liberation of the WRT54g, perhaps they'd be interested in this also:

cat /proc/version 
Linux version 2.6.16.26 #1 Fri Jun 15 14:52:40 CEST 2012
 

That's f'd up - did nobody yet notice this is a linux box? (IANAL, but it looks like Bell or Sagemcom may be in violation of the GPL....)


zacron
Premium
join:2008-11-26
canada

I would like to make the code available but would need an eeprom reader.



TSI Gabe
Premium,VIP
join:2007-01-03
Chatham, ON
kudos:7

Yes we've gained access to it as well using this method but I've yet to manage to reflash it through the CLI. The ability to do so appears to have been locked out in the firmware



derekm

join:2008-02-26
kudos:1

said by TSI Gabe:

I've yet to manage to reflash it through the CLI. The ability to do so appears to have been locked out in the firmware

... which would also be different violation of the GPL, I think.


LiQuiD
BSD geek
Premium
join:2002-08-08
Anjou, QC

stupid question... what's to gain out of unlocking it?



derekm

join:2008-02-26
kudos:1

Line stats, as usual.

I'm assuming TSI would want firmware backup/updates to help provision gear.


lawrenson

join:2012-02-22
reply to derekm

said by derekm:

did nobody yet notice this is a linux box? (IANAL, but it looks like Bell or Sagemcom may be in violation of the GPL....)

It's something that I looked into while first trying to find a way into the modem, knowing that it ran on OpenRG and therefore Linux. I ran into other GPL violation complaints involving Sagem, and seem to recall somewhere saying that they'll send you a copy of GPL'd code if you send a written request.

vikingisson

join:2010-01-22
Mississauga, ON
reply to derekm

said by derekm:

Line stats, as usual.

I'm assuming TSI would want firmware backup/updates to help provision gear.

Except that it seems TSI has little access to these boxes and knows little about them. They only see the radius activity. The box is pretty locked down to Bell. So yeah, a little more access would be nice.

*That's* why it needs unlocking. I'm a little bothered that in semi bridge mode it always has a default connection to Bell. The logs and stats suck. The clock is stupid. In general the box hides many of the control features we want and is a bit shady having a Bell back door.


RRRR

join:2008-05-27
Montreal, QC

3 edits

So shall we request the GPL code and inform the FSF ?
I'd really like to get rid of that bell connection and have a proper bridge mode...
I feel vulnerable knowing I have a second open IP running crappy/vulnerable Bell code and letting them backdoor my firmware.

Also, anyone heard of a class action lawsuit against this forced modem rental scheme? There are some in the US it seems...

EDIT:
»www.hardware.com.br/comunidade/s···1238038/
»www.tripleoxygen.net/wp/2012/08/···cking-1/

The password for root in /etc/shadow seems to be: sagem


RRRR

join:2008-05-27
Montreal, QC

Is anyone at least able to get the line stats from within the modem?


vikingisson

join:2010-01-22
Mississauga, ON

said by RRRR:

Is anyone at least able to get the line stats from within the modem?

No but the provider can see some stats from their end. When they see it all as good then we're at an impasse if there are stability problems. So until we have modem choice or can hack for stats VDSL is dead to me.


RRRR

join:2008-05-27
Montreal, QC

It's possible to d/l to the jffs2 partition via tftp so we could probably d/l a binary to do things, but yeah, I get what you're getting at and it's a very sad situation.
Anyone knows how can they legally force the rental?



JCohen
Premium
join:2010-10-19
Nepean, ON
kudos:9
Reviews:
·Start Communicat..
·TekSavvy Cable
·Rogers Hi-Speed
reply to RRRR

said by RRRR:

Is anyone at least able to get the line stats from within the modem?

Yes, you can view the line stats through the CLIl see »Re: Firmware + Sagemcom Modem + Help


RRRR

join:2008-05-27
Montreal, QC

said by JCohen:

said by RRRR:

Is anyone at least able to get the line stats from within the modem?

Yes, you can view the line stats through the CLIl see »Re: Firmware + Sagemcom Modem + Help

Oops, missed that part even though I saw that password haha, cheers!

bigbug

join:2013-01-15
Markham, ON

Can you guys access »admin:admin@192.168.2.1/replace_rg_conf.cgi ?

I only get a box to re-enter the password. "admin" doesn't work for me.


lawrenson

join:2012-02-22

1 edit

said by bigbug:

Can you guys access »admin:admin@192.168.2.1/replace_rg_conf.cgi ?

I only get a box to re-enter the password. "admin" doesn't work for me.

This no longer works on the latest firmware.

For now we don't have any other way of enabling telnet.
I have an idea for another method that may work, no promises though since I haven't had much time to look into it or do any testing.

edit: Unfortunately the new method no longer works on the latest firmware either


jmck
formerly 'shaded'

join:2010-10-02
Ottawa, ON

sorry to necro this thread, but is there a way to enable telnet or see line stats with the newer firmware?



andyb
Premium
join:2003-05-29
SW Ontario
kudos:1

Firmware needs to be pulled and examined.Dunno if anyone has done it lately.Could be they encrypted it but if its GPL'd just ask bell for the source or get the GPL group to file a lawsuit


gzfelix

join:2010-01-18

Do you know how to pull the firmware? I happen to have one that's telnet-able.


s0dhi

join:2011-08-02
Brampton, ON

I was able to telnet in to my new Sagemcom this morning. There appear to be commands to flash firmware and do a variety of other tasks.



HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable

said by s0dhi:

I was able to telnet in to my new Sagemcom this morning. There appear to be commands to flash firmware and do a variety of other tasks.

what firmware is it running?
--
F**K THE NHL. Go Blue Jays 2013!!!

s0dhi

join:2011-08-02
Brampton, ON
Reviews:
·TekSavvy DSL

said by HiVolt:

said by s0dhi:

I was able to telnet in to my new Sagemcom this morning. There appear to be commands to flash firmware and do a variety of other tasks.

what firmware is it running?

Firmware Version: FAST2864_v6637F
Hardware Version: 2864-000000-002


HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21

Hrm i just dont remember if thats the latest... Did you let your modem update firmware several times when you first plugged it in?
--
F**K THE NHL. Go Blue Jays 2013!!!


s0dhi

join:2011-08-02
Brampton, ON
Reviews:
·TekSavvy DSL

said by HiVolt:

Hrm i just dont remember if thats the latest... Did you let your modem update firmware several times when you first plugged it in?

Nope, I just got it as part of the 50/10 upgrade. It's never been plugged into the line yet.

I can try to pull stuff off of it if someone can let me know how/what needs to be done.

BTW, I have a Cellpipe collecting dust, and I'm running my own Zyxel.


HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21

Ah, so thats why you were able to get in... When/if you plug it in, it will fetch new firmware and disable the telnet hole..
--
F**K THE NHL. Go Blue Jays 2013!!!



jmck
formerly 'shaded'

join:2010-10-02
Ottawa, ON

yeah, my 50/10 service became active yesterday and i saw the modem reboot a few times after getting sync and got worried, but i guess it was just getting a new firmware.


s0dhi

join:2011-08-02
Brampton, ON
Reviews:
·TekSavvy DSL
reply to HiVolt

said by HiVolt:

Ah, so thats why you were able to get in... When/if you plug it in, it will fetch new firmware and disable the telnet hole..

Understood. I probably won't plug it in, unless my Zyxel give me some sort of issue.


Guspaz
Guspaz
Premium,MVM
join:2001-11-05
Montreal, QC
kudos:23
reply to derekm

This is what mine reports:

Firmware Version
FAST2864_v6740S

Rescue Version
FAST2864_v7740S
--
Developer: Tomato/MLPPP, Linux/MLPPP, etc »fixppp.org


s0dhi

join:2011-08-02
Brampton, ON

1 edit

Is there any way to pull anything of value (for the community) off my Sagemcom since it's sitting here?

May be there is a way to drop a script on to the device that doesn't get overwritten during the upgrade?


sibisties

join:2012-06-04
Canada
kudos:8
reply to derekm

Last summer I sucessfully dumped the firmware from my Sagemcom modem. After deep analysis, I found a flaw in the web interface that could be used to inject executable code. My goal was to use this flaw to enable a page with line stats, and I succeeded.

I released my tool here on the Bell forum but it has been removed minutes later. My work was considered "too suspicious" because I didn't want to include the source code of the injection tool.

Too bad, I guess I'll be the only person with a beautiful line stats page on my Sagemcom. And yes it is still working with the latest firmware version!