Hacking Contest Huawei HG553 - GNU _ LUG Perugia Wiki

5/27/2014 Hacking Contest Huawei HG553 - GNU / LUG Perugia Wiki

http://translate.googleusercontent.com/translate_c?depth=1&hl=en&prev=/search%3Fq%3Dhg553%2Bvoip%2Bfirmware%2Benglish%26es_sm%3D93%26biw 1/7

Huawei HG553 Hacking Contest

From GNU / LUG Perugia Wiki.

Italian

Index

1 Hacking Contest Huawei HG553

1.1 Andydna by:

1.2 by Fabio1.3 by Claudio Cardinals

1.3.1 original firmware B181.3.2 Firmware B21 ES Spanish

1.3.3 firmware HG553kisumu 260111

1.3.4 firmware HG553_kisumu_custom_v.0.2

1.3.5 HG55X project on Sourceforge

1.3.6 Firmware Roleo

1.3.7 Huawei Echolife HG553 with OpenWRT

Huawei HG553 Hacking Contest

Router Huawei HG553 better known as Vodafone Station

Chipset Broadcom BCM6358 300MHz

16MB ROM

64MB RAM

ADSL2 + Modem

3G Router

1 USB port for 3G dongle

1 USB port for printer or network file share

2 ports VOIP

Integrated Access Point 802.11G

4-port 10/100 ethernet

Andydna by:

RELEASE STATION WITH VODAFONE FIRMWARE B062 and TELNET LOCKED

Model: Echolife HG553

Vers hard.: HG55MAGV VER.A

Soft Vers.: EchoLife_HG553V100R001C02B062

Enabling it to the telnet session you can replace the firmware without using the JTAG cable! Note the software version B062 (with successive firmware is not possible to implement the procedure. With previous firmware is possible).

Give the pc IP 192.168.1.10 GATEWAY: 192.168.1.1



Press the reset VS and turn it on by pressing and holding the reset button for a minute. Connect the LAN cable to the PC VS. Use only with firefox java plugin installed and enabled. Open firefox and type http://192.168.1.1 press ctrl-u or view source and you will see the page source in the browser. We must look for the line: var = SecurityCookie mine is: 41gqmgkxp1VP6NlDY4nKZ4sv4P5It copy it return to the browser and type: http://192.168.1.1/mt rE @ $%! s5 & yuSh.cgi? wc512 = 41gqmgkxp1VP6NlDY4nKZ4sv4P5It (NB: -> I did but it is not a indirro accessible and honestly do not know what it's for) (= After I glued my string taken from source) now open telnet:

open 192.168.1.1

and appear

huawey home gateway login: admin / admin

Download occorrente.zip (http://wiki.perugiagnulug.org/mediawiki/images/a/ae/Occorrente.zip)

This procedure does not need to load a new firmware but replaces the old and locked CFE (BIOS). Take a stick from minimum 128mb and copy the downloaded file within the unpacked above. cfe.bin is a firmware image that contains only the CFE old unlocked. insert the key into the USB port next to the LAN ports and type:

> Sh There appears: # write: # Cd / var/mnt/USBDisk_1 (type ls to see if the VS sees the 2 files inside the key) after that type: #. / Fw_update cfe.bin

you will see the busybox of VS will begin the process of replacing the CFE. DO NOT REMOVE OR STILL LESS TURN OFF THE PENALTY VS THE PERMANENT BRICK!If you notice that the VS crashes or returns the command will update failed or something like that, do not worry (often for fear of being wrong that you combine trouble can be avoidedby simply calm) when it appears again, "#", type reboot and then restart VS.

UNLOCK THE APPARATUS

-Download the file " image_b21_es.bin (http://wiki.perugiagnulug.org/mediawiki/images/8/85/Image_b21_es.bin.zip) " turn off the VS AND TURN WITH A TOOTHPICK BY HOLDING THE RESET BUTTON

-Connect the equipment through Ethernet cable and go to the address http://192.168.1.1 -You will see the form of a firmware update, click on "Browse" and select the firmware you downloaded previously. Finally, click on "SOFTWARE UPDATE" and let the process rununtil you reboot the device (you'll notice that the light on the wifi and ethernet connection will be activated) -After the procedure, please refer to the address http://192.168.0.1 . (Note that has changed! Then reconfigure your card with the IP 192.168.1.1) He will ask you user and pass (user: admin / pass: VF-EShg553) and you'll find yourself in front of the mask router configuration. -If you want you can now change the admin password -Advance Setup tab, you can modify the connection settings and any ADSL connection via key HSDPA.Vi advice regarding the ADSL delete existing settings and enter those of youroperator.

by Fabio

how to unlock vodafone station ver b62 or earlier

occorrente.zip download the file from:

http://crack8.ucoz.com/c8/occorrente.zip

unpack everything on a usb key formatted fat

connect the key to usb vs (the one closest to the ethernet ports)



turn on the vs firefox and go to http://192.168.1.1

enter in the address bar:

javascript: request_submit ("mt rE @ $%! s5 & yuSh.cgi", 0, 0) and press enter

at this point the telnet vs is then enabled by the terminal:

telnet 192.168.1.1

login with user admin password admin

at the> prompt, type sh + Enter

1. cd / var/mnt/USBDisk_1

1. . / Fw_update cfe.bin

when it appears again, "#", type reboot and then restart VS.

At this point one of the downloaded fw unlocked the type b21es, the Kisumo custom or "very promising" d-link roleo

turn on the vs with the reset and hold for at least 20 sec

septate on pc a fixed ip of 192.168.1.x class (eg 192.168.1.2)

firefox go to http://192.168.1.1

select the firmware you want and you load it.

wait ... wait ... wait ... wait ... stay calm ...

vs. when you finally restart the operation is finished.

by Claudio Cardinals (http://translate.googleusercontent.com/translate_c?depth=1&hl=en&prev=/search%3Fq%3Dhg553%2Bvoip%2Bfirmware%2Benglish%26es_sm%3D93%26biw%3D1366%26bih%3D663&rurl=translate.google.com&sl=it&u=http://wiki.perugiagnulug.org/wiki/Utente:Claudio_Cardinali&usg=ALkJrhgQz_Oqv96NuqMSayRH5NNVIoiLCQ)

We will list the various firmware that you can load on your VS and its characteristics, there is a firmware better than the others at all, everyone has strengths and weaknesses, eachfirmware has options more or less, it depends on what you want us ...

Once you unlock your VS HG553 (as described above by Fabio and Andrea), you can load one of the following firmware:

original firmware B18 (http://wiki.perugiagnulug.org/wiki/File:Firmware_orginale_release_b18.bin.zip)



Firmware B21 ES (http://wiki.perugiagnulug.org/mediawiki/images/8/8c/Firmware_b21_es.bin.zip) Spanish

Firmware HG553kisumu 260111 (http://wiki.perugiagnulug.org/mediawiki/images/b/bd/HG553kisumu_260111.bin.zip)



LEDs with the firmware KISUMU are handled differently from how it is written in the manual Vodafone Station, namely: the first LED on the right indicates the ADSL connectivity(if there is no connection the LED is flashing red), the second right LED indicates Ethernet connectivity (a blue circle), the third LED indicates the WIFI, the fourth LED USB 3G.

Firmware HG553_kisumu_custom_v.0.2 (http://wiki.perugiagnulug.org/mediawiki/images/8/81/HG553_kisumu_custom_v.0.2.bin.zip)

Project HG55X (http://translate.googleusercontent.com/translate_c?depth=1&hl=en&prev=/search%3Fq%3Dhg553%2Bvoip%2Bfirmware%2Benglish%26es_sm%3D93%26biw%3D1366%26bih%3D663&rurl=translate.google.com&sl=it&u=http://sourceforge.net/projects/hg55x/files/&usg=ALkJrhh6MzO6Z45mt3LFEylZTn4nIOlYSw)on Sourceforge

firmware b36 NV2 (http://wiki.perugiagnulug.org/mediawiki/images/c/cc/Firmware_b36_nv2.bin.zip) , Vodafone firmware with additional option

nb the ip address of 192.168.1.1 VS again becomes

Firmware Roleo

ROLEO the firmware is based on D-Link DVA-G3672B adapted for Huawei HG553, here you can download the document in PDF



(http://translate.googleusercontent.com/translate_c?depth=1&hl=en&prev=/search%3Fq%3Dhg553%2Bvoip%2Bfirmware%2Benglish%26es_sm%3D93%26biw%3D1366%26bih%3D663&rurl=translate.google.com&sl=it&u=http://wiki.perugiagnulug.org/mediawiki/images/c/c9/DVA-G3672B_D2_Manual_v1.20.pdf&usg=ALkJrhirpBghK_OPpinzwPe4sfNtPR2DZw) with all the technical characteristics,

the version that I recommend is the RU_DVA-G3672B_1.10_20110508_VS (http://wiki.perugiagnulug.org/mediawiki/images/8/8a/RU_DVA-G3672B_1.10_20110508_VS.zip)

Note the IP address of your VS becomes again with this firmarwe 192.168.1.1 with username admin and password admin by default.

To handle 3G connectivity, you have to go into the menu: EXTRA -> WAN -> 3G Router Configuration to find information on your USB stick, such as "Product ID" and "Vendor ID", go to menu item: EXTRA -> UTILITIES -> USB DEVICE LIST

Tested and working for now with the following Internet KEY:

Huawei E169, E156G with operator 3

Huawei E1800 with operator TIM

nokia internet stick

momodesign @ md-

The LEDs with the firmware ROLEO are handled correctly, by the book Vodafone Station, namely: the first LED on the left indicates the ethernet connectivity, the second LEDADSL connectivity, the Central Power LED, the LED Quaro (magenta / blue ) WIFI, the latest LED USB stick 3G.

The blue color button on the back, next to the port connection, for the deactivation / attivazioe the WIFI works correctly when the WIFI is off the front LED turns solid RED.



Huawei Echolife HG553 with OpenWRT

http://wiki.openwrt.org/toh/huawei/hg553

Retrieved from " http://wiki.perugiagnulug.org/wiki/Hacking_Contest_Huawei_HG553 "

Last modified on: 10:03, April 6, 2014.

Content is available under Attribution-NonCommercial-ShareAlike 3.0 Unported .

Hacking Contest Huawei HG553 - GNU _ LUG Perugia Wiki

Documents

Transcript of Hacking Contest Huawei HG553 - GNU _ LUG Perugia Wiki