Jun 29, 2019

PLDT Fibr ONU AN5506-04-FA Backdoor Exploit

In the late year of 2016 there was a house to house PLDT agent promoting and advertising for the PLDT Home Fibr in our town particularly on my sister area, I was in my sister's resident that time and the PLDT Home Fibr promoter belling the gate of my sister house while I were there.  I open up the gate, the PLDT Home Fibr advertiser introduces me their Fiber Internet broadband product that they are having the limited promo  for FREE installation including the WiFi once you switch from other ISP's or waived the installation fees plus the device if your are a new subscriber on the monthly billing. I recommend and encourages my sister to get the offer of the PLDT Home Fibr as it is very late  this kind of stuff for my motherland whereas in other developed countries like Singapore or Malaysia they are far from us when it comes to technology.

I noticed the PLDT Home Fibr whenever your monthly internet bills overdue they will automatically disallow you from accessing the internet totally, your PLDT Fiber ONU is blocked and you can never ever enjoy surfing the net unless you have to pay your outstanding fees. Unlike Globe and Smart wireless internet broadband even if you device is banned from accessing the net still you can trick it with the vpn apps. I was thinking perhaps the PLDT Home Fibr is just like the old legacy SmartBro Canopy wireless internet that I have enjoyed the FREE internet for a very very long period time untill the WiMAX replace it.

I have stayed in my sister house during the weekends and the internet connection was interrupted due to late monthly bills payment. So i try to tweak with the old ways like the wireless internet SmartBro Canopy  and it works and my sister said how come you have the internet and we do not have? I said this is just temporary internet connection while your PLDT account is blocked.

While I was inside the PLDT Home Fibr ONU $hell I tour around and see what I have to see looking for stuffs that is interesting while hopping by hops into some other PLDT subscriber's ONU $hell. I find it very interesting, just imagine you can get into the PLDT ONU fiber device and hops by hops from one onto the other ONU device and can copy paste the inside or wipe out the entire filesystem of the ONU's.

The backdoor of PLDT Home Fibr ONU devices such as Fiberhome AN5506-04-F, AN5506-04-FA/T is very special that I do not want to disclosed on this blog. These three Fiberhome AN5506-04-XX series of the PLDT Home Fibr ONU device is until now widely open as of the time I am writing I have tested and proven and not have been yet close for sure the PLDT Tech team will not close the backdoor where they used to enter.

I write this issue because I want to differ the comment on kbeflo's gist.github by chudyvf that.

for those still have rp2627, change iptables directly.
iptables -R INPUT 1 -p TCP --dport 7547 -j REJECT --reject-with tcp-reset
iptables -I INPUT 2 -i lo -p TCP --dport 443 -j ACCEPT
iptables -I INPUT 3 -i br0 -p TCP --dport 23 -j ACCEPT
iptables -I INPUT 4 ! -i br0 -p TCP --dport 443 -j REJECT --reject-with tcp-reset
iptables -I INPUT 5 ! -i br0 -p TCP --dport 23 -j REJECT --reject-with tcp-reset

He commented or suggested, that the PLDT Home Fibr ONU devices aka Fiberhome AN5506-04-FA/T and AN5506-04-F to be safe from the PLDT ONU firmware updates RP2631, it is highly recommended that the above mentioned iptables command is a must for us to redo the iptables. On my own opinion as I have written and commented on kbeflo's gist.github the PLDT ONU firmware updates can not and will not be prevented from patching the firmware updates regardless of what ports you closed  or iptables you redo. The PLDT can still enter your ONU deivices using the so called BACKDOOR, whether  your are connected to the internet or NOT for as long as you are hook to the PLDT Fiberhome OLT you are bound for the firmware updates patching. As I have said I have been thru that backdoor!

My ultimate recommendation or solution to all the PLDT Home Fibr subscribers that are having or using the Fiberhome ONU devices such as AN5506-04-FA/T and AN5506-04-F is on the hardware side from being forcibly firmware updates to RP2631. But you have to be an electronics hobby, this thing needs basic soldering skill. The solution is to pull up the write-protect pinouts of the NAND flash from the circuit so that whenever there is an updates your ONU devices is protected unless you switch ON the write-protect of the NAND flash pinouts.

Your thoughts and comments are welcome, to be true I don't trust the PLDT Home Fibr ONU's better give me a fiber media converter I will provide my own wireless router access point, I rather have favor on OpenWRT, DD-Wrt or Tomato.

7 comments:

Can this be only stopped on a hardware level or theres a software way to stop it?

the only and ultimate solution as of the moment that I can think for the possible answer is thru hardware the NAND Flsash. Just pull up the write-protect pinouts so no one can ever touch your firmware.

we can not prevent the PLDT BACKDOOR whether you like it or I don't, the PLDT ONU is control by PLDT Tech Team.

Well, I guess the people who has no skill in soldering still wil be forced to receive firmware updates then.

do you ever plan to make a tutorial specifically for the pldt onu router?

PLDT tech team can not push the RP2631 to all ONU's on the subscribers because there is a BUG when they try to use the TR069_INTERNET it will slower the connection, for savvy people will always complain and it will cause the PLDT tech guy another headache on 171 the CSR will transfer the call to them. Once the internet is slowed the subscriber will ask for ticket# and will rebate the lapses of the internet intermittent. As of now I can not see the need to make the tutorial the Super Admin is working properly and adminpldt is also accessible on the GUI.

perhaps the tutorial will be on the NAND flash write-protect so no one can ever touch your ONU's firmware unless you switch ON the writing mode to save the changes on the firmware.

Post a Comment