Hack TX Power QCA9533 to 30dbm

Hack TX power family of QCA9533 chipset to 30dbm real TX power 23-24dbm

or around 200mW.

Can be applied to TL-841ND v10 / v11, TL-WR840N v2 and TL-WR740N v6 (but only tested on TL-WR841ND v10):

Step 1 :

I assume the router is installed fw ddwrt, enable the ssh feature on the router in the service and administration tab, save, then apply settings, then reboot

Step 2 :

download the partition art that is on this link:

http://www.mediafire.com/file/8sc11lv5l36k49i/artHACKED+%281%29.bin

Then rename it to "art.bin" without quote

Step 3 :

With the WinSCP Utility send (export) to the folder / tmp router that we downloaded and renamed earlier. make sure art.bin is in the / tmp folder by checking via putty demgan command:

ls /tmp

Step 4 :

Execute files already in the router via putty with the command:

mtd -r write /tmp/art.bin board_config

Step 5 :

Login to ddwrt, then tunning so that what we do works well, in the wireless tab, change country to "Canada", then change the TX power to 30dbm, then save, apply settings and finally reboot.

NB: channels are only 1-11, do not support super channel and only work well with country code "Canada"

Read More

Getting the PPP Username and Password for CenturyLink Zyxel C1000Z Modem

My first DSL modem in 1999 required Telnetting in via serial port to USB. I had to call a network technician at Qwest, and followed by typing in what seemed like arcane commands. I had no idea what I was doing. Things have changed for the better, but most DSL modems still have the ability to log into them directly through command line interfaces. The C1000Z runs BusyBox Linux which comes loaded with your usual base Linux utilities, so if you can wield Bash, you can hack your modem.

Grabbing your PPP username

I was looking to enabled the Transparent Bridge mode for my new Netgear R6050 after a friend managed to break the internal antenna on my Zyxel C1000Z, I wasn’t home so I don’t know the physics involved. Rather than pay $99 to CenturyLink for a new modem/router I decided to buy a new WAP/Router.

Having a little network administration under my belt, I figured I could grab the PPP Password.

The following guide was indispensable and got me 95% of the way there so I suggest checking it out first and/or following it along with my more “For Dummies” guide:

How to Find Your CenturyLink PPP Password on a Zyxel C1000Z Modem

You’ll want a basic understanding of SSH and/or Telnet. OS X regardless of version come with SSH and Telnet as does (almost) every flavor of Linux. Windows users will need Putty.

You’ll want a basic understanding of SSH and/or Telnet. OS X regardless of version come with SSH and Telnet as does (almost) every flavor of Linux. Windows users will need Putty.

Step 1:

First you’ll need to enable telnet in your Router, and you’ll need PPPoe enabled (Under WAN settings), these can easily be done through the Modem’s GUI

Step 2:

Fire up your terminal (Windows users will have to use Putty, and translate the instruction) and type:

telnet YOUR-IP-ADRRESS

In this example, my router’s IP address is 192.168.0.1, this is the default address so I would type:

telnet 192.168.0.1

It make take a moment for the router to respond, once it does, respond something like “BCM963268 Broadband Router” and it should ask for your username, type in the username you entered hit return and it should then ask for your password, enter the password you typed in, hit return.

Step 3:

Using the terminal we can call all the active tasks running on the modem, to do so type:

ps

Geek stuff: Users can use sh to access the BusyBox linux Bash shell and run task monitoring software like top. If you’re feeling adventurous, type sh and poke around using commands like ls and top. You can grab the process ID using top just like we do in step 4.

Step 4:

You should see a long list of responses, that read:

PID USER       VSZ STAT COMMAND  
1 admin     1556 S    init  
2 admin        0 SW<  [kthreadd]    3
 admin        0 SW<  [migration/0]  
4 admin        0 SW   [sirq-high/0]
and so on... We’re only interested in one entry, the one that’s running the pppd (or ppp*) command. it’ll probably be at the bottom. It should read something like:
3494 admin     1808 S    pppd -c ppp0.1 -i ptm0.1 -u myusername@qwest.net -p **

The myusername@qwest.net is your username.

Step 5:

cat proc/3494/cmdline 

Next you’ll need to analyze the process ID further, take special note of the preceding number, in this example its 3494. Type in the console:

pppd-cppp0.1-iptm0.1-umyusername@qwest.net-pjlFrVNtRMtU=-f0-D0-n1-L0-X120 >

The password portion of this is encoded, the tricky part here is identifying it. We know the that this is a concatenated line by gauging from the previous line. The password portion should be between -p  and -.  In this example, the encoded password is:

jlFrVNtRMtU=

Step 6:

This password is encoded in base64, thanks to the leg work Make a new tab or new terminal window, and type:

echo "jlFrVNtRMtU=" | base64 --decode

It should spit back something like:

ac7gkDnUmac-pro:~ user$

The ac7gkDnU will be your PPP password. Congrats! You’re now ready to enable transparent bridge mode on your router.

Article posted by blog@greggant.com

Read More

PLDT Fibr ONU AN5506-04-FA Backdoor Exploit

In the late year of 2016 there was a house to house PLDT agent promoting and advertising for the PLDT Home Fibr in our town particularly on my sister area, I was in my sister's resident that time and the PLDT Home Fibr promoter belling the gate of my sister house while I were there.  I open up the gate, the PLDT Home Fibr advertiser introduces me their Fiber Internet broadband product that they are having the limited promo  for FREE installation including the WiFi once you switch from other ISP's or waived the installation fees plus the device if your are a new subscriber on the monthly billing. I recommend and encourages my sister to get the offer of the PLDT Home Fibr as it is very late  this kind of stuff for my motherland whereas in other developed countries like Singapore or Malaysia they are far from us when it comes to technology.

I noticed the PLDT Home Fibr whenever your monthly internet bills overdue they will automatically disallow you from accessing the internet totally, your PLDT Fiber ONU is blocked and you can never ever enjoy surfing the net unless you have to pay your outstanding fees. Unlike Globe and Smart wireless internet broadband even if you device is banned from accessing the net still you can trick it with the vpn apps. I was thinking perhaps the PLDT Home Fibr is just like the old legacy SmartBro Canopy wireless internet that I have enjoyed the FREE internet for a very very long period time untill the WiMAX replace it.

I have stayed in my sister house during the weekends and the internet connection was interrupted due to late monthly bills payment. So i try to tweak with the old ways like the wireless internet SmartBro Canopy  and it works and my sister said how come you have the internet and we do not have? I said this is just temporary internet connection while your PLDT account is blocked.

While I was inside the PLDT Home Fibr ONU $hell I tour around and see what I have to see looking for stuffs that is interesting while hopping by hops into some other PLDT subscriber's ONU $hell. I find it very interesting, just imagine you can get into the PLDT ONU fiber device and hops by hops from one onto the other ONU device and can copy paste the inside or wipe out the entire filesystem of the ONU's.

The backdoor of PLDT Home Fibr ONU devices such as Fiberhome AN5506-04-F, AN5506-04-FA/T is very special that I do not want to disclosed on this blog. These three Fiberhome AN5506-04-XX series of the PLDT Home Fibr ONU device is until now widely open as of the time I am writing I have tested and proven and not have been yet close for sure the PLDT Tech team will not close the backdoor where they used to enter.

I write this issue because I want to differ the comment on kbeflo's gist.github by chudyvf that.

for those still have rp2627, change iptables directly.

iptables -R INPUT 1 -p TCP --dport 7547 -j REJECT --reject-with tcp-reset
iptables -I INPUT 2 -i lo -p TCP --dport 443 -j ACCEPT
iptables -I INPUT 3 -i br0 -p TCP --dport 23 -j ACCEPT
iptables -I INPUT 4 ! -i br0 -p TCP --dport 443 -j REJECT --reject-with tcp-reset
iptables -I INPUT 5 ! -i br0 -p TCP --dport 23 -j REJECT --reject-with tcp-reset

He commented or suggested, that the PLDT Home Fibr ONU devices aka Fiberhome AN5506-04-FA/T and AN5506-04-F to be safe from the PLDT ONU firmware updates RP2631, it is highly recommended that the above mentioned iptables command is a must for us to redo the iptables. On my own opinion as I have written and commented on kbeflo's gist.github the PLDT ONU firmware updates can not and will not be prevented from patching the firmware updates regardless of what ports you closed  or iptables you redo. The PLDT can still enter your ONU deivices using the so called BACKDOOR, whether  your are connected to the internet or NOT for as long as you are hook to the PLDT Fiberhome OLT you are bound for the firmware updates patching. As I have said I have been thru that backdoor!

My ultimate recommendation or solution to all the PLDT Home Fibr subscribers that are having or using the Fiberhome ONU devices such as AN5506-04-FA/T and AN5506-04-F is on the hardware side from being forcibly firmware updates to RP2631. But you have to be an electronics hobby, this thing needs basic soldering skill. The solution is to pull up the write-protect pinouts of the NAND flash from the circuit so that whenever there is an updates your ONU devices is protected unless you switch ON the write-protect of the NAND flash pinouts.

Your thoughts and comments are welcome, to be true I don't trust the PLDT Home Fibr ONU's better give me a fiber media converter I will provide my own wireless router access point, I rather have favor on OpenWRT, DD-Wrt or Tomato.

Read More

PLDT Fibr ONU AN5506-04-FA RP2631 Super Admin

Oh Well!!! Today when I woke up something strange happen to my PLDT Fibr Optical Network Unit (ONU) AN5506-04-FA as I have been expecting the so called RP2631 firmware update will be enforce and will be force to whether I like it or you don't, it will and will really be patched including YOURS and MINE.

What is new to the PLDT Fibr ONU firmware update RP2631? The Giant Telco ISP likes and wants their AN5506-04-FA/T ONU will serve just like a sitting duck as much as possible it would be a media converter only, why because 171 is fed up already about your calls you are so annoying!!!

Here's the quick and simple summary that PLDT wants to their all-in-one device aka the Fiberhome AN5506-04-FA/T Optical Network Unit and likewise a wireless access point (WAP) router built with two WiFi frequency such as 2.4GHz and 5GHz, it is also equip with two FXS for POTS but in addition you can insert your USB media device too. SAMBA and FTP server is great on this ONU device if were not restricted on the custom PLDT Fibr firmware.

Let see on the Graphical User Interface (GUI), the AN5506-04-FA/T RP2627 firmware downward you can login on the insecure port 80 via HTTP but not here in RP2631 HTTPS is being enforce while port 443 is use.

Next let see if the http://192.168.1.1/info.asp is still vulnerable without using any credential to login to the Fiberhome AN5506-04-FA/T ONU device.

Good patching the firmware already updated, its no longer accessible unlike before you can see the details without going to login to the PLDT Fibr ONU device. Thanks for that effort!

Now the exciting one, lets login to the PLDT Fibr AN5506-04-FA/T firmware RP2631. The username "admin" with the password "1234" for ordinary user account is no longer accepted its now being omitted. So what about the account for the username "adminpldt" with the password "6GFJdY4aAuUKJjdtSn7dC2x" will it be still accessible? And another thing is what happen to the Super Admin Account the username "fiberhomesuperadmin" with the password "sfuhgu" will it still work here on the new firmware updates.

As I have tested and verified all three previous username and password for PLDT Fibr ONU device AN5506-04-FA/T is no longer valid such as username "admin" password "1234", username "adminpldt" password "6GFJdY4aAuUKJjdtSn7dC2x" and username "fiberhomesuperadmin" password "sfuhgu" after the updates. Forget about your custom username and password that you have saved its totally gone.

When I dive and go into the shell I see two account credentials is allowed to get in,  only the Administrator account and the Super Admin account that the PLDT Fibr ONU is giving the permission to do login into the device nothing else can access the Graphical User Interface as for moment in time for my ONU. 

To access the PLDT AN5506-04-FA/T RP2631 firmware GUI Administrator account you have to point your web browser to https:/192.168.1.1/fh but you have to login first as Super Admin and enable the Web Admin Switch from the Management>> Device Mangement>> Debug Switch. Once enabled the Web Admin Switch logout and login again as Administrator account you can now again enjoy the privilege that have been enjoyed before of your ONU PLDT device.

Seen the above screenshot? Yes, that is the new PLDT Fibr ONU AN5506-04-FA/T RP2631 firmware update for the Super Admin account username "f~i!b@e#r$h%o^m*esuperadmin" its a 27 character so be careful on typo error its case sensitive. For Administrator account username still its "adminpldt" the password is no longer "1234567890" nor "0123456789" and certainly not "6GFJdY4aAuUKJjdtSn7dC2x" they changed it already. I am still planning to make a tutorial for the firmware downgrade from RP2631 to RP2627 will follow it soon to write.

Read More

PLDT Fiberhome ONU AN5506-04-FA RP2627 Update Failed

Just last month  I have been reading at kbeflo's gist.github again so many Netizen shouting about their PLDT Fiberhome AN5506-04-FA/T ONU being remotely updated by the country's Giant Telco ISP. It was me who first disclosed on this blog the PLDT "fiberhomesuperadmin " account privilege to access the PLDT Fibr ONU Super Admin and later on TipidPC.com who gave the password sfuhgu that everybody's enjoyed the tweaking and manipulating of their own ONU device. Now the sadness and sorrow came again to all the PLDT Fibr Subscriber because of the so called firmware updates from RP2627 to RP2631 that gives another headache, I know for Shifu out there like you it won't be as hard for you to locate the script even without any use of web developer tools but to a newbie like me will be painful looking for the code.

I have been enjoying my PLDT Fiberhome ONU AN5506-04-FA RP2627 without any patches and still intact until today 6pm my little Princess complaining that her mini iPad is not working anymore until I notice that the internet connection was interrupted. There was no signs that the red LEDs turns ON on the PLDT ONU until I login and see to it if the WAN connection really went down. On the Status Main Menu my PLDT ONU AN5506-04-FA is still intact and NOT being updated to RP2631 but when I check on my BroadBand settings, my ONU WAN Type is now being change from INTERNET to TR069_INTERNET. On my ONU VLANID is still the same as it is 1030 and the priority is still 0 but what happen to my WAN connection type from Route mode is no longer possible to scroll it to Bridge mode. What the F*ck, go and eat your PLDT Fiberhome ONU device. Yeah you are right! now you glued it on the Web User Interface, do you think that I won't be possible on the CLI and what about the web developer tools it can be unhide, PITY on your Graphical Interface.

This is another disaster to the PLDT Fibr Subscriber who owns this kind of ONU Fiberhome AN5506-04-FA/T, on kbeflo's at gist.github thread someone is already asking for RP2627 firmware I don't know if they will be able to upload the firmware onto the ONU device if they have it on their hand. On this Blog someone also commented and ask me the RP2627 firmware, I can upload it to them I have the list of the AN5506-04-FA frimware from RP2610 to RP2627. I have written on this Blog that best and easy way to backup the AN5506-04-FA firmware on Windows machine is via winSCP you can just click and drag the files.

I will leave it as it is today until the PLDT Engineering Technical Team done their patches and firmware updates remotely to all the PLDT Fiberhome ONU devices, soon to follow the post on how to undo the PLDT Fiberhome ONU AN5506-04-FA/T from RP2631 to RP2627 again. I know its hurts really when you are really inlove to your ONU device firmware RP2627 and suddenly someone just took it away without any prior notice. If possible I will write a tutorial on how to update the AN5506-04-FA/T frimware from RP2627 to RP2631 or vice versa from RP2631 to RP2627.

Read More

PLDT HOME Fibr Multi-WAN

In February 2007 it was my very first time going out the country to work abroad for operation and maintenance in one of the International Airport in the  Kingdom of Saudi Arabia, I left my previous work in one of the famous University in my hometown. During that time the only fastest Internet broadband connection that you can get for residential was the twin copper wire that carries two carrier in a single physical line,  one for voice such as home phone and the other is data for the Internet. In contrast to my beloved Philippines the Digital Subscriber Loop (DSL) at that time is very expensive, I remember I have three (3)  Internet Cafe whom I work for part time job in 2001 till 2005 and one of the NetCafe only afford a dial-up Internet connection, but during those period of time Netscape is the fave browser and mIrc is the best messenger among all who we used to hang on the net everyday from morning until midnight.

So I experimented my company dial-up internet account whenever I am on the NetCafe during night time to see how it works, so there it goes, it works that credentials. From that moment in time every night time  I hang on my NetCafe I have a free dial-up internet connection. I did the same thing in Saudi Telecom but this time its a Asynchronous Digital Subscriber Line during my three years work period contract and it works because the technology infrastructure used by DSL is same as the dial-up connection the Plain Old Telephone Service (POTS), whereas DSL uses Public Telephone Switch Network (PTSN) is just an upgrade version of POTS using same carrier twin copper wire single physical line.

In the mid of 2009 I got an offered to pursue my MS degree in Electronic and Communications Engineering in Kuala Lumpur to one of the well known International University of that Asia Tiger States, so I did grabbed the opportunity and started new series of being a university student again. The mud city just started their Fiber Optic roll out over the busy town, and my Kondominium were I reside don't offer the Fiber Optic service because its a high rise building and we are on the 11th floor. That's how they pronounce it Kondominium not Condominium, this tall building is equip with xDSL communication infra own by the government the Telekom Malaysia. The good things about Very High Speed Digital Subscriber Line (VDSL) it offers a triple play, you have the voice internet and the video just like the Fiber To The Home (FTTH) the physical connection is twin copper wire of the PTSN whereas FTTH a Passive Optical Network (PON).

I am really eager on experimenting such things like this and I proved that it works as what I have done and mention on my previous case study. In this experiment on Telekom Malaysia xDSL its not only a single connection but multiple logical internet connections. I have a TP-Link WR-TL740N v1.2 reflashed it with OpenWRT firmware Attitude Adjustment 12.09 loaded it with Multi-WAN package and it works I tested up to twelve (12) WANs.

If it works on Saudi Telecom and Telekom Malaysia I thing it would be impossible if it will not work on PLDT or neither to GLOBE Telecom Infrastructure. But this time we are on the PON infra, whether or not the Philippines Giant Telco will of course not right away garbage their vintage SmartBro Canopy equipment  that they still keep on using the authentication technique for P1 wireless CPE an upgrade of SmartBro family brand whom we all know the long term MacDo free internet connection that GLOBE Telco also rival it.

On this case study I am still using my legacy Wireless Access Point (WAP) router WR-TL740N v1.2 it has one WAN port and four LAN ports no modem built but with WiFi BNG 150N Lite. The Processor is 350Mhz MIPS with 4MBit flash and 32MBit of RAM, reflashed with the third party Linux embedded firmware OpenWRT Attitude Adjustment 12.09 and of course the Multi-WAN package.

My final test proves that there is no difference whether the Telecommunication Infrastructure between POTS, PTSN and PON are same regardless to whatever the authentication technique are being implemented they will behave in the same passion, this is just on my observation. I was very unfortunate my dear Professor in that university is a Shifu in Fiberless Optical Communication which is opposite to my field of interest during that time of my study. This case study still unknown issue to the academe, perhaps already known but not yet been publish, not a threat but widely vulnerable.

Read More

PLDT HOME Fibr ONU Vulnerable

So long I have no any article posted on my blog a busy man like me who has two angel keeps on following on me is so difficult to be a freeman again to hang on the net for long hours. I have stumbled upon around hopping by hop, sniffing on what is going on to the PLDT HOME Fibr Optical Network Unit after I disclosed the credentials of the  "admin account unavailable" to make available it seems like smell fishy going around after they mass update the Fiberhome AN5506-04-XXX  recently.

I still went on and try to see if this is really happening by accident or by chance that the PLDT HOME Fibr subscriber ONT device information page is been there exposed to the public network and can be seen without any authentications needed, you do not need the PLDT FiberhomeSuperAdmin account or the adminpldt to open it. Upon scanning is going thru I found PLDT Fiberhome AN5506-04-F software version RP2658 is already naked to the internet, in one subnet I found one and in another subnet I found two. I am not sure if these people who owns the said AN5506-04-F is aware of it, I guess they are also trying to open their device serial communication port to gain the access of the PLDT HOME Fibr "admin account unavailable" to make it available because its on trending today on the Netizen forum that the adminplt full access is back again since the first week of September 2018.

To ordinary people like me if my phone number is being publicize to the whole world it is worthless what they gonna do with that telephone number do they can make money with it? Are you going to jail? Oh I see, there you are, YES you can go to jail if  your  residential landline identity will be used for any illegal activity masking it to the other ONU/ONT as if it is YOU will pretend to be the DOER, your phone line identity number can be spoof to the other PLDT ONU/ONT such as to any AN5506-XX-XXX for as long as the device is hook to the PLDT network it will work and can make the CALL. You knew it right you are already diving into their palace.

Enough for the slides, I intentionally blurred those information on the screenshot for the security reason. If you wish to obtain one of those above feel free to swim to the PLDT HOME Fibr networks.

I do not know if this is a sabotage of the co-employees of the PLDT company who demanded for regular position because of their long history contractualization its for another topic. As you have witnessed its not only the mac addresses of the connected client that is being compromised but also the telephone number. I heard about HTTP injection how true is it, and what about the DNS hijacking? Well lets take it to another story when we have more time to write. But wait a minute we are not done yet, am I excuse to this PLDT HOME Fibr ONU/ONT exploitation? Lets take a walk thru it WANs will investigate if my Fiberhome AN5506-04-FA software version RP2627 is also affected by this so called nakedness.

By using the same procedure sniffing on the WAN side of the ONU/ONT from the public network there is no difference with the above mention PLDT Fiberhome ONU AN5506-04-F software version RP2658, the subscriber information are always compromise and its not guaranteed that you are on safe hand. If this is not a sabotage then there is another implication of web page disclosure to everybody on the net. Perhaps the Engineering Technical Team of the PLDT company is tired of being requested to task the switching of the subscriber ONU from Routing Mode to Bridge Mode from enabling it to disabling it more over specially when you demand and request to waive the adminpldt "admin account unavailable" to be available. Perhaps this is also to lure the client of the PLDT HOME Fibr that indicating that if the AN5506-04-XXX series ONU is on routing mode its mode prone to exploits unlike if it is on bridge mode it will appear to more safer. In addition, Yes that is more favorable to the PLDT as a whole it will lessen their headache not only that but  rather a discounted bandwidth for every internet fiber broadband subscriber allocated speed.

You said it right, including me, see that! Take a look at it closer, zoom it, that is my homephone line identity number. You can dial it from anywhere, "your monthly bill is our priority we do not care about your security whether you like it or not, its only PLDT and GLOBE where you can choose from". I heard it right Sir!

Worst from what you are expecting, you can swallow your PLDT "fiberhomesuperadmin" account now its not needed, the FTP Server will not ask you that to login and it can be open from any of your favorite browser, begging the "waiver" for obtaining the permission of the adminpldt "admin account unavailable" to be granted is no longer required the FTP Server will not ask for username and password anymore. Now you are thinking if you want to be in Bridge Mode that will lock you down to your throat squeezing your allotted bandwidth as possible to 30% that you can use out of your 100% speed limit. Or stick on Routing Mode make your AN5506-04-XXX series be the public WiFi access point of your neighbor give them a FREE access of your internet without your knowing? But then what solution can I offer to my reader regarding on this matter that will hamper you as a subscriber of the PLDT HOME Fiber internet broadband.

Answer, I can not provide any either solution or suggestion  unless you are the NTC  to tell this Giant Telco to fix their bugs before those man hatted will misused leak information above mention.

Read More

How To Access AN5506-04-FA Serial Port Console

Its not only me and you who are in trouble on acquiring the full accessibility of the PLDT Fiberhome AN5506-04-XXX ONU/ONT device settings, this has been raise on youtube channel, online forum such as github and Symbianize but remain no gain control rather the only option is to sign for a waiver until the Fiberhome Super Admin account unveil. This is NOT a tutorial on how-to dissect your all-in-one PLDT Home Fibr equipment but rather a reference for those people like me who suffer from memory lost who always forgetful.

What we need on How-To gain the Fiberhome AN5506-XX-XXX series ONU/ONT serial communication port console? Firstly, a serial port, but nowadays PCs and Laptop comes along with no serial com port then you have to look for USB-to-TTL or USB-to-Serial Com port. Secondly, any HyperTerminal utility will do but if you are like me who wants to be comfortably I would prefer Putty. Thirdly is optional, if you feel that the cord of your USB-to-TTL is too short then you might consider USB cord extension.

So how we start it, power off your PLDT Fiberhome AN5506-04-FA/T ONU/ONT device, unplug the power supply adapter, unplug the PON optical fiber jumper cord, unplug the LAN cable if you are using wired PCs. After you disconnect all those nasty wiring from the unit equipment flip the device from top to bottom. There are four (4) rubber feet located on the surface bottom of the Optical Network Unit. Lift one by one the four rubber feet with your finger nails you will see screw under it, then take any screw driver and unscrew it to remove the tighten metal lock. After you have taken all the four screws flip the Optical Network Terminal again from bottom to top, now its time to uncover it by just lifting the cover from any side of it.

Once the it is uncovered you will then see the four pin header on the surface of the circuit board of the PLDT Home Fibr AN5506-04-FA, to recognized which pin is which, from the left it is mark as CN1 and next to the first pin is labeled as 1. From pin 1 is Vcc, next pin 2 is ground and 3 is Rx while 4 is the Tx. To hook it to the USB-to-TTL for proper data communication you will only need three(3) pins the ground, RC and the Tx. On the side of AN5506-XX-XXX series the ground is to ground of the USB-to-TTL while Rx is to TX and the Tx of the ONU it to the Rx of the USB-to-TTL.

Next thing to do is to plug the USB-to-TTL on your PC, on Microsoft Windows7 the windows will automatically load its driver you can verify on the Device Manager if it is properly working, it will gives you the com port number. If the driver is not installed properly then you have to Google it for your driver and install it to make it work.

Now we are ready to go, use any HyperTerminal or Putty utility, download it first if you do not have one on your desktop. Open Putty, click serial, the "Serial line to connect to" in my case its COM13 yours might differ fill it what your Device Manager gives. Baudrate the speed is 115200, Data bits is 8, Stop bits is 1 while Parity is None.

After filling the Putty Configuration, click on the Session you are ready to fireup your Serial Console port, click the tab button Open you will then be prompted by a black screen. Plug the power supply adapter of the PLDT Fiberhome AN5506-XX-XXX series.

Now you be seeing a logs fast booting of the AN5506-04-FA/T all-in-one device equipment. There is two (2) boots you can interrupt the first and the second boots if you wish to enter the U-Boot section utility console. In this environment you can change your MAC Addresses your PON and the Ethernet permanently. You can type reset it will reboot the device while on the second boots you can type reboot and it will halt the system and reboot it from its beginning processing.

To login inside the Serial data communication port the username and password is by defualt all Wahun Fiberhome product is gpon, that is the username and password you be logged as root. Precaution if you get into the root Shell you can wipe out the entire systems. Your ONU/ONT PLDT Home Fibr AN5506-04-XXX series will get Brick it will no longer boots up, and it need to be reflash again to make it work. To avoid any disaster will occur before doing so backup the entire thing as possible, yo can use WinSCP its a handy utility on windows you can just click and drag to copy it.

Read More

Fiber Optic Connectors Evolution of Flat, PC, UPC and APC

The evolution of Fiber Optic connectors from flat to physical contact, ultra contact and the angled contact.

When a connector is installed on the fiber end, loss will be incurred. Some light loss would be reflected back directly down the fiber towards the light source that generated it. These back reflections, or Optical Return Loss (ORL) will damage the laser light sources and also disrupt the transmitted signal. Fiber connectors with different polishing types have different back reflections (see the picture below). With the development of technology, four polishing types are available: flat-surface, Physical Contact (PC), Ultra Physical Contact (UPC), and Angled Physical Contact (APC). How one evolves into another? This article will tell the answer.

The original fiber connector is a flat-surface connection, or a flat fiber connector. The primary issue of it is that a small air gap between the two ferrules is naturally left when mated. This is partly because the relatively large end-face of the connector allows for numerous slight but significant imperfections to gather on the surface. The flat fiber connector is not suitable for single-mode fiber cables with a 9µm core size, thus it is essential to evolve into Physical Contact (PC) connectors.

The Physical Contact is polished with a slight spherical design to reduce the overall size of the end-face, which helps to decrease the air gap issue faced by Flat Fiber connectors. It results in lower Optical Return Loss (ORL) with less light being sent back towards the power source.

Building on the convex end-face attributes of the PC, but utilizing an extended polishing method creates an even finer fiber surface finish: Ultra Physical Contact (UPC) connector. It has a lower back reflection (ORL) than a standard PC connector and allows more reliable signals in digital TV, telephony and data systems. UPC fiber connector could be used with both single-mode fiber and multimode fiber. Usually the UPC single-mode fiber connector is blue, but the UPC multimode fiber connector is beige. (Note: 10G UPC multimode fiber connector is aqua.)

PC and UPC connectors do have a low insertion loss, but the back reflection (ORL) depends on the the surface finish of the fiber. The finer the fiber grain structure, the lower the back reflection. When PC and UPC connectors are continually mated and unmated, the back reflection will begin to degrade. So there is a need for a connector with low back reflection and it could sustain repeated matings/unmatings without ORL degradation.

The end faces of Angled Physical Contact connectors are still curved but are angled at an industry standard eight degrees, which allows for even tighter connections and smaller end-face radii. Combined with that, any light that is redirected back towards the source is actually reflected out into the fiber cladding, again by the virtue of the 8°angled end-face. APC connector back reflection does not degrade with repeated matings/unmatings. APC fiber connector can only be used with single-mode fiber and it is green.

It is clear that all of the connector end-face options mentioned above take a place in the market. And it is hard to claim that one connector beats the others when your specification needs to consider cost and simplicity not just optical performance. Your particular need decides which one to choose. For those applications calling for high precision optical fiber signaling, APC should be the first consideration, but less sensitive digital systems will perform equally well using UPC.

Read More

PLDT Fiberhome Super Admin Account

As I have mention on my previous post on how to make available the "Admin Account Unavailable" that there is no need anymore to alter the 1.xml and 2.xml for the PLDT Fibr ONU AN5506-XX-XX web GUI accessible via http://192.168.1.1/fh, gaining to the web page menu setting is either by using the PLDT Fiberhome Super Admin account default username and password or thru Serial console communication port. Yes, its more complicated on the console com port because it is a Command Line Interface (CLI) unlike the fiberhomesuperadmin you are on the Graphical User Interface once you login you can just click it, to enable or disable the "Web Admin Switch" that's how easy and user friendly interface it is.

All ONU/ONT products of Wahun Fiberhome Technologies are ship with three(3) credentials, these two(2) default username and password management account remain unchanged to where ever country and ISP it will be used, but the other Administrator account such as "adminpldt" username and the password is customized by the ISP like PLDT Fibr HOME brand. The ISP Products branded with “FiberHome” have been exported to over 90 countries and regions worldwide including the Philippines. If you can not find in you ISP country the expose admin account perhaps you can Google it you may find answer at 3BB, PTCL, VietTel or maybe in Brazil, use google translate the friendly and so helpful to provide the context interpretation into your desire languages.

I am providing a screenshot again to make it probe that the "Web Admin Switch" are existing on the Management menu once you are log in as the Fiberhome Super Admin account, the username as I have said will remain unchanged as "fiberhomesuperadmin" its small caps this is case sensitive while the password is also remain unchanged as by default. But then how to access the Fiberhome Super Admin account if you do not know the default password even you have already Google the user manual of your Fiberhome ONU AN5506-XX-XX, its in a pdf format. Answer, the Serial Communication console port is there available and very accessible, you can even wipe out the entire filesystem, backup your config, likewise the firmware you can even copy via winSCP without pains.

You can try BinWalk its a powerful tool for firmware you can unpack, repack, edit, read and write even modify the cfg and the web. So many free HEXeditor that you can be use for editing not to mention the rest. The architect of this Wahun Fiberhome ONU/ONT I salute so brilliant, if just take a closer look of the internal OS and filesystem of the AN5506-XX-XXX. Just imagined it has two boots and a twin filesystem in case the first get fails the other will automatically take over.

Read More

PLDT Fibr AN5506-04-FA Debug

This is another episode of PLDT Fibr AN5506-04-FA ONU/ONT, today I would like to introduce to you the Debugging environment of Wahun Fiberhome AN5506-XX-XXX also applicable to this product series. What we have here upon digging into the inside of the terminal we got so many interesting stuff that we can exerciser on the command line interface, those guys who are fun of graphical interface they don't love this taste. How to get into this text envy you can login via telnet or thru the serial console.

If you want to access this terminal on telnet first thing you have to do is you must enable the "telnet switch" on the web GUI by using the FiberhomeSuperAdmin account username and default password. The other method is via console communication port. The above screenshot is the available command when you press the (?) question mark sign, or in other words its a help symbol.

On this second captured screen is another way on how to enlist all the function command for debugging the ONU/ONT Fiberhome AN5506-XX-XXX series. So much interesting text command we can try to execute here but be careful the rest of these debuggers you might be able to paralyze your all in one equipment. If you do not have the spare Optical Network Unit beside you do not desire typing those listed command you because you will interrupt your internet fiber broadband connection. There is another command line interface of this AN5506 series device which if more friendly and is safe to execute the listed commands, its the user config command line interface. Here you can also manipulate your desired config settings, you can find the startup-config and the running-config it most likely identical to CISCO IOS command line interface.

On this section is more likely for calibration purposes only and only those PLDT network engineers has more capacity to understand this category of work. If you are noob like me  take precautions on hitting those enumerated debug command.

Read More

PLDT Fibr AN5506 Admin Account Unavailable

It is really frustrating every time you want to do something like tuning up your ONU/ONT for the sake of your network security, gaining access to your home wireless access point, or even worst if someone can just step into your AN5506-XX-XXX without your knowing and install malicious backdoor onto it. There are so many silent *bots out there hanging around for lease and the most often victims are those residential gateway like us who owns this kind of lousy PLDT Fibr ONU/ONT equipment.

What even worst is when you are limited to access your own device supplied by your Internet Service Provider like PLDT who is monopolizing every inch of this so called Internet of Things. I am one of you who also face the same problem who's Optical Network Unit is being lock down  by Philippine Long Distance Telephone Company every time I open my web GUI I stuck on "Admin Account Unavailable".F8ck!

"You are prohibited to open the rest of the menus and settings of your own ONU/ONT because you have zero knowledge". Imagined that you have to beg for "adminpldt username and password account" for you to safeguard your entity, what the heck?  Just recently, now you must have to sign for a waiver if you want to have the admipldt account privilege otherwise when you get BRICK your PLDT Fiberhome AN5506-XX-XXX you have to pay for the replacement even if this ONU/ONT can just be reflashed by inserting a USB pendrive on its USB ports for firmware recovery. DAMN!

Try to make a call 171 to get help and your call get acknowledge after 35 minutes, yes thirty five minutes your ears will be swollen listening to the Interactive Voice Response System of my beloved PLDT. You will then be given a Ticket, for how long your issue will be solve? you have to wait until the Technical Engineering team can solve it. You still have an option is either to hire a Shifu from Symbianize or a Guru at GitHub. If you can find these two people on the said forum then you have to do it by yourself, dug into Google the biggest library on the globe hoping you can find hint for your problem.

After digging for about four months I just found some clues, I realize that there is no need to alter the 1.xml to 2.xml for you to get the adminpldt full access to navigate all the Menus and Settings. Its only the PLDT Fiberhome Super Admin account have the right key to make the adminpldt account available.

The PLDT FiberhomeSuperAdmin account can do this job, on the Management Menu you find this if you have login as fiberhomesuperadmin username at http://192.168/1/1/fh. Imagined they can just remotely switch the adminpldt account either to enable or disable it at any time any where they want it via web GUI or thru Telnet. There is more on this Menu Setting you can also find the OMCI Debug Switch and Telnet Switch if you desire to activate it or deactivate it. They can leave it for sometime open or give you an access for only three(3) days as they have given permission to those who are Netizens in GitHub forum.

If the PLDT Network Engineering Team will read this post surely they will inform their superior to immediately a mass patch this mole found on Wahun Fiberhome AN5506-XX-XXX products. This will be another headache to the PLDT concerning gaining access to the Fiberhome ONU/ONT device. Don't worry even though you can not have the privilege of FiberhomeSuperAdmin account to gain the full access setting of the web GUI, the Serial port is waiting for you its more than the privilege of fiberhomesuperadmin.

Disclaimer, this is not a tutorial this is provided as it is. I wish to have more time to write up more about PLDT FiberhomeSuperAdmin account. The Telnet Switch and the OMCI Debug Switch.

Read More

PLDT Fiberhome AN5506-04-FA RP2627

Today is not a surprise that once you open your PLDT Fiberhome AN5506-04-FA web GUI you have a lousy Menu settings on your ONU/ONT, the software version is updating upon upgrade are not stopping. As I open my ONU web GUI the version as I have expected will be updated again from my previous updated RP2616 now its RP2627. I login as an ordinary user account I can see nothing have change though the PLDT Engineering Team made this upgrade remotely. I usually try occasionally to login also the username adminpldt and password 6GFJdY4aAuUKJjdtSn7dC2x but not to expect that I can open this adminpldt account, because I know it always prompt me to the unavailable admin account.

When I saw my software version have change from my previous RP2616 to RP2627, I tried open the adminpldt account with the password mention above, oh Lo! It logs me in it didn't prompt me the unavailable admin account. I logout again and try to login with the same username and password. Yes it goes on and logs me in, are they forgetting something after they updates my ONU/ONT AN5506-04-FA or this is just a backlog?

As you can see on the screenshot above, its the PLDT Fiberhome AN550-04-FA web GUI status device information. I am still looking for this R:P2627 updates if what did the PLDT Engineering Team revised  inside this ONU/ONU firmware. I guess its nothing new, they just hide the parameter on the *.xml and the *.asp files so the Netizen like me have nothing to click on the pages of the PLDT Fiberhome ONU.

Here's the rest of the adminpldt account web GUI features and settings. If you take a look closely on this Menus nothing have been redo except those previous clickable apps are now mysteriously disable by default and no longer be enabled even how much clicks and apply you are going to do.

Firebug and Web Developer are still among the best css tool inspector if you want to investigate their dirty lefties program on this forbidden web pages. There is also a good way to totally penetrate this nullified access is using the Serial console, USB-to-TLL or UART microcontroller can also be use to get the access on the console port so cheap nowadays this device and can be purchase online for a few penny.

Yes this PLDT Fiberhome AN5506-04-FA ONU has a nice four pin header on the board right next to the SOC Integrated Circuit which is easily to be identified by just using a multi-metter to determined its TX and RX so you can see and read the logs. Going inside the console port you need a username ad password of course, but don't worry Wahun Fiberhome products such AN5506-XX-XXX default password can be found on the user manual just Google it. Once you are IN, then retrieving all the data inside can easily to be copied with the SCP if you do not want to mess with your USB pendrive.

On the shell your privileged  is you are the root so you can modify, read and write to any file or the filesystem, even erase it entirely so be careful before doing anything else you MUST backup the entire system in the case of disaster may occur you are safe, you may be able to upload the entire image back to the ONU, otherwise if you get BRICK you are good bye PLDT will not replace you AN5506-XX-XX.

The PLDT Fiberhome AN5506-XX-XXX is easy to be deBRICK there are bunch of way to reflash the firmware, unlike P1 CPE and HUAWEI. If you need help on your device ofcourse I can help you but I am not available at all times, I am also a busy person. I want to post on my next article by disecting this all Main Menu into their sub-Menus.

Read More

PLDT Fiberhome AN5506-04 Slowing After Bridge

I have been satisfied with my PLDT Fibehome internet fiber broadband connection for several months with my download speed of up to 1.2Mbits per second per download. I have no complain about my subscription plan because it is a just and fair with my monthly billing. When the PLDT Fiberhome Technical Team installed my fiber connection my ONU/ONT Fiberhome AN5506-04-FA came with older software version RP2610, the PLDT Manila NOC (Network Operation Center) advice me not to power off the 3in1 device for software updates to RP2616. Yes the AN5506-04-FA is a three in one equipment, it is an ONU/ONT bundled with digital Modem (Modulator De-modulator) similar to media converter likewise a Router for routing, and at same time a WAP (Wireless Access Point) with two Bands, one is 2.4GHz and the other is 5GHz frequency, also a four LAN port and two POTS ports for wired PCs and Telephone.

It has been long time ago that my PLDT Fiberhome internet fiber connection from the time being installed I got no worry about even though the web GUI (Graphical User Interface) has only limited settings,with the helps of those Gurus out the in gist.github.com I able to fully access and navigate the rest of the ONU/ONT web GUI Menu and settings. Early on the month of April the tricks to navigate the rest of the Menus and settings with admin username and password 1234 are unavaible already. After checking the software version, oh! RP2616 is no longer on the Status Device Information but rather an update being done now its RP2621 already. The gist.github.com and symbianize.com altering 1.xml to 2.xml will log you out and prompt you the return2login.html. In other words me and the rest of the Netizen who use the same agenda will now have to end the enjoyable downloading that we have on the previous tricks and settings.

So I make a call and dialed 171, I speak to the CSR and made a request for Bridge Mode of my lousy PLDT Fiberhome ONU/ONT AN5506-04-FA software version RP2621 hoping that from Routing Mode to Bridging will solved my problem. This is purchasing a new wireless router to served for my said purposes. One day after PLDT Technical guy calls up and talk to me and ask me what is my concerned, I said, I just need to be Bridge my ONU/ONT AN5506-04-FA I will just provide another wireless router for me needs.

He told me just to hang the phone for a while and after three (3) minutes he told me to unplug the power adaptor and plug again then power it up. Yes so quick, after he told me to verify if its already in the Bridge Mode and I said yes. I was so happy on that day that my PLDT Fiberhome AN5506-04-FA ONU/ONT is now on Bridge mode.

So finally my goal on Bridging the ONU/ONT is now done worry not because my new TP-Link WR841N can handle it, this kind of router is cheap with fair price and it is also a well know brand in data communication. So from that day I didn't check my speedtest if there is improvement or worst than before. A month have pass I notice it when I download files that my downstream now is on 50Kbits, I keep on downloading until I come to the conclusion that there is something wrong with my speed. Even for YouTube video streaming it took sometime to load the video to play. When I read on the other thread some Netizen also facing this kind problem after changing their ONU/ONT AN5506-04-FA from Router mode to Bridge mode the speed of the downstream get worsen that what they are to expected.

Reading upon research from other thread online about ONU/ONT and OLT, I came to the conclusion that on the side of Optical Network Unit or Optical Network Terminal it won't serve the purpose, you are limited and can be locked, on my observations all the supervision and management are on the side of the Optical Line Terminal (OLT). The OLT can restrict your upload and download, it has also the authority even to null your ONU/ONT LAN ports to a single PC only. Of course there is a remedy for this, remember there is no secured system made by human being there is always a way in that is why they won't stop and always keep on patching from time to time because they know its INSECURED.

Read More

How To Backup Fiberhome AN5506-04-FA MTD

First and foremost before doing the backup of the ONU/ONT Fiberhome AN5506-04-FA make sure you are the owner of the device, secondly you responsible for the damage you have done, doing this is a risky and you might be able to brick the equipment if mishandled incorrectly. As a precaution, preferably you have a spare ONU/ONT on your hand in the case of disaster you might not disrupt your internet connection.

How do we backup the ONU/ONT Fiberhome AN5506-04-FA mtd aka firmware?

There are two available terminal that we can gain access on AN5506-04-FA one is via Telnet terminal and the other is via Serial communication port. These two accessible console is also applicable to the other Fiberhome ONU/ONT AN5506-XX-XXX series if you want to explore your own device to prevent your Internet Fiber ONU device being remotely updated upon updated its firmware for you not to have the vast features configuration and all the other setting being hidden by your greedy ISP. To begin with, lets check if the port of Telnet is open we can use NMAP to verify it or other similar port scanner that may give us same result. If the Telnet port is close then we do not have other choice but to open the top cover of the ONU/ONT AN5506-04-FA because Serial Console header is residing on the surface of the board.

What we need for serial communication for us to be able to communicate with AN5506-04-FA Serial Console is a serial com port, or any USB-to-Serial converter device. Then a HyperTerminal, you can also use Putty,you might want to be comfy Hercules will do or any other application alike will serve for data communication between two digital devices. Once you are plugged in then the console terminal is ready. Communication baud rate is 115200 8n1, if everything is properly hooked up, once we fire up the power ON you should see the U-Boot message just started like this.

U-Boot 2010.03-svn671412 (May 27 2017 - 09:37:39)

DRAM:  128 MB
Boot From NAND Flash
CHIP ID = 51152100
NAND:  Special Nand id table Version 1.23
Nand ID: 0xC2 0xF1 0x80 0x95 0x02 0x00 0x00 0x00
Nand(Hardware): Block:128KB Page:2KB Chip:128MB*1 OOB:64B ECC:4Bytes
128 MiB
env0 ok ~~~~~~~~~~~
In:    serial
Out:   serial
Err:   serial
hi_lsw_init
hi_lsw_init_t
MEM_MODE = MEM!
tmp_cmd a =kk=112 mem=240M console=ttyAMA1,115200 root=/dev/mtdblock5 rootfstype=jffs2 mtdparts=hinand:128k(startcode),1M(u-bootA),1M(u-bootB),1M(envA),1M(envB),18M(kernel_rootfsA),18M(app_binA),20M(app_exA),18M(kernel_rootfsB),18M(app_binB),20M(app_exB),12160k(cfg)
kernel_rootfs_mtd_offset = 0x420000
Hit enter to stop autoboot:  2

This is just the first boot, let the system to goes on to the second boot until you see the message like this and then it will tell you to Press Ctrl+C to stop auto setup in 3 seconds, from 2sec to 0sec you must be quick.

CFE adapter module install successfully ...!

CFE hw_adpter_l3 module install successfully ...!

CFE module install successfully ...!
dapter multicast module install successfully, version: Jul 12 2017 10:28:18

 CFE_FH_MARK module install successfully ...!
initialize.sh...

Press Ctrl + C to stop auto setup 0

You are now in the root directory

~ #

Once you type the following Linux command like this cat /proc/mtd then you will see now the list of all MTDs.

~ # cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00020000 00020000 "startcode"
mtd1: 00100000 00020000 "u-bootA"
mtd2: 00100000 00020000 "u-bootB"
mtd3: 00100000 00020000 "envA"
mtd4: 00100000 00020000 "envB"
mtd5: 01200000 00020000 "kernel_rootfsA"
mtd6: 01200000 00020000 "app_binA"
mtd7: 01400000 00020000 "app_exA"
mtd8: 01200000 00020000 "kernel_rootfsB"
mtd9: 01200000 00020000 "app_binB"
mtd10: 01400000 00020000 "app_exB"
mtd11: 00be0000 00020000 "cfg"

Your USB pen drive or Flash drive must be formatted in FAT32 by default in any Microsoft Windows OS. After formatting it eject then plugged it onto the USB port of the AN5506-04-FA device. It will then pop you a message like this.

usb 1-2: new high speed USB device using hiusb-ehci and address 3
scsi1 : usb-storage 1-2:1.0
scsi 1:0:0:0: Direct-Access     TOSHIBA  TransMemory      1.00 PQ: 0 ANSI: 4
sd 1:0:0:0: [sda] 7574304 512-byte logical blocks: (3.87 GB/3.61 GiB)
sd 1:0:0:0: Attached scsi generic sg0 type 0
sd 1:0:0:0: [sda] Write Protect is off
sd 1:0:0:0: [sda] Assuming drive cache: write through
sd 1:0:0:0: [sda] Assuming drive cache: write through
 sda: sda1
sd 1:0:0:0: [sda] Assuming drive cache: write through
sd 1:0:0:0: [sda] Attached SCSI removable disk
fat
open /dev/console successed.
usb led 0  off
usb led 1  on

Verify with the df  Linux command. It will show you the list of all devices in the system.

~ # df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/root                18432      9864      8568  54% /
tmpfs                   119696         4    119692   0% /dev
none                    524288         0    524288   0% /tmp
none                    524288         4    524284   0% /var
/dev/mtdblock11          12160       856     11304   7% /fhcfg
/dev/mtdblock6           18432      5796     12636  31% /fh/bin
/dev/mtdblock7           20480     16564      3916  81% /fh/extend
/dev/sda1              3777936    215868   3562068   6% /dev/shm/usb/media/sda1

The USB flash drive is detected as sda1 device (/dev/sda1) and the mount point is located at (/dev/shm/usb/media/sda1), now we have to unmount the USB pen drive device first by not unplugging from the USB port of the AN5506-04-FA. Then mount again the USB flash drive with this following Linux command.

umount /dev/sda1

mount /dev/sda1 /dev/shm/usb/media/sda1

We are ready now for backing up all the MTDs of Fiberhome ONU/ONT AN5506-04-FA, we'll make first folder on the USB drive with this command.

mkdir /dev/shm/usb/media/sda1/backup

Now use these following Linux commands for back up the list of all the AN5506-04-FA MTDs.

~ # dd if=/dev/mtd0 of=/dev/shm/usb/media/sda1/backup/startcode.bin

256+0 records in
256+0 records out
131072 bytes (128.0KB) copied, 0.018642 seconds, 6.7MB/s


~ # dd if=/dev/mtd1 of=/dev/shm/usb/media/sda1/backup/u-bootA.bin

2048+0 records in
2048+0 records out
1048576 bytes (1.0MB) copied, 0.147251 seconds, 6.8MB/s

~ # dd if=/dev/mtd2 of=/dev/shm/usb/media/sda1/backup/u-bootB.bin

2048+0 records in
2048+0 records out
1048576 bytes (1.0MB) copied, 0.146912 seconds, 6.8MB/s

~ # dd if=/dev/mtd3 of=/dev/shm/usb/media/sda1/backup/envA.bin

2048+0 records in
2048+0 records out
1048576 bytes (1.0MB) copied, 0.147150 seconds, 6.8MB/s

~ # dd if=/dev/mtd4 of=/dev/shm/usb/media/sda1/backup/envB.bin

2048+0 records in
2048+0 records out
1048576 bytes (1.0MB) copied, 0.146535 seconds, 6.8MB/s

~ # dd if=/dev/mtd5 of=/dev/shm/usb/media/sda1/backup/kernel_rootfsA.bin

36864+0 records in
36864+0 records out
18874368 bytes (18.0MB) copied, 2.636288 seconds, 6.8MB/s

~ # dd if=/dev/mtd6 of=/dev/shm/usb/media/sda1/backup/app_binA.bin

36864+0 records in
36864+0 records out
18874368 bytes (18.0MB) copied, 3.495190 seconds, 5.1MB/s

~ # dd if=/dev/mtd7 of=/dev/shm/usb/media/sda1/backup/app_exA.bin

40960+0 records in
40960+0 records out
20971520 bytes (20.0MB) copied, 2.980738 seconds, 6.7MB/s

~ # dd if=/dev/mtd8 of=/dev/shm/usb/media/sda1/backup/kernel_rootfsB.bin

36864+0 records in
36864+0 records out
18874368 bytes (18.0MB) copied, 5.694926 seconds, 3.2MB/s

~ # dd if=/dev/mtd9 of=/dev/shm/usb/media/sda1/backup/app_binB.bin

36864+0 records in
36864+0 records out
18874368 bytes (18.0MB) copied, 2.767045 seconds, 6.5MB/s

~ # dd if=/dev/mtd10 of=/dev/shm/usb/media/sda1/backup/app_exB.bin

40960+0 records in
40960+0 records out
20971520 bytes (20.0MB) copied, 2.995862 seconds, 6.7MB/s

~ # dd if=/dev/mtd11 of=/dev/shm/usb/media/sda1/backup/cfg.bin

24320+0 records in
24320+0 records out
12451840 bytes (11.9MB) copied, 1.870105 seconds, 6.3MB/s

Now we are done, we able to backup all the MTDs of Fiberhome ONU An5506-04-FA. Soonest I post an article on How-To upload the MTD int the device incase you bricked you equipment you can repair it by you own.

Read More

How To Change MAC Address on Embeded System

I have just purchased an ONU/ONT Fiberhome AN5506-01-A at AliExpress a well known online store in Asia region. I decided to buy it because of my Fiber Internet Service Provider is locking down all their Optical Network Unit aka Optical Network Terminal which only allow their subscriber to a limited privileges to the CPE device settings and configurations. My ISP are updating their device remotely via OMCI and not through TR069, the updates or the ONU firmware upgrade is done without your knowing to whether it is online or offline it can be done. Exactly the updates upon updates is done prior without noticed the so called firmware!

My problem is that the ONU AN5506-01-A came in to me is with the Software Version RP0521 and the Hardware Version is HX-2.134.318A9G, this stock firmware also has a limited basic configuration settings. Meaning some of the Menus and sub-menus are being omitted, you can not set the WAN to Bridge Mode on the web Graphical User Interface (GUI) its explicitly as Router mode only. Another thing is that the LAN menu or the setting is missing from the GUI, you can not modify your desired IP configuration, enabling and disabling DHCP server and relay are out of the context. Most of all its NOT a plug and play electronics equipment.

Why do I need to change the MAC Addresses?

Unlike xDSL internet connection, your ISP will just ask you what username and password you wish or they just provide you the username and the password for you such as yourname@isp and your password, most often you can even choose your desired password as you wish for it. Then choosing and buying your own personal wireless modem router from low to mid or high class residential gateway is just on your finger nail because the device is a plug and play after you input the given username and password given by your ISP its now connected to the internet.

Now here we go, I took the fiber patch cord from my ONU/ONT ISP and then plug it to my new Fiberhome AN5506-01-A the LOS LED turns off from blinking Red, and the PON LED now don't stop from blinking Yellow. Obviously the PON LED means that the ONU is not connected to the network or to the OLT it needs an authentication, once the ONU is connected the PON LED lit will be steady in yellow color.

To get the AN5506-01-A to be connected to the OLT of my ISP we need to copy first the PON MAC address of the ONU/ONT and Serial Number of it that was provided by the ISP and replicate to the new ONU/ONT AN5506-01-A.

How do we change the PON MAC Address of the Fiberhome AN5506-01-A?

The ONU/ONT Fiberhome An5506-01-A is a ARM Linux Embeded system, going to the web GUI there is no way of changing the PON MAC Address. The chances of spoofing the Passive Optical Network MAC address is in the Linux environment, we can log in via Telnet and we can get access to its Command Line Interface (CLI), after reviewing the commands it is very reluctant to clone the MAC address. Another option is thru Serial communication port, this is a terminal also a CLI were we can get help from Busybox.

To change the PON MAC Address of AN5506-01-A heres the command.

First find the physical MAC address of your ONU/ONT device by running this following command :

# ifconfig -a | grep HWaddr
pie0  Link encap:Ethernet HWaddr 00:1A:2B:3C:4D:5E

The hexadecimal numbers in blue denote my AN5506-01-A ONU/ONT PON MAC address.

Next, type this following commands.

# ifconfig pie0 down
# ifconfig pie0 hw ether 00:A1:B2:C3:D4:E5
# ifconfig pie0 up
# ifconfig pie0 |grep HWaddr

To check again if the PON MAC Address have been change already just repeat this following command.

# ifconfig -a | grep HWaddr
pie0  Link encap:Ethernet HWaddr 00:A1:B2:C3:D4:E5

This is just a temporary solution, once the machine is being rebooting it will just go back to its original MAC address.

The final option we can do is still via Serial port but now it would be thru U-Boot Linux environment. Power ON the ONU/ONT
then you will see U-Boot started you must be quick in 3 seconds it will continue to boot to the second level of booting. You have to hit any key in 3 seconds.

U-Boot 2010.03-svn462977 (Mar 09 2016 - 17:03:30)

DRAM:  16 MB
Boot From SPI Flash
CHIP ID = 51161110
NAND:  SFC ID: 0x0
SFC : cs0 unrecognized JEDEC id 00000000, extended id 00000000
SFC ID: 0xef4018
SFC: cs1 W25Q128BV (16384 Kbytes)
SFC: Detected W25Q128BV with page size 65536, total 16777216 bytes
SFC: sfc_read flash offset 0x40000, len 0x20000, memory buf 0x81560008
In:    serial
Out:   serial
Err:   serial
Hit any key to stop autoboot:  2

Here's the following command in U-boot.

# setenv ponmac 00:A1:B2:C3:D4:E5

# saveenv

saveenv command means saving the environment variables. This will save permanently to the SPI FLASH storage.

Saving Environment to SPI Flash...
Erasing SPI flash...SFC: erase offset 0x40000, len 0x20000
erase cs 1
Writing to SPI flash...SFC: sfc_write flash to 0x40000, len 0x20000, memory buf 0x81560008
Erasing SPI flash...SFC: erase offset 0x60000, len 0x20000
erase cs 1
Writing to SPI flash...SFC: sfc_write flash to 0x60000, len 0x20000, memory buf 0x81560008
done

You must see something like this log messages.

Finally you can now use your ONU/ONT AN5506-01-A, just input the Serial Number of your device the OLT of your ISP provider will now give the authority to be connected to the system.

Read More