September 28

MC801A Firmwares

Firmwares  (using google translate):



PLKPLMC801AV1.0.0B03 – Polish (Play operator). Web interface password:admin. Fully compatible with 5G networks (channel n 78 ), the speed does not slow down . The firmware is not updated via the web interface; the firmware update is conditioned by the presence of an original SIM card from the operator

SASTCMC801AV1.0.0B05 – Saudi (STC operator).
Patch 1 (for upgrading B05 to B06 version via computer): DL_MC801A_STC_SAV1.00.01
Patch 2 (for upgrading B05 to B07 version via computer): DL_MC801A_STC_SAV1.00.02

NEW: Saudi firmwareB07(STC operator)ZTE_STC_BD_SASTCMC801AV1.0.0B07 (sew via QFIL, after unpacking, the archive contains folder number 3, no other folders are needed for flashing) There is a firmware update in the web interface , the N78 (5G) channel does not work.

NEW: firmware ZAMTNMC801AV1.0.0B01 (South Africa, MTN operator) Fully compatible with 5G networks (channel n 78 ) speed does not decrease. The firmware is not updated via the web interface; the firmware update is conditioned by the presence of an original SIM card from the operator


TMOPLMC801AV1.0.0B07 – Polish (T-Mobile operator). Web interface password:admin. Fully compatible with 5G networks (channel n 78) speed does not cut . The firmware is not updated via the web interface; the firmware update is conditioned by the presence of an original SIM card from the operator

ATH3GMC801AV1.0.0B08 – Austrian (operator DreiMAXX) – Three . The firmware is not updated via the web interface, the firmware update is due to the presence of an original SIM card from the operator , the N78 (5G) channel does not work.

CNHKMC801AV1.0.0B11 – Hong Kong (SmarTone operator). Fully compatible with 5G networks (channel n 79 ), the speed does not slow down . There is a firmware update in the web interface , the N78 (5G) channel does not work.

FITELIAMC801AV1.0.0B12– Scandinavia (operator Telia), Webcam address http://192.168.32.1 , There is a firmware update in the web interface , the N78 (5G) channel does not work.

MC801A_Elisa2_B13 – Finnish (Elisa operator), Webcam address http://192.168.100.1 , The firmware is not updated via the web interface, the firmware update is due to the presence of an original SIM card from the operator , the N78 (5G) channel does not work.

CNCNLMC801AV1.0.0B12 – Mainland China, blocked frequency aggregation (no LTE CA).

CNCNLMC801AV1.0.0B18 – Mainland China, blocked frequency aggregation (no LTE CA).

CNCNLMC801AV1.0.0B22– Mainland China, blocked frequency aggregation (no LTE CA). There is an update in the web interface for firmware B33. Fully compatible with 5G networks on channel n 78 , the speed does not cut down, but it is necessary to select the carrier frequency B3 (4G) in Debug Page


NEW: : CN_CMIOT_MC801AV1.0.0B02 – China, operator, the largest operator in China “China Mobile” blocked frequency aggregation (without LTE CA). Fully compatible with 5G networks on channel n 78 , the speed does not slow down, but you need to select the carrier frequency B3 (4G) in Debug Page The firmware is not updated via the web interface.



NEW: : BD_CNBGBJMC801AV1.0.0B06 – China, Beijing region, blocked frequency aggregation (without LTE CA). Fully compatible with 5G networks on channel n 78 , the speed does not slow down, but you need to select the carrier frequency B3 (4G) in Debug Page The firmware is not updated via the web interface.

Source: https://4pda.to/forum/index.php?showtopic=1011903&st=100#entry107391391

September 28

MC801/MC801a/MC888 Backup/Restore firmware

 

 

How to backup a QCN file :

(File links at the end of the post)

1. Install the drivers: 9008 Qualcomm_USB_Driver_v1.0.zip  and DRV_DC_ZTE_AS_SETUPV1.0.0B03.exe

2. Install QPST_2.7.496 (use only this version, if another is installed, remove and install this one)
2.1. In the folder with QPST you will also find two files that you also need to install (you will need to restart the computer):

I –Python 2.7.13
II –Microsoft Visual C++ (VC_redist)

3. Connect a data cable (type C) from the bottom of the router and enable the diagnostic port by running this file: Sales_DC_SwitchPortV1.00.00
Connect a data cable (type C) from the bottom of the router and turn on the diagnostic port by running this file.

4. In the device manager, you will see that two ports have appeared, as in the screenshot:

 

5. Enable the QFIL program, which was installed along with the QPST program, go to “Tools” and select the “QCN backup restore” option: Open

 

Make sure that the diagnostic port is appeared and click
the “Backup QCN” button:

 

Copy the saved file to a safe place. The backup is located at C:\Temp on your computer.

 

Source: https://4pda.to/forum/index.php?showtopic=1011903&st=940#entry112698297

 

Files

 
Sales_DC_SwitchPortV1.00.00.exe
 

 

October 6

SophosXG IPsec OpenWrt site-to-site

OpenWRT:

This post assumes that you have installed all required packages on router.

/etc/conf/ipsec.conf

config conn ‘CONNECTION_NAME’
option enabled ‘1’
option keyexchange ‘ikev2’
option ipsec_type ‘tunnel’
option auto ‘start’
option leftfirewall ‘yes’
option auth ‘psk’
option right ‘REMOTE_VPN_PUBLIC_IP’
option rightfirewall ‘yes’
# option allow_webui ‘1’
option ike_authentication_algorithm ‘sha1’
option ike_dh_group ‘modp1024’
option ikelifetime ‘28800s’
option esp_encryption_algorithm ‘aes128’
option esp_hash_algorithm ‘sha1’
option esp_pfs_group ‘modp1024’
option keylife ‘28800s’
option ike_encryption_algorithm ‘aes256’
option forceencaps ‘yes’
option my_identifier ‘LOCAL_ID’
option rightid ‘REMOTE_ID’
option dpdaction ‘restart’
list leftsubnet ‘LOCAL_LAN/24’
list rightsubnet ‘REMOTE_LAN/24’
# option keep_enabled ‘1’
# option ping_ipaddr ‘192.168.200.30’
# option ping_period ’15’

config preshared_keys
option psk_key ‘VERY_LONG_PSK_UP_TO_32_CHARS’
list id_selector ‘LOCAL_ID’
Edit /etc/conf/firewall and add the last line to zone WAN
config zone
option name ‘wan’
option input ‘REJECT’
option output ‘ACCEPT’
option forward ‘REJECT’
option masq ‘1’
option mtu_fix ‘1’
option network ‘wan wan6’
list masq_dest ‘!REMOTE_LAN/24’

Enable and start IPsec

/etc/init.d/ipsec enable

/etc/init.d/ipsec start

Sophos XG

 

 

IPsec Policy (low security for low end devices)

 

September 10

OpenWRT ( +Linux) Bandwith limit per IP

Limit traffic from/to interface named “wl0” for specific IPs.

Replace 10kbit /20kbit according to your needs.

 


tc qdisc add dev wl0 root handle 1: htb default 12
tc class add dev wl0 parent 1: classid 1:1 htb rate 1000mbit ceil 1000mbit
tc class add dev wl0 parent 1:1 classid 1:10 htb rate 10kbit ceil 20kbit
tc filter add dev wl0 protocol ip parent 1:0 prio 1 u32 match ip src CLIENT IP/32 flowid 1:10
tc filter add dev wl0 protocol ip parent 1:0 prio 1 u32 match ip dst CLIENT/32 flowid 1:10



Limit for the interface

tc qdisc add dev wl0 handle 1: root htb default 11
tc class add dev wl0 parent 1: classid 1:1 htb rate 50kbit
tc class add dev wl0 parent 1:1 classid 1:11 htb rate 50kbit
February 6

aDSL-vDSL moder/router for OpenWRT

Λοιπόν μετά από δοκιμές και ελέγχους 3+ μηνών, μπορώ να πω ότι η συσκευή με το Lede δουλεύει μια χαρά και ήδη βρίσκεται από τα Χριστούγεννα στην θέση της λειτουργώντας αδιαλείπτως.

Το αρχικό TD-W8970B που αγοράσθηκε καινούργιο, δεν κατέστη δυνατόν (ότι κι αν δοκίμασα) να δουλέψει σε ADSL από αστικό κέντρο. Μόνο από DSLAM καμπίνας έχει δυνατότητα, όπως αναφέρουν οι πληροφορίες στο διαδίκτυο, εφόσον το DSLAM αυτής εξαρχής υποστηρίζει ταυτόχρονα ADSL/VDSL στην ίδια κάρτα*. Την θέση του πήρε το TD-W8980 που έχει ίδια ακριβώς τεχνικά χαρακτηριστικά και δυνατότητες με επιπλέον την χρήση των 5GHz, που ωστόσο σε Lede/OpenWRT ακόμη (γίνονται προσπάθειες) δεν λειτουργεί το Lantiq WAVE 300 (παρομοίως ισχύει και στο TD-W9980), παρά μόνο το Atheros AR9287 στους 2,4GHz.

Παρόλο που έχει μικρή σχετικά μνήμη 8/64 (Flash/Ram) εν τούτοις πήρε όλες τις επιπλέον εφαρμογές που χρειαζόμουν (DDNS, OpenVPN, SQM QoS και p910nd). Φυσικά δεν μένει χώρος, σε περίπτωση που χρειασθεί αναβάθμιση των πακέτων που έχει, οπότε είτε θα γίνεται αναβάθμιση του image (όταν υπάρχει νέο) είτε χρήση extroot κι εξωτερικού USB.

 

ENG: Bottom line, TD-W8980 can work for both aDSL and vDSL, but TD-W8970B wil work on vDSL and in some cases in aDSL if its connected to DSLAM cabin .

 

Για όποιον ενδιαφέρεται παρακάτω έχω τις ρυθμίσεις του Network και των Interfaces, ώστε να δουλεύει η συσκευή ανάλογα την επιθυμητή κατάσταση:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'XXXX:XXXX:XXXX::/48'

config atm-bridge 'atm'
	option encaps 'llc'
	option payload 'bridged'
	option vci '35'
	option vpi '8'

config dsl 'dsl'
	option xfer_mode 'atm'
	option line_mode 'adsl'
	option firmware '/lib/firmware/lantiq-vrx200-a.bin'
	option annex 'a'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '172.17.2.1'

config interface 'wan'
	option proto 'pppoe'
	option _orig_bridge 'false'
	option ifname 'nas0'
	option username 'ΧΧΧΧΧΧ@otenet.gr'
	option password 'ΧΧΧΧΧΧ'
	option ipv6 'auto'
	option mtu '1492'

config device 'wan_dev'
	option name 'nas0'
	option macaddr 'ΧΧ:ΧΧ:ΧΧ:ΧΧ:ΧΧ:ΧΧ'

config interface 'wan6'
	option ifname '@wan'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 2 4 5 6t'



Analysis
Στο ADSL τα Annexes A/Β, αναφέρονται σε συνδέσεις πάνω από τηλεφωνική γραμμή POTS και ISDN αντίστοιχα. Σε αυτά έχουμε:
α. Στο Annex A, η τηλεφωνία χρησιμοποιεί τις χαμηλές συχνότητες έως 4kHz και το DSL σήμα τις υψηλότερες συχνότητες 25kHz-22MHz, χωρισμένες σε 2 περιοχές (από 1 σε US και DS).
β. Στο Annex Β, η τηλεφωνία χρησιμοποιεί τις χαμηλές συχνότητες έως 120kHz και το DSL σήμα τις υψηλότερες συχνότητες 138kHz-22MHz, χωρισμένες σε 2 περιοχές (από 1 σε US και DS).

Στο VDSL τα Annexes A/B, αναφέρονται στη φασματική περιοχή (US/DS) και τις μάσκες (PSD) που χρησιμοποιούνται στα διάφορα προφίλ σε Αμερική (Annex A) και Ευρώπη (Annex B). Υπάρχουν και άλλα Annexes, είτε ήδη καταχωρημένα σε άλλες περιοχές/χώρες, είτε δεσμευμένα για μελλοντική απόδοση.
Και στο VDSL μπορούμε να έχουμε τηλεφωνία POTS ή ISDN, με τις ανάλογες χαμηλές συχνότητες με του ADSL, αλλά εδώ οι υψηλές συχνότητες του DSL (έως 35MHz) χωρίζονται σε 6 περιοχές (από 3 σε US και DS).
Επομένως το Annex του VDSL είναι άσχετο με την τηλεφωνία και από τις καμπίνες έχουμε συγχρονισμό πάντα σε Β (δεν συμβαίνει πάντα το ίδιο από αστικό κέντρο), ανεξάρτητα το είδος τηλεφωνίας που λαμβάνουμε.

Source (www.adslgr.com
Credits (jkoukos)
September 18

OpenWRT on TD-W8970B v1

Initial installation

Part #1 Enable root access

https://wiki.openwrt.org/toh/tp-link/td-w8970

Steps to access the linux shell using telnet for the TD-W8970 v1 firmware version0.6.0 2.12 v000c.0 Build 140613 Rel.31066n. Without opening the router physically.

  1. Login to the router web ui at 192.168.1.1. Take backup of the router configuration conf.bin(Keep one copy safely incase you screw up things!)

  2. download tplink configuration encrypter/decrypter tool from the link below. http://ejs1920.users.sourceforge.net/StatPOSTer-20160306.jar (Thanks ejs1920 for making this tool)

  3. Launch the program StatPOSTer-20160306.jar

  4. Select the router as TD-w8970v1 and click on decrypt button in the program and select the config file you saved in the step1

  5. Save the decrypted conf.xml

  6. Open the the decrypted conf.xml in notepad(would suggest to keep backup of this file just in case)

  7. Add the xml tag  after the xml node SerialNumber and save it.

    <Description val="TD-W8970 v1`telnetd -p 1023 -l login`" />

  8. Click the encrypt button, select the modified config, save as conf_modified.bin

  9. Login to the router web ui at 192.168.1.1 and upload the new conf_modified.bin. And let the router reboot.

  10. Router will reboot and have TD-W8970 v1`telnetd -p 1023 -l login` at the top, this is expected.

  11. Telnet to (using putty or something like it) 192.168.1.1 at port 1023
  12. Enter the user name as admin and password as 1234 (Looks like some sort of backdoor, there goes my peace of mind!)
  13. You are ready to go and have access to linux shell.

Part #2 Install OpenWRT

https://forum.openwrt.org/viewtopic.php?pid=340785#p340785

(Filenames do not much, so download the firmware and rename it )

 

How to backup original firmware and install openwrt without opening the case

You will need:

1) a usb stick/thumb drive formatted as vfat/msdos
2) PC connected to TD-W8970 v 1 running original firmware either by wire or wireless
3) Telent and dd installed on the PC

Prepare the openwrt images on PC

Download the official 15.05 relese of openwrt-lantiq-xrx200-TDW8970-sysupgrade.image and run the following commnad:

dd if=openwrt-lantiq-xrx200-TDW8970-sysupgrade.image bs=1310720 skip=1 of=openwrt-lantiq-xrx200-TDW8970-sysupgrade-1.image

Create folder td-w8970 on your usb stick/thumb drive then copy these two files over the newly created folder. Unmount/eject the usb stick and plug it into the usb port on the back of TD-W8970.

Backup the original firmware
Open telnet and connect to 192.168.1.1 with login/password both as admin. Type sh after logging successfully. Run the following command to backup:

cat /dev/mtd0 > /var/usbdisk/sda1/td-w8970/mtd0
cat /dev/mtd1 > /var/usbdisk/sda1/td-w8970/mtd1
cat /dev/mtd2 > /var/usbdisk/sda1/td-w8970/mtd2
cat /dev/mtd3 > /var/usbdisk/sda1/td-w8970/mtd3
cat /dev/mtd4 > /var/usbdisk/sda1/td-w8970/mtd4
cat /dev/mtd5 > /var/usbdisk/sda1/td-w8970/mtd5
cat /dev/mtd6 > /var/usbdisk/sda1/td-w8970/mtd6

Verify the size of mtd1 file on the usb stick by executing the following command:

ls -l /var/usbdisk/sda1/td-w8970/mtd1

If the size is 1310720 you can go ahead with installing openwrt otherwise go back to “Prepare the openwrt images on PC” and replace 1310720 by the actual size in the dd command.

Install openwrt
Run the following command

cat /var/usbdisk/sda1/td-w8970/openwrt-lantiq-xrx200-TDW8970-sysupgrade.image > /dev/mtdblock1
cat /var/usbdisk/sda1/td-w8970/openwrt-lantiq-xrx200-TDW8970-sysupgrade-1.image > /dev/mtdblock2

Reboot router afterwards.

 

On some ISPs (ex Greek Wind) you need to change the PPPoE dial interface from pto0 to pto0.835,

as 835 is the deault VLAN that Wind is using.

 

 

February 22

Grep a log file and send output to mail

This is a small script that looks for a string in a log file and then the string is found, sents by mail the output

-This example is for Smoothwall, in which i run Guardian Active response and i wanted to know who is blocked

-Place it in your rc.local, reboot and check your mailbox

 

 

 


#!/bin/bash
EMAILADDRESS="root@localhost"
EMAILSUBJECT="Guardian On Firewall "
MESSAGEBODY="/tmp/alert.txt"

##Select you log file
#tail -f /var/log/messages | while read LINE
tail -f /var/log/guardian/guardian.log | while read LINE
do
#Select the string
if [ `echo $LINE | grep -c "blocked"` -gt 0 ]
# if [ `echo $LINE | grep -c "eth"` -gt 0 ]

then
echo "Guardian actions:" > $MESSAGEBODY
#Insert some text before the output
echo $LINE >> $MESSAGEBODY
# echo "Guardian done it again !" >> $MESSAGEBODY
#Here i use sendEmail from Smoothwall, you can use you own sendmail/mail commands
sendEmail -f -u "$EMAILSUBJECT" -t -s smtp.gmail.com:587 -xu [email protected] -xp password < $MESSAGEBODY
# fi
done

February 20

Fail2Ban and Zimbra

After following several guides i faced an issue with the mail reporting.

Since sendmail provided by zimbra doesn’t work with the same parameters like the default sendmail i modified the mail function of Fail2Ban.

– I have enabled only notifications for Webmail/Webadmin login attemps

For Red Hat /CentOS you will need EPEL Repo

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm 

Continue reading