HG659 - telnet or ssh access ?

Forums › One New Zealand (including Vodafone, WxC, Farmside) › HG659 - telnet or ssh access ?

1 | 2 | 3

9 posts

Wannabe Geek

#1630980 15-Sep-2016 14:38

Thank you solutionz for your very helpful post, especially the config decrypting part at the end. It allowed me to quickly move the stupid wifi guest to a different subnet just by editing the xml file!

openmedia

3332 posts

Uber Geek

Trusted

#1720197 14-Feb-2017 20:41

solutionz:

Otherwise if you want to give it a crack yourself:

Install Python (x64): https://www.python.org/ftp/python/2.6.6/python-2.6.6.amd64.msi
Install Pycrypto (x64): http://www.voidspace.org.uk/downloads/pycrypto26/pycrypto-2.6.win-amd64-py2.6.exe
Download "hg635_configtool.py": http://pastebin.com/JbZjygY3
Backup your current HG659 settings as: 192.168.1.1 > Maintain > Device Management > Backup or Restore Settings > Backup > downloadconfigfile.conf
Locate hg635_configtool.py and downloadconfigfile.conf in the same directory.
CMD> hg635_configtool.py decrypt downloadconfigfile.conf output.xml
Open output.xml and set; WanManagementEnable="0", TelnetEnable="1"; ConsoleEnable="1"; Userlevel="2"
CMD> hg635_configtool.py encrypt output.xml output.conf
Restore your settings: 192.168.1.1 > Maintain > Device Management > Backup or Restore Settings > Restore Settings > output.conf

Anyone tried this with a recent Vodafone firmware?

@solutionz tried your guide but once I'd enable Telnet I could no longer SSH in, plus port 23 didn't open on the modem for remote access.

Any other pointers / tips or should I try a Spark or BigPipe firmware?

Generally known online as OpenMedia, now working for Red Hat APAC as a Technology Evangelist and Portfolio Architect. Still playing with MythTV and digital media on the side.

solutionz

589 posts

Ultimate Geek
Inactive user

#1720588 15-Feb-2017 12:53

Try BigPipe.

openmedia

3332 posts

Uber Geek

Trusted

#1721003 16-Feb-2017 08:40

solutionz:

Try BigPipe.

Cheers. Got telnet via that firmware. Interesting that it doesn't appear to have dropbear/ssh access

Generally known online as OpenMedia, now working for Red Hat APAC as a Technology Evangelist and Portfolio Architect. Still playing with MythTV and digital media on the side.

suberimakuri

7 posts

Wannabe Geek

#1734261 10-Mar-2017 10:11

Thanks heaps for this.

I've just used the v20 firmware from Vodafone for a HG659 (not B) and then the python script to edit the config.

Then can ssh (with appropriate cipher/key settings) and run xdslcmd.

ztytian

31 posts

Geek

#1772388 29-Apr-2017 12:01

solutionz:

In case anyone's still wondering about this:

HG659 supports 'xdslcmd':

biggal:

I would like to know too

i can log in with the Admin password with ssh

but all commands fail

login as: Admin
Admin@192.168.1.1's password:

-------------------------------
-----Welcome to ATP Cli------
-------------------------------
ATP>sh
sh
Command failed.
ATP>

This is because your settings file has TelnetEnable="1" however ConsoleEnable="0".

I've built a config file to BigPipe V100R001C297B011 which enables Telnet and Console here: http://www.geekzone.co.nz/forums.asp?forumid=158&topicid=201985

I've built another one for Spark which *should* work too: http://filebin.ca/2uyUZGXdCUd6/SPARK_HG659_enable_telnet.conf

(WEB: admin / admin, CLI: !!Huawei / @HuaweiHgw)

If you want me to build one for VF firmware you'll need to send me a settings backup file from your router:

Backup your current settings: Maintain > Device Management > Backup or Restore Settings > Backup
Reset to default: Maintain > Device Management > Factory Restore > Reset
Backup your default settings: Maintain > Device Management > Backup or Restore Settings > Backup (Send me this file)
Restore your settings: Maintain > Device Management > Backup or Restore Settings > Restore Settings

Otherwise if you want to give it a crack yourself:

Install Python (x64): https://www.python.org/ftp/python/2.6.6/python-2.6.6.amd64.msi
Install Pycrypto (x64): http://www.voidspace.org.uk/downloads/pycrypto26/pycrypto-2.6.win-amd64-py2.6.exe
Download "hg635_configtool.py": http://pastebin.com/JbZjygY3
Backup your current HG659 settings as: 192.168.1.1 > Maintain > Device Management > Backup or Restore Settings > Backup > downloadconfigfile.conf
Locate hg635_configtool.py and downloadconfigfile.conf in the same directory.
CMD> hg635_configtool.py decrypt downloadconfigfile.conf output.xml
Open output.xml and set; WanManagementEnable="0", TelnetEnable="1"; ConsoleEnable="1"; Userlevel="2"
CMD> hg635_configtool.py encrypt output.xml output.conf
Restore your settings: 192.168.1.1 > Maintain > Device Management > Backup or Restore Settings > Restore Settings > output.conf

Doesn't seem to be working for me. Modem complains about an incorrect confirmation being uploaded and doesn't want to restore. Link to conf: https://drive.google.com/open?id=0Bx0zYcIcA_19blRwNjYzRklOU3c

solutionz

589 posts

Ultimate Geek
Inactive user

#1772410 29-Apr-2017 12:58

What are the changes you've made to your conf and what firmware you running?

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

Steve113

99 posts

Master Geek

#1777417 7-May-2017 21:27

is it possible to turn on SNMP or NetFlow from the Console options of HG659 please?

Id be very interested to capture this type of traffic.

openmedia

3332 posts

Uber Geek

Trusted

#1781907 14-May-2017 13:18

suberimakuri:

Thanks heaps for this.

I've just used the v20 firmware from Vodafone for a HG659 (not B) and then the python script to edit the config.

Then can ssh (with appropriate cipher/key settings) and run xdslcmd.

With the Vodafone V20 firmware which username/password were you able to SSH in with?

I've been trying and I can't login as the Admin user over SSH.

Generally known online as OpenMedia, now working for Red Hat APAC as a Technology Evangelist and Portfolio Architect. Still playing with MythTV and digital media on the side.

openmedia

3332 posts

Uber Geek

Trusted

#1784814 19-May-2017 16:26

So I'm trying a freshly installed vodafone firmware.

<X_ServiceManage TelnetEnable="1" TelnetPort="23" KeyEquipMode="0" ConsoleEnable="1" CircleTestDevice="" CircleTestResult=""/>

<X_Cli>
<UserInfo NumberOfInstances="1">
<UserInfoInstance InstanceID="1" Username="Admin" Userpassword="Lp0xkiAANwcYpVPbI3D/Mn==" Userlevel="2"/>
</UserInfo>
</X_Cli>

Anyone got an X_Cli Username example with a working password. I can't currently login to the router over Telnet.

Generally known online as OpenMedia, now working for Red Hat APAC as a Technology Evangelist and Portfolio Architect. Still playing with MythTV and digital media on the side.

solutionz

589 posts

Ultimate Geek
Inactive user

#1784859 19-May-2017 16:49

openmedia:

So I'm trying a freshly installed vodafone firmware.

<X_ServiceManage TelnetEnable="1" TelnetPort="23" KeyEquipMode="0" ConsoleEnable="1" CircleTestDevice="" CircleTestResult=""/>

<X_Cli>
<UserInfo NumberOfInstances="1">
<UserInfoInstance InstanceID="1" Username="Admin" Userpassword="Lp0xkiAANwcYpVPbI3D/Mn==" Userlevel="2"/>
</UserInfo>
</X_Cli>

Anyone got an X_Cli Username example with a working password. I can't currently login to the router over Telnet.

jp@ubuntu:~$ echo -n "Lp0xkiAANwcYpVPbI3D/Mn==" | base64 -d | openssl enc -d -aes-128-cbc -K DBAF3361E81DA0EF5358A1929FC90A80 -iv 629EA150533376741BE36F3C819E77BA -nopad
@HuaweiHgw

suberimakuri

7 posts

Wannabe Geek

#1784880 19-May-2017 17:12

For what it's worth. I changed the admin password in the regular http interface and then I could still ssh into it after doing the python script -> edit ... etc.

Default ssh in Debian won't connect to router because the router uses old connection parameters. eg:

ssh 192.168.1.254
Unable to negotiate with 192.168.1.254 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

So I did this command to connect:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc Admin@192.168.1.254
The authenticity of host '192.168.1.254 (192.168.1.254)' can't be established...
etc.

openmedia

3332 posts

Uber Geek

Trusted

#1784996 20-May-2017 06:13

solutionz:

jp@ubuntu:~$ echo -n "Lp0xkiAANwcYpVPbI3D/Mn==" | base64 -d | openssl enc -d -aes-128-cbc -K DBAF3361E81DA0EF5358A1929FC90A80 -iv 629EA150533376741BE36F3C819E77BA -nopad
@HuaweiHgw

Interesting. Thanks for that.

The password doesn't appear to work on my unit though. Hmm

Generally known online as OpenMedia, now working for Red Hat APAC as a Technology Evangelist and Portfolio Architect. Still playing with MythTV and digital media on the side.

kolyan007

1 post

Wannabe Geek

#1805955 24-Jun-2017 07:16

Hello,

Just wondering if anyone did successfully update Samba version or was able to disable nt pipe support to mitigate against SambaCry hack (http://thehackernews.com/2017/05/samba-rce-exploit.html?m=1) on that router?

openmedia

3332 posts

Uber Geek

Trusted

#1845556 12-Aug-2017 13:35

@solutionz have you an updated script that works with the be B26 firmware from Vodafone. Looks like the keys have changed.

http://help.vodafone.co.nz/app/answers/detail/a_id/27703/

Generally known online as OpenMedia, now working for Red Hat APAC as a Technology Evangelist and Portfolio Architect. Still playing with MythTV and digital media on the side.

1 | 2 | 3