Forumi


Povratak   PC Ekspert Forum > Računala > Mreže
Ime
Lozinka

Odgovori
 
Uređivanje
Staro 10.09.2018., 18:58   #1
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
Speedport Plus (T-Com)

Evo nekoliko slika ovoga routera, radi se o Sercomm routeru, korisničko ime je admin a lozinka je serijski broj routera sa naljepnice. Administrativno sučelje je djelomično zaključano tako da nisu dostupne sve opcije.

Na matičnoj ploči postoji priključak za serijski port 3.3V, međutim kada se pristupi konzoli traži login i ne prihvaća admin niti ništa uobićajeno.

Parametri za pristup konzoli su 115200/8/none/1

Ima li tko ideju/informaciju kako pristupiti root accessu na uređaju?

Boot log:

Code:
 PRELOADER.00000000.LPLR.19767609.
II: SNAF version check OK!
II: version check OK!
TLB initial done:
    .ro section works!
    .text and .ro sections work!
II: SWR setup...
II: DRAM init...


Start to set DDR parameters 

ENABLE: Triple SYNC

TRIG: DRAM initialization procedure, wait done bit...Done!

PLL: MEMPLL31 = 0x10407f
PLL: MEMPLL63 = 0xc00001ef
PLL: MEMPLL95 = 0x26622760
PLL: MEMPLL127 = 0x270f0000
PLL: MEMPLL159 = 0xfff
PLL: MEMPLL191 = 0x0
PLL: MEMPLL223 = 0x0
System FREQ. info:OCP0: 0x3e8 MHz, OCP1: 0x1f4 MHz, DRAM: 0x20d MHz, LX: 0xc8 MHz

Slow bits configuration:

0xb8000380: 0x80000070

0xb8000390: 0x80000070

0xb8000388: 0x22200

0xb8000398: 0x200

0xb80003a0: 0xf000f

SCATS settings:

0xb80040f8: 0xc5

ZQ: Clock GROUP

ZQ: ODT/OCD= 30/30

ZQ: zq_zctrl_prog=0x80803be  zq_zctrl_status=0x20a133

ZQ: Address GROUP

ZQ: ODT/OCD= 30/48

ZQ: zq_zctrl_prog=0x180803b4  zq_zctrl_status=0x20a100

ZQ: DQ GROUP

ZQ: ODT/OCD= 30/3c

ZQ: zq_zctrl_prog=0x280803b8  zq_zctrl_status=0x20a111

ZQ: DQS GROUP

ZQ: ODT/OCD= 30/3c

ZQ: zq_zctrl_prog=0x380803b8  zq_zctrl_status=0x20a111

ZQ: ZQ Calibration PASS!

MRS: mr[0] = 100c72

MRS: mr[1] = 110006

MRS: mr[2] = 120000

MRS: mr[3] = 130000

AK: Start DDR_Calibration...

AK: Reduce DDR calibration

AK: Bit:0 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:1 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:2 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:3 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:4 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:5 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:6 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:7 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:8 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:9 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1d 

AK: Bit:a max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1d 

AK: Bit:b max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1d 

AK: Bit:c max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:d max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1d 

AK: Bit:e max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1d 

AK: Bit:f max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:10 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:11 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:12 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:13 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:14 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:15 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:16 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:17 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:18 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:19 max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:1a max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:1b max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:1c max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:1d max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:1e max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

AK: Bit:1f max_r_s:0 max_r_l:1f max_w_s:0 max_w_l:1f 

ENABLE: DQ output enable delay SYNC

AK: Finish DDR Calibration

DCR: 0x21220000

DTR: tRFC[DRAM_capacity_index]=80

DTR: DRAM_capacity_index=3

DTR: dram_freq_mhz=20d

DTR: tRFC=10680
DTR: DTR0=77544e26, DTR1=606051c, DTR2=4617000
DISABLE: Read after Write

ENABLE: Parallel Bank & Read Buffer Patch

II: Change Stack from 0x9f000edc to 0x83bfffe0
II: U-boot Magic Number is 0x27051956
II: Inflating U-Boot (0x83c00040 -> 0x83c00000)... OK
II: Starting U-boot... 


U-Boot 2011.12. (Aug 03 2017 - 16:58:23)

Board: VD2, CPU:1000MHz, LX:200MHz, DDR2:525MHz
DRAM: 128 MB
SPI-NAND Flash: C212/Mode0 1x128MB
uboot: create bbt
uboot: bb  226  537 
uboot: create skip table
last skip_block 1022
Loading 16384B env. variables from offset 0x200000
Net:   Ext. phy is not found. 

RTL SwCore
Warning: eth device name has a space!
SC_DEBUG: Nand Partition Table Magic Found at 100000.
reading at Bi 0x8

WW: ecc check failed (ret 0xecdead01)
0 c0 2 12 35 88 

Prod Buil, No Chance to get into CLI!
Load Standalone Code from flash to buffer address in DRAM...
Standalone:SC_DEBUG: Nand Partition Table Magic Found at 100000.
SC_DEBUG: Nand Partition Table Magic Found at 100000.
Standalone:SC_DEBUG: Nand Partition Table Magic Found at 100000.
Standalone:SC_DEBUG: Nand Partition Table Magic Found at 100000.


***************************************************

    Sercomm Boot Version 2.3.0.0, at Dec 26 2017, 15:45:13



***************************************************

   
Entering Firmware : Everything is OK.

Dual Image Selection Flag Value 0x1
ubi part kfs2
Creating 1 MTD partitions on "nand0":
0x0000034e0000-0x000006500000 : "mtd=8"
UBI: attaching mtd4 to ubi0
UBI: physical eraseblock size:   131072 bytes (128 KiB)
UBI: logical eraseblock size:    126976 bytes
UBI: smallest flash I/O unit:    2048
UBI: VID header offset:          2048 (aligned 2048)
UBI: data offset:                4096
UBI: attached mtd4 to ubi0
UBI: MTD device name:            "mtd=8"
UBI: MTD device size:            48 MiB
UBI: number of good PEBs:        384
UBI: number of bad PEBs:         1
UBI: max. allowed volumes:       128
UBI: wear-leveling threshold:    4096
UBI: number of internal volumes: 1
UBI: number of user volumes:     2
UBI: available PEBs:             215
UBI: total number of reserved PEBs: 169
UBI: number of PEBs reserved for bad PEB handling: 3
UBI: max/mean erase counter: 1/0
kernel_size 0x338800, roofs_size 0xe78000
ubi readvol 0x80000000 ubi_vol_kernel
Read 0 bytes from volume ubi_vol_kernel to 80000000
No size specified -> Using max size (3377152)
Verifing Kernel Image Check Sum:PASS!
ubi readvol 0x80000000 ubi_vol_rootfs
Read 0 bytes from volume ubi_vol_rootfs to 80000000
No size specified -> Using max size (15237120)
Verifing Rootfs Image Check Sum:PASS!
ubi readvol 0x83000000 ubi_vol_kernel
Read 0 bytes from volume ubi_vol_kernel to 83000000
No size specified -> Using max size (3377152)
## Booting kernel from Legacy Image at 83000000 ...
   Image Name:   Linux Kernel Image
   Created:      2018-03-26   9:27:48 UTC
   Image Type:   MIPS Linux Kernel Image (lzma compressed)
   Data Size:    3375640 Bytes = 3.2 MB
   Load Address: 80000000
   Entry Point:  80000000
   Verifying Checksum ... OK
   Uncompressing Kernel Image ... OK

Starting kernel ...

Linux version 3.18.20-svn3477 (root@ubuntu) (gcc version 4.8.5 20150209 (prerelease) (Realtek MSDK-4.8.5p1 Build 2220) ) #30 SMP Mon Mar 26 17:15:06 CST 2018 [SDK 2.4.1]
Total DRAM Size=128M
 OCP0 DRAM Size=128M
MIPS: machine is RTL8685SB
[L2_DEBUG:(bsp_setup_syncctl,235)]mips_cm_base= bfbf8000
[L2_DEBUG:(bsp_setup_syncctl,236)]read_gcr_control() = 0x1  => [L2_DEBUG:(bsp_setup_syncctl,239)]0x10001
[L2_DEBUG:(bsp_scache_config,157)]L2_CONFIG= 0x11
[L2_DEBUG:(bsp_scache_config,168)] - L2_DataStall= 0x1
[L2_DEBUG:(bsp_scache_config,169)] - L2_TagStall = 0x0
[L2_DEBUG:(bsp_scache_config,170)] - L2_WsStall  = 0x1
[L2_DEBUG:(bsp_scache_config,171)] - L2_Bypass: Disable
[L2_DEBUG:(bsp_setup_scache,214)]SCache LineSize= 32 (B)
bootconsole [early0] enabled
CPU0 revision is: 0001a120 (MIPS interAptiv (multi))
Determined physical RAM map:
 memory: 08000000 @ 00000000 (usable)
User-defined physical RAM map:
 memory: 07800000 @ 00000000 (usable)
Zone ranges:
  Normal   [mem 0x00000000-0x077fffff]
Movable zone start for each node
Early memory node ranges
  node   0: [mem 0x00000000-0x077fffff]
Initmem setup node 0 [mem 0x00000000-0x077fffff]
VPE topology {2,2} total 4
Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
Primary data cache 32kB, 4-way, PIPT, no aliases, linesize 32 bytes
MIPS secondary cache 256kB, 8-way, linesize 32 bytes.
PERCPU: Embedded 9 pages/cpu @827b9000 s7552 r8192 d21120 u36864
Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 30480
Kernel command line:  console=ttyS0,115200 mtdparts=spinand:1024k(boot),512k(part_map),512k(dual_flag),512k(u-boot-env),512k(checksum1),512k(checksum2),1280k(protect),49280k(kfs1),49280k(kfs2),5120k(xml_config),5120k(app_data),1024k(factory) ubi.mtd=8 root=ubi0:ubi_vol_rootfs ro rootfstype=squashfs mem=120M
log_buf_len individual max cpu contribution: 4096 bytes
log_buf_len total cpu_extra contributions: 12288 bytes
log_buf_len min size: 4096 bytes
log_buf_len: 16384 bytes
early log buf free: 1120(27%)
PID hash table entries: 512 (order: -1, 2048 bytes)
Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
Writing ErrCtl register=00000000
Readback ErrCtl register=00000000
Memory: 81924K/122880K available (7487K kernel code, 1497K rwdata, 1480K rodata, 212K init, 28919K bss, 40956K reserved)
Hierarchical RCU implementation.
NR_IRQS:128
Calibrating delay loop... 666.41 BogoMIPS (lpj=3332096)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
Performance counters: mips/interAptiv PMU enabled, 2 32-bit counters available to each CPU, irq -1 (share with timer interrupt)
Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
Primary data cache 32kB, 4-way, PIPT, no aliases, linesize 32 bytes
MIPS secondary cache 256kB, 8-way, linesize 32 bytes.
CPU1 revision is: 0001a120 (MIPS interAptiv (multi))
Synchronize counters for CPU 1: done.
Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
Primary data cache 32kB, 4-way, PIPT, no aliases, linesize 32 bytes
MIPS secondary cache 256kB, 8-way, linesize 32 bytes.
CPU2 revision is: 0001a120 (MIPS interAptiv (multi))
Synchronize counters for CPU 2: done.
Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
Primary data cache 32kB, 4-way, PIPT, no aliases, linesize 32 bytes
MIPS secondary cache 256kB, 8-way, linesize 32 bytes.
CPU3 revision is: 0001a120 (MIPS interAptiv (multi))
Synchronize counters for CPU 3: done.
Brought up 4 CPUs
NET: Registered protocol family 16
cpuidle: using governor ladder
cpuidle: using governor menu
pm-cps: CPC does not support clock gating
SCSI subsystem initialized
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
NET: Registered protocol family 8
NET: Registered protocol family 20
Switched to clocksource MIPS
NET: Registered protocol family 2
TCP established hash table entries: 1024 (order: 0, 4096 bytes)
TCP bind hash table entries: 1024 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 1024 bind 1024)
TCP: reno registered
UDP hash table entries: 256 (order: 1, 8192 bytes)
UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
NET: Registered protocol family 1
Realtek GPIO Driver for Flash Reload Default
futex hash table entries: 1024 (order: 4, 65536 bytes)
squashfs: version 4.0 (2009/01/31) Phillip Lougher
ntfs: driver 2.1.31 [Flags: R/W].
fuse init (API version 7.23)
JFS: nTxBlock = 640, nTxLock = 5120
msgmni has been set to 160
io scheduler noop registered
io scheduler deadline registered
io scheduler cfq registered (default)
Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled
serial8250: ttyS0 at MMIO 0x18002000 (irq = 58, base_baud = 12327200) is a 16550A
console [ttyS0] enabled
console [ttyS0] enabled
bootconsole [early0] disabled
bootconsole [early0] disabled
console [ttyS0] disabled
console [ttyS0] enabled
SOC_ID 0x6518
unknown bond id
aipc: register chrdev(254,0)
aipc: create device successed
aipc: start aipc irq init
aipc: Request IRQ for IPC OK
aipc: create dsp console device successed
aipc: init done
/proc/usb_mount_failed_dev created.
Realtek Luna SPI NAND Flash Driver Rev:00:00:00 (ChaoYuan_Yang)
nand: device found, Manufacturer ID: 0xc2, Chip ID: 0x12
nand: Macronix 
nand: 128MiB, SLC, page size: 2048, OOB size: 64
Scanning device for bad blocks
Bad eraseblock 226 at 0x000001c40000
Bad eraseblock 537 at 0x000004320000
12 cmdlinepart partitions found on MTD device spinand
RTK: using dynamic nand partition
Creating 12 MTD partitions on "spinand":
0x000000000000-0x000000100000 : "boot"
0x000000100000-0x000000180000 : "part_map"
0x000000180000-0x000000200000 : "dual_flag"
0x000000200000-0x000000280000 : "u-boot-env"
0x000000280000-0x000000300000 : "checksum1"
0x000000300000-0x000000380000 : "checksum2"
0x000000380000-0x0000004c0000 : "protect"
0x0000004c0000-0x0000034e0000 : "kfs1"
0x0000034e0000-0x000006500000 : "kfs2"
0x000006500000-0x000006a00000 : "xml_config"
0x000006a00000-0x000006f00000 : "app_data"
0x000006f00000-0x000007000000 : "factory"
Realtek SPI Nand Flash Driver is successfully installing.
IMQ: No specify the numqueues. Use the cores number 4 as numqueuues
IMQ driver loaded successfully. (numdevs = 2, numqueues = 4, imq_dev_accurate_stats = 1)
    Hooking IMQ after NAT on PREROUTING.
    Hooking IMQ before NAT on POSTROUTING.
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky 
PPP generic driver version 2.4.2
PPP Deflate Compression module registered
NET: Registered protocol family 24
Realtek WLAN driver driver version 3.6.3 (2017-10-03)
DFS function - version 2.0.14
Adaptivity function - version 9.3.4
CFG1 wdev->conf_addr:b8b30000,base_addr:ba000000
8685g pcie port 1

 found 8822B !!! 
halmac_check_platform_api ==========>
11912M
HALMAC_MAJOR_VER = 0
HALMAC_PROTOTYPE_VER = 0
HALMAC_MINOR_VER = 0
halmac_init_adapter_88xx ==========>
halmac_init_adapter Succss 
IS_RTL8822B_SERIES value8 = a 
Hardware type = RTL8822BE
MACHAL_version_init


#######################################################
SKB_BUF_SIZE=4932 MAX_SKB_NUM=1800
#######################################################

CFG0: wdev->conf_addr:b8b10000,base_addr:b9000000
8685g pcie port 0
MACHAL_version_init


#######################################################
SKB_BUF_SIZE=3032 MAX_SKB_NUM=400
#######################################################

usbcore: registered new interface driver cdc_ether
usbcore: registered new interface driver rndis_host
usbcore: registered new interface driver cdc_ncm



Probing RTL8186 10/100 NIC-kenel stack size order[2]...
  Tx/Rx/Alloc = 1024/1024/3072
chip name: 8196B, chip revid: 0
NOT YET
Start to initiate QM
Set threshould idx 2
Set Queue Descriptor Base Flow Control Para Error.
Set threshould idx 2
Set Queue Descriptor Base Flow Control Para Error.
Set threshould idx 2
Set Queue Descriptor Base Flow Control Para Error.
Set threshould idx 2
Set Queue Descriptor Base Flow Control Para Error.
Set threshould idx 2
Set Queue Descriptor Base Flow Control Para Error.
Set threshould idx 2
Set Queue Descriptor Base Flow Control Para Error.
Set threshould idx 2
Set Queue Descriptor Base Flow Control Para Error.
Set threshould idx 0
Set Queue Descriptor Base Flow Control Para Error.
set phyid 0 1 2 3 4
re865x_probe(7656): b80100a4=00186180
eth0.2 added. vid=9 Member port 0x1...
eth0.3 added. vid=9 Member port 0x2...
eth0.4 added. vid=9 Member port 0x4...
eth0.5 added. vid=9 Member port 0x8...
eth0.6 added. vid=9 Member port 0x10...
nas0 added. vid=8 Member port 0x0...
ptm0 added. vid=8 Member port 0x20...
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
ehci_rtl86xx_driver_probe
2 ehci_rtl86xx_driver_probe
rtl86xx-ehci rtl86xx-ehci: Realtek rtl819x On-Chip EHCI Host Controller
rtl86xx-ehci rtl86xx-ehci: new USB bus registered, assigned bus number 1
rtl86xx-ehci rtl86xx-ehci: irq 30, io mem 0x18021000
rtl86xx-ehci rtl86xx-ehci: USB 2.0 started, EHCI 1.00
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
rtl86xx-ohci rtl86xx-ohci: Realtek rtl819x built-in OHCI controller
rtl86xx-ohci rtl86xx-ohci: new USB bus registered, assigned bus number 2
rtl86xx-ohci rtl86xx-ohci: irq 30, io mem 0x18020000
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 1 port detected
usbcore: registered new interface driver cdc_wdm
usbcore: registered new interface driver usb-storage
cpuidle-cps: limited to non-coherent wait
usbcore: registered new interface driver usbhid
usbhid: USB HID core driver
Realtek SD2-FastPath v1.00beta_2.4.26-uc0
/proc/FastPath created
/proc/FastPath_heavy_traffic_thres created
Realtek SD5-FastPath Realtek Ipv6FastPath-betaV0.01
/proc/Ip6FastPath created
Realtek IPv6 MCast FastPath
/proc/ip6mc_FastPath created
SPI Flash Driver for RTK SoC, Version 1.0.000
SFCR: ffc01244  SFCR2: 03e00000
unrecognized flash id 000000
rtk_map probe fail
ATM OAM F5 initialized.
ATM OAM F4 initialized.
Enable 8671G 1 function
Enable 8671 0 function
Enable 8672 function 
ratm: RTL8670 SAR v0.0.2 (Jun 17, 2003)
/proc/AUTO_PVC_SEARCH created
PTM: rtl8685_ptm_init entry
PTM: disable => enable IP, f07fffff
ptm_timer_init
Mirror/redirect action on
u32 classifier
    Actions configured
nf_conntrack version 0.5.0 (1280 buckets, 5120 max)
nf_conntrack_l2tp version 3.1 loaded
ip_tables: (C) 2000-2006 Netfilter Core Team
TCP: cubic registered
NET: Registered protocol family 10
ip6_tables: (C) 2000-2006 Netfilter Core Team
NET: Registered protocol family 17
rtl_igmpsnoop_init-2430: init multicast snooping igmpInitFlag:0
rtl_mldsnoop_init-749:: mldSnoopEnabled:0
bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
Bridge firewalling registered
Ebtables v2.0 registered
l2tp_core: L2TP core driver, V2.0
l2tp_ppp: PPPoL2TP kernel driver, V2.0
UBI: attaching mtd8 to ubi0
UBI: scanning is finished
UBI: attached mtd8 (name "kfs2", size 48 MiB) to ubi0
UBI: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
UBI: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
UBI: VID header offset: 2048 (aligned 2048), data offset: 4096
UBI: good PEBs: 384, bad PEBs: 1, corrupted PEBs: 0
UBI: user volume: 2, internal volumes: 1, max. volumes count: 128
UBI: max/mean erase counter: 1/0, WL threshold: 4096, image sequence number: 688967423
UBI: available PEBs: 199, total reserved PEBs: 185, PEBs reserved for bad PEB handling: 19
UBI: background thread "ubi_bgt0d" started, PID 62
VoIP control bind 2 (2) instances successfully.
index dsp_cpuid dsp_cch host_cch
----- --------- ------- --------
   0         0         0         0     
   1         0         1         1     
 voip spin lock init done
VoIP RX netfilter hook init done!
VoIP RX netfilter hook for IPv6 init done!
=============RTK VOIP SUITE=============
SDK VoIP Version: VoIP-1.6-DSP-R5523-Luna-R16 
Board CFG Model :  
INITIAL VOIP MANAGER PROGRAM
VFS: Mounted root (squashfs filesystem) readonly on device 31:13.
Freeing unused kernel memory: 212K (80a3b000 - 80a70000)
random: init urandom read with 65 bits of entropy available

init started: BusyBox v1.15.3 ()

starting pid 69, tty '': '/etc/rcS'
lan6_ip: module license 'unspecified' taints kernel.
Disabling lock debugging due to kernel taint
<0>LAN6 IP module loaded.
Init LED&Button Module
Init LED Driver
yaffs: dev is 32505862 name is "mtdblock6" ro
yaffs: passed flags ""
yaffs: dev is 32505865 name is "mtdblock9" rw
yaffs: passed flags ""
yaffs: dev is 32505866 name is "mtdblock10" rw
yaffs: passed flags ""
Turn on Power LED
Run Realtek configd
------------ Init VoIP
run dsp set script...
usbcore: registered new interface driver usblp
aipc: (0350)prepare_BIR  

random: nonblocking pool is initialized
set_msgqueue_max_size:180> set msgqidds.msg_qbytes=35960 OK
set_msgqueue_max_size:180> set msgqidds.msg_qbytes=35960 OK
aipc: write image successful. size=3856496 rc=3856496 wc=3856496aipc: (0475)aipc_dev_ioctl  boot dsp
 da=0xb03c0400 remain=0

aipc: (0477)aipc_dev_ioctl  boot dsp done

Wait DSP 0/1 booting ......
.get_run_flag: run flag in /dev/mtd2 is 1
get_run_flag: run flag in /dev/mtd2 is 1
push button start
run rc script
min_time=1,max_time=5,
aipc: (0462)aipc_dsp_disable_mem  
[SPINAND:] ECC ERROR(ret=ECDEAD01) page_addr = DE00! Do retry!
[SPINAND:] ECC ERROR(ret=ECDEAD01) page_addr = DE00!
util_nand_read: read block fai[SPINAND:] ECC ERROR(ret=ECDEAD01) page_addr = DE40! Do retry!
led, mark blk bad.
[SPINAND:] ECC ERROR(ret=ECDEAD01) page_addr = DE40!
util_nand_read: read block failed, mark blk bad.
DSP 0 Software Ready!
Wait DSP 0/1 booting ......
DSP 0 Software Ready!
Inactive PIN_CS: 
aipc: (0216)aipc_module_voip_set_pcm_fs  SOC_ID 0x6518 is not handled
move this action after init
devicePcn = [75], deviceRcn = [8]]
FXS in LOW power modeFXS in LOW power modeVpSetOption for line IO failed. status = 6
VpSetOption for line IO failed. status = 6
Request IRQ for timer2 OK!.
All DSP Software Ready. VoIP Defer Init done. 
-----------   insmod secosdrv.ko
scm_setup_cdev() add cdev success
*** scm module init done ***
etherwan mode  : Disable
==========New Function==========
enable eth0.6:
==========New Function==========
disable nas0:
New_swNic_init(299)
New_swNic_init(320):ring0=a54c0000,1024
New_swNic_init(320):ring5=a54be000,64
New_swNic_init(420)
re865x_open 4071, eth0.2
IPv6: ADDRCONF(NETDEV_UP): eth0.2: link is not ready
0,1
heavy traffic thres. = 3000
rtk fast bridge is enabled
br_mldSnoopingWriteProc-610::uintVal:1, tmpBuf:1
br_mldSnoopingWriteProc-634:: count:2
killall: radvd: no process killed
killall: radvd: no process killed
killall: radvd: no process killed
[Jan 01 01:00:24] radvd: no linklocal address configured for br0
[Jan 01 01:00:24] radvd: can't join ipv6-allrouters on br0
[Jan 01 01:00:24] nadvd: no linklocal address configured for br0
[Jan 01 01:00:24] nadvd: can't join ipv6-allrouters on br0
killall: dhcp6s: no process killed
bind: Address already in use
bind: Address already in use

Starting SeComm VGW Application pid=1505...

Previous vgw_app already exit, write new pid=1505 to /var/vgw.lock

Entering vgw_root_task()
CLI command 'dbgtr' added seccessfully

secos_queue_create name=DBG_Q qid=1 ret=0
CLI command 'show' added seccessfully
CLI command 'set' added seccessfully
VGW: Info Center Init...
coder[0].pack = 20
coder[0].vad = 0
coder[0].prefer = 1
coder[1].pack = 20
coder[1].vad = 0
coder[1].prefer = 2
coder[2].pack = 20
coder[2].vad = 0
coder[2].prefer = -1
coder[3].pack = 20
coder[3].vad = 0
coder[3].prefer = -1
coder[4].pack = 0
coder[4].vad = 0
coder[4].prefer = -1
coder[5].pack = 0
coder[5].vad = 0
coder[5].prefer = -1
coder[6].pack = 0
coder[6].vad = 0
coder[6].prefer = -1
ReadGeneral ret=-2
secos_dbg_set_enable: Set spy off 
secos_dbg_set_level: Set spy level 0 

secos_queue_create name=SBMQ qid=2 ret=0
SBM: msg Q created id=2
SBM task created
VGW: sbm_create() done......

secos_queue_create name=CSMQ qid=3 ret=0
VGW: csm_create() done......
LSM: Get digit map from UI 
x.T|112|192|193|194|195|1987

secos_queue_create name=LSMQ qid=4 ret=0
LSM: msg Q created id=4
LSM task created

/usr/sbin/led_app off 81
Fxs[0]: sipmap in=1 out=1 fax_port=0 mwi_display=0 connDev_type=0
Fxs[1]: sipmap in=1 out=1 fax_port=0 mwi_display=0 connDev_type=0
VGW: lsm_create() done......
$$$$ ---- Wait lsm, sbm and csm finish initialization...
$$$$ ---- SIPREG start now...
IPPCM: SIPREG task created

secos_queue_create name=SIPREGQ qid=5 ret=0
SIPD: SIPD task created
vgw shHandlerAgent: shared memory size=174848,define size=524288
VGW: cgiif_create() done......
**** vgw_create() done
Interface doesn't accept private ioctl...
89F1: Operation not permitted
Interface doesn't accept private ioctl...
89F1: Operation not permitted
Interface doesn't accept private ioctl...
89F1: Operation not permitted
killall: autosensed: no process killed

starting pid 1726, tty '': '/sbin/getty ttyS0 1

Speedport login: root
root
Invaild user acc
process '/sbin/getty ttyS0 1152
Attached Thumbnails
Click image for larger version

Name:	IMG_4021.jpg‎
Views:	1216
Size:	15.9 kB
ID:	20158   Click image for larger version

Name:	IMG_4016.jpg‎
Views:	777
Size:	79.0 kB
ID:	20159   Click image for larger version

Name:	IMG_4015.jpg‎
Views:	410
Size:	64.9 kB
ID:	20160   Click image for larger version

Name:	IMG_4017.jpg‎
Views:	507
Size:	38.1 kB
ID:	20161   Click image for larger version

Name:	IMG_4019.jpg‎
Views:	592
Size:	44.5 kB
ID:	20162  

Click image for larger version

Name:	IMG_4018.jpg‎
Views:	501
Size:	30.8 kB
ID:	20163  
mrmess je offline   Reply With Quote
Staro 10.09.2018., 19:38   #2
robimarko-bug
Premium
Moj komp
 
Datum registracije: Jul 2013
Lokacija: Tenja(Osijek)
Postovi: 726
Imas mozda firmware image da probamo iskopati password?

Te,ima li mozda originalni model naveden?

Sent from my Redmi Note 5 Pro using Tapatalk
robimarko-bug je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Staro 10.09.2018., 19:45   #3
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
Nemam ništa samo zaključani router i enkriptiran config file kojeg isto tako nemogu dekriptirat pomoću algoritma za speedport

https://github.com/Stricted/SPHDecode
mrmess je offline   Reply With Quote
Staro 10.09.2018., 19:54   #4
Ag008
RESPECT MY AUTHORITAH
Moj komp
 
Ag008's Avatar
 
Datum registracije: Jul 2008
Lokacija: Rijeka
Postovi: 5,758
__________________
🤠😴🤠
Ag008 je offline   Reply With Quote
Staro 10.09.2018., 19:58   #5
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
Ne, "The connection was reset"

ne otvara niti engineer stranice, izgleda da su uklonjene ili nepostoje, niti radi onaj exploit sa dyndns-om kao na w724v
mrmess je offline   Reply With Quote
Staro 10.09.2018., 22:21   #6
.Delboy
Premium
 
.Delboy's Avatar
 
Datum registracije: May 2008
Lokacija: hr
Postovi: 731
Probaj login sa tech / !M1PhoIAD2
taj user je isto radio za shell login na starom speedportu.
.Delboy je offline   Reply With Quote
Staro 10.09.2018., 22:24   #7
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
probao sam tech ali mi nakon sto unesem username kaze Invalid user acc
mrmess je offline   Reply With Quote
Staro 10.09.2018., 22:35   #8
.Delboy
Premium
 
.Delboy's Avatar
 
Datum registracije: May 2008
Lokacija: hr
Postovi: 731
Da li je i dalje serial od ruteru u onom obliku Jxxxxxxxxx i da ima 10 zanmenki? Ako je probaj decryptati config sa onim mojiim alatom za decrypt iz druge teme, link
.Delboy je offline   Reply With Quote
Staro 10.09.2018., 22:42   #9
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
je u tom je obliku, probao sam vec ali daje opet enkriptirani output

probao sam i pomocu tvog alata generirat kljuc i IV pa ih unest u skriptu sa githuba, isto nista, probao sam i mac adresu 2.4ghz + serial, 5ghz mac + serial, uvijek ostane enkriptirano

EDIT:
nije 10 znamenkasti serial nego 12 znamenkasti !

J825BHxxxxxx

EDIT2:
ovdje na grčkom telekomu postoji manual i firmware za taj router

http://help.cosmote.gr/system/templa...Manual_eng.pdf


http://help.cosmote.gr/system/templa...lus_323520.img


firmware bi trebao biti jedan od ova dva:

09022001.00.009 , Boot code version 2.20.0 DSL modem code version v135k35b-v901 10-13-17
09022001.00.017 , Boot code version 2.20.0 DSL modem code version v135k35B-v901 03-21-18b

u mojemu je ovaj drugi po redu


EDIT3:
firmware na gornjem linku je 09022001.00.019

Zadnje izmijenjeno od: Nikky. 12.09.2018. u 20:39.
mrmess je offline   Reply With Quote
Staro 11.09.2018., 10:25   #10
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
ovim alatom radi dekripcja iako mislim da nije točna ali po veličini dekriptiranog filea bi trebalo bit točno

ali ne radi dekompresija

moguće da je enkriptiran dva puta ili da key i IV se postižu na drugačiji način


https://github.com/Psychotropos/sercomm_fwutils


Edit:
nije niti tip1 niti tip2, strukturiran je kao tip1 s tim da posljednjih 16byte-a su isto nekakav hash koj se vjerovatno koristi prilikom izračunavalja ključa, ili je možda IV

ili je moguće da je skroz druga enkripcija

Zadnje izmijenjeno od: mrmess. 11.09.2018. u 11:55.
mrmess je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Staro 11.09.2018., 14:15   #11
.Delboy
Premium
 
.Delboy's Avatar
 
Datum registracije: May 2008
Lokacija: hr
Postovi: 731
Citiraj:
Autor mrmess Pregled postova
nije 10 znamenkasti serial nego 12 znamenkasti !

J825BHxxxxxx

Skini moj alat za decrypt opet sa dropbox pa probaj, bile su neke varijable hardkodirane za 10 char serial.
.Delboy je offline   Reply With Quote
Staro 11.09.2018., 14:23   #12
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
Citiraj:
Autor .Delboy Pregled postova
Skini moj alat za decrypt opet sa dropbox pa probaj, bile su neke varijable hardkodirane za 10 char serial.
jel može direktni link na drpobox jer preko onog staroga mi skida identičan exe
mrmess je offline   Reply With Quote
Staro 11.09.2018., 18:10   #13
.Delboy
Premium
 
.Delboy's Avatar
 
Datum registracije: May 2008
Lokacija: hr
Postovi: 731
Vjerovatno je ista veličina exe ali evo link drugi: http://rgho.st/7WCtkVkjJ

Ako ne radi onda su drugačije napravili metodu enkripcije.
.Delboy je offline   Reply With Quote
Staro 11.09.2018., 18:19   #14
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
ista stvar, ne dekriptira..

promijenili su ili način na koj se izračunava ključ i IV, ili su promijenili enkripciju, ili treba sa streamom napravit prvo neku operaciju prije dekripcije
mrmess je offline   Reply With Quote
Staro 12.09.2018., 01:05   #15
Chiron
Premium
 
Chiron's Avatar
 
Datum registracije: Jan 2005
Lokacija: Croatia
Postovi: 370
i ja sam dobio ovaj ruter sa 09022001.00.017 firmwareom, ali kako sam se žalio da se vuče valjda su ga updateali na 09022001.00.021 i modem code version: v135k35B-v901 07-27-18..
__________________
Destiny isn't already Forged!!!
Chiron je offline   Reply With Quote
Staro 12.09.2018., 09:16   #16
tascam
Registered User
 
Datum registracije: Jun 2010
Lokacija: hr
Postovi: 305
I da li na kraju Speedport plus nudi kakve benefite u odnosu na ranije verzije?
tascam je offline   Reply With Quote
Staro 12.09.2018., 10:11   #17
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
Kao trebao bi modem podržavati veće adsl brzine ali to mora tcom uvest s njihove strane, ima Gbit-ni switch, uređaj kao hardware izgleda solidan ali su nedostupne sve opcije pa bas i nije moguće podesiti ga. Firewall je zaključan, internet konekcija, pristup korisnicima, pristup udaljenoj administraciji..

Moguće je podesit wifi, dhcp i port forwarding, skrivena je i opcija za postavit ga u bridge mode ali se moze iskemijat nekako..

Primjetio sam da računala u lanu su ponekad nedostupna dok ako im se pristupa preko eksterne ip adrese i port forwardinga (nat loopback) su dostupna. Kao da firewall onemogućuje neke portove između računala u lanu.

Npr ssh sa jednog računala na drugo u lanu "invalid handshake", dok pristup kroz browser na apache radi, eksternim ip-op ssh radi

EDIT:
ima i 5ghz wifi, 300mbps

Zadnje izmijenjeno od: Nikky. 12.09.2018. u 20:34.
mrmess je offline   Reply With Quote
Staro 12.09.2018., 10:51   #18
kopija
DIY DILETANT
 
kopija's Avatar
 
Datum registracije: Jan 2009
Lokacija: Čistilište
Postovi: 1,447
Citiraj:
Autor mrmess Pregled postova
ima i 5ghz wifi, 300mbps
Kako radi, to je pitanje.
kopija je offline   Reply With Quote
Staro 12.09.2018., 11:35   #19
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
i to sto kazes..

u svakom slucaju zte mi je bio drazi jedino sto nije podrzavao nat loopback
mrmess je offline   Reply With Quote
Staro 12.09.2018., 11:37   #20
Chiron
Premium
 
Chiron's Avatar
 
Datum registracije: Jan 2005
Lokacija: Croatia
Postovi: 370
Citiraj:
Autor mrmess Pregled postova
i to sto kazes..

u svakom slucaju zte mi je bio drazi jedino sto nije podrzavao nat loopback
istina i meni je zte draži 3 dana se spaja na connect on demand
__________________
Destiny isn't already Forged!!!
Chiron je offline   Reply With Quote
Staro 12.09.2018., 11:40   #21
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
izgleda da pocinje politika zakljucavanja postavka kao sto je bilo sa zakljucavanjem mobitela na mrezu

EDIT:
ima li tko iskustva sa tr69, jel postoji kakav interface/klijent ili samo server pa se router spaja na njega

jel moguce pristupit routeru tim protokolom ikako?

EDIT2:
skužio sam da router ima otvoren ssh na portu 22, kada mu se unese neki bezveze username zatvori konekciju, kada mu se unese admin, tech, root prihvati i pita password, ako se unese bezveze pasword pita ponovno, ako unesem admin/serial, root/root tech/!M1PhoIAD2 zatvori konekciju i izbaci invalid user account.

Izgleda da su važeći

admin / serial
tech / !M1PhoIAD2
root / root

ali nešto prekine konekciju kada se autenticira. Negdje kao da sam pročitao da je potrebno onemogućiti firewall najprije.

probao sam pristupiti i preko wifia i preko lana!

EDIT3:
.Delboy ti si napisao u drugom postu da si uspio ući u root shell na w724v preko tr69, kako da to napravim?

Zadnje izmijenjeno od: Nikky. 12.09.2018. u 20:36.
mrmess je offline   Reply With Quote
Staro 05.10.2018., 20:21   #22
stokis
Registered User
Moj komp
 
Datum registracije: Sep 2013
Lokacija: vinkovci
Postovi: 187
Pozdrav narode
može li se iz ovog rutera izvuči pasword za voip?
t-com, adsl
stokis je offline   Reply With Quote
Staro 05.10.2018., 21:18   #23
stokis
Registered User
Moj komp
 
Datum registracije: Sep 2013
Lokacija: vinkovci
Postovi: 187
hmm,, zašto kad ovaj prebacim u bridge mod a spojim svoj ruter brzina mi padne u pola?
stokis je offline   Reply With Quote
Staro 06.10.2018., 14:00   #24
mrmess
Registered User
 
Datum registracije: Sep 2018
Lokacija: Hrvatska
Postovi: 12
moguce je jedino u obliku zvjezdica.. dok se ne objavi algoritam dekriptiranja konfiguracije
mrmess je offline   Reply With Quote
Staro 06.10.2018., 19:25   #25
stokis
Registered User
Moj komp
 
Datum registracije: Sep 2013
Lokacija: vinkovci
Postovi: 187
znači za sad ništa
stokis je offline   Reply With Quote
Staro 13.10.2018., 18:56   #26
Ico2005
Premium
Moj komp
 
Ico2005's Avatar
 
Datum registracije: Apr 2006
Lokacija: Slavonija ravna
Postovi: 362
evo krš nakon jedva 2 mjeseca rada krepo... wifi podivljo, par pucanja veze, stavio rezervni zte i šljaka cijeli dan bez greške... prijavio kvar, poslat će tehničara...
Ico2005 je offline   Reply With Quote
Staro 21.10.2018., 23:50   #27
zlatko
Premium
Moj komp
 
zlatko's Avatar
 
Datum registracije: Oct 2005
Lokacija: slavonac
Postovi: 409
Citiraj:
Autor kopija Pregled postova
Kako radi, to je pitanje.
Radi dobro. Transmit Rate 433300 kbps, Receive Rate 433300 kbps.
Istovremeno uključeno i 2,4 Ghz i 5 Ghz. laptop je ac standard i uredno se spaja na 5, a mobiteli i desktop spajaju se na 2,4. Savaka mreža ima svoje ime. veza stabilna i ne puca.
__________________
he,he
zlatko je offline   Reply With Quote
Staro 12.11.2018., 16:02   #28
Warrior
Premium
Moj komp
 
Warrior's Avatar
 
Datum registracije: Nov 2006
Lokacija: Zagreb
Postovi: 499
Znači, nema šanse da se na dotičnom ruteru vide opcije kao Attainable Transfer Rate?
__________________
Everything is sooooo slow... Why? Oh, why?
Warrior je offline   Reply With Quote
Staro 12.11.2018., 20:58   #29
Chiron
Premium
 
Chiron's Avatar
 
Datum registracije: Jan 2005
Lokacija: Croatia
Postovi: 370
Citiraj:
Autor Warrior Pregled postova
Znači, nema šanse da se na dotičnom ruteru vide opcije kao Attainable Transfer Rate?
ja nisam našao kako..
__________________
Destiny isn't already Forged!!!
Chiron je offline   Reply With Quote
Staro 18.11.2018., 12:40   #30
tascam
Registered User
 
Datum registracije: Jun 2010
Lokacija: hr
Postovi: 305
Stavio ga u bridge i sasvim korektno radi.Ne znam da li je netko spomenuo kako radi u 2.4 modu na dva kanala.
tascam je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Odgovori


Uređivanje

Pravila postanja
Vi ne možete otvarati nove teme
Vi ne možete pisati odgovore
Vi ne možete uploadati priloge
Vi ne možete uređivati svoje poruke

BB code je Uključeno
Smajlići su Uključeno
[IMG] kod je Uključeno
HTML je Uključeno

Idi na