Saturday, June 23, 2007
Hacking a Livebox, Pt.1
I acquired a Wanadoo Livebox made by Inventel - model DV4210-WU - and set about trying to get inside its head. My motivation for this was to attempt to change the ring voltage on the phone port for the VoIP service, more on that later. After the inevitable Googling around I concluded that I needed to downgrade to an earlier firmware to ensure the hacks would work - so I went from 5.06.2-uk to v5.04.3-uk using a "repair CD" downloaded from here and followed the instructions from that site. Basically you put Linux commands into the Router name field and a "backdoor" executes those commands and installs a telnet server for you. Much of the original work was done by Andy Potter - respect.
The hardest bit was getting the Livebox to download the file from my laptop, in the end Filezilla FTP server managed it as I could define the default directory that the Anonymous FTP user would use.
Once I had Telnet access I was able to roam around and explore the config files. For my dorthcoming VoIP activities it was interesting to look in /etc/invoip.conf and see a line IFACE=ppp0 #add - this looks like an opportunity to point the thing to use eth0 instead and allow it to connect via another router ( common request from users of the similar BT HomeHub).
To unlock the Livebox and allow it to connect to a different ISP (ie not Wanadoo / Orange) you have to generate an 16 byte key and plug it into a converter on Andy's site to generate the unlock code. The equivalent feature on Scumperson's site generated a wrong code (three characters) but it turned out this also happened on Andy's site when using IE6 on the laptop rather than Opera9 on the desktop !
For the record, the correct answer was "Your unlock key is: wyq0je1wctkbz8j2" from a 16 byte code of "bqjtyewzkw8201jc". With that entered into http://10.0.0.1/brdgoff.html the Livebox was able to connect to Demon happily. http://10.0.0.1/brdg.html confirms the current lock status.
Next I need to research how to stop it "phoning home" and updating itself to a firmware version with no hacking loopholes.
So the story so far is that I have telnet access to a Livebox, can use it to connect to a different ISP, but it isn't configured for VoIP.
The hardest bit was getting the Livebox to download the file from my laptop, in the end Filezilla FTP server managed it as I could define the default directory that the Anonymous FTP user would use.
Once I had Telnet access I was able to roam around and explore the config files. For my dorthcoming VoIP activities it was interesting to look in /etc/invoip.conf and see a line IFACE=ppp0 #add - this looks like an opportunity to point the thing to use eth0 instead and allow it to connect via another router ( common request from users of the similar BT HomeHub).
To unlock the Livebox and allow it to connect to a different ISP (ie not Wanadoo / Orange) you have to generate an 16 byte key and plug it into a converter on Andy's site to generate the unlock code. The equivalent feature on Scumperson's site generated a wrong code (three characters) but it turned out this also happened on Andy's site when using IE6 on the laptop rather than Opera9 on the desktop !
For the record, the correct answer was "Your unlock key is: wyq0je1wctkbz8j2" from a 16 byte code of "bqjtyewzkw8201jc". With that entered into http://10.0.0.1/brdgoff.html the Livebox was able to connect to Demon happily. http://10.0.0.1/brdg.html confirms the current lock status.
Next I need to research how to stop it "phoning home" and updating itself to a firmware version with no hacking loopholes.
So the story so far is that I have telnet access to a Livebox, can use it to connect to a different ISP, but it isn't configured for VoIP.