Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
projects:hh40v [2023/04/08 12:44] – created Andreas Böhlerprojects:hh40v [2023/04/27 21:20] (current) – [Installing OpenWrt] Andreas Böhler
Line 23: Line 23:
 Long story short, with the information in this ''%%core_app%%'', I could come up with a Python script that modifies the backup in a way that it enabled the Dropbear SSH server upon startup.  Long story short, with the information in this ''%%core_app%%'', I could come up with a Python script that modifies the backup in a way that it enabled the Dropbear SSH server upon startup. 
  
-This is the script, run it as ''%%enable_sshd.py configure.bin%%''. Then, upload the modified backup file (''%%configure.bin_mod.bin%%'') to your router, reboot and you have SSH access. Credentials: User "root", Password "oelinux123".+This is the script (also available at https://gist.github.com/andyboeh/d295c80a57d62379b926640762f3d5dd), run it as ''%%enable_sshd.py configure.bin%%''. Then, upload the modified backup file (''%%configure.bin_mod.bin%%'') to your router, reboot and you have SSH access. Credentials: User "root", Password "oelinux123".
  
 <code python [enable_line_numbers="true"]> <code python [enable_line_numbers="true"]>
Line 164: Line 164:
 </code> </code>
  
-Once you have SSH access, you can proceed with installin OpenWrt.+Once you have SSH access, you can proceed with installing OpenWrt. 
 + 
 +==== Backup file format ==== 
 + 
 +Very brief overview of the file format after decryption. 
 + 
 +<code> 
 +String: ALCATEL BACKUP FILE HEAD 
 +0x00 
 +0x00 
 +0x00 
 +0xzz length of filename (without 0 terminator - maybe it's a ushort with the previous 0x00) 
 +String: filename 
 +0x00 
 +0x00 
 +0xzz file 
 +0xzz length (ushort) 
 +TAR GZ ARCHIVE 
 +0x00 
 +0x00 
 +0x00 
 +0xzz length of filename (without 0 terminator - maybe it's a ushort with the previous 0x00) 
 +Binary: file content 
 +String: filename 
 +0x00 
 +0x00 
 +0xzz number of bytes remaining in file (ushort) 
 +0xzz 
 +String: ALCATEL BACKUKP FILE HEAD 
 +0xf7 Lenght of file, different endian (originates from modem) 
 +0x3b 
 +0x00 
 +0x00 
 +Binary: file content 
 +Binary: Some sort of trailer, didn't attempt to decode 
 +</code> 
 + 
 +===== Installing OpenWrt ===== 
 + 
 +OpenWrt support to snapshot was added on 2023/04/23 with commit https://github.com/openwrt/openwrt/commit/097f350aebc542963c7208af4973ff17e01ce76e. 
 + 
 +Running OpenWrt on this device requires a slightly different partition layout, because the kernel partition is fixed with 1.5MB and thus too small to run a recent kernel. However, there is enough space and initial installation requires a small modification of one U-Boot variable. As long as the system boots normally, there are no problems with this approach. Installing via TFTP (recovery) restores the variable back to default, forcing the installation of a stock firmware. 
 + 
 +NB: Although the systems is running a variation of OpenWrt, the sysupgrade process is heavily modified and cannot be used as-is to install OpenWrt. 
 + 
 +  - Boot the stock firmware 
 +  - Take a configuration backup 
 +  - Modify the backup to enable SSH access 
 +  - Restore the configuration using the modified backup 
 +  - Reboot and log in via SSH - User "root", password "oelinux123" 
 +  - Transfer the OpenWrt -factory.bin image to the router: ''%%scp -O -o HostKeyAlgorithms=ssh-rsa -o KexAlgorithms=diffie-hellman-group1-sha1 -o UserKnownHostsFile=/dev/null openwrt-ath79-generic-alcatel_hh40v-squashfs-factory.bin root@192.168.1.1:/tmp%%'' 
 +  - Transfer the following script named "upgrade.sh" to the router: ''%%scp -O -o HostKeyAlgorithms=ssh-rsa -o KexAlgorithms=diffie-hellman-group1-sha1 -o UserKnownHostsFile=/dev/null upgrade.sh root@192.168.1.1:/tmp%%'' 
 +  - On the router, make the file executable: ''%%chmod +x /tmp/upgrade.sh%%'' 
 +  - Run the script with the new firmware to install as parameter: ''%%/tmp/upgrade.sh /tmp/openwrt-ath79-generic-alcatel_hh40v-squashfs-factory.bin%%'' 
 +  - Wait for the router to upgrade and to boot into OpenWrt 
 + 
 +Contents of /tmp/upgrade.sh 
 + 
 +<code bash> 
 +#!/bin/sh 
 + 
 +IMAGE_NAME="$1"          
 +                         
 +if [ ! -e ${IMAGE_NAME} ]; then 
 +  echo "Image file not found: ${IMAGE_NAME}" 
 +  exit 1                 
 +fi                       
 +                         
 +. /lib/upgrade/common.sh 
 + 
 +fw_setenv bootcmd "bootm 0x9f150000" 
 +                                  
 +kill_remaining TERM               
 +sleep 3                           
 +kill_remaining KILL               
 +                                  
 +run_ramfs mtd write ${IMAGE_NAME} firmware 
 +sleep 2 
 +reboot -f 
 +</code> 
 + 
 +===== Configuring the LTE modem ===== 
 + 
 +The LTE modem is an RNDIS device and works out-of-the-box if it was properly set up for the stock firmware. Limited configuration can be achieved using AT commands over USB (/dev/ttyUSB1).  
 + 
 +===== Restoring Stock ===== 
 + 
 +To restore stock, you need a system image. Unfortunately, you can't backup without disassembling and soldering serial headers. However, a firmware upgrade can be downloaded from https://alcatelfirmware.com/alcatel-onetouch-hh40v. Look for the file Firmware/DownloadImage/uprade_hh40v_all.tar.gz. Inside, you will find the file "sysupgrade/firmware-system.bin". This firmware-system.bin can be installed via TFTP recovery. The TFTP recovery also resets any U-Boot variables so it will boot normally. 
 + 
 +  - Power off the device 
 +  - Put firwmare-system.bin to your TFTP server 
 +  - Configure a static IP of 192.168.1.112 
 +  - Hold the buttons "Power" and "WPS" and plug back the power 
 +  - Keep holding for about 10 seconds, until U-Boot has booted 
 +  - Once transfer is completed, the system starts flashing, this takes some time 
 +  - Ultimately, you are back to stock