***Important Notice*** This hack ONLY works with firmware version 4.7.5.1.83.3.17 and lower
It DOES NOT work with version 4.7.5.1.83.3.18 on. If you have firmware 4.7.5.1.83.3.18 or higher then please see This thread to downgrade
Below is another first from PsiDOC.com. The home hub 2.0B unlock.
This is brought to you by the kind donation of a Home Hub 2B from forum member naroekiewho asked me to have a look and see if it could be done. Up until then I had avoided the 2.0B, which I am sorry about as it was a surprisingly easy hack.
Items needed:
A Windows PC - We need the fact that windows is a bloody minded bully whilst networking and tries to ride roughshod over everything - Linux is just far too polite!
A USB drive 32mb or larger that works in the homehub 2B - Check it works before you start the hack as the 2B can be a bit fussy on the USB Drive.
The files attached at the bottom of this post.
0: Preparation:
0.1: Download and extract the attached files. Password on file: www.psidoc.com
0.2: Plug your USB drive into your PC
0.3: Open DiskImage_1_6_WinAll.exe, say yes to the freeware licence. Note: If in Vista or Windows 7 run as administrator!
0.4: Select the physical disk (not the Drive letter) that is your USB drive. Note: Double check this because you can trash your PC hard drive if you get it wrong!!
0.5: Click the browse button and select ext3.img.
0.6: Click the start button. Writing takes approx 3 - 7 seconds and you can see it's progress on the progress bar. Ground Control We're Ready for Liftoff!
1: Getting root
1.1: Reset router to defaults and let it boot again.
1.2: Pop the USB drive into the HomeHub 2B
1.3: Open My Computer and type in \\192.168.1.254\ when prompted for username : password it's admin:[password on back of the router] You should now see a network folder called USB1.
1.4: Double click USB1 and select the utelnetd and the smb.conf files, then select edit >> copy
1.5: Double click the SYS folder and then the ETC folder.
1.6: Select Edit >> Paste and confirm overwriting the smb.conf file.
1.7: Close the My Computer window you have been working in.
1.8: Open a new My Computer window and type in \\192.168.1.254\ and again double click USB1 folder and double click the SYS folder. Now go in to a couple of folders - any will do - in the file system but don't delete anything! The wandering about in the filesystem is to trigger the telnet into working.
1.9: Open Kitty and select the telnet button, ip address 192.168.1.254, port 4002, and click open. NOTE: if it doesn't work 1st time wait 15 seconds or so and try again... and again... and again. The samba doesn't update as quick as the 2A! You should be in after about a minute max and have a root telnet session. Hello Houston... We Have Root!
2: Ok let's hack this bad boy! Finally the UNLOCK after all that fannying around above!
At the command prompt type in the commands below one at a time. Note: everything before the ":<---" is the command everything after explains what the command is doing.
2.1: ssh_cli :<--- This fires up the openrg command interface and the prompt changes to "BT Home Hub 2.0B"
2.2: conf print persistent/bt/domain_locking/enabled :<--- This is checking the domain lock. It will reply (enabled(1))
2.3: conf set persistent/bt/domain_locking/enabled 0 :<--- This is the unlock bit!
2.4: conf print persistent/bt/domain_locking/enabled :<--- Check the domain lock again will now reply (enabled(0)).. Hurrah Unlocked Hub!
2.5: conf del fw/policy/0/chain/fw_br0_in :<--- Unlocking the SSH command shell by deleting the firewall drop command (ethernet)
2.6: conf del fw/policy/0/chain/fw_br1_in :<--- Unlocking the SSH command shell by deleting the firewall drop command (wifi)
2.7: conf reconf 1 :<--- save everything to flash and reload configuration immediately.
Siemens did have some forethought and removed the telnet binary so we have no permanent telnet, however they did leave in the SSH (Secure Shell) and it is running by default.
We can use that for CLI access instead of telnet. Steps 2.5 and 2.6 remove the firewall actions put in place by Siemens to stop us connecting on the SSH port on the router so full access is granted.
To SSH in. Use Kitty again. Select SSH, ipaddress 192.168.1.254, port 22. username: admin password: [password on back of the router or whatever you have set it to.]. You will be asked about a security certificate, on connecting. Accept and store it.
The unlock is permanent accross firmware reflashing, rebooting and resetting to defaults using both the GUI and the recessed red button. The SSH CLI unlock is not permanent accross resetting to defaults so make a settings backup in the GUI when you are finished setting up. That way if you do a reset then restoring the settings should give you SSH access again.
One final note: In the unlock text file in the download I have made a spelling mistake in the commands to unlock. The word persistant should be persistent.
