How to unlock your Home Hub 3A *Now With added SSH Unlock*
Ladies and gentlemen. It's been a long time coming but it's here!
The Home Hub 3A unlock! Without any more ado let's get to it shall we?
Please note: If you are running firmware 4.7.5.1.83.8.57.1.3 then you will need to downgrade before unlocking.
Please follow this link to the downgrade tutorial. http://www.psidoc.com/showthread.php...n-be-unlocked.
Items needed:
A Windows PC - We need the fact that windows is a bloody minded bully whilst networking and tries to ride roughshod over everything - Linux is just far too polite for our needs here!
A USB drive 32mb or larger < Note: that is MB not GB so any old one should do!
The files attached at the bottom of this post.
0: Preparation:
0.1: Download and extract the attached files.
0.2: Plug your USB drive into your PC
0.3: Open DiskImage_1_6_WinAll.exe, say yes to the freeware licence. Note: If in Vista or 7 run as administrator!
0.4: Select the physical disk (not the Drive letter) that is you USB drive. Note: Double check this because you can trash your PC hard drive if you get it wrong!!
0.5: Click the browse button and select ext3.img.
0.6: Click the start button. Writing takes approx 3 - 15 seconds and you can see it's progress on the progress bar.
0.7: On your PC setup a new user account with the name admin (all lower case).
0.8: Set up the password for the newly created account called admin that is the same as your Home Hub 3
0.9: Log in to the newly created admin account and stay there till your finished.
1: Getting root
1.1: Reset router to defaults
1.2: Pop the USB drive into the HomeHub 3A
1.3: In the 3A unlock folder you downloaded and extracted to your PC (Not the USB1 folder) select the utelnetd and the smb.conf files, then select edit >> copy
1.4: Open My Computer and type in \\192.168.1.254\usb1.
1.5: Double click the SYS folder and then the ETC folder
1.6: Select Edit >> Paste and confirm overwriting the smb.conf file.
1.7: Close the My Computer window you have been working in.
1.8: Open a new My Computer window and type in \\192.168.1.254\ and again double click usb1 folder and double click the sys folder. Now go in to a couple of folders - any will do - in the file system but don't delete anything. This is to trigger the telnet into working.
1.9: Open Kitty and select the telnet button, ip address 192.168.1.254, port 4002, and click open. NOTE: if it doesn't work 1st time wait 15 seconds or so and try again... and again... and again. You should be in after a minute max and have a root telnet session.
2: The Hack
At the command prompt type in the commands below one at a time. Note: everything before the ":<---" is the command everything after explains what the command is doing.
2.1: ssh_cli :<--- This fires up the openrg command interface and the prompt changes to "BT Home Hub 3.0A"
2.2: conf print persistent/bt/domain_locking/enabled :<--- This is checking the domain lock. It will be a (enabled(1))
2.3: conf set persistent/bt/domain_locking/enabled 0 :<--- This is the unlock bit!
2.4: conf print persistent/bt/domain_locking/enabled :<--- Check the domain lock again will now be (enabled(0)).. Hurrah unlocked!
2.5: conf del fw/policy/0/chain/fw_br0_in :<--- Unlocking the SSH command shell by deleting the firewall drop command (ethernet)
2.6: conf del fw/policy/0/chain/fw_br1_in :<--- Unlocking the SSH command shell by deleting the firewall drop command (wifi)
2.7: conf set bt/bt_agent/enabled 0 :<--- Let's turn off BT's Spy access whilst we're in there shall we.
2.8: conf set /admin/user/0/permissions/ssh 1 <--- This command allows SSH access that was previously eluding us.
2.9: conf reconf 1 :<--- save everything to flash.
Now you have an unlocked hub. However even though we have dropped the firewall for the SSH server I have not been able to log in on the SSH. So beware of this.
Psi
Last edited by PsiDOC; 03-04-2012 at 07:12 PM.
Reason: Added SSH unlock
