TP-LINK M7350 - Discussion | Wireless LTE Router
Odesskiy_Fraer , strange, revision like the first. Under the screens are not visible chips and wiring.Interesting observations about the model M7200: ROFL:
The question is open at the TP-LINK forum, but very few hope for solving the issue:M7200 Incoming SMS from cellular operator makes an inoperable router
Video on the problem on YouTube:Incoming SMS ...
In short, the essence is that this SMS can be sent to this device, which completely blocks the ability to view incoming SMS at all. And such SMS sends MegaFon in Russia.
This is the cricarousness of TP_LINK programmers or an evil intent of the operator - no matter. It is important that the M7200 model with the existing (last) software is ahtung. Either do not use SMS at all.
The question is open at the TP-LINK forum, but very few hope for solving the issue:M7200 Incoming SMS from cellular operator makes an inoperable router
Video on the problem on YouTube:Incoming SMS ...
In short, the essence is that this SMS can be sent to this device, which completely blocks the ability to view incoming SMS at all. And such SMS sends MegaFon in Russia.
This is the cricarousness of TP_LINK programmers or an evil intent of the operator - no matter. It is important that the M7200 model with the existing (last) software is ahtung. Either do not use SMS at all.
But in general, does this router still use anyone? I went to Netgear AC810 for a long time and we were quite well chopped up.
I remembered the M7350, I have long been lying in the table. Pulled out and decided to try torture him. I found in the network information about the error of developers in the firmware HW-V3-160330, unfortunately in version 190531 it was corrected, but ...
Firstly, I have HW-1, and it was last updated in 2015.
Secondly - our firmware is a simple zip-archive, which is easy to study, but unfortunately can not be changed, as it is signed by the developers, and when the modification is firmware, the signature checks and pops up an error about the damaged archive.
Thirdly - as far as I understood, all our V1-3 animals, having firmware dated until 05/31/2019 have this bug.
She cleaned the router's web server and gladly understood that there is a hole in the first revision, which means it passed to all versions of firmware and iron audits until 2019. I looked at the site of the manufacturer and saw in surprise - they were released only for the third version, but the old firmware also laid out.
According to the result, that's what I haveIt turned out at the moment.
Post has been editedSerbli - 06.06.20, 17:08
I remembered the M7350, I have long been lying in the table. Pulled out and decided to try torture him. I found in the network information about the error of developers in the firmware HW-V3-160330, unfortunately in version 190531 it was corrected, but ...
Firstly, I have HW-1, and it was last updated in 2015.
Secondly - our firmware is a simple zip-archive, which is easy to study, but unfortunately can not be changed, as it is signed by the developers, and when the modification is firmware, the signature checks and pops up an error about the damaged archive.
Thirdly - as far as I understood, all our V1-3 animals, having firmware dated until 05/31/2019 have this bug.
She cleaned the router's web server and gladly understood that there is a hole in the first revision, which means it passed to all versions of firmware and iron audits until 2019. I looked at the site of the manufacturer and saw in surprise - they were released only for the third version, but the old firmware also laid out.
According to the result, that's what I haveIt turned out at the moment.
Post has been editedSerbli - 06.06.20, 17:08
Serbli, In the end, it works on all models the opportunity to break into the shell router?
Once you can execute teams, try to change the passage to him and watch it with a new password for example.
P.S. Regarding Netgira, Tsplinki Katya the price tag is simpler.
For history, Tplinka has a bug with FTP.
If you download files from a CD card via FTP - everything will beat.
And they fight in random order.
Post has been editedmesb - 02.04.20, 18:13
Mesb @ 02.04.20, 17:11
Once you can execute commands, try to change the passage
Using the bug in the firmware it is possible to transmit commands using post requests (after authorization on the web). To run on Telnet router, I prescribed in the query body - {"Module": "WebServer", "Action": 1, "Language": "$ (Busybox telnetd. )"}.
Telnet started on the router, but did not allow the log and the pas. I tried a bunch of combinations, from access to web, Linux ...
I tried to make a password reset, launch ADBD, create a user with root rights, change the composition - nothing !!!
Everything turned out to be disgraced simply. When the Telnetd is launched, the TelNetD does not pick up pathways from PATH, so it is necessary to explicitly transfer LoginPath via the key -l. Thus, the demon launch command on the router should look like this - {"Module": "WebServer", "Action": 1, "Language": "$ (busybox telnetd -l / bin / sh )"}
Post has been editedSerbli - 27.05.20, 18:07
Reason for editing: Changing language settings
I found the Shadow file in the dump of the router and in it of the root with a hash password, a well-known hash, password - oelinux123. It will be needed in the future to access SSH.
Post has been editedSerbli - 27.05.20, 18:10
Post has been editedSerbli - 27.05.20, 18:10
Sample password change in one line.
Echo "LinuxPassword" | Passwd --stdin LinuxUser.
or
Echo -e "LinuxPassword \ NlinuxPassword" | Passwd LinuxUser.
or
Echo -e "LinuxPassword \ NlinuxPassword" | Passwd LinuxUser.
Hello everyone, can anyone tell me whether it is possible to solder an external antenna where? I'm on the cottage - bad catches 3g
dr.mikalai and why appeal, watch photo fees There are clearly visible pigtails (connectors) to connect external antenna, two of them for WiFi, and two for cellular communications, right next to the internal antenatas. As far as I remember signed (antenna), I do not want to disassemble myself. Look at Ali adapters with UFL on SMA, if the antenna is some kind of more serious or immediately UFL 4G antenna, if small, cost Pts. inexpensive. Or as an option from any old ordinary WiFi router pull up UFL>SMA, the main thing that the antenna on it was removable.
Post has been editedSerbli - 13.04.20, 03:28
Friends! Very helpful, you need a dump from V2 to restore the router.
Ready to help in this good business please contact mesb .
Ready to help in this good business please contact mesb .
Micro Bloch
on digging in the gutsTP-LINK M7350HW-V1.
Fair for revisionsV1 - V3.
For revisionsv4-5 to read here
Hello everyone who else may use this router. Judging by the "mad activity" in the subject we still a lot: D. Himself, if you feel honest, I have long threw it in a drawer of the table and did not pull out for several years. However, it was always a shame for this animal and no matter how negatively belonged to this manufacturer, forgive me fans and TP-Link lovers, but some devices have very much and very much. I will say right away that I really liked it in him (although it could have this instance caught me?):
Pluses M7350
- A good design, especially if you take the screen with a film;
- Not bad, for this class of devices, autonomy;
- Perfectly catches and holds the network;
- Transmitter power Wi-Fi;
- Availability of 5 GHz in Wi-Fi;
- Unegility, traveled to me the floor of the world, more than once fell with good height and is still alive.
With the preface almost finished, now to the essence (please forgive me, I got used to write so much, almost with swings and places wide;)), I recently came across one article describing the hole in the safety of this router, but I didn't reveal all the details and nuances, I took it out From stoves and began to torment.
Bloch content - that I did at the moment:
1. Launchtelnet and access the router file system with root rights;
2. Translate a router to the composition withadb (Selection from 30 - sets of compositions);
3. Install on routerdropbear , getting access to ssh and scp ;
4. To installsftp-server ;
5. Fixttl ;
6. changeimei ;
7. Get access to K.AT - teams;
8. Install File ManagerMidnight commander ;
9. Set consolespeedtest ;
10. To installshellinabox (Shell in a Box);
11. InstalledQTerminal ;
12. Output of information in the muzzle of the router:LTE BAND, FIX TTL, OpenVPN ON / OFF, RSSI, RSRP, RSRQ, RS-SNR ;
13. Installed and testedopenVPN ;
14. Adding Unknown Router Oposos - CorrectionUnknown ISP. ;
15. Display information about the router in the web interface;
16. Installing additional software on the router using a batch managerOPKG from the project - Entware ;
17. Turning the router without battery;
18. Cross compilation of kernel modules;
19. Localization of web server v1
20.Sending ussd requests;
21. Installed and testedcurl on router;
22. Compiled a utility for the transforming control sequences of the ANSI terminal to the HTML code -aha. .
2. Translate a router to the composition withadb (Selection from 30 - sets of compositions);
3. Install on routerdropbear , getting access to ssh and scp ;
4. To installsftp-server ;
5. Fixttl ;
6. changeimei ;
7. Get access to K.AT - teams;
8. Install File ManagerMidnight commander ;
9. Set consolespeedtest ;
10. To installshellinabox (Shell in a Box);
11. InstalledQTerminal ;
12. Output of information in the muzzle of the router:LTE BAND, FIX TTL, OpenVPN ON / OFF, RSSI, RSRP, RSRQ, RS-SNR ;
13. Installed and testedopenVPN ;
14. Adding Unknown Router Oposos - CorrectionUnknown ISP. ;
15. Display information about the router in the web interface;
16. Installing additional software on the router using a batch managerOPKG from the project - Entware ;
17. Turning the router without battery;
18. Cross compilation of kernel modules;
19. Localization of web server v1
20.Sending ussd requests;
21. Installed and testedcurl on router;
22. Compiled a utility for the transforming control sequences of the ANSI terminal to the HTML code -aha. .
What I'm still fighting what I want and what is missing:
Already enough} -).
For full work with the router enoughPutty or Puttytray. The phone is enough to solve the primary tasks for installing additional software, record the installation files on the USB flash drive in the router, install in the webcam in Storage Sharing mode - by Wi-Fi and work from the console. In this case, you can skip a step by changing the router composition to mode with adb . An interesting feature of this system (has never met) is that - all the files that are recorded in any way on the SD card, they also receive rights - 777, and they are saved when copying from a flash drive to the system.
To work throughadb you will need: adb , Klavkomovsky Drivers (look in the IMEI shift section), driver for adb and of course Total Commander with ADB plugin .
The access procedure itself is now very simple, suitable for revisions of the routerv1-v3 (except V3 with the last firmware, update to the penultimate, in the latter there are no changes in the latter in addition to closing the hole).
TOv4-v5 The method is not applicable, the structure of the device's web server has been changed..
It is assumed that you have the IP address of the router in the internal network -192.168.0.1
1. Get access to executing commands on the router - launchtelnet:
Method -1 via HTML :
The method works out of all Operations, the main thing is the availability of a web browser. Download ArchiveTp-link-poc.html.zip.Unpacking into any place - TP-link-Poc.html and run it. Everything, the calf is.
Fine. Now we have access throughtelnet And access to the root file system with root rights is obtained. Check, any program scan program from a computer or phone, download the router ports, the open 23 port should appear.
The method works out of all Operations, the main thing is the availability of a web browser. Download ArchiveTp-link-poc.html.zip.Unpacking into any place - TP-link-Poc.html and run it. Everything, the calf is.
Method - 2 through CURL
Important, CURL requests are formed under Windows for Linux, you must additionally shield characters.
1. Install the login and password to enter the web interface -Admin: admin - As practice has shown, it is possible and not to change;
2. Unpack the attached archive to any place on the computer;
3. Run the batch file -start-telnet.bat. ;
4. Everything;) Authorization passed the automaton (if the login and pass did not change, it did not pass, but it does not matter), the Telnet started in the beast and the web interface returned to normal.
start-telnet.zip.(279.17 KB)
1. Install the login and password to enter the web interface -Admin: admin - As practice has shown, it is possible and not to change;
2. Unpack the attached archive to any place on the computer;
3. Run the batch file -start-telnet.bat. ;
4. Everything;) Authorization passed the automaton (if the login and pass did not change, it did not pass, but it does not matter), the Telnet started in the beast and the web interface returned to normal.
start-telnet.zip.(279.17 KB)Method - 3 (outdated) - through a browser, replacing post requests
1. Install (if you use another browser) Firefox or Google Chrome, I did everything on the fox, but actions are similar;
2. Reset the router to the factory settings via the web and install the standard log & pass to enter the web admin: admin (not necessarily, but preferably save the settings to the computer, then restore);
3. Enter the browser in the web muzzleUsing IP Address router and log in;
4. Go to the settingsAdvanced ->Storage Sharing and in Access Mode. select mode By USB. (For those who are by Wi-Fi), this will then not be distracted by unnecessary open ports in the scanner;
5. ClickF12 To go to the development mode, in the panel opened, select the tab - Network ;
6. Just below in the filter input line type -Method: Post. ;
7. Select any request to the fileqcmap_web_cgi. - the tab of the details of this request opens, the tab must be selected in it - headlines ;
8. Choose in it -Change and send again ;
9. Bars appearRequest headers and Body request - Copy in some text file from one of these windows a value token , it will be a set of 16 characters as an example from Request headers - Cookie: TPWeb_Token = TXEUUQX-FJD49OB5B copy TXEUUQX-FJD49OB5B. ;
10. Delete all the text fromRequest headers and Body request and / or bring them to mind:
11. PressTo send . This we launched on ROTE telnet But spoiled his web care, we have ceased to be displayed;
12. Now restore the setting - repeat items7, 8 and 10 with the following data in Request headers and Body request :
13. ClickTo send .
2. Reset the router to the factory settings via the web and install the standard log & pass to enter the web admin: admin (not necessarily, but preferably save the settings to the computer, then restore);
3. Enter the browser in the web muzzleUsing IP Address router and log in;
4. Go to the settingsAdvanced ->Storage Sharing and in Access Mode. select mode By USB. (For those who are by Wi-Fi), this will then not be distracted by unnecessary open ports in the scanner;
5. ClickF12 To go to the development mode, in the panel opened, select the tab - Network ;
6. Just below in the filter input line type -Method: Post. ;
7. Select any request to the fileqcmap_web_cgi. - the tab of the details of this request opens, the tab must be selected in it - headlines ;
8. Choose in it -Change and send again ;
9. Bars appearRequest headers and Body request - Copy in some text file from one of these windows a value token , it will be a set of 16 characters as an example from Request headers - Cookie: TPWeb_Token = TXEUUQX-FJD49OB5B copy TXEUUQX-FJD49OB5B. ;
10. Delete all the text fromRequest headers and Body request and / or bring them to mind:
Request headers:
Host: 192.168.0.1
User-Agent: Mozilla / 5.0 (Windows NT 6.1; Win64; x64; RV: 75.0) GECKO / 20100101 Firefox / 75.0
Accept: Application / JSON, Text / JavaScript, * / *; Q = 0.01.
Accept-Language: RU-EN, RU; Q = 0.8, EN-US; Q = 0.5, EN; Q = 0.3
Accept-Encoding: gzip, deflate
Content-Type: application / x-www-form-urlencoded; charset = utf-8
X-Requested-With: XMLHttpRequest
Content-Length: 103
Origin:http://192.168.0.1
Connection: close
Referer:http://192.168.0.1/settings.html
Cookie: TPWeb_Token =Your value token
User-Agent: Mozilla / 5.0 (Windows NT 6.1; Win64; x64; RV: 75.0) GECKO / 20100101 Firefox / 75.0
Accept: Application / JSON, Text / JavaScript, * / *; Q = 0.01.
Accept-Language: RU-EN, RU; Q = 0.8, EN-US; Q = 0.5, EN; Q = 0.3
Accept-Encoding: gzip, deflate
Content-Type: application / x-www-form-urlencoded; charset = utf-8
X-Requested-With: XMLHttpRequest
Content-Length: 103
Origin:http://192.168.0.1
Connection: close
Referer:http://192.168.0.1/settings.html
Cookie: TPWeb_Token =Your value token
Query body:
{"Token": "Your value token "," module ":" WebServer "," Action ": 1," Language ":" $ (busybox telnetd -l / bin / sh) "}
11. PressTo send . This we launched on ROTE telnet But spoiled his web care, we have ceased to be displayed;
12. Now restore the setting - repeat items7, 8 and 10 with the following data in Request headers and Body request :
Request headers:
Host: 192.168.0.1
User-Agent: Mozilla / 5.0 (Windows NT 6.1; Win64; x64; RV: 75.0) GECKO / 20100101 Firefox / 75.0
Accept: Application / JSON, Text / JavaScript, * / *; Q = 0.01.
Accept-Language: RU-EN, RU; Q = 0.8, EN-US; Q = 0.5, EN; Q = 0.3
Accept-Encoding: gzip, deflate
Content-Type: application / x-www-form-urlencoded; charset = utf-8
X-Requested-With: XMLHttpRequest
Content-Length: 76
Origin:http://192.168.0.1
Connection: close
Referer:http://192.168.0.1/settings.html
Cookie: TPWeb_Token =Your value token
User-Agent: Mozilla / 5.0 (Windows NT 6.1; Win64; x64; RV: 75.0) GECKO / 20100101 Firefox / 75.0
Accept: Application / JSON, Text / JavaScript, * / *; Q = 0.01.
Accept-Language: RU-EN, RU; Q = 0.8, EN-US; Q = 0.5, EN; Q = 0.3
Accept-Encoding: gzip, deflate
Content-Type: application / x-www-form-urlencoded; charset = utf-8
X-Requested-With: XMLHttpRequest
Content-Length: 76
Origin:http://192.168.0.1
Connection: close
Referer:http://192.168.0.1/settings.html
Cookie: TPWeb_Token =Your value token
Query body:
{"Token": "Your value token "," module ":" WebServer "," Action ": 1," Language ":" EN "}
13. ClickTo send .
Fine. Now we have access throughtelnet And access to the root file system with root rights is obtained. Check, any program scan program from a computer or phone, download the router ports, the open 23 port should appear.
2. Translation of the router in the composition withadb:
I strongly recommend not experimenting with the switching of compositions at this stage. In order to exclude possible unpleasant moments with the router, spend experiments with compositions only after installing DropBear and access to SSH. The installation description will be in the next section.
1. Run Putty:
- Host Name (OR IP Addres) - 192.168.0.1
- Connection Type - Telnet
- Port - 23.
- Open
The terminal window opens, we enter in turncd / , ls -a :
Openembedded Linux MDM9625
MSM 20150317 MDM9625.
root @ MDM9625: / # CD /
root @ MDM9625: / # Ls -a
. BIN ETC LOST + FOUND SDCARD WWW
.. boot fix_no_bdata media share
.ash_history build.prop Home Misc SYS
WebServer Cache Init MNT TMP
_Satcaldata.csv Data Lib Proc USR
BDATA_SELF.BIN DEV Linuxrc Sbin Var
root @ mdm9625: / #
MSM 20150317 MDM9625.
root @ MDM9625: / # CD /
root @ MDM9625: / # Ls -a
. BIN ETC LOST + FOUND SDCARD WWW
.. boot fix_no_bdata media share
.ash_history build.prop Home Misc SYS
WebServer Cache Init MNT TMP
_Satcaldata.csv Data Lib Proc USR
BDATA_SELF.BIN DEV Linuxrc Sbin Var
root @ mdm9625: / #
Now we can watch free space in the router file system to know what to count, perform the teamdf -h -a. :
root @ mdm9625: / # df -h -a
Filesystem Size Used Available Use% Mounted on
/ dev / root 37.8m 36.7m 1.0m 97% /
Proc 0 0 0 0% / Proc
sysfs 0 0 0 0% / sys
tmpfs 64.0K 64.0K 0 0% / dev
devpts 0 0 0 0% / dev / pts
TMPFS 82.1m 0 82.1m 0% / Dev / SHM
/ dev / mtdblock18 187.3m 59.8m 127.5m 32% / usr
/ dev / mtdblock1 150.8m 2.3m 148.5m 2% / Cache
/ dev / mtdblock13 10.5m 1.5m 9.0m 15% / MISC
TMPFS 82.1m 60.0k 82.0m 0% / Var / Volatile
root @ mdm9625: / #
Filesystem Size Used Available Use% Mounted on
/ dev / root 37.8m 36.7m 1.0m 97% /
Proc 0 0 0 0% / Proc
sysfs 0 0 0 0% / sys
tmpfs 64.0K 64.0K 0 0% / dev
devpts 0 0 0 0% / dev / pts
TMPFS 82.1m 0 82.1m 0% / Dev / SHM
/ dev / mtdblock18 187.3m 59.8m 127.5m 32% / usr
/ dev / mtdblock1 150.8m 2.3m 148.5m 2% / Cache
/ dev / mtdblock13 10.5m 1.5m 9.0m 15% / MISC
TMPFS 82.1m 60.0k 82.0m 0% / Var / Volatile
root @ mdm9625: / #
As can be seen from the log"/ Dev / Root 37.8m 36.7m 1.0m 97% /" With memory full ass. The root is free 1 MB, but there is another way. To install use / dev / shm.
We change the composition, enterusb_composition As we see - from the manufacturer there is a choice of 30 different compositions. At this stage you need to choose - 902b. And three times answer questions N-Y-Y . The selected composition will be the default composition, and immediately applies. Console came out of the log, the standard composition - Tplink. or 902A. .
root @ mdm9625: / # usb_composition
BOOT HSUSB COMPOSITION: 9024
boot hsic composition: empty
Choose Composition by Pid:
9002 - DIAG + NMEA + MODEM (Android)
901C - DIAG + Audio [Android]
901D - Diag + ADB [Android]
9021 - DIAG + QMI_RMNET (Android)
9022 - DIAG + ADB + QMI_RMNET (Android)
9024 - RNDIS + ADB [Android]
9025 - DIAG + ADB + MODEM + NMEA + QMI_RMNET + Mass Storage (Android)
9026 - DIAG + MODEM + NMEA + QMI_RMNET + Mass Storage (Android)
902A - RNDIS + Mass Storage
902B - RNDIS + ADB + Mass Storage
902C - RNDIS + DIAG [Android]
902D - RNDIS + DIAG + ADB [Android]
902E - RNDIS + DIAG + MODEM + NMEA + QMI_RMNET + Mass Storage
9043 - DIAG + NMEA + MDM + MBIM [AMSS]
9046 - DIAG + ADB + DUN + QMI_RMNET1 + QMI_RMNET2 + QMI_RMNET3 + Mass Storage [Android]
9047 - DIAG + DUN + QMI_RMNET1 + QMI_RMNET2 + QMI_RMNET3 + Mass Storage [Android]
9049 - DIAG + ADB + DUN + RMNET + Mass Storage + QDSS [Android]
904A - DIAG + QDSS [Android]
9056 - DIAG + ADB + SERIAL + RMNET + Mass Storage + Audio [Android]
9057 - RNDIS: ECM
9059 - RNDIS + DIAG + ADB: ECM
905A - DIAG + ADB + MBIM: ECM
905B - ​​MBIM
9060 - DIAG + QDSS + ADB
9063 - RNDIS: ECM: MBIM
9064 - DIAG + ADB + MODEM + QMI_RMNET: ECM: MBIM
9067 - Mass storage + QMI_RMNET: Mass Storage + MBIM
9083 - DIAG + QDSS + RMNET
9084 - DIAG + QDSS + ADB + RMNET
9085 - DIAG + ADB + MBIM + GNSS
empty - it is used to allow either hsic or hsusb to have no composition at all (must reboot to take effect).
hsic_next -
hsusb_next -
TPLink - RNDIS + Mass Storage (User Mode)
PID Number: 902B
Choose Core: Y - HSIC, N - HSUSB? (y / n) n
Would you like it to be the defend composition? (Y / N) Y
Would You Like The Composition to Change Immediately? (Y / N) Y
BOOT HSUSB COMPOSITION: 9024
boot hsic composition: empty
Choose Composition by Pid:
9002 - DIAG + NMEA + MODEM (Android)
901C - DIAG + Audio [Android]
901D - Diag + ADB [Android]
9021 - DIAG + QMI_RMNET (Android)
9022 - DIAG + ADB + QMI_RMNET (Android)
9024 - RNDIS + ADB [Android]
9025 - DIAG + ADB + MODEM + NMEA + QMI_RMNET + Mass Storage (Android)
9026 - DIAG + MODEM + NMEA + QMI_RMNET + Mass Storage (Android)
902A - RNDIS + Mass Storage
902B - RNDIS + ADB + Mass Storage
902C - RNDIS + DIAG [Android]
902D - RNDIS + DIAG + ADB [Android]
902E - RNDIS + DIAG + MODEM + NMEA + QMI_RMNET + Mass Storage
9043 - DIAG + NMEA + MDM + MBIM [AMSS]
9046 - DIAG + ADB + DUN + QMI_RMNET1 + QMI_RMNET2 + QMI_RMNET3 + Mass Storage [Android]
9047 - DIAG + DUN + QMI_RMNET1 + QMI_RMNET2 + QMI_RMNET3 + Mass Storage [Android]
9049 - DIAG + ADB + DUN + RMNET + Mass Storage + QDSS [Android]
904A - DIAG + QDSS [Android]
9056 - DIAG + ADB + SERIAL + RMNET + Mass Storage + Audio [Android]
9057 - RNDIS: ECM
9059 - RNDIS + DIAG + ADB: ECM
905A - DIAG + ADB + MBIM: ECM
905B - ​​MBIM
9060 - DIAG + QDSS + ADB
9063 - RNDIS: ECM: MBIM
9064 - DIAG + ADB + MODEM + QMI_RMNET: ECM: MBIM
9067 - Mass storage + QMI_RMNET: Mass Storage + MBIM
9083 - DIAG + QDSS + RMNET
9084 - DIAG + QDSS + ADB + RMNET
9085 - DIAG + ADB + MBIM + GNSS
empty - it is used to allow either hsic or hsusb to have no composition at all (must reboot to take effect).
hsic_next -
hsusb_next -
TPLink - RNDIS + Mass Storage (User Mode)
PID Number: 902B
Choose Core: Y - HSIC, N - HSUSB? (y / n) n
Would you like it to be the defend composition? (Y / N) Y
Would You Like The Composition to Change Immediately? (Y / N) Y
At this stageis possibleRestarting the device, waiting. A new device will appear in the Windows Device Manager for which the ADB Support driver must be installed.
I warn you right away, ADB is limited, working with it via the Windows command line is not possible, well, or I do not have it, who needs - try.
3. Installationdropbearandsftp-server:
1. Download the attached filesDropBear.tar. and SFTP.Tar ;
2. Run Total Commander if you do not have an ADB plug-in go to the site, download, install;
3. Unpack the previously accumulated ADB on the disk, I have it inC: \ adb \ ;
4. Run the Windows command prompt:Start ->Search ->cmd ;
5. We perform commands (you can skip, but it happens without them):
6. Through Total Commander copy filesDropBear.tar. and SFTP.Tar to the root of the file system of the router;
7. RunPuttytray. , choose Connection Type - ADB , no longer changing the click of Open;
8. In the terminal window that opens, we entertake turns:
After rebooting, among the open ports of the router, it will appear - 22, you can connect to any console program with SSH support.
Login and password for logging in SSH standard for many Linux routers -Root: Oelinux123
Now you can experiment with compositions, and if you switch to a set without access to the web and ADB, you can always return to the necessary SSH.
The thing is that when choosing a song, even if you answern To the question of making a default, a variant of its fixation after a reboot is possible.
Sources:dropbear , SFTP-server .
DropBear.tar.(400.5 KB)
SFTP.Tar(100 kb)
2. Run Total Commander if you do not have an ADB plug-in go to the site, download, install;
3. Unpack the previously accumulated ADB on the disk, I have it inC: \ adb \ ;
4. Run the Windows command prompt:Start ->Search ->cmd ;
5. We perform commands (you can skip, but it happens without them):
cd / adb
adb kill-server
adb start-server
adb kill-server
adb start-server
6. Through Total Commander copy filesDropBear.tar. and SFTP.Tar to the root of the file system of the router;
7. RunPuttytray. , choose Connection Type - ADB , no longer changing the click of Open;
8. In the terminal window that opens, we entertake turns:
/ # su -
root @ mdm9625: ~ #cd /
root @ mdm9625: #ls -a
root @ mdm9625: #tar -xvf dropbear.tar
root @ mdm9625: #Rm dropbear.tar
root @ mdm9625: #tar -xvf sftp.tar
root @ mdm9625: #RM SFTP.TAR
root @ mdm9625: #reboot
root @ mdm9625: ~ #cd /
root @ mdm9625: #ls -a
root @ mdm9625: #tar -xvf dropbear.tar
root @ mdm9625: #Rm dropbear.tar
root @ mdm9625: #tar -xvf sftp.tar
root @ mdm9625: #RM SFTP.TAR
root @ mdm9625: #reboot
After rebooting, among the open ports of the router, it will appear - 22, you can connect to any console program with SSH support.
Login and password for logging in SSH standard for many Linux routers -Root: Oelinux123
login as: root
[email protected]'s password:
root @ MDM9625: ~ # CD /
root @ mdm9625: / # Ls
WebServer Data Linuxrc SDCard
_psatcaldata.csv dev lost + found share
BDATA_SELF.BIN ETC MEDIA SYS
BIN FIX_NO_BDATA MISC TMP
Boot Home MNT USR
Build.prop Init Proc Var
Cache Lib Sbin WWW
root @ mdm9625: / #
[email protected]'s password:
root @ MDM9625: ~ # CD /
root @ mdm9625: / # Ls
WebServer Data Linuxrc SDCard
_psatcaldata.csv dev lost + found share
BDATA_SELF.BIN ETC MEDIA SYS
BIN FIX_NO_BDATA MISC TMP
Boot Home MNT USR
Build.prop Init Proc Var
Cache Lib Sbin WWW
root @ mdm9625: / #
Now you can experiment with compositions, and if you switch to a set without access to the web and ADB, you can always return to the necessary SSH.
The thing is that when choosing a song, even if you answern To the question of making a default, a variant of its fixation after a reboot is possible.
Sources:dropbear , SFTP-server .
DropBear.tar.(400.5 KB)SFTP.Tar(100 kb)4. Fixationttl:
tigra815 Recalls, forgotten with me the opportunity, how to see IPTables modifiers from the Console team - cat / proc / net / ip_tables_targets . We have the ability to modify TTL, since it is present in the list.
We watch interfaces:
Name of external interfacermnet0 , on it and we will fivet TTL.
A set of scripts producesStart and maintaining automation TTL commit . Used software loop. After turning on the router, the system checks the Fix TTL every minute - if it does not, it turns on, after falling asleep and subsequent initialization of the modem fixes it with a machine.
By default, the valueTTL = 128. (I have imei from the wind remote). If you need another, after installing the package, change the value ts in file / usr / share / ttlset / ttlcheck
Small remark. How to advise on the forum if you took imei from Android devices or apple - fix TTL you will need to be on the value -64 if there is something - 128 .
1. Copy through Total Commander AdB archive TTLSet.Tar to the root of the FS router;
2. In the terminal, execute the following commands:
Checking:
Make trace packages:
Everything,ttl Fixed!
TtlSet.tar(5.5 KB)
We watch interfaces:
root @ mdm9625: / # ifconfig
Bridge0 Link Encap: Ethernet Hwaddr 3c: 46: XX: XX: XX: XX
INET ADDR: 192.168.0.1 BCAST: 192.168.0.255 Mask: 255.255.255.0
INET6 ADDR: FE80 :: A08C: 4FFF: FE20: F37A / 64 Scope: Link
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
RX PACKETS: 83992 Errors: 0 Dropped: 7 Overruns: 0 Frame: 0
TX Packets: 84423 Errors: 0 Dropped: 0 Overruns: 0 Carrier: 0
collisions: 0 txqueuelen: 0
RX Bytes: 14058290 (13.4 MIB) TX Bytes: 60063785 (57.2 MIB)
lo Link encap: Local Loopback
inet addr: 127.0.0.1 Mask: 255.0.0.0
inet6 addr: :: 1/128 Scope: Host
UP LOOPBACK RUNNING MTU: 16436 Metric: 1
RX Packets: 1 Errors: 0 Dropped: 0 Overruns: 0 Frame: 0
TX packets: 1 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 0 txqueuelen: 0
RX Bytes: 76 (76.0 B) TX Bytes: 76 (76.0 B)
rmnet0 Link encap: UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
INET ADDR: 10.224.128.180 Mask: 255.255.255.0
INET6 ADDR: FE80 :: 10F6: 4E0B: 3688: 8DBD / 64 SCOPE: LINK
UP RUNNING MTU: 1500 Metric: 1
RX Packets: 54333 Errors: 0 Dropped: 0 Overruns: 0 Frame: 0
TX Packets: 47645 Errors: 0 Dropped: 0 Overruns: 0 Carrier: 0
collisions: 0 txqueuelen: 1000
RX Bytes: 47304512 (45.1 MIB) TX Bytes: 6956924 (6.6 MIB)
RNDIS0 Link Encap: Ethernet Hwaddr 3C: 46: XX: XX: XX: XX
inet addr: 169.254.3.1 Bcast: 169.254.3.255 Mask: 255.255.255.0
INET6 ADDR: FE80 :: 3E46: D8FF: Fe03: 5F1F / 64 Scope: Link
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
RX Packets: 85037 Errors: 0 Dropped: 0 Overruns: 0 Frame: 0
TX Packets: 81077 Errors: 0 Dropped: 0 Overruns: 0 Carrier: 0
collisions: 0 txqueuelen: 1000
RX Bytes: 15394255 (14.6 MIB) TX Bytes: 64751674 (61.7 MIB)
WLAN0 LINK ENCAP: Ethernet Hwaddr 3c: 46: XX: XX: XX: XX
INET ADDR: 169.254.1.1 BCast: 169.254.1.255 Mask: 255.255.255.0
INET6 ADDR: FE80 :: 3E46: D8FF: Fe03: 5F1F / 64 Scope: Link
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
RX packets: 0 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 85 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 0 txqueuelen: 1000
RX Bytes: 0 (0.0 b) TX Bytes: 2442 (2.3 KIB)
Bridge0 Link Encap: Ethernet Hwaddr 3c: 46: XX: XX: XX: XX
INET ADDR: 192.168.0.1 BCAST: 192.168.0.255 Mask: 255.255.255.0
INET6 ADDR: FE80 :: A08C: 4FFF: FE20: F37A / 64 Scope: Link
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
RX PACKETS: 83992 Errors: 0 Dropped: 7 Overruns: 0 Frame: 0
TX Packets: 84423 Errors: 0 Dropped: 0 Overruns: 0 Carrier: 0
collisions: 0 txqueuelen: 0
RX Bytes: 14058290 (13.4 MIB) TX Bytes: 60063785 (57.2 MIB)
lo Link encap: Local Loopback
inet addr: 127.0.0.1 Mask: 255.0.0.0
inet6 addr: :: 1/128 Scope: Host
UP LOOPBACK RUNNING MTU: 16436 Metric: 1
RX Packets: 1 Errors: 0 Dropped: 0 Overruns: 0 Frame: 0
TX packets: 1 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 0 txqueuelen: 0
RX Bytes: 76 (76.0 B) TX Bytes: 76 (76.0 B)
rmnet0 Link encap: UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
INET ADDR: 10.224.128.180 Mask: 255.255.255.0
INET6 ADDR: FE80 :: 10F6: 4E0B: 3688: 8DBD / 64 SCOPE: LINK
UP RUNNING MTU: 1500 Metric: 1
RX Packets: 54333 Errors: 0 Dropped: 0 Overruns: 0 Frame: 0
TX Packets: 47645 Errors: 0 Dropped: 0 Overruns: 0 Carrier: 0
collisions: 0 txqueuelen: 1000
RX Bytes: 47304512 (45.1 MIB) TX Bytes: 6956924 (6.6 MIB)
RNDIS0 Link Encap: Ethernet Hwaddr 3C: 46: XX: XX: XX: XX
inet addr: 169.254.3.1 Bcast: 169.254.3.255 Mask: 255.255.255.0
INET6 ADDR: FE80 :: 3E46: D8FF: Fe03: 5F1F / 64 Scope: Link
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
RX Packets: 85037 Errors: 0 Dropped: 0 Overruns: 0 Frame: 0
TX Packets: 81077 Errors: 0 Dropped: 0 Overruns: 0 Carrier: 0
collisions: 0 txqueuelen: 1000
RX Bytes: 15394255 (14.6 MIB) TX Bytes: 64751674 (61.7 MIB)
WLAN0 LINK ENCAP: Ethernet Hwaddr 3c: 46: XX: XX: XX: XX
INET ADDR: 169.254.1.1 BCast: 169.254.1.255 Mask: 255.255.255.0
INET6 ADDR: FE80 :: 3E46: D8FF: Fe03: 5F1F / 64 Scope: Link
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
RX packets: 0 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 85 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 0 txqueuelen: 1000
RX Bytes: 0 (0.0 b) TX Bytes: 2442 (2.3 KIB)
Name of external interfacermnet0 , on it and we will fivet TTL.
A set of scripts producesStart and maintaining automation TTL commit . Used software loop. After turning on the router, the system checks the Fix TTL every minute - if it does not, it turns on, after falling asleep and subsequent initialization of the modem fixes it with a machine.
By default, the valueTTL = 128. (I have imei from the wind remote). If you need another, after installing the package, change the value ts in file / usr / share / ttlset / ttlcheck
Small remark. How to advise on the forum if you took imei from Android devices or apple - fix TTL you will need to be on the value -64 if there is something - 128 .
1. Copy through Total Commander AdB archive TTLSet.Tar to the root of the FS router;
2. In the terminal, execute the following commands:
root @ MDM9625: ~ # CD /
root @ MDM9625: # Ls -a
root @ MDM9625: # TAR -XVF TTLSET.TAR
root @ mdm9625: # rm ttlset.tar
root @ mdm9625: # reboot
root @ MDM9625: # Ls -a
root @ MDM9625: # TAR -XVF TTLSET.TAR
root @ mdm9625: # rm ttlset.tar
root @ mdm9625: # reboot
Checking:
root @ MDM9625: ~ # traceroute www.ya.ru
Traceroute to www.ya.ru (87.250.250.242), 30 Hops Max, 38 Byte Packets
1 ya.ru (87.250.250.242) 71.107 MS 55.894 MS 66.848 MS
Traceroute to www.ya.ru (87.250.250.242), 30 Hops Max, 38 Byte Packets
1 ya.ru (87.250.250.242) 71.107 MS 55.894 MS 66.848 MS
Make trace packages:
 |
Everything,ttl Fixed!
TtlSet.tar(5.5 KB)5. ATcommands:
Differences options:
1. Only on the lace from the computer, using the terminal program (the desired composition, driver);
2. Through SSH, using the standard BusyBox applet -microcom , Works through Wi-Fi. Disadvantages: Ctrl + C does not work, there is no log in commands, not all commands (for me personally), insert does not work;
3. Through SSH using -qterminal Works through Wi-Fi, without flaws.
The 2nd and 3rd options are not dependent on the installed composition, I generally returned the router to the default composition after installing DropBear.
1. Only on the lace from the computer, using the terminal program (the desired composition, driver);
2. Through SSH, using the standard BusyBox applet -microcom , Works through Wi-Fi. Disadvantages: Ctrl + C does not work, there is no log in commands, not all commands (for me personally), insert does not work;
3. Through SSH using -qterminal Works through Wi-Fi, without flaws.
The 2nd and 3rd options are not dependent on the installed composition, I generally returned the router to the default composition after installing DropBear.
Option - 1 (through the terminal program)
Access to AT Commands is available in compositions containing in its compositionModem (MDM) , when choosing such a song in the device manager appears modems ->Qualcomm HS-USB Android Modem 902x . I advise you to use 902E . We look at the properties of the COM PORT, and use it to access AT teams. I use Terminal From the participant of our forum WC. rust3028 .
Option - 2 (from the SSH - MicroCom console)
You can access AT commands from the terminal by connecting SSH and after performing -Microcom / Dev / SMD7 The advantages of this option - you do not depend on the installed router composition and you can execute the Wi-Fi commands, there is no need to physically connect via USB:
The only small disadvantage of this method is the impossibility of completing the workmicrocom By pressing Ctrl + C, you have to interrupt the SSH session (although it can only have on my Mas in Termius).
root @ MDM9625: / # microcom / dev / smd7
at
Ok
ati
Manufacturer: QUALCOMM INCORPORATED
Model: 4087.
Revision: MPSS.DI.2.0.1.C1.11-00035-M9625LAAAANAZM-1 1 [JAN 07 2015 03:00:00]
IMEI: 3597xxxxxxxxxxx
+ GCAP: + CGSM
Ok
at
Ok
ati
Manufacturer: QUALCOMM INCORPORATED
Model: 4087.
Revision: MPSS.DI.2.0.1.C1.11-00035-M9625LAAAANAZM-1 1 [JAN 07 2015 03:00:00]
IMEI: 3597xxxxxxxxxxx
+ GCAP: + CGSM
Ok
The only small disadvantage of this method is the impossibility of completing the workmicrocom By pressing Ctrl + C, you have to interrupt the SSH session (although it can only have on my Mas in Termius).
Option - 3 (from the SSH console - qterminal)
Forgotten by many programQTerminal , Just a miracle as good for these purposes: happy: We have no libraries in the router for its work, so I had to rebel the installation archive, added the necessary libraries, the script for the launch of the program with the necessary parameters and the link on it from / usr / sbin. Big gratitude uv. vvevvevve And his file storage.
1. Record the qterminal_m7350.tar file to / dev / shm;
2. In the console, we carry out:
Access from the terminal by connecting the SSH and after performingqterminal .
qterminal_m7350.tar(314.5 KB)
1. Record the qterminal_m7350.tar file to / dev / shm;
2. In the console, we carry out:
root @ mdm9625: / # CD / dev / shm
ROOT @ MDM9625: / # TAR -C / -XVF qterminal_m7350.tar
root @ mdm9625: / # RM qterminal_m7350.tar
ROOT @ MDM9625: / # TAR -C / -XVF qterminal_m7350.tar
root @ mdm9625: / # RM qterminal_m7350.tar
Access from the terminal by connecting the SSH and after performingqterminal .
root @ MDM9625: ~ # qterminal
>ati
ati
Manufacturer: QUALCOMM INCORPORATED
Model: 4087.
Revision: MPSS.DI.2.0.1.C1.11-00035-M9625LAAAANAZM-1 1 [JAN 07 2015 03:00:00]
IMEI: 3597xxxxxxxxxxx
+ GCAP: + CGSM
Ok
>
>ati
ati
Manufacturer: QUALCOMM INCORPORATED
Model: 4087.
Revision: MPSS.DI.2.0.1.C1.11-00035-M9625LAAAANAZM-1 1 [JAN 07 2015 03:00:00]
IMEI: 3597xxxxxxxxxxx
+ GCAP: + CGSM
Ok
>
qterminal_m7350.tar(314.5 KB)Main teams:
ATI - the output of information about the router
AT & V - Current Configuration
AT + CGSN - show imei
AT + CLAC - List of supported commands
AT $ QCCLAC - Advanced list of supported commands
AT & V - Current Configuration
AT + CGSN - show imei
AT + CLAC - List of supported commands
AT $ QCCLAC - Advanced list of supported commands
6. Shiftimei:
How repeatedly wrote, IMEI I changed on my router right before the laptop of the laptop with Windows, was installedWindows 7 x64 . Now check and test me nothing, the benefit of at least the information from the encrypted disk was removed.
IMEI changed twice, with the help of different programs. The first, described below, the prog all the procedure takes a few minutes, on it and will stop in more detail, on the description of working with the second ladies, only a link, there is everything, includingKlavkomovsky Drivers .
In order to get away from the extra questions, I will immediately say -I had a full flash dump . How to merge dump I will describe at the end of the post.
Small remark. How to advise on the forum if you took imei from Android devices or apple - fix TTL you will need to be on the value -64 if there is something - 128 .
To begin with, you need to installKlavkomovsky Drivers from reference with the second program and Change composition , I translated into - 9025 with a diagnostic port and modem, as described above in Section 2 - Translation of the router to the composition with ADB .
IMEI changed twice, with the help of different programs. The first, described below, the prog all the procedure takes a few minutes, on it and will stop in more detail, on the description of working with the second ladies, only a link, there is everything, includingKlavkomovsky Drivers .
In order to get away from the extra questions, I will immediately say -I had a full flash dump . How to merge dump I will describe at the end of the post.
Small remark. How to advise on the forum if you took imei from Android devices or apple - fix TTL you will need to be on the value -64 if there is something - 128 .
Information - what and where !!!
IMEI is stored in 3 places on the router:
1. / MISC / IMEI
2. / etc / config / product
3. In the closed area of ​​the system.
The first IMEI file serves to generate a password to access via WiFi.I do not recommend changing because When resetting the router to factory settings, it may be generated by a password that you do not know, you can find it in the file system without problems field wpa_passphrase in file /etc/hostapd.conf. But ... I found it, I connected, time passed, I made a reset, I realized that I forgot the password, and so in a circle.
In the second, the value is taken from the first file, after resetting the router to the factory settings and servesOnly to display in the web interface . You can change, at your discretion for clarity.
In the third, we need to make changes for the operator.
1. / MISC / IMEI
2. / etc / config / product
3. In the closed area of ​​the system.
The first IMEI file serves to generate a password to access via WiFi.I do not recommend changing because When resetting the router to factory settings, it may be generated by a password that you do not know, you can find it in the file system without problems field wpa_passphrase in file /etc/hostapd.conf. But ... I found it, I connected, time passed, I made a reset, I realized that I forgot the password, and so in a circle.
In the second, the value is taken from the first file, after resetting the router to the factory settings and servesOnly to display in the web interface . You can change, at your discretion for clarity.
In the third, we need to make changes for the operator.
To begin with, you need to installKlavkomovsky Drivers from reference with the second program and Change composition , I translated into - 9025 with a diagnostic port and modem, as described above in Section 2 - Translation of the router to the composition with ADB .
First Prog - Method 1
I am writing a memory !!!
I found and took from us on the forum, in the branch "General principles of recovery loaders on Qualcomm".
1. Install -IMEIWRITER_DIAG_EN_VER1.1.9.EXE and launch - 3G IMEI Writer. ;
2. in "IMEI CONFIGURATION. "Must be selected - 15 Digits Mode. ;
3. in check boxes "Write Selection. "Leave chosen ONLY - IMEI1 ;
4. In the lower check boxes (AUTO SWITCH, SWITCH RESET, AUTO WRITE ) remove all checks;
5. Click "R.READ DATA. "
6. We are waiting for the program for a long time goes ports and then reads IMEI from the device;
7. In the field with the IMEI router that appears, we enter / copy the desired, from the old smart, tablet andetc. etc.;
8. Click "W.Write Data. "- Waiting, the recording happens quite quickly;
9. Disconnect and reboot the router - you can check the change of IMEI by the at-command;
10. To calm the soul, change/ etc / config / product on the new imei - serves only To display in the webcam;
11. We change the composition to the standard -Tplink. .
IMEIWRITER_DIAG_EN_VER1.1.9.EXE(2.35 MB)
I found and took from us on the forum, in the branch "General principles of recovery loaders on Qualcomm".
1. Install -IMEIWRITER_DIAG_EN_VER1.1.9.EXE and launch - 3G IMEI Writer. ;
2. in "IMEI CONFIGURATION. "Must be selected - 15 Digits Mode. ;
3. in check boxes "Write Selection. "Leave chosen ONLY - IMEI1 ;
4. In the lower check boxes (AUTO SWITCH, SWITCH RESET, AUTO WRITE ) remove all checks;
5. Click "R.READ DATA. "
6. We are waiting for the program for a long time goes ports and then reads IMEI from the device;
7. In the field with the IMEI router that appears, we enter / copy the desired, from the old smart, tablet andetc. etc.;
8. Click "W.Write Data. "- Waiting, the recording happens quite quickly;
9. Disconnect and reboot the router - you can check the change of IMEI by the at-command;
10. To calm the soul, change/ etc / config / product on the new imei - serves only To display in the webcam;
11. We change the composition to the standard -Tplink. .
IMEIWRITER_DIAG_EN_VER1.1.9.EXE(2.35 MB)Second Prog - Method 2
Check
>ati
ati
Manufacturer: QUALCOMM INCORPORATED
Model: 4087.
Revision: MPSS.DI.2.0.1.C1.11-00035-M9625LAAAANAZM-1 1 [JAN 07 2015 03:00:00]
IMEI:3597xxxxxxxxxx9.
+ GCAP: + CGSM
Ok
ati
Manufacturer: QUALCOMM INCORPORATED
Model: 4087.
Revision: MPSS.DI.2.0.1.C1.11-00035-M9625LAAAANAZM-1 1 [JAN 07 2015 03:00:00]
IMEI:3597xxxxxxxxxx9.
+ GCAP: + CGSM
Ok
7. Installation of additional software:
Since in the root of the FS of the free memory router less than 1 MB, installation archives throughTotalCommander ADB. Write on B. / Dev / shm .
Midnight commander
File Manager MC.(Midnight Commander):
1. Record the McNew.Tar file in / dev / shm;
2. In the console, we carry out:
Run from the Console command - MC. Hide / show Midnight Commander - Ctrl + O window. Not all consoles correctly display delimiters. Read the source on the link above.
McNew.Tar(3.37 MB)
1. Record the McNew.Tar file in / dev / shm;
2. In the console, we carry out:
root @ mdm9625: / # CD / dev / shm
root @ MDM9625: / # TAR -C / -XVF McNew.tar
root @ mdm9625: / # rm mcnew.tar
root @ MDM9625: / # TAR -C / -XVF McNew.tar
root @ mdm9625: / # rm mcnew.tar
Run from the Console command - MC. Hide / show Midnight Commander - Ctrl + O window. Not all consoles correctly display delimiters. Read the source on the link above.
 |
McNew.Tar(3.37 MB)Speedtest
Console SpeedTest.
1. Record the SpeedTest.Tar file in / dev / shm;
2. In the console, we carry out:
Starting from the console team - SpeedTest:
Speedtest.tar(946 kb)
The problem in routers and modems is that Speedtest is trying to choose the nearest server according to the OPSSUIt does not always coincide with the current location of the user, and your geoposition is additionally used in the phone, it allows you to more accurately determine the nearest server at the moment. An acceptable solution in this case, look on the phone the name of the server used and select its ID from the list of servers, more complete and relevant here -List of serversAnd put it in the launch of the modem:
or
If the router is used inpatient, you can adjust this string of the start in the file -/usr/share/speedtest/speedtest.sh.
Listing the nearest, automatically specific servers, can be viewed by the team:
1. Record the SpeedTest.Tar file in / dev / shm;
2. In the console, we carry out:
root @ mdm9625: / # CD / dev / shm
root @ MDM9625: / # TAR -C / -XVF SpeedTest.Tar
root @ MDM9625: / # RM SpeedTest.Tar
root @ MDM9625: / # TAR -C / -XVF SpeedTest.Tar
root @ MDM9625: / # RM SpeedTest.Tar
Starting from the console team - SpeedTest:
root @ MDM9625: / # Speedtest
Speedtest by Ookla
Server: OMICRON - Krasnodar (ID = 23142)
ISP: PJSC Megafon
Latency: 52.14 MS (8.15 MS Jitter)
Download: 24.01 MBPS (Data Used: 34.0 MB)
Upload: 4.60 MBPS (Data Used: 7.9 MB)
Packet Loss: 0.0%
Result URL: https://www.speedtest.net/result/c/a8632c26-dc23-4c07-a38e-c097545dd93d
Speedtest by Ookla
Server: OMICRON - Krasnodar (ID = 23142)
ISP: PJSC Megafon
Latency: 52.14 MS (8.15 MS Jitter)
Download: 24.01 MBPS (Data Used: 34.0 MB)
Upload: 4.60 MBPS (Data Used: 7.9 MB)
Packet Loss: 0.0%
Result URL: https://www.speedtest.net/result/c/a8632c26-dc23-4c07-a38e-c097545dd93d
Speedtest.tar(946 kb)The problem in routers and modems is that Speedtest is trying to choose the nearest server according to the OPSSUIt does not always coincide with the current location of the user, and your geoposition is additionally used in the phone, it allows you to more accurately determine the nearest server at the moment. An acceptable solution in this case, look on the phone the name of the server used and select its ID from the list of servers, more complete and relevant here -List of serversAnd put it in the launch of the modem:
USR / Share / Speedtest / SpeedTest --CA-CERTIFICATE = / USR / Share / Speedtest / SpeedCert.pem -S 2151
USR / Share / Speedtest / SpeedTest --CA-Certificate = / USR / Share / Speedtest / SpeedCert.pem --server-id = 2151
If the router is used inpatient, you can adjust this string of the start in the file -/usr/share/speedtest/speedtest.sh.
Listing the nearest, automatically specific servers, can be viewed by the team:
USR / SHARE / SPEEDTEST / SPEEDTEST --CA-CERTIFICATE = / USR / SHARE / SPEEDTEST / SPEEDCERT.PEM -L
shellinabox
The other day there was a need to enter the router console from someone else's computer. From the phone it was not convenient to work (a small screen), but to put the software on a stranger there was no possibility. Remembered the utilityshellinabox(Shell in a Box) - Allows you to work with the console of the device "from the browser". I installed it through the phone on the router, there were doubts that I would not work with us, but everything was fine. Only the prog itself is set, no additional patches and changes are needed, there are no conflicts with the system. After installation and restart, the utility "listens" port TCP: 4200. To work in the browser, we introduce:
To query Login: Password, enter the login and password from the web muzzle, for example, by default Admin: admin.
Next, go to root mode with the command:
and enter the password -oelinux123 or oelinux1 , I have both.
http://192.168.0.1:4200
To query Login: Password, enter the login and password from the web muzzle, for example, by default Admin: admin.
Next, go to root mode with the command:
su -
and enter the password -oelinux123 or oelinux1 , I have both.
 |
Evcheck.
I can not lean just a great programEvcheckfrom uv. vvevvevve (however, like many other builds, software, modules).
The description from the author - "work it will be like this: After starting, the EvCheck process will remain in memory and will track the status of the WPS button. If this button is press and retain more than 3 seconds, and then release, then the script / usr / bin / script1 will start. If after This is the same again, the script / usr / bin / script2 will start. Well, and so on: scripts will start alternately, implementing the "enabled-off" logic. Such scripts can be, including OVPNUP / OVPNDOWN from Set with OpenVPN. "
The possibilities of using the program is not enough, limited only by your fantasy.
If you wish, switching can be displayed in a router's muzzle.
The description from the author - "work it will be like this: After starting, the EvCheck process will remain in memory and will track the status of the WPS button. If this button is press and retain more than 3 seconds, and then release, then the script / usr / bin / script1 will start. If after This is the same again, the script / usr / bin / script2 will start. Well, and so on: scripts will start alternately, implementing the "enabled-off" logic. Such scripts can be, including OVPNUP / OVPNDOWN from Set with OpenVPN. "
The possibilities of using the program is not enough, limited only by your fantasy.
If you wish, switching can be displayed in a router's muzzle.
openVPN
There was a need to establishopenVPN , the Son asked for access to on-line libraries, the benefit of the Tun.ko module in it is compiled under the same core as we have.
Again, scripts are changed to work with our router, including I had to change the imaging scripts of the information to the muzzle of the router and coordinate them between themselves so that OpenVPN is seen or not. By default, the launch and stop of the OpenVPN is carried out by commands from the console:
However, this is not entirely convenient, of course, it is possible to stop and stop OpenVPN using snippets from the phone console, but ...
In parallel with this installedEvcheck. The autorun script was prescribed on / off OpenVPN, now to start a VPN - a long, approximately 2 seconds, pressing the WPS button (upper button), to shut down - press again. If the information output scripts are installed in the muzzle of the router, then the symbol " ' " Shows the activation of OpenVPN.
Installing archives by type of all other programs, see above.
To work OpenVPN, you need a configuration file, for testing you can take, for example, on the siteWhor VPN. The config is sent to email, the truth for testing they have a speed limit of 1 Mbps, but enough for tests. It is easier for me, I will raise my VPN server.
Configis necessary Rename in - My.OVPN. and copy to the folder on the router / etc / openvpn .
OpenVPN.Tar.(876.5 KB)
Evcheck_ovpn.tar.(7.5 KB)
Again, scripts are changed to work with our router, including I had to change the imaging scripts of the information to the muzzle of the router and coordinate them between themselves so that OpenVPN is seen or not. By default, the launch and stop of the OpenVPN is carried out by commands from the console:
# ovpnup
# ovpndown.
# ovpndown.
However, this is not entirely convenient, of course, it is possible to stop and stop OpenVPN using snippets from the phone console, but ...
In parallel with this installedEvcheck. The autorun script was prescribed on / off OpenVPN, now to start a VPN - a long, approximately 2 seconds, pressing the WPS button (upper button), to shut down - press again. If the information output scripts are installed in the muzzle of the router, then the symbol " ' " Shows the activation of OpenVPN.
Installing archives by type of all other programs, see above.
To work OpenVPN, you need a configuration file, for testing you can take, for example, on the siteWhor VPN. The config is sent to email, the truth for testing they have a speed limit of 1 Mbps, but enough for tests. It is easier for me, I will raise my VPN server.
Configis necessary Rename in - My.OVPN. and copy to the folder on the router / etc / openvpn .
OpenVPN.Tar.(876.5 KB)Evcheck_ovpn.tar.(7.5 KB)8. Additions:
Output of information in the muzzle of the router
Installation is carried out by type and likeness of all the above programs. For workComplete set Scripts with output signal parameters is necessary to establish QTerminal . It is very convenient to watch the parameters from the native TP-Link Mifi application, since the router screen is quite quickly turned off and you have to constantly poke the power button, you can also configure the screen shutdown or simply retrieving on an empty screen location in your prog and calmly observe changes. It will be useful for those who are going to use the router inpatient, to adjust it on the tower using the inner or external antennas.
3 Changes of the central inscription with a delay of 1-2 seconds, the text is changing cyclically:
- PESP:'VK ---> Operator , colon " : " appears if fixes are installed and fixed ttl , apostrophe. " ' " if installed and started openVPN , LTE BAND - IN 1 (3, 7, 8, 20) if compound 4G, or 3G - if 3G;
- RSSI: XXX ;
- rsrp , rsrq , rssnr. .
If you and the gift you do not need output signals, set the second set of scripts -infoshow_no_signal.tar , it contains only the conclusion - PESP:'VK .
infoshow.tar(8 KB)
infoshow_no_signal.tar(7.5 KB)
3 Changes of the central inscription with a delay of 1-2 seconds, the text is changing cyclically:
- PESP:'VK ---> Operator , colon " : " appears if fixes are installed and fixed ttl , apostrophe. " ' " if installed and started openVPN , LTE BAND - IN 1 (3, 7, 8, 20) if compound 4G, or 3G - if 3G;
- RSSI: XXX ;
- rsrp , rsrq , rssnr. .
In 4G mode
In 3G mode
In the TP-Link Mifi application
If you and the gift you do not need output signals, set the second set of scripts -infoshow_no_signal.tar , it contains only the conclusion - PESP:'VK .
infoshow.tar(8 KB)infoshow_no_signal.tar(7.5 KB)Interesting console
Interesting and useful utilities and teams available from the console:
Qcmap_cli.
root @ MDM9625: ~ # QCMAP_CLI
Please Select An Option to Test from the Items Listed Below.
1. DISPLAY CURRENT CONFIG 38. ACTIVATE WLAN
2. DELETE SNAT ENTRY 39. SET LAN CONFIG
3. Add Snat Entry 40. Get Lan Config
4. Get Snat Config 41. Activate Lan
5. SET ROAMING 42. Get Wlan Status
6. Get Roaming 43. Enable / Disable IPv6
7. Delete DMZ IP 44. SET Firewall Config
8. Add DMZ IP 45. Get Firewall Config
9. Get DMZ IP 46. Get IPv6 State
10. Set IPsec VPN Passthrough 47. Get Wwan Profile
11. Get IPsec VPN Passthrough 48. SET WWAN PROFILE
12. Set PPTP VPN Passthrough 49. Get Upnp Status
13. Get Pptp VPN Passthrough 50. Get Dlna Status
14. SET L2TP VPN Passthrough 51. Get MDNS Status
15. Get L2TP VPN Passthrough 52. Get Station Mode Status
16. SET Autoconnect Config 53. Set Dlna Media Directory
17. Get Autoconnect Config 54. Get Dlna Media Directory
18. Get Wan Status 55. SET MOBILEAP / WLAN BOOTUP CONFIG
19. Add Firewall Entry 56. Get MobileAP / WLAN BOOTUP CONFIG
20. Enable / Disable M-DNS 57. Enable / Disable IPv4
21. Enable / Disable UPNP 58. Get IPv4 State
22. Enable / Disable DLNA 59. Get Data Bitrate
23. Display Firewalls 60. SET UPNP Notify Interval
24. Delete Firewall Entry 61. Get Upnp Notify Interval
25. Get Wwan Statistics 62. SET DLNA NOTIFY INTERVAL
26. Reset Wwan Statistics 63. Get Dlna Notify Interval
27. Get Network Configuration 64. Add DHCP Reservation Record
28. Get Nat Type 65. Get DHCP Reservation Records
29. SET NAT TYPE 66. EDIT DHCP Reservation Record
30. Enable / Disable Mobile AP 67. Delete DHCP Reservation Record
31. Enable / Disable WLAN 68. Activate Hostapd Config
32. CONNECT / DISCONNECT Backhaul 69. Activate Supplicant Config
33. Get Mobile AP Status 70. Get WebServer Wwan Access Flag
34. Set Nat Timeout 71. Set WebServer Wwan Access Flag
35. Get Nat Timeout 72. Enable / Disable RTSP ALG
36. SET WLAN CONFIG 73. RESERVED
37. Get WLAN Config 74. Teardown / Disable and Exit
Option>
Please Select An Option to Test from the Items Listed Below.
1. DISPLAY CURRENT CONFIG 38. ACTIVATE WLAN
2. DELETE SNAT ENTRY 39. SET LAN CONFIG
3. Add Snat Entry 40. Get Lan Config
4. Get Snat Config 41. Activate Lan
5. SET ROAMING 42. Get Wlan Status
6. Get Roaming 43. Enable / Disable IPv6
7. Delete DMZ IP 44. SET Firewall Config
8. Add DMZ IP 45. Get Firewall Config
9. Get DMZ IP 46. Get IPv6 State
10. Set IPsec VPN Passthrough 47. Get Wwan Profile
11. Get IPsec VPN Passthrough 48. SET WWAN PROFILE
12. Set PPTP VPN Passthrough 49. Get Upnp Status
13. Get Pptp VPN Passthrough 50. Get Dlna Status
14. SET L2TP VPN Passthrough 51. Get MDNS Status
15. Get L2TP VPN Passthrough 52. Get Station Mode Status
16. SET Autoconnect Config 53. Set Dlna Media Directory
17. Get Autoconnect Config 54. Get Dlna Media Directory
18. Get Wan Status 55. SET MOBILEAP / WLAN BOOTUP CONFIG
19. Add Firewall Entry 56. Get MobileAP / WLAN BOOTUP CONFIG
20. Enable / Disable M-DNS 57. Enable / Disable IPv4
21. Enable / Disable UPNP 58. Get IPv4 State
22. Enable / Disable DLNA 59. Get Data Bitrate
23. Display Firewalls 60. SET UPNP Notify Interval
24. Delete Firewall Entry 61. Get Upnp Notify Interval
25. Get Wwan Statistics 62. SET DLNA NOTIFY INTERVAL
26. Reset Wwan Statistics 63. Get Dlna Notify Interval
27. Get Network Configuration 64. Add DHCP Reservation Record
28. Get Nat Type 65. Get DHCP Reservation Records
29. SET NAT TYPE 66. EDIT DHCP Reservation Record
30. Enable / Disable Mobile AP 67. Delete DHCP Reservation Record
31. Enable / Disable WLAN 68. Activate Hostapd Config
32. CONNECT / DISCONNECT Backhaul 69. Activate Supplicant Config
33. Get Mobile AP Status 70. Get WebServer Wwan Access Flag
34. Set Nat Timeout 71. Set WebServer Wwan Access Flag
35. Get Nat Timeout 72. Enable / Disable RTSP ALG
36. SET WLAN CONFIG 73. RESERVED
37. Get WLAN Config 74. Teardown / Disable and Exit
Option>
Hostapd_Cli.
root @ MDM9625: ~ # Hostapd_Cli
HostAPD_CLI v2.0-Devel
Copyright (C) 2004-2012, Jouni Malinen<[email protected].>and Contributors.
This Software May Be Distributed under the Terms of the BSD License.
See Readme for More Details.
SELECTED INTERFACE 'WLAN0'
Interactive Mode.
>help
Commands:
MIB GET MIB VARIABLES (Dot1x, Dot11, Radius)
sta<addr>Get Mib Variables for One Station
All_sta Get Mib Variables for All Stations
NEW_STA<addr>Add a New Station
Deauthenticate.<addr>Deauthenticate A Station
disassociate<addr>Disassociate A Station
wps_pin.<uuid><pin>[Timeout] [Addr] Add WPS Enrollee Pin
wps_check_pin.<PIN>Verify Pin Checksum
WPS_PBC INDICATE Button Pushed to Initiate PBC
WPS_CANCEL CANCEL THE PENDING WPS OPERATION
wps_ap_pin.<cmd>[Params ..] Enable / Disable AP PIN
wps_config<SSID><auth><Encr><key>Configure AP.
Get_Config Show Current Configuration
Help Show This Usage Help
Interface [IFNAME] show interfaces / select interface
level<DEBUG LEVEL>Change Debug Level
License Show Full Hostapd_Cli License
Vendorie.<SET / CLR.>[IE] Set or Clear Vendor IE
Update_acl<ACCEPT / DENY.><ACL File Name.>Update ACL Either to Accept / Deny from the Given File
Quit Exit Hostapd_Cli.
>
HostAPD_CLI v2.0-Devel
Copyright (C) 2004-2012, Jouni Malinen<[email protected].>and Contributors.
This Software May Be Distributed under the Terms of the BSD License.
See Readme for More Details.
SELECTED INTERFACE 'WLAN0'
Interactive Mode.
>help
Commands:
MIB GET MIB VARIABLES (Dot1x, Dot11, Radius)
sta<addr>Get Mib Variables for One Station
All_sta Get Mib Variables for All Stations
NEW_STA<addr>Add a New Station
Deauthenticate.<addr>Deauthenticate A Station
disassociate<addr>Disassociate A Station
wps_pin.<uuid><pin>[Timeout] [Addr] Add WPS Enrollee Pin
wps_check_pin.<PIN>Verify Pin Checksum
WPS_PBC INDICATE Button Pushed to Initiate PBC
WPS_CANCEL CANCEL THE PENDING WPS OPERATION
wps_ap_pin.<cmd>[Params ..] Enable / Disable AP PIN
wps_config<SSID><auth><Encr><key>Configure AP.
Get_Config Show Current Configuration
Help Show This Usage Help
Interface [IFNAME] show interfaces / select interface
level<DEBUG LEVEL>Change Debug Level
License Show Full Hostapd_Cli License
Vendorie.<SET / CLR.>[IE] Set or Clear Vendor IE
Update_acl<ACCEPT / DENY.><ACL File Name.>Update ACL Either to Accept / Deny from the Given File
Quit Exit Hostapd_Cli.
>
Run FTP Server
If anyone has little SFTP and SCP, you can run the FTP server on the router, it will act until reboot, you can make a script, and a link to it in / usr / sbin so as not to enter the entire command every time.
Access to the file system can be obtained from any program with FTP, including from the browser.
Access to the file system can be obtained from any program with FTP, including from the browser.
tcpsvd -u root: root -vE 0.0.0.0 21 ftpd -w / &
microSD
To install archives, reservations, etc. etc. You can use the flash drive installed in the router. For example, write to it the necessary installation archives and using MC (Midnight Commander) simply copy the folders you need and files on the necessary paths directly from the archive itself. All rights are saved, the links act.
How to add an unknown router opsos - correctionUnknown ISP.
We look on android phone MCCMNC Oposos (or any known way to you), for example, the Rostelecom business - 250 20 .
To file/etc/netispinfo.ini. add lines:
After the rebut, the script earned as it should. Instead of Rostelekom, wrote RTK, since there is a limit in the number of output characters, if you add an additional info, it goes beyond the screen.
At the same time, the profile with APN immediately appeared in the webcam.
To file/etc/netispinfo.ini. add lines:
[250,20]
Ipversion = 0.
APN = internet.rtk.ru.
UserName =.
UserPass =.
Name = RTK.
Package = RTK.
Country = Russia.
Ipversion = 0.
APN = internet.rtk.ru.
UserName =.
UserPass =.
Name = RTK.
Package = RTK.
Country = Russia.
After the rebut, the script earned as it should. Instead of Rostelekom, wrote RTK, since there is a limit in the number of output characters, if you add an additional info, it goes beyond the screen.
At the same time, the profile with APN immediately appeared in the webcam.
Attention:
Memory leak
Found prettySerious bug in the system , apparently, it can be one of (if not the main) causes of the router hangs at the start of some users, leakage and Full memory in the root section . How remember with memory in the root is not ice . I have, for example, At the beginning All povers were free about 1 MB. With all his work, it began to observe its decrease, however, the volume to which it decreased in no way correlates with the volume of files created and recorded by me. At the same time, the router began to load quite a long time, the process from inclusion to a full start, connecting to the operator and WiFi activation began to take 1-2 minutes. Of course, I thought to my manipulations. However, in the search process was discovered log /var/log.nmbd. Related to the initialization of the Samba, the initial entry in it dated 2015 (Date of purchase and first inclusion), size more than 6 MB, this file is not limited in its size, not cleared by the system and is not overwritten, everything is not only added to the addition. Linking it on the USB flash drive, just did not remove the log, only completely cleaned him and restarted the router. It took off as a plane, quickly rebooted, passed and distributed WiFi. This is such an unpleasant picture. I decided to watch him a couple - the top three days, then add the cleaning of this log when the router is turned on. Unlimited file growth occurs only if in Storage Sharing Selected mode - by wi-fi . Cleaning the log at the work of Samba did not affect.
To automatically clean the log, I advise you to make the following (for myself I chose the 3rd method proposedmesb ):
First way :
If you use my TTL fixation scripts and / or the output of information in the muzzle of the router, then inone From files /etc/init.d/infoshow or /etc/init.d/ttlset Add lines:
Second way :
If you do not use foreign scripts with autorun, then create a new one that will clean the log:
In this case, every time, after rebooting, the log will be cleaned.
Third way :
Suggested our forumchaninmesb
"Watch the result of LS -LAH we will see the sympti on the well.
After this action, the router is loaded norms and responds by sambe) "
Script-lacy teams from the postmesb - Once the Del_smblog script from the del_smblog.tar archive and you can delete them from the router:
del_smblog.tar(2 KB)
To automatically clean the log, I advise you to make the following (for myself I chose the 3rd method proposedmesb ):
First way :
If you use my TTL fixation scripts and / or the output of information in the muzzle of the router, then inone From files /etc/init.d/infoshow or /etc/init.d/ttlset Add lines:
Echo -N.>/var/log.nmbd.
Echo -N.>/var/log.smbd.
Echo -N.>/var/log.smbd.
Second way :
If you do not use foreign scripts with autorun, then create a new one that will clean the log:
root @ MDM9625: / # ECHO -E "#! / BIN / SH \ Necho -N>/var/log.nmbd\necho -N.>/var/log.smbd ">/etc/init.d/clearls.
root @ mdm9625: / # chmod 777 /etc/init.d/clearls
root @ mdm9625: / # ln -s /etc/init.d/clarls /etc/rc5.d/s99clearls
root @ mdm9625: / # chmod 777 /etc/init.d/clearls
root @ mdm9625: / # ln -s /etc/init.d/clarls /etc/rc5.d/s99clearls
In this case, every time, after rebooting, the log will be cleaned.
Third way :
Suggested our forumchaninmesb
cd / var
Rm log.smbd.
Rm log.nmbd.
LN -S / DEV / NULL LOG.SMBD
LN -S / DEV / NULL log.nmbd
Rm log.smbd.
Rm log.nmbd.
LN -S / DEV / NULL LOG.SMBD
LN -S / DEV / NULL log.nmbd
"Watch the result of LS -LAH we will see the sympti on the well.
After this action, the router is loaded norms and responds by sambe) "
Script-lacy teams from the postmesb - Once the Del_smblog script from the del_smblog.tar archive and you can delete them from the router:
del_smblog.tar(2 KB)Reset to factory settings
Router when resetting it to factory settings from a web muzzle or a reset button on it, only the settings are installed in the web interface and the web server itself, the remaining system remains as it was, i.e. All that has been done and changed in the system with handles (additional utilities, scripts) remain in place. Refracting to the current I ask, also does not affect the added change
All actions with your device you do at your own risk, be very accurate with the file system, it is very easy to get a brick instead of a working device.
The author does not bear any responsibility for your actions.
The IMEI change description on the device has an informational nature.
The author does not bear any responsibility for your actions.
The IMEI change description on the device has an informational nature.
To create a dump:
Klavkom drivers must be installed!
1. Transfer the router inPBL mode (without battery, shorten the specified points and connect to the computer via USB);
2. Unpack a folder with QTools to the root of the disk;
3. Run out of it -_TP7350.cmd. ;
4. Inquiries twice enter the port number -Qualcomm HS-USB QDLoader ... ;
5. Dump Solives you on the computer.
Qtools.zip.(2.98 MB)Thank you very muchportax
Blood changes:
04.05.2020 - Added a method for performing an AT-Command from SSH;
05.05.2020 - Running the FTP server on the router;
05.05.2020 - Added another way to perform an AT-Command from SSH;
05/08/2020 - Replaced IMEI router - I will describe the process later;
05/11/2020 - Tested and added to the post Shellinabox;
05/12/2020 - Added qterminal to perform AT commands from SHH;
05/18/2020 - Added infe-output scripts to a router face;
05/26/2020 - Changed Fix TTL on scripts with autoload and periodic fix check;
05/26/2020 - changed the imaging scripts to the muzzle of the router;
05/26/2020 - Added a simple method for obtaining primary access via Telnet using CURL;
05/30/2020 - changed the scripts of the output of information into the muzzle of the router - Displays the running OpenVPN;
05/30/2020 - Added an OpenVPN client recycled to our router;
05/30/2020 - Added the start / disable OpenVPN with the WPS button, via EvCheck;
05/30/2020 - Added a lightweight info output script to the screen, without signals;
06/01/2020 - Added a script-lazy to "zeroing" samba logs;
06/01/2020 - Changed TTL fixation scripts - got rid of one cyclically rewritable file;
06/01/2020 - changed the output scripts to the router screen - got rid of cyclically rewritable files and correct operation on V3;
06/01/2020 - added a description of the change of IMEI;
06/01/2020 - added a description of the creation of a dump;
02.06.2020 - corrected the successful references by the post;
05.06.2020 - made a script output information about the router in a web interface, link in content;
06/07/2020 - Added a description of the installation of additional software on the router, using the OPKG batch manager from the project - ENTWARE, LINK in the content;
11.06.2020 - added a simple method for obtaining primary access via Telnet via HTML;
12.06.2020 - Cross compilation - collect the necessary nucleus modules themselves, reference in the description;
06/15/2020 - added two proven method of operation of the router without battery;
07/09/2020 - Added Russian Localization of the Web Server for V1, link in the description;
07/18/2020 - Added a description of the Speedtest launch with the selected Server user;
08.08.2020 - Added a new router information output script to the web interface, info was added about IP and GEO information, link in content;
08.08.2020 - checked the work of CURL on the router, the link in the content;
08/09/2020 - Sending USSD requests from the console, in content;
08.26.2020 - compiled aha, link in content;
08/31/2020 - Updated the display of information about the router information in the web interface, added USSD, AT-Commands, painted info, link in content.
05.05.2020 - Running the FTP server on the router;
05.05.2020 - Added another way to perform an AT-Command from SSH;
05/08/2020 - Replaced IMEI router - I will describe the process later;
05/11/2020 - Tested and added to the post Shellinabox;
05/12/2020 - Added qterminal to perform AT commands from SHH;
05/18/2020 - Added infe-output scripts to a router face;
05/26/2020 - Changed Fix TTL on scripts with autoload and periodic fix check;
05/26/2020 - changed the imaging scripts to the muzzle of the router;
05/26/2020 - Added a simple method for obtaining primary access via Telnet using CURL;
05/30/2020 - changed the scripts of the output of information into the muzzle of the router - Displays the running OpenVPN;
05/30/2020 - Added an OpenVPN client recycled to our router;
05/30/2020 - Added the start / disable OpenVPN with the WPS button, via EvCheck;
05/30/2020 - Added a lightweight info output script to the screen, without signals;
06/01/2020 - Added a script-lazy to "zeroing" samba logs;
06/01/2020 - Changed TTL fixation scripts - got rid of one cyclically rewritable file;
06/01/2020 - changed the output scripts to the router screen - got rid of cyclically rewritable files and correct operation on V3;
06/01/2020 - added a description of the change of IMEI;
06/01/2020 - added a description of the creation of a dump;
02.06.2020 - corrected the successful references by the post;
05.06.2020 - made a script output information about the router in a web interface, link in content;
06/07/2020 - Added a description of the installation of additional software on the router, using the OPKG batch manager from the project - ENTWARE, LINK in the content;
11.06.2020 - added a simple method for obtaining primary access via Telnet via HTML;
12.06.2020 - Cross compilation - collect the necessary nucleus modules themselves, reference in the description;
06/15/2020 - added two proven method of operation of the router without battery;
07/09/2020 - Added Russian Localization of the Web Server for V1, link in the description;
07/18/2020 - Added a description of the Speedtest launch with the selected Server user;
08.08.2020 - Added a new router information output script to the web interface, info was added about IP and GEO information, link in content;
08.08.2020 - checked the work of CURL on the router, the link in the content;
08/09/2020 - Sending USSD requests from the console, in content;
08.26.2020 - compiled aha, link in content;
08/31/2020 - Updated the display of information about the router information in the web interface, added USSD, AT-Commands, painted info, link in content.
Post has been editedSerbli - 04.10.20, 22:05
Reason for editing: Updated
Well, now I came to the northern fox to my old laptop disappearing exactly 12 years old :(. It was the only beech on Windows. And since the whole family, including me, the mascas, while there is nothing more to work with.
Post has been editedSerbli - 02.06.20, 01:04
Post has been editedSerbli - 02.06.20, 01:04
Reason for editing: typo
Serbli @ 24.04.20, 02:52
The procedure itself is simple, but rather Mouorne. It will try to describe in detail and understandable in order to avoid possible questions. As I have already written in one of the posts above, it should be approached for all revisions of the router, except for the V3 with the last firmware, update the penultimate, in the latter there are no changes in the latter
On version 5 M7350 (EU) _v5_20200330, paragraph 1 does not work, namely there are no QCMAP_Web_CGI requests, there is only to Web_cgi. If you use them, the 23 port has not opened. If you make a request manually to qcmap_web_cgi, it gives an answer 404.
Modem version 5.2.
dry154 , As I wrote above, the error was initially detected in v3. By analogy, I traced it in the firmware for V1. Honestly, it was confident that the firmware for all iron audits is similar.
All software for analysis (BARP and Ghidra) I had a laptop laptop, so I can not see the firmware V4-5 now. For the sake of worship, your firmware will see the composition.
Serbli @ 05/01/20, 22:04
As I wrote above, the error was initially detected in v3. By analogy, I traced it in the firmware for V1. Honestly, it was confident that the firmware for all iron audits is similar.
All software for analysis (BARP and Ghidra) I had a laptop laptop, so I can not see the firmware V4-5 now. For the sake of worship, your firmware will see the composition.
All software for analysis (BARP and Ghidra) I had a laptop laptop, so I can not see the firmware V4-5 now. For the sake of worship, your firmware will see the composition.
thank
Firmware here download as I understoodhttps: //www.tp-link.co...upport/download/m7350/
And on the modem version 5.2 (like mine) you can put the firmware V3?
dry154, The firmware from another revision will not come, will give an error, they are signed by different signatures, and the composition is different, iron too. Better do not risk, suddenly it turns out, put the router.
Post has been editedSerbli - 01.06.20, 22:58
tigra815 No, in any case, on my V1, I tried a few years ago. We have another web server. Plus, the Connect via the Windows command line to the ADB router does not pass - wrote in a flea, you can only enter the ADB router only through TotalCommander or Puttytray, soadb shell cat / proc / net / ip_tables_targets We will not work, like all the assemblies of installing fixes and programs through ADB. The specified command can be viewed Targets only from the console of the router itself - CAT / PROC / NET / IP_TABLES_TARGETS.
As it turned out, the way to get into the maintenance of the router is only on the revisions of the iron V1-V3, the structure of the device of the device is changed in revisions V4-V5.
Post has been editedSerbli - 01.06.20, 01:18
©savagemessiahzine.com2005-2021 All rights reserved.
savagemessiahzine.com®- registered trademark.
Terms of Use | Denial of responsibility | Advertising placement
savagemessiahzine.com®- registered trademark.
Terms of Use | Denial of responsibility | Advertising placement