10.0.0 L.138 Telstra

0 views
Skip to first unread message

Adelaida Frodge

unread,
Aug 3, 2024, 4:27:02 PM8/3/24
to arusziawin

how ? as mine has had the new firmware since i received it.
thats why i was going the TFTP method to flash the older firmware, as it worked for my tg800, 799 and 788, when the autoflashgui would not co-operate.

If it is what we were previously discussing, why the slave rooted modem is needed? Or is it something totally different? I agree you should not disclose it, such complicated exploits are best suited for further exploration toward easier exploitation instead of being wasted for nothing.

The older version of Autoflashgui not the firmware.
You told me that the new version of Autoflashgui won't flash the either of the 2 firmwares available and I said go back to the older version. Older version of Autoflashgui since that is what we were talking about. TFTP will not work if you are on bank 2 end of story.

It's a valid argument, but we guaranteed never ever will if we can't get a look in in future! PXE flashing is tricky enough for most people, setting up a complete simulated ISP management system in front of it is going to appeal to very few people indeed.

I have shared dumps of the 799 & 800 & MyRepublic so I don't know why you could not find them or who would not share them with you.
Never the less you are the first then to find a exploit then that can't be shared or telstra will shut it down.
Well done.

I have a suspicion of what it is but I'm not actually privy to it. I am actually happy not knowing things it from time to time if it serves a greater purpose... despite the fact that it annoys me to buggery that we don't have full access to gear for which we have paid.

I suspect it doesn't require PXE flashing; I was referring to how tricky setting up an environment for PXE flashing is even with a simple system like TFTPD64. Multiply that complexity across all the services required to emulate an ISP management system and getting all those ducks to line up; it's not trivial, so whatever this is will get shut down very quickly and we're back out in the cold with no hope.

If you want a copy of the final object, please ask BoLaMN.
There will be a lisence (hopefully) included with the finished product(s) (if he wants to disclose) that will prevent you from publically posting the info anywhere and sharing with other people.

Put this in another way, if he disclose the exploit, and the ISP fixes it, given the nature of the exploit, there would only exist a small time window for who owns one of this device TODAY to get root access to it in some extremely complex way. Obviously if the people who succeed will be a very few there will be almost no chances of getting such devices supported by any pre-made mod like custom GUIs or app packages.

Thanks to his work we know have the key to decrypt available RBIs, in other words those devices are no more black-boxes for all of us. Do you really believe a single person would spend months in playing with such things just for saying: "I got it!"?

The reason I chose to flash it was because it seemed locked to PPPoE despite a factory reset (via both pin and admin UI). Now that I've flashed it, it only shows "Trying to Connect..." under Internet Access / Connection mode.

I was wondering if there's a way I can force it onto VDSL (I have root) in case it's still trying to autosense. I heard about trying to turn autosensing on, but while it shows the feature exists, I don't seem to have an option for that anywhere.

by the looks of it you havent connected the ethernet WAN or DSL cable to the modem, hence the it cannot establish an L3 connection. You need not worry about forcing a VDSL or Ethernet connection as it will auto sense and do it automatically

I may be misinterpreting your reply to my comment. To the best of my knowledge, while a few people are saying they have achieved root on the DJA0230TLS either with earlier firmware or a new exploit that is too delicate to expose to the public, no-one has yet posted a link to a decrypted RBI or offered up the OSCK to any of us that don't have root access even though having root access would allow them to do this and give the rest of us a chance to find another exploit.

All the OSCKs I have observed have been unique to the model of modem. I don't know if variants of a model such as the non Australian TG799s use the same OSCK or not. The eRIPv2 configuration partition is encrypted with a key that is specific to each device and must be burnt into the CPU as it doesn't appear to be in the boot loader (for the TG799 anyway).

It's board specific. If a device has board mnemonic VANT-6 it shares the same VANT-6 OSCK whatever ISP variant worldwide. That's why I would suggest you to patch the decrypt firmware script to pick automatically the correct OSCK from within the folder seeking for the mnemonic board name clearly written in the RBI header. I already store all the OSCK I collect renamed as VANT-6.osck, VANT-F.osckhex, VBNT-F.osck, etc...

See that statement is full of holes and not correct. There have been quite a few people who have spent quite a bit of time looking for a way in .One person found one that is correct but to say only one person spent a lot of time is incorrect.
If they don't want to share or they can't share that's fine, that is way the world turns.
But some of the rubbish I have read the past few days has made me nearly spit my coffee all over my screen.
From license arrangement's to NDA's to what next $$$$$ ? These guys are on some powerful drugs and might be better if they share those around because who the hell is going to enforce the license & NDA? Love to see a legal person explain to them the HUGE problem with that.

I'm currently having a TG799vac with Telstra Firmware 15.53.6467-510-RA.
The appliance was inherited from a friend, and I believe has not yet been hacked or rooted.
Features we're currently using are ADSL2+ (from Internode), Wifi, LAN ports, DHCP server, etc.
We not using the TG799 router for VoIP since we prefer Gigaset and SipTalk.
Happy with the performance and reliability.
Seems no present reason to change any firmware.

Sometime soon we'll be changing from ADSL to NBN, using VDSL from the building basement (ie FTTB).
Very unlikely to use Telstra as RSP for NBN. Perhaps Internode, or ABB or some other.
We plan to keep existing VoIP from SipTalk, and most everythings else the same.

Firmware updates are usually released for stability and security reasons, and sometimes for functionality. They cost money to produce and are generally not released for no reason. For one thing, the internal VDSL firmware version is significantly newer in the newer firmware, so you are likely to get the best stability/performance trade-off with the latest firmware... and avoid getting your NBN FTTB/N port locked out as the old firmware may or may not have a feature NBN requires disabled such as G.INP. /forum-replies.cfm?t=2558213

I would not dare run a machine or router connected to the internet without the latest security updates installed, which generally means the latest firmware for a router. There are plenty of examples of botnets using routers due to bugs in the routers allowing a remote compromise.

Firmware updates are the equivalent of going to get your car serviced and they fix things that are wrong... except they're usually free for the consumer unlike a car service! Do you get your car serviced?

Unless you root it, it will auto-upgrade itself anyway. My recollection was that the 15.x firmware was a bit clunky, 16.x was very good and 17.x is further improvements over the previous versions. It's your choice, but I would personally move to the latest.

I know you were responding to a question relating to a specific device, and to the firmware currently on it, but you have responded in a very generic way there, expounding the virtues of firmware updates. From the little I understand, it is these same updates that may sometimes make life hard for the denizens of this thread, and when a short while ago I asked whether I should update the firmware on my device (not a TG799VAC, to be sure) I was told:

My point is that you should run the most recent BIOS/software/firmware that you can to be as secure as possible. This should be the normal thing to do for security reasons. Microsoft faced this battle with Windows with people not updating and then blaming Microsoft for having an insecure OS when in many cases the flaws had been patched out, but the patches were never applied by people. MS got a bit sick of this, so we all have to learn to live with (not necessarily love) the forced updates in Windows 10 which are hard to disable (for good reason!).

The rest can.....with a caveat that they must be on a particular version of 17.2
Take the TG800vac that has 3 different 17.2 firmwares and 2 are rootable and 1 is not
Now by rootable that means directly from the Autoflashgui program.

However all 17.2 firmwares (except DJA0230) can be rooted from the opposite bank if you can root 1 bank and install new firmware and switch banks back to the rooted one you can then root the passive bank.
See it starts to get complicated and can't readily be explained..........it's something you have to have a modem and try it yourself and learn.

Its a shame we cant even update them manually either.. I have 2 of them. they'd make a decent router, it's a shame the 5 GHz wifi is buggy and is not usable among a couple of my devices. No doubt fixable with firmware updates. Opening the custom/user firewall profile up would be nice too.

The MyRepublic one actually works quite well with Ansuels GUI on it and with it on you can easily clone bank1 to bank2 and then you have a backup bank if something happens.
Couple of little things need manual updating but it does work well.
MyRepublic the company are shit though LOL

This happened to my brother and it took about 2 months to work out what was going on after escalating it past the initial NBN stonewalling to someone who actually checked the logs for his port and noticed SRA was off.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages