diff options
-rw-r--r-- | CONTRIBUTING.md | 151 | ||||
-rw-r--r-- | _includes/cig_password.html | 10 | ||||
-rw-r--r-- | _ont/ont-d-link-dpn-100-rev-a2.md | 2 | ||||
-rw-r--r-- | _ont/ont-fs-com-gpon-onu-stick-with-mac.md | 1 | ||||
-rw-r--r-- | _ont/ont-halny-hl-gsfp.md | 8 | ||||
-rw-r--r-- | _ont/ont-huawei-ma5671a.md | 3 | ||||
-rw-r--r-- | _ont/ont-leox-lxt-010h-d.md | 2 | ||||
-rw-r--r-- | _ont/ont-sercomm-fg1000b-11.md | 1 | ||||
-rw-r--r-- | _ont/ont-t-w-tw2362h-cdel.md | 2 | ||||
-rw-r--r-- | _ont/ont-zisa-op151s.md (renamed from _ont/ont-ziza-op151s.md) | 15 | ||||
-rw-r--r-- | _ont/ont-zisa.md (renamed from _ont/ont-ziza.md) | 2 | ||||
-rw-r--r-- | _ont/ont-zte-f6005v3.md | 369 | ||||
-rw-r--r-- | _ont/ont-zyxel-pmg3000-d20b.md | 2 | ||||
-rw-r--r-- | _ont_xgs/ont-nokia-xs-010s-q.md | 56 | ||||
-rw-r--r-- | assets/img/f6005v3_2.jpg | bin | 0 -> 273889 bytes | |||
-rw-r--r-- | assets/img/f6005v3_3.jpg | bin | 0 -> 202701 bytes | |||
-rw-r--r-- | assets/img/f6005v3_of_1.jpg | bin | 0 -> 77135 bytes | |||
-rw-r--r-- | assets/img/f6005v3_tim_1.jpg | bin | 0 -> 91368 bytes | |||
-rw-r--r-- | assets/js/cigpassword.js | 28 |
19 files changed, 629 insertions, 23 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..7bf43f1 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,151 @@ +<!-- omit in toc --> +# Contributing to Hack-Gpon + +First off, thanks for taking the time to contribute! β€οΈ + +All types of contributions are encouraged and valued. See the [Table of Contents](#table-of-contents) for different ways to help and details about how this project handles them. Please make sure to read the relevant section before making your contribution. It will make it a lot easier for us maintainers and smooth out the experience for all involved. The community looks forward to your contributions. π + +> And if you like the project, but just don't have time to contribute, that's fine. There are other easy ways to support the project and show your appreciation, which we would also be very happy about: +> - Star the project +> - Tweet about it +> - Refer this project in your project's readme +> - Mention the project at local meetups and tell your friends/colleagues + +<!-- omit in toc --> +## Table of Contents + +- [I Have a Question](#i-have-a-question) +- [I Want To Contribute](#i-want-to-contribute) + - [Reporting Bugs](#reporting-bugs) + - [Suggesting Enhancements](#suggesting-enhancements) + - [Your First Code Contribution](#your-first-code-contribution) + - [Improving The Documentation](#improving-the-documentation) +- [Styleguides](#styleguides) + - [Commit Messages](#commit-messages) +- [Join The Project Team](#join-the-project-team) + + + +## I Have a Question + +> If you want to ask a question, we assume that you have read the available [Documentation](https://hack-gpon.org/). + +Before you ask a question, it is best to search for existing [Issues](https://github.com/hack-gpon/hack-gpon.github.io/issues) that might help you. In case you have found a suitable issue and still need clarification, you can write your question in this issue. It is also advisable to search the internet for answers first. + +If you then still feel the need to ask a question and need clarification, we recommend the following: + +- Open an [Issue](https://github.com/hack-gpon/hack-gpon.github.io/issues/new). +- Provide as much context as you can about what you're running into. +- Provide project and platform versions (nodejs, npm, etc), depending on what seems relevant. + +We will then take care of the issue as soon as possible. + +<!-- +You might want to create a separate issue tag for questions and include it in this description. People should then tag their issues accordingly. + +Depending on how large the project is, you may want to outsource the questioning, e.g. to Stack Overflow or Gitter. You may add additional contact and information possibilities: +- IRC +- Slack +- Gitter +- Stack Overflow tag +- Blog +- FAQ +- Roadmap +- E-Mail List +- Forum +--> + +## I Want To Contribute + +> ### Legal Notice <!-- omit in toc --> +> When contributing to this project, you must agree that you have authored 100% of the content, that you have the necessary rights to the content and that the content you contribute may be provided under the project license. + +### Reporting Bugs + +<!-- omit in toc --> +#### Before Submitting a Bug Report + +A good bug report shouldn't leave others needing to chase you up for more information. Therefore, we ask you to investigate carefully, collect information and describe the issue in detail in your report. Please complete the following steps in advance to help us fix any potential bug as fast as possible. + +- Make sure that you are using the latest version. +- Determine if your bug is really a bug and not an error on your side e.g. using incompatible environment components/versions (Make sure that you have read the [documentation](https://hack-gpon.org/). If you are looking for support, you might want to check [this section](#i-have-a-question)). +- To see if other users have experienced (and potentially already solved) the same issue you are having, check if there is not already a bug report existing for your bug or error in the [bug tracker](https://github.com/hack-gpon/hack-gpon.github.ioissues?q=label%3Abug). +- Also make sure to search the internet (including Stack Overflow) to see if users outside of the GitHub community have discussed the issue. +- Collect information about the bug: + - Stack trace (Traceback) + - OS, Platform and Version (Windows, Linux, macOS, x86, ARM) + - Version of the interpreter, compiler, SDK, runtime environment, package manager, depending on what seems relevant. + - Possibly your input and the output + - Can you reliably reproduce the issue? And can you also reproduce it with older versions? + +<!-- omit in toc --> +#### How Do I Submit a Good Bug Report? + +> You must never report security related issues, vulnerabilities or bugs including sensitive information to the issue tracker, or elsewhere in public. Instead sensitive bugs must be sent by email to <>. +<!-- You may add a PGP key to allow the messages to be sent encrypted as well. --> + +We use GitHub issues to track bugs and errors. If you run into an issue with the project: + +- Open an [Issue](https://github.com/hack-gpon/hack-gpon.github.io/issues/new). (Since we can't be sure at this point whether it is a bug or not, we ask you not to talk about a bug yet and not to label the issue.) +- Explain the behavior you would expect and the actual behavior. +- Please provide as much context as possible and describe the *reproduction steps* that someone else can follow to recreate the issue on their own. This usually includes your code. For good bug reports you should isolate the problem and create a reduced test case. +- Provide the information you collected in the previous section. + +Once it's filed: + +- The project team will label the issue accordingly. +- A team member will try to reproduce the issue with your provided steps. If there are no reproduction steps or no obvious way to reproduce the issue, the team will ask you for those steps and mark the issue as `needs-repro`. Bugs with the `needs-repro` tag will not be addressed until they are reproduced. +- If the team is able to reproduce the issue, it will be marked `needs-fix`, as well as possibly other tags (such as `critical`), and the issue will be left to be [implemented by someone](#your-first-code-contribution). + +<!-- You might want to create an issue template for bugs and errors that can be used as a guide and that defines the structure of the information to be included. If you do so, reference it here in the description. --> + + +### Suggesting Enhancements + +This section guides you through submitting an enhancement suggestion for Hack-Gpon, **including completely new features and minor improvements to existing functionality**. Following these guidelines will help maintainers and the community to understand your suggestion and find related suggestions. + +<!-- omit in toc --> +#### Before Submitting an Enhancement + +- Make sure that you are using the latest version. +- Read the [documentation](https://hack-gpon.org/) carefully and find out if the functionality is already covered, maybe by an individual configuration. +- Perform a [search](https://github.com/hack-gpon/hack-gpon.github.io/issues) to see if the enhancement has already been suggested. If it has, add a comment to the existing issue instead of opening a new one. +- Find out whether your idea fits with the scope and aims of the project. It's up to you to make a strong case to convince the project's developers of the merits of this feature. Keep in mind that we want features that will be useful to the majority of our users and not just a small subset. If you're just targeting a minority of users, consider writing an add-on/plugin library. + +<!-- omit in toc --> +#### How Do I Submit a Good Enhancement Suggestion? + +Enhancement suggestions are tracked as [GitHub issues](https://github.com/hack-gpon/hack-gpon.github.io/issues). + +- Use a **clear and descriptive title** for the issue to identify the suggestion. +- Provide a **step-by-step description of the suggested enhancement** in as many details as possible. +- **Describe the current behavior** and **explain which behavior you expected to see instead** and why. At this point you can also tell which alternatives do not work for you. +- You may want to **include screenshots and animated GIFs** which help you demonstrate the steps or point out the part which the suggestion is related to. You can use [this tool](https://www.cockos.com/licecap/) to record GIFs on macOS and Windows, and [this tool](https://github.com/colinkeenan/silentcast) or [this tool](https://github.com/GNOME/byzanz) on Linux. <!-- this should only be included if the project has a GUI --> +- **Explain why this enhancement would be useful** to most Hack-Gpon users. You may also want to point out the other projects that solved it better and which could serve as inspiration. + +<!-- You might want to create an issue template for enhancement suggestions that can be used as a guide and that defines the structure of the information to be included. If you do so, reference it here in the description. --> + +### Your First Code Contribution +<!-- TODO +include Setup of env, IDE and typical getting started instructions? + +--> + +### Improving The Documentation +<!-- TODO +Updating, improving and correcting the documentation + +--> + +## Styleguides +### Commit Messages +<!-- TODO + +--> + +## Join The Project Team +<!-- TODO --> + +<!-- omit in toc --> +## Attribution +This guide is based on the **contributing-gen**. [Make your own](https://github.com/bttger/contributing-gen)! diff --git a/_includes/cig_password.html b/_includes/cig_password.html index 33b24a5..5223e35 100644 --- a/_includes/cig_password.html +++ b/_includes/cig_password.html @@ -20,6 +20,8 @@ <label for="result" class="form-label">Password</label> </div> </form> + <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js"></script> + <script type="text/javascript" src="/assets/js/cigpassword.js"></script> <script> var cigPassword = document.getElementById('cig-password'); cigPassword.addEventListener('submit', (event) => { @@ -27,12 +29,8 @@ if (!cigPassword.checkValidity()) { event.preventDefault(); } else { - const data = new URLSearchParams(new FormData(cigPassword)); - var url = new URL("https://cigpassword.hack-gpon.org/"); - url.search = data.toString(); - fetch(url, {mode: 'cors'}).then(response => response.json()).then(json => document.getElementById('result').value = json.password).catch((error) => { - document.getElementById('result').value = "Error!" - }); + const data = new FormData(cigPassword); + document.getElementById('result').value = cigpassword_gpon(data.get("serial"), data.get("username")); } [...cigPassword.elements].map(e => e.parentNode).forEach(e => e.classList.toggle('was-validated', true)); }); diff --git a/_ont/ont-d-link-dpn-100-rev-a2.md b/_ont/ont-d-link-dpn-100-rev-a2.md index 5328863..457d3f5 100644 --- a/_ont/ont-d-link-dpn-100-rev-a2.md +++ b/_ont/ont-d-link-dpn-100-rev-a2.md @@ -36,7 +36,7 @@ Once you access the stick via ssh you will be presented with a second tier login - [Zyxel PMG3000-D20B](/ont-zyxel-pmg3000-d20b) - [Halny HL-GSFP](/ont-halny-hl-gsfp) -- [Ziza OP151s](/ont-ziza-op151s) +- [Zisa OP151s](/ont-zisa-op151s) - [T&W TW2362H-CDEL](/ont-t-w-tw2362h-cdel) # GPON/OMCI settings diff --git a/_ont/ont-fs-com-gpon-onu-stick-with-mac.md b/_ont/ont-fs-com-gpon-onu-stick-with-mac.md index 9894bac..c813e5a 100644 --- a/_ont/ont-fs-com-gpon-onu-stick-with-mac.md +++ b/_ont/ont-fs-com-gpon-onu-stick-with-mac.md @@ -537,6 +537,7 @@ The FS stick stores the content of the emulated EEPROM in U-Boot env variables t - [General setting of lantiq](https://forum.fibra.click/d/23881-ma5671a-e-vodafone-25-gbps/64) - [Usage GPON module SFP in Spain](https://forum.mikrotik.com/viewtopic.php?t=116364&start=300) - [SourcePhotonics SPS-34-24T-HP-TDFO Datasheet](https://www.sourcephotonics.com/wp-content/uploads/2017/08/DS-8085-02_SPS-34-24T-HP-TDFO.pdf) +- [FS.com GPON-ONU-34-20BI Configuration Guide](https://resource.fs.com/mall/doc/20230831180515egrzs6.pdf) --- diff --git a/_ont/ont-halny-hl-gsfp.md b/_ont/ont-halny-hl-gsfp.md index e935b78..423cdcd 100644 --- a/_ont/ont-halny-hl-gsfp.md +++ b/_ont/ont-halny-hl-gsfp.md @@ -21,9 +21,9 @@ parent: HALNy | System | OpenWRT | | HSGMII | Yes | | Optics | SC/APC | -| IP address | | -| Web Gui | | -| SSH | | +| IP address | 192.168.77.154/30 | +| Web Gui | none | +| SSH | port 22666 | | Telnet | | | Serial | β
| | Serial baud | 115200 | @@ -37,7 +37,7 @@ parent: HALNy - [Zyxel PMG3000-D20B](/ont-zyxel-pmg3000-d20b) - [D-LINK DPN-100-Rev-A2](/ont-d-link-dpn-100-rev-a2) -- [Ziza OP151s](/ont-ziza-op151s) +- [Zisa OP151s](/ont-zisa-op151s) - [T&W TW2362H-CDEL](/ont-t-w-tw2362h-cdel) ## List of partitions diff --git a/_ont/ont-huawei-ma5671a.md b/_ont/ont-huawei-ma5671a.md index 6152c2e..82e930d 100644 --- a/_ont/ont-huawei-ma5671a.md +++ b/_ont/ont-huawei-ma5671a.md @@ -119,6 +119,7 @@ For more info [XPONos partition layout](https://github.com/XPONos/linux_lantiq-f - [1224abort.bin](https://ma5671a.s3.nl-ams.scw.cloud/1224ABORT.bin){: .btn } md5hash: 10e94a4b4acdc82dec20c7904b69e5c0 - [right.com.cn (China) 19 July 2022](https://mega.nz/file/9fpSkYTb#wNyjAj1kOLWC9HozX-gTQ-TS3VFqRYg--x1rm7RSuDg){: .btn } md5hash: 6b5e7e3c659fe3f0204340fa746ac4fc - [right.com.cn (China) 29 Aug 2022](https://mega.nz/file/VHFFSBrT#2WhDPcdON5EHR01l6Ut35GC3sl55e4l09Z0NUo_7SWA){: .btn} md5hash: 3d357e2dc7b59c66fe61b4ddf1fb8dc0 +- [right.com.cn (China) 20 Nov 2023](https://mega.nz/file/8vcwyJRA#yuzjyI9Y9vsA0RegGnNOy_JLv2FNRIMfI5JxHn8t0-s){: .btn} md5hash: 4901ae8e70991ca1202bc80db9c151cc - [FS.com GPON ONU Stick with MAC firmware / SourcePhotonics SPS-34-24T-HP-TDFO firmware](/ont-fs-com-gpon-onu-stick-with-mac) # Usage @@ -393,4 +394,4 @@ The Huawei MA5671A stores the content of the emulated EEPROM in U-Boot env varia --- -[^subunit]: The subunit are 10000 times smaller than the specified unit
\ No newline at end of file +[^subunit]: The subunit are 10000 times smaller than the specified unit diff --git a/_ont/ont-leox-lxt-010h-d.md b/_ont/ont-leox-lxt-010h-d.md index 06acd1f..978f181 100644 --- a/_ont/ont-leox-lxt-010h-d.md +++ b/_ont/ont-leox-lxt-010h-d.md @@ -68,6 +68,8 @@ This ONT supports dual boot. - V3.3.2L6 - V3.3.2L7 - V3.3.2L8 +- V3.3.2L8V ([Veip](/pptp_veip/) firmware) +- V3.3.2L9 {% include alert.html content="Before proceeding with any modification, make a backup of files rtl8290b.data and europa.data from /var/config folder. These files include optical calibration of your ONT's laser, if you accidentally delete or ruin them, your ONT will be unusable" alert="Note" icon="svg-warning" color="yellow" %} diff --git a/_ont/ont-sercomm-fg1000b-11.md b/_ont/ont-sercomm-fg1000b-11.md index b5db0fb..ed9c46d 100644 --- a/_ont/ont-sercomm-fg1000b-11.md +++ b/_ont/ont-sercomm-fg1000b-11.md @@ -333,6 +333,7 @@ It seems `cmld_client get` can't return string values longer than 12 characters, - 1&1 Glasfaser Modem - Telekom Glasfaser Modem 2 + - Vodafone Glasfaser Modem (FG1000B.VF) # Credits This whole documentation here was made possible thanks to the time invested into reverse engineering by @hwti and the rest of the folks from the forum mentioned in the links section of this page. Thanks a lot! diff --git a/_ont/ont-t-w-tw2362h-cdel.md b/_ont/ont-t-w-tw2362h-cdel.md index 196b4b0..fa588d5 100644 --- a/_ont/ont-t-w-tw2362h-cdel.md +++ b/_ont/ont-t-w-tw2362h-cdel.md @@ -1,7 +1,7 @@ --- title: T&W TW2362H-CDEL has_children: false -redirect_to: /ont-ziza-op151s +redirect_to: /ont-zisa-op151s layout: default parent: T&W ---
\ No newline at end of file diff --git a/_ont/ont-ziza-op151s.md b/_ont/ont-zisa-op151s.md index cb79345..afd9948 100644 --- a/_ont/ont-ziza-op151s.md +++ b/_ont/ont-zisa-op151s.md @@ -1,15 +1,15 @@ --- -title: Ziza OP151S +title: Zisa OP151S has_children: false layout: default -parent: Ziza +parent: Zisa --- # Hardware Specifications | | | | ---------------- | ---------------------------------------------------------- | -| Vendor/Brand | Ziza | +| Vendor/Brand | Zisa | | Model | OP151S | | ODM | T&W | | ODM Product Code | TW2362H-CDEL | @@ -30,9 +30,7 @@ parent: Ziza | Serial encoding | 8-N-1 | | Form Factor | miniONT SFP | -{% include image.html file="op151s.png" alt="Ziza OP151S" caption="Ziza OP151S" %} -{% include image.html file="tw236h-cdel-th.jpg" alt="PMG3000-D20B Teardown" caption="PMG3000-D20B Teardown" %} -{% include image.html file="tw236h-cdel-th-back.jpg" alt="PMG3000-D20B Teardown" caption="PMG3000-D20B Teardown" %} +{% include image.html file="op151s.png" alt="Zisa OP151S" caption="Zisa OP151S" %} ## Serial @@ -46,9 +44,10 @@ The stick has a TTL 3.3v UART console (configured as 115200 8-N-1) that can be a - [Halny HL-GSFP](/ont-halny-hl-gsfp) - [D-LINK DPN-100-Rev-A2](/ont-d-link-dpn-100-rev-a2) -- [Ziza OP151s](/ont-ziza-op151s) +- [Zisa OP151s](/ont-Zisa-op151s) - [T&W TW2362H-CDEL](/ont-t-w-tw2362h-cdel) # Miscellaneous Links -- [Tech Info Depot Wiki](http://en.techinfodepot.shoutwiki.com/wiki/ZISA_OP151S)
\ No newline at end of file +- [Tech Info Depot Wiki](http://en.techinfodepot.shoutwiki.com/wiki/ZISA_OP151S) +- [Zisa OP151S 1GE GPON SFU SFP module](https://www.zisacom.com/admin/ewebeditor/uploadfile/20181116154842842.pdf)
\ No newline at end of file diff --git a/_ont/ont-ziza.md b/_ont/ont-zisa.md index 60af790..e61b01a 100644 --- a/_ont/ont-ziza.md +++ b/_ont/ont-zisa.md @@ -1,5 +1,5 @@ --- -title: Ziza +title: Zisa has_children: true layout: default ---
\ No newline at end of file diff --git a/_ont/ont-zte-f6005v3.md b/_ont/ont-zte-f6005v3.md new file mode 100644 index 0000000..e5a4664 --- /dev/null +++ b/_ont/ont-zte-f6005v3.md @@ -0,0 +1,369 @@ +--- +title: ZTE F6005v3 +has_children: false +layout: default +parent: ZTE +--- + +# Hardware Specifications + +| | | +| ------------ | ----------------------------------------------------------------- | +| Vendor/Brand | ZTE | +| Model | F6005v3 | +| ODM | β
| +| CPU | ZTE ZX279133@Dual-Core A53 | +| CPU Clock | 1200MHz | +| Chipset | ZTE ZX279133 | +| Flash | 128 MB (SPI NAND FM25S01A) | +| RAM | 128 MB | +| System | Customized Linux by ZTE | +| 2.5GBaseT | Yes | +| Optics | SC/APC | +| IP address | 192.168.1.1 | +| Web Gui | β
user `admin`, password `admin` or defined by ISP | +| SSH | N/A | +| Telnet | β
[^1] | +| Serial | β
[^2] | +| Form Factor | ONT | + +{% include image.html file="f6005v3_tim_1.jpg" alt="F6005v3 TIM" caption="F6005v3 TIM" %} + +{% include image.html file="f6005v3_of_1.jpg" alt="F6005v3 OpenFiber" caption="F6005v3 OpenFiber" %} + + +## List of software versions +### HW V3.0 +- V3.0.10P3N2 (OpenFiber) +- V3.0.10N06 (TIM Italy) - Internal version is V3.0.10P2N6 + +## List of partitions + +### HW V3.0 + +| dev | size | erasesize | name | +| ---- | -------- | --------- | ---------------- | +| mtd0 | 08000000 | 00020000 | "whole flash" | +| mtd1 | 00300000 | 00020000 | "uboot" | +| mtd2 | 00400000 | 00020000 | "others" | +| mtd3 | 00400000 | 00020000 | "parameter tags" | +| mtd4 | 00400000 | 00020000 | "wlan" | +| mtd5 | 00800000 | 00020000 | "usercfg" | +| mtd6 | 00400000 | 00020000 | "middle" | +| mtd7 | 02a00000 | 00020000 | "kernel1" | +| mtd8 | 02a00000 | 00020000 | "kernel2" | +| mtd9 | 02500000 | 00020000 | "rootfs1" | +| mtd10 | 029e0000 | 00020000 | "rootfs2" | + + +This ONT supports dual boot, as visible from the presence of `kernel0` and `kernel1`, which contain the rootfs (JFFS2 read-only). +The boot images can be swapped if they are the same or use the same **U-Boot** version. If you have a different **U-Boot** that was paired with the active image, do not attempt this, as it will brick the ONT, specially if TTL console is disabled. + +```sh +upgradetest switchver X +``` + +Where `X` can be `0/1`, based on the image you want to boot from. + +Get current installed version for each region: + +```sh +upgradetest getver +``` + +You can also clone the currently running image into the other slot using this command: + +```sh +syn_version +``` + +You can check currenlty running image using this command: + +```sh +# cat /proc/csp/versionstates + +baseaddress : 0x1b00000 +current : 0 +version1states : 0x83 +version2states : 0x83 +____________________________________________________ +Index Running Latest CRC Integrality Type +---------------------------------------------------- +0 Y Y N Y Upg +1 N Y N Y Upg +---------------------------------------------------- +``` + +And check if the backup image has a valid CRC: + +```sh +# upgradetest bakver +backup version crc is ok +success! +``` + + +# Use +{% include alert.html content="Commands have been tested on V3 HW rev. on OpenFiber and TIM firmwares" alert="Note" icon="svg-info" color="blue" %} + +## Enable Telnet +{% include alert.html content="This is an external script ([ZTE ONU Telnet Enabler](https://github.com/stich86/zteOnu)), use at your own risk! Credentials don't survive at reboot!" alert="Note" icon="svg-info" color="blue" %} + +```sh +./zteOnu -i 192.168.1.1 -u admin -p admin +``` + +If Telnet is not opening, you are probably running a newer firmware, in that case change mac-address of the NIC connected to the ONT to `00:07:29:55:35:57` and use the flag `--new`: + +```sh +./zteOnu -i 192.168.1.1 -u admin -p admin --new +``` + +You should get this output and credentials to login over telnet: + +```sh +ZteONU 0.0.7, built at 09/10/2024 +source: https://github.com/stich86/zteOnu +----------------------------------- +step [0] reset factory: ok +step [1] request factory mode: ok +step [2] send sq: ok +step [3] check login auth with user: ok +step [4] enter factory mode: ok +----------------------------------- +Success authenticated with user: admin and password: admin +Telnet Credentials (!! Temporary !!) +User: 9qNBo58H +Pass: OUBToR8J +``` + +## Enable console redirection + +To see omcidebug messages on telnet, execute this command (just the first time of each connection): + +```sh +redir printf +``` + +# GPON ONU status + +## Getting the operational status of the ONU + +To check the connection status, use the following command: +``` +gpontest -gstate +``` +`[gpontest] gpon state is [O5]` for O5 state + +## Getting OLT vendor information + +```sh +sendcmd 132 omcidebug showmedata 131 +``` + +This command will print the following output: + +```sh +################################## +MIB INFO: + ME CLASS: 131 + DB NAME: olt_g, DBHandle: 32 +################################## + +<-----MeID[ 0x0000,0 ], Addr[ 0x19a2b1]-----> + Vendorid:48 57 54 43 + EquipmentID:00 00 00 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 00 00 00 + Version:31 30 00 00 00 00 00 00 00 00 + 00 00 00 00 + TimeofDay:00 00 00 00 00 00 00 00 00 00 + 00 00 00 00 +--------------------------------------------------------------------- +``` + +## Querying a particular OMCI ME + +```sh +sendcmd 132 omcidebug showmedata ID_MIB (eg. 7 for Firmware version) +``` + +This command will print the following output: + +```sh + +################################## +MIB INFO: + ME CLASS: 7 + DB NAME: soft_image, DBHandle: 14 +################################## + +<-----MeID[ 0x0000,0 ], Addr[ 0x19a011]-----> + Version:V3.0.10P3N2 + Is committed:01 + Is active:01 + Is valid:01 + +<-----MeID[ 0x0001,1 ], Addr[ 0x19a031]-----> + Version:V3.0.10P2N6 + Is committed:00 + Is active:00 + Is valid:01 +--------------------------------------------------------------------- +``` + +# GPON/OMCI settings + +## Setting ONU GPON Serial Number + +{% include alert.html content="Both S/N and VID have to be changed. 2176 is for the VID (first 4 letters of the S/N) and 2177 is for the last 8 digits of the S/N" alert="Note" icon="svg-info" color="blue" %} +```sh +setmac 1 2176 ZTEG +setmac 1 2177 AABBCCDD +``` + +## Setting ONU GPON PLOAM password + +{% include alert.html content="The PLOAM password is stored in the ASCII format." alert="Note" icon="svg-info" color="blue" %} +This can be done easily via the Web UI. To do it via the shell use: +```sh +setmac 1 2181 1234567890 +setmac 1 2178 1234567890 +``` + +## Setting ONU GPON Equipment ID + +```sh +setmac 1 32770 "5::F6005V3.0:" +``` + +## Check Images CRC + +```sh +upgradetest bakver + +backup version crc is ok +success! + +``` + +## Persistent Telnet access + +{% include alert.html content="This procedure was only tested on OF V3.0.10P3N2 and TIM V3.0.10N06 firmware and it's persistent after an upgrade from OLT" alert="Note" icon="svg-info" color="blue" %} + +{% include alert.html content="If you change GPON Serial Number, Telnet will be disabled. You have to run again the tool to enable it" alert="Note" icon="svg-warning" color="red" %} + +Needed tools: + +[ZTE ONU Telnet Enabler](https://github.com/stich86/zteOnu) + +Just run the enabled with `--telnet` flag to make Telnet persisten across Reboot (use `--new` flags and changed mac-address for newer firmware): + +```sh +./zteOnu -i 192.168.1.1 -u admin -p admin --telnet +``` + +```sh +ZteONU 0.0.7, built at 09/10/2024 +source: https://github.com/stich86/zteOnu +----------------------------------- +step [0] reset factory: ok +step [1] request factory mode: ok +step [2] send sq: ok +step [3] check login auth with user: ok +step [4] enter factory mode: ok +----------------------------------- +Success authenticated with user: admin and password: admin +Permanent Telnet succeed +User: root +Pass: Zte521 +Wait reboot.. or powercycle it +``` + +The ONT will reboot, and you can log in later using `root\Zte521` as the credentials. + +**Only for firmware versions with restricted admin access** + +In case you want add new a admin user instead of using the embedded credentials, run these commands before rebooting the ONT: + +```sh +sendcmd 1 DB set DevAuthInfo 5 Enable 1 +sendcmd 1 DB set DevAuthInfo 5 User superadmin +sendcmd 1 DB set DevAuthInfo 5 Pass superadmin +sendcmd 1 DB set DevAuthInfo 5 Level 1 +sendcmd 1 DB set DevAuthInfo 5 AppID 1 +sendcmd 1 DB saveasy +``` + +Reboot the ONT and you can login to the WebUI using `superadmin\superadmin` as credentials with full unlocked menus. + +# Advanced settings + +## Backing up ONT partitions using hardware flasher + +It's possible to swap RAW dump between ONTs and enable access over Telnet to modify some ONT parameters. + +Needed tools: + +- Windows, Linux or macOS with [SNANDer](https://github.com/McMCCRU/SNANDer) +- [CH341a programmer with 3.3V voltage](https://it.aliexpress.com/item/1005004637577204.html?spm=a2g0o.productlist.main.1.21ad51c1Lmyq6Z&algo_pvid=0aade75d-7f57-4fe7-b0f4-b3f2f56af9f1&algo_exp_id=0aade75d-7f57-4fe7-b0f4-b3f2f56af9f1-0&pdp_npi=4%40dis%21EUR%214.25%214.25%21%21%214.56%214.56%21%4021039cc717284006273332970e47ea%2112000029927819932%21sea%21IT%211864988329%21X&curPageLogUid=Xuv1aOCo58M9&utparam-url=scene%3Asearch%7Cquery_from%3A) +- [Pogo-Pin Probe for WSON8 8x6mm chip](https://it.aliexpress.com/item/1005006666230520.html?spm=a2g0o.order_list.order_list_main.21.11e236965SstMd&gatewayAdapt=glo2ita) + +Connect all needed cable from the probe to the programmer, then attach the probe to the chip (use some rubbers to make it stable) and run this command to dump the NAND: + +```sh +/SNANDer -r f6005v3_dump_X.bin +``` + +Do at least 3 dumps and compare their md5 to be sure that are good. + +If you want to flash this dump to another ONT, just run these commands: + +```sh +/SNANDer -e +/SNANDer -w f6005v3_dump_X.bin -v +``` +``` + +## Changing region code + +{% include alert.html content="Be aware that changing the region code may break features such as PPPoE depending on your ISP, and remove Telnet access!" alert="Note" icon="svg-info" color="blue" %} + +ZTE has created various region codes that load default values based on the local ISP. This configuration can be changed using this command: + +```sh +upgradetest sfactoryconf X +``` + +Where X is the number of supported regioncode into file `/etc/init.d/regioncode`, here is an example from TIM `V3.0.10N06` firmware: + +```sh +# cat /etc/init.d/regioncode +14:Thailand +97:ItalyTi +116:Tescali +154:Izzi +163:BrazilClaroHome +188:HollandKpnSfu +198:Manufacture +2074:ItalyFastwebSFU +``` + +# Random notes +- This new ONT (and probably the XGSPON version as well) has Secure Boot enabled. All headers contain an RSA key that is verified by U-Boot and the CPU (for U-Boot itself), so thereβs no way to repack the rootfs to make it fully spoofable (at the moment..). +- If your ONT is updated by the OLT (e.g., an F6005v3 OpenFiber ONT connected to a TIM OLT), the U-Boot partition will also be updated. After this update, it will no longer be possible to switch to the other partition because the signatures will not match, and TTL console is muted after U-Boot start. + +# Miscellaneous Links + +- [ZTE ONU Telnet Enabler](https://github.com/stich86/zteOnu) + +# Teardown and other photos + +## HW V3.0 + +{% include image.html file="f6005v3_2.jpg" alt="Top of the F6005v3" caption="Top of the F6005v3" %} +{% include image.html file="f6005v3_3.jpg" alt="Bottom of the F6005v3" caption="Bottom of the F6005v3" %} + +--- + +[^1]: Credentials are randomly generated by ZTE ONU Telnet Enabler, they are not persistent and will change at reboot. +[^2]: Serial console is read-only mode on most of U-Boot, and no output after kernel load. For OF V3.0.10P3N2 is possible after pressing ESC during the boot to access U-Boot Console. diff --git a/_ont/ont-zyxel-pmg3000-d20b.md b/_ont/ont-zyxel-pmg3000-d20b.md index 761baab..b1d4a57 100644 --- a/_ont/ont-zyxel-pmg3000-d20b.md +++ b/_ont/ont-zyxel-pmg3000-d20b.md @@ -49,7 +49,7 @@ The stick has a TTL 3.3v UART console (configured as 115200 8-N-1) that can be a - [Halny HL-GSFP](/ont-halny-hl-gsfp) - [D-LINK DPN-100-Rev-A2](/ont-d-link-dpn-100-rev-a2) -- [Ziza OP151s](/ont-ziza-op151s) +- [Zisa OP151s](/ont-zisa-op151s) - [T&W TW2362H-CDEL](/ont-t-w-tw2362h-cdel) ## List of software versions diff --git a/_ont_xgs/ont-nokia-xs-010s-q.md b/_ont_xgs/ont-nokia-xs-010s-q.md new file mode 100644 index 0000000..a95781a --- /dev/null +++ b/_ont_xgs/ont-nokia-xs-010s-q.md @@ -0,0 +1,56 @@ +--- +title: Nokia XS-010S-Q +has_children: false +layout: default +parent: Nokia +--- + +# Hardware Specifications + +| | | +| ---------------- | ------------------------------------------------------------------ | +| Vendor | Nokia | +| Model | XS-010S-Q | +| ODM | ? | +| ODM Product Code | ? | +| Chipset | Cortina CA8271S | +| CPU | Dual core CPU (four virtual CPUs) running at 800 MHz | +| L1 Cache | 64KB (32KB instruction, 32KB data) | +| L2 Cache | 256KB with I/O coherency | +| Manufacter | ? | +| Flash | 1GB | +| RAM | ? | +| System | ? | +| 10GBaseT | Yes | +| Optics | SC/APC | +| IP address | 192.168.100.1 | +| Web Gui | β
Port 80 user: `admin`, password: `1234` | +| SSH | β
(see Enable SSH) | +| Telnet | β
Port 23 user: `admin`, password: `1234` (see Telnet Full Shell) | +| Form Factor | SFP+ | + +# Module Pinout + +| | | | +| --- | --- | --- | +| PIN | Description +| 1. VeeT | Module transmitter ground | | +| 2. Tx Fault |Transmitter fault indication output | | +| 3. TX_DISABLE |Transmitter shut-off input | | +| 4. SDA | 2-wire serial interface data line (MOD-DEF2) 2: I/O | | +| 5. SCL | 2-wire serial interface clock (MOD-DEF1) 2 input | | +| 6. MOD_ABS | Module absent | connected to VeeT or VeeR in the module | +| 7. DYING GASP1 | Dying gasp message indicator input | | +| 8. LOS | Loss of signal output | | +| 9. VeeR | Module receiver ground | | +| 10. VeeR | Module receiver ground | | +| 11. VeeR | Module receiver ground | | +| 12. RXD | Receiver inverted data output | | +| 13. RXD+ | Receiver non-inverted data output | | +| 14. VeeR | Module receiver ground | | +| 15. VCCR | Module receiver 3.3V supply | | +| 16. VCCT | Module transmitter 3.3V supply | | +| 17. VeeT | Module transmitter ground | | +| 18. TXD+ | Transmitter non-inverted data input | | +| 19. TXD | Transmitter inverted data input | | +| 20. VeeT | Module transmitter ground | | diff --git a/assets/img/f6005v3_2.jpg b/assets/img/f6005v3_2.jpg Binary files differnew file mode 100644 index 0000000..ee2c7d5 --- /dev/null +++ b/assets/img/f6005v3_2.jpg diff --git a/assets/img/f6005v3_3.jpg b/assets/img/f6005v3_3.jpg Binary files differnew file mode 100644 index 0000000..9ec3cc9 --- /dev/null +++ b/assets/img/f6005v3_3.jpg diff --git a/assets/img/f6005v3_of_1.jpg b/assets/img/f6005v3_of_1.jpg Binary files differnew file mode 100644 index 0000000..f3aec26 --- /dev/null +++ b/assets/img/f6005v3_of_1.jpg diff --git a/assets/img/f6005v3_tim_1.jpg b/assets/img/f6005v3_tim_1.jpg Binary files differnew file mode 100644 index 0000000..a3fac5c --- /dev/null +++ b/assets/img/f6005v3_tim_1.jpg diff --git a/assets/js/cigpassword.js b/assets/js/cigpassword.js new file mode 100644 index 0000000..7fbcf0f --- /dev/null +++ b/assets/js/cigpassword.js @@ -0,0 +1,28 @@ +function hexToBytes(hex) { + let bytes = new Uint8Array(hex.length / 2); + for (let i = 0; i < hex.length; i += 2) { + bytes[i / 2] = parseInt(hex.substr(i, 2), 16); + } + return bytes; +} + +function cigpassword_gpon(ont_serial, ont_user) { + const hardcoded_key = '01030a1013051764c8061419b49d0500'; + const hardcoded_seed = '2345679abcdefghijkmnpqrstuvwxyzACDEFGHJKLMNPQRSTUVWXYZ'; + + let ont_vendor = ont_serial.substring(0, 4).toUpperCase(); + let ont_id = ont_serial.substring(4).toLowerCase(); + let formatted_serial = `${ont_vendor}${ont_id}`; + + let key_bytes = CryptoJS.enc.Hex.parse(hardcoded_key); + let hmac = CryptoJS.HmacMD5(`${formatted_serial}-${ont_user}`, key_bytes); + let pw_md5_hmac = hexToBytes(hmac.toString(CryptoJS.enc.Hex)); + + let output = Array(pw_md5_hmac.length); + + for (let i = 0; i < pw_md5_hmac.length; i++) { + output[i] = hardcoded_seed[pw_md5_hmac[i] % 0x36]; + } + + return output.join(''); +} |