cancel
Showing results for 
Search instead for 
Did you mean: 

Access DSL-2704N detailed configuration - more than expert_user.html

FIXED
jonathan183
Hooked
Posts: 8
Registered: 10-12-2016

Access DSL-2704N detailed configuration - more than expert_user.html

I would like to access my DSL-2704N router detailed configuration. I am able to access a more detailed configuration using http://192.168.1.254/expert_user.html which allows me to make changes to a number of additional settings. I would like to get access to other information such as iptables configuration, control of TR-069 etc.

I am already aware of this thread but it does not appear to offer a method of accessing the router using telnet or ssh or provide a web address for advanced configuration. I do not want to download a firmware version for a different router.

Does anyone know how I can do gain access?

Thanks

5 REPLIES
Community Veteran
Posts: 4,920
Thanks: 341
Fixes: 16
Registered: 10-06-2010

Re: Access DSL-2704N detailed configuration - more than expert_user.html

Access to the configuration can be done by downloading the config to a file, decrypting it, editing it then uploading the config file.

Community Veteran
Posts: 2,213
Thanks: 95
Fixes: 4
Registered: 18-02-2013

Re: Access DSL-2704N detailed configuration - more than expert_user.html

Fix

The lines you need for SSH are here, you need to go back a few pages which will explain how to login into ssh using an ipv6 type address.

jonathan183
Hooked
Posts: 8
Registered: 10-12-2016

Re: Access DSL-2704N detailed configuration - more than expert_user.html

OK so it sounds as though the only way I am going to have fine control over the router config is saving the config to a file, decrypting it, modify the xml file and then load it back as a modified config. Can you point me in the right direction to decrypt the file in Linux ?

 

Ed: currently working my way through information here ...

The good news is I have managed to decode the config file, the bad news is I get connection refused when I try to ssh ...

when I try

ssh -l admin fe80::feaa:14ff:fe70:46ef%eth0

I get

ssh: connect to host fe80::feaa:14ff:fe70:46ef%eth0 port 22: Connection refused

 

Community Veteran
Posts: 2,213
Thanks: 95
Fixes: 4
Registered: 18-02-2013

Re: Access DSL-2704N detailed configuration - more than expert_user.html

How odd!

Works all good here... I think your best off posting in the other thread, Darsh or Matty123 might be able to help further.

 

~ $ ssh admin@fe80::46e9:ddff:fe01:0101%eth0
admin@fe80::46e9:ddff:fe01:0101%eth0's password: 
 > sh


BusyBox v1.17.2 (2014-11-18 11:38:02 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# exit
 > exit

Bye bye. Have a nice day!!!
Connection to fe80::46e9:ddff:fe01:0101%eth0 closed.

http://192.168.1.254/dumpcfgdynamic.cmd

jonathan183
Hooked
Posts: 8
Registered: 10-12-2016

Re: Access DSL-2704N detailed configuration - more than expert_user.html

It helps if you enter the ip address for your router rather than for you own ethernet interface !Embarrassed

 

Ed: so all the information is in one place

I used the following steps in order to access advanced settings:-

Save config using expert_user.html

http://192.168.1.254/expert_user.html
In Management -> Settings -> Backup
select Backup Settings button (save the file default name backupsettings.conf)

For decrypting the config file
Ensure python is installed (use package manager for Linux distro)
Download decrypt-conf.py file from https://github.com/mattimustang/optus-sagemcom-fast-3864-hacks

Put the decrypt-conf.py in the same folder as the backupsettings.conf file

Run the decryption using (assume backupsettings.conf)

python decrypt-conf.py backupsettings.conf

This should create a file backupsettings.conf.txt

Edit the backupsettings.conf.txt with an editor and add

<X_BROADCOM_COM_AppCfg>
<SshdCfg>
<NetworkAccess>LAN</NetworkAccess>
</SshdCfg>
</X_BROADCOM_COM_AppCfg>
<SshControl>
<Enable>TRUE</Enable>
<UserName>admin_ssh_username</UserName>
<Password>admin_ssh_password</Password>
</SshControl>

just above

</InternetGatewayDevice>
</DslCpeConfig>

at the bottom of the file (updating admin_ssh_username and admin_ssh_password to suit).

Save and upload the modified config file using

http://192.168.1.254/expert_user.html
In Management -> Settings -> Update

The router Mac address can be found using

http://192.168.1.254/expert_user.html
Device Info -> Summary

If the Mac address for the router were 12:34:56:78:9A:BC this can be converted to IPv6 address

123456 FFFE 789ABC
^
Flip the 2^1 bit for the second digit of the Mac in this case 2 = 0010 -> 0000

so the IPv6 address is 1034:56FF:FE78:9ABC

Now you should be able to ssh to the router using

ssh -v admin_ssh_username@fe80::1234:56ff:fe78:9ABC%eth0

you should be prompted for a password, and should get a prompt
>
after entering the password, type

sh


should return a prompt
#

typing exit and return twice or Ctrl+d twice should exit the shell and close the ssh session.

 

Note: changing password with expert_user.html for some reason causes problems when converting the binary .conf file to xml