Access to the configuration can be done by downloading the config to a file, decrypting it, editing it then uploading the config file.

OK so it sounds as though the only way I am going to have fine control over the router config is saving the config to a file, decrypting it, modify the xml file and then load it back as a modified config. Can you point me in the right direction to decrypt the file in Linux ?

Ed: currently working my way through information here ...

The good news is I have managed to decode the config file, the bad news is I get connection refused when I try to ssh ...

when I try

ssh -l admin fe80::feaa:14ff:fe70:46ef%eth0

I get

ssh: connect to host fe80::feaa:14ff:fe70:46ef%eth0 port 22: Connection refused

How odd!

Works all good here... I think your best off posting in the other thread, Darsh or Matty123 might be able to help further.

~ $ ssh admin@fe80::46e9:ddff:fe01:0101%eth0
admin@fe80::46e9:ddff:fe01:0101%eth0's password: 
 > sh


BusyBox v1.17.2 (2014-11-18 11:38:02 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# exit
 > exit

Bye bye. Have a nice day!!!
Connection to fe80::46e9:ddff:fe01:0101%eth0 closed.

http://192.168.1.254/dumpcfgdynamic.cmd

It helps if you enter the ip address for your router rather than for you own ethernet interface !

Ed: so all the information is in one place

I used the following steps in order to access advanced settings:-

Save config using expert_user.html

http://192.168.1.254/expert_user.html
In Management -> Settings -> Backup
select Backup Settings button (save the file default name backupsettings.conf)

For decrypting the config file
Ensure python is installed (use package manager for Linux distro)
Download decrypt-conf.py file from https://github.com/mattimustang/optus-sagemcom-fast-3864-hacks

Put the decrypt-conf.py in the same folder as the backupsettings.conf file

Run the decryption using (assume backupsettings.conf)

python decrypt-conf.py backupsettings.conf

This should create a file backupsettings.conf.txt

Edit the backupsettings.conf.txt with an editor and add

<X_BROADCOM_COM_AppCfg>
<SshdCfg>
<NetworkAccess>LAN</NetworkAccess>
</SshdCfg>
</X_BROADCOM_COM_AppCfg>
<SshControl>
<Enable>TRUE</Enable>
<UserName>admin_ssh_username</UserName>
<Password>admin_ssh_password</Password>
</SshControl>

just above

</InternetGatewayDevice>
</DslCpeConfig>

at the bottom of the file (updating admin_ssh_username and admin_ssh_password to suit).

Save and upload the modified config file using

http://192.168.1.254/expert_user.html
In Management -> Settings -> Update

The router Mac address can be found using

http://192.168.1.254/expert_user.html
Device Info -> Summary

If the Mac address for the router were 12:34:56:78:9A:BC this can be converted to IPv6 address

123456 FFFE 789ABC
^
Flip the 2^1 bit for the second digit of the Mac in this case 2 = 0010 -> 0000

so the IPv6 address is 1034:56FF:FE78:9ABC

Now you should be able to ssh to the router using

ssh -v admin_ssh_username@fe80::1234:56ff:fe78:9ABC%eth0

you should be prompted for a password, and should get a prompt
>
after entering the password, type

sh

should return a prompt
#

typing exit and return twice or Ctrl+d twice should exit the shell and close the ssh session.

Note: changing password with expert_user.html for some reason causes problems when converting the binary .conf file to xml