Add support for TIM (Telecomitalia) Smart Hub+, H388X #24
Comments
|
If you have telnet access than you can continue to decrypt your config.bin! |
No telnet access. I can only look at some of the web page source via browser. |
|
You need shell access for comfig decryption |
Why? Shell access is what I'm trying to get. |
|
If you want to decrypt config.bin or made any changes in it to enjoy features mostly by modifying config.bin than it is necessary to have shell access means roots account.. |
|
I was thinking about decrypting config.bin, changing things, encrypting and uploading back. |
|
Yes that's it.. you will need decryption key for it!! |
|
But that does not necessarily mean having a shell, or even root, access, right? |
|
Brother in your model if it's not decrypting your config.bin than it's using tagparam md5 so you will need access to it |
|
Ok, but this leads me to a circle: need to decrypt to get access, and need to get access to decrypt... |
|
Yes dear am also stucked at this point coz it's not using serial or any hardcoded encryption keys.. its using tagparam md5 as key.. and the tapgram file is also specific for others models. |
|
Don't listen to kies too much, they don't really understand how it works and they'll only confuse you, when it comes to specifics. Now that that's out of the way, yes, to find out how it encrypts things or what key it uses, you need access to the router's filesystem. I'll send you an email and take a look, but I don't know when or if I'll get anywhere. If serial didn't work, it probably uses a different method and we can't do too much with just the config.bin for that. After that, unless I email you again or you have something new, please just keep track of this issue and don't spam my DMs like some people here, thanks for understanding. |
|
A (packed and potentially encrypted) firmware for this device seems to have been posted here: |
Mark has invited me to post here. I may provide (privately) a config.bin, also with different settings for comparison, and the serial number of the device. I can have a look at some of the web console source, but I don't have any command line access.
Of course I've already tried. The info.py gives:
Signature: H388X
Payload Type: 4 (UNKNOWN)
Payload Start: 77
Decompressed size: 0 bytes
2nd last chunk: 0
Chunk size: 0 bytes
Payload CRC: 0
Header CRC: 0
decode.py with serial gives malformed payload.
Compared to the config.bin for the ZXHN H298N reported in this repo, mine is completely missing the initial 128-byte header1.
In case you'd like to have a look at my config.bin and have the serial, you may drop me a message at enrico [dot] menotti [at] libero [dot] it.
The text was updated successfully, but these errors were encountered: