I mentioned the Home Hub Blog in an earlier post. That author of that blog (amongst others) has been trying to find a way to unlock the Hub so that it can be used on ISPs other than BT itself. Unfortunately, BT seems to have tied the beast down (and ties it further with each upgrade of firmware). Worse, most users will be oblivious to the fact that BT can, and does, upgrade the Hub remotely. This may suit BT, but it does not suit all its customers – myself included.
The Home Hub blog author noted that the software in the Hub is a variant of an embedded Linux, with some additional code such as Samba. Given that all this code is covered by one or more variants of the GPL, BT is obliged to release the entire source code to anyone who asks, Access to the source code would, of course, allow anyone to identify where BT have locked the Hub, change it, recompile and reflash the Hub into an unlocked state. So HomeHubBlog wrote to BT – and he eventually gained a partial response. But not enough. See the Register article at The Register. This one could run and run.
My own experiments with the Hub tell me that it runs a Linux kernel 18.104.22.168. The FTP daemon on the Hub is so flakey however, that getting consistent access to the filesystem is very hit and miss. I commented on the Home Hub Blog at playing-around-with-ftp so I won’t repeat it here.
Several commentators have mentioned methods of getting root (superuser) access to the Hub CLI and FTP accounts. The method I have found most consistently successful is as follows:
Telnet to the Hub and log in as admin. At the command prompt type “user”, then type “flush” (this deletes all users). Now log out and log back in again, but this time log in as “root” (no password needed). Now go back to the user command subset and type “add”. Follow the prompts as below:
password=[your chosen password]
password=[repeat your chosen password]
descr=root (or any other description)
defuser=[leave blank - answering yes would make this the default user on login]
defremadmin=[leave blank - answering yes would make this the default remote admin user]
deflocaladmin=[leave bank - answering yes would make this the default local admin]
Bingo, you now have a root user. Now repeat the process for a named user (such as yourself) but give yourself the Administrator role. Make this user the default and the default local admin. Now save the configuration by going back to the top level of the CLI prompt system (type “..” to go back) and type “config save filname=user.ini”.
Note however that BT can overwrite this configuration, so you need to disable that. To do so you need to switch off CWMP (the CPE WAN Management Protocol) capability which allows BT to manage your router remotely. Bear in mind, however, that doing so will prevent BT automatically updating your router software if security problems are found – caveat emptor. To turn off CWMP, do the following:
at the top level CLI prompt, type “cwmp”, then at the cwmp prompt, type “config state=disabled”.
Your router is now unreachable.
(Again, you will need to save this configuration if you want this change to survive a reboot.)