01.02.2020

Sagemcom Telnet

47

Sagemcom Broadband is one of Europe’s leading manufacturers of set top boxes and residential gateways. For many years, the teams at Sagemcom have demonstrated their capacity to anticipate technological breakthroughs and to respond quickly to our customers’ demands. Sagemcom Broadband offers its customers customized products featuring the very latest technological breakthroughs, including STBs that are compatible with all the TV ecosystems, residential gateways offering end-to-end gigabit access, and The Boxes combining broadband and TV access in a single product.

Telnet

README.md Overview This repository is a collection of tools and tips for the Optus Sagemcom F@ST 3864 broadband modem. Getting Access to Advanced Configuration Options The advanced features of the modem are not accessible by default and require you to login as the admin user to be able to view and modify them. There are a number of ways you can obtain the admin password, with some methods depending on the firmware version your modem is running. Getting the admin Password Prior to Software Version 8.353.1F@ST5350Optus Getting the admin user password prior to firmware version 8.353.1F@ST5350Optus such as version 7.253.2F3864V2Optus.

Open a web browser to and navigate to Managment / Access Control and view the source of the righthand part of the page. Near the top of the page you will find a line something like this: pwdAdmin = 'XXXXXXX'; This is the admin user password. If you now open your browser to and enter the admin user and password details found you will enable the advanced configuration menus. Getting the admin Password All Versions From firmware version 8.353.1F@ST5350Optus access to the advanced settings was disabled, as was the ability to view the admin password in the Access Control page. However, thanks to some reverse engineering done by Matty123123 at the plus.net forums there is a way to decrypt the configuration file obtained when you download the backup settings from the router. Open a web browser to and navigate to Managment / Configuration / Backup and download the backupsettings.conf file.

Next download a copy the the decrypt-conf.py script included in this repository. Set up Linux Install the decrypt-conf.py dependencies: $ sudo pip install pycrypto Set up Windows On Windows systems will need to download and install. Make sure you check the box to add Python to your PATH in the installer.

Then open a DOS or PowerShell command shell and install the pycrypto module: pip install -use-wheel -no-index -find-links=pycrypto Download decrypt-conf.py Download the script and you backupsettings.conf from your modem and put them in the same directory. Decrypt the Settings On Linux/Unix-like systems run: $ python decrypt-conf.py backupsettings.conf or on Windwos: python.exe decrypt-conf.py backupsettings.conf This will produce a new file called backupsettings.conf.txt. Search this file for the lines: XXXXXXXXXXXXX The password is base64 encoded so to decode it copy it into the following command line: $ echo XXXXXXXXXXXX base64 -d Accessing the Advanced Settings To access the advanced menus enter the following URL with your router's admin password into your browser: Credit goes to Matt Goring for his original on which I based my python script. Uploading a Modified Configuration Once you have obtained a plain text version of the configuration you can then modify it and upload it to the device. Open a web browser to and navigate to Managment / Configuration / Update and upload your modified the backupsettings.conf.txt file. There is no need to encrypt the file as the router will accept plain text files. Enabling Telnet Enabling telnet allows you to explore the device a little more and customize it further from the Linux command line.

To enable telnet you need to modify a plain text copy of the configuration to include the line: TRUE The configuration may already contain the line above but it is set to FALSE so just change it to TRUE. If it is missing the line then add it after the following line: Then upload the modified configuration. You will now be able to telnet to 192.168.0.1 and login using the username admin and the password you obtained earlier. Once you are logged in you are put into a restricted shell so type sh to drop into a BusyBox Linux shell. Putting the device into bridge mode ADSL2 Connections Follow the instructions in the PDF to. Original credit to.

Note:. Use the instructions above to obtain your admin password rather than those in the PDF. NBN FTTN/VDSL Connections The NDN FTTN/VDSL steps are similar to ADSL:. Backup your existing configuration in case you want to revert to it later. Factory reset the modem by hold a paper clip in the reset hole at the back of the modem until all the lights flash and it reboots. Use the instructions above to obtain your admin password.

Open a web browser to and login as admin with the password obtained in the previous step. Navigate to Advanced Setup / WAN Service. Look for the row in the table with interface ptm0.1 and description ipoe011.0. Select the Remove checkbox for that row only and click the Remove button. This will remove the non-bridged NBN FTTN VDSL WAN interface.

Navigate to Advanced Setup / WAN Service and click the Add button. This will start a wizard-like set of forms for configuring the WAN Service Interface. On the first page select a layer 2 interface for the service. Select ptm0/(011) and click Next. On the next page select the WAN service type Bridging. Do not change any other settings. On the next page is a summary of the settings.

Click Apply/Save. Next you will need to disable DHCP on the modem so that the alternative routing device you are bridging can get a public IP via DHCP. Navigate to Advanced Setup / LAN and select Disable DHCP Server and click Apply/Save. Next you should disable wireless. Navigate to Wireless and uncheck the Enable Wireless box.

Client

Click Apply/Save. Then reboot the modem by clicking the reboot button in the status widget at the top right. Once the modem has rebooted and the VDSL connection is established you can connect your other router's ethernet WAN interface into the Optus modem. Configure your other router to use DHCP on the WAN interface and it should get an IP address handed out to it from upstream server at Optus. If you get a 192.168.0.x IP address then you haven't disabled DHCP on the Optus F@st 3864 modem and you'll need to connect a PC to it again to do that. Note: Once you have disabled DHCP on the F@st 3864, if you ever need to make changes to it you will need to connect a computer to it with an ethernet cable and manually configure and IP address on your computer.

Use 192.168.0.2 or higher. Then you will be able to browse to to make changes. Note: You can test if bridging is working by plugging a computer using an ethernet cable and having DHCP configured. However, I strongly discourage doing this unless you know what you are doing and are sure that your computer's operating system is 100% up to date with all operating system security patches.

Your computer will not have time to check for patches and update before you will be scanned and hacked within minutes. You have been warned!. Dumping the firmware.

Sagemcom Telnet Router

Full list of URLs. PSI configuration decoder References. and.