Go Back   The Scream! > COMPUTER RELATED > Hardware > ADSL Router Mods

Reply
 
Thread Tools Display Modes
  #1  
Old 23-November-2009, 22:22
PsiDOC
Guest
 
Posts: n/a
Default Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

This is just a pre-release announcement as I am polishing the hack to include FTP and hopefully telnet access on the HH2.0A. I have come up against a minor setback in the shape of my monitor died but should have the parts here tomorrow to repair it. Sadly my laptop does not have a printer port to work with.
Anyway here's a proof piccy My Demon connection. Ip address to validate (it's ok I am on a dynamic IP) and connected via WIFI.

Yes it does require soldering as it's a JTAG job. No simple flash n go method I'm sorry - That is unless anyone knows someone who can create a Linux-Go bli image? If so PM me.
There's more to come from this.

Psi
Attached Thumbnails
Click image for larger version

Name:	bthh2 unlocked.JPG
Views:	4281
Size:	49.8 KB
ID:	2262  
Reply With Quote
  #2  
Old 24-November-2009, 15:30
jmpr
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

hi
can you tell me please when are you going to place the whole hacking proccedure?
thanks
Reply With Quote
  #3  
Old 24-November-2009, 21:17
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

When I have finished the hack and it all works as it should.
Timescale? Less than 2 weeks hopefully.

Psi
Reply With Quote
  #4  
Old 24-November-2009, 21:58
Memfis Memfis is offline
Former TS! Team
 
Join Date: Feb 2002
Location: ex TS! Team Mansion squatter
Posts: 3,894
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

unless anyone knows someone who can create a Linux-Go bli image? If so PM me.
Psi
Originally Posted by PsiDOC View Post
isn't a bli image just a block level image of a file system?
Reply With Quote
  #5  
Old 25-November-2009, 07:43
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

I was led to believe a .bli a JFFS which contains all of the file systems which is encrypted.

Psi
Reply With Quote
  #6  
Old 26-November-2009, 12:28
tbaby
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

Brilliant .. Just waiting for your next post and hack my little bt black box in the corner . Please post the procedure .
Reply With Quote
  #7  
Old 30-November-2009, 12:54
tbaby
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

Any updates ?
Reply With Quote
  #8  
Old 30-November-2009, 21:20
ian.morgan
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

I'm an amateur with all this, but I'm excitedly waiting to hear too

Just thought I'd give some encouragement that your work is much appreciated !
Reply With Quote
  #9  
Old 30-November-2009, 21:24
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

Not yet.
I killed the HH2 and not revivied it yet as it'll take 6+ hours to jtag the wholeflash back in so not had time. Will see what happens at the weekend.

Psi
Reply With Quote
  #10  
Old 03-December-2009, 10:30
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

*** Development Stopped ***
My HomeHub 2 is dead. The flash rom is getting serious write verify errors which means it is pooched.
Without a working HH2 to work with obviously I cannot continue.

Sorry all.
Psi
Reply With Quote
  #11  
Old 07-December-2009, 16:58
unlokia unlokia is offline
Screamager
 
Join Date: Jun 2006
Posts: 233
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

*** Development Stopped ***
My HomeHub 2 is dead. The flash rom is getting serious write verify errors which means it is pooched.
Without a working HH2 to work with obviously I cannot continue.

Sorry all.
Psi
Originally Posted by PsiDOC View Post
Gutted

"wah wah wah WAHHHHHH!" :P
Reply With Quote
  #12  
Old 16-December-2009, 09:26
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

I'm back!
After being donated a new home hub that sadly turned out to be a 2.0B (niether use nor ornament!).
I have repaired the bricked 2.0A and we're running again!
I can now safely say we're almost there.
I have an unlock solution and telnet running.

Code:
Username : admin
Password : *********
------------------------------------------------------------------------

                             ______  BT Home Hub 2.0A
                         ___/_____/\
                        /         /\\  8.1.H.G
                  _____/__       /  \\
                _/       /\_____/___ \  Copyright (c) 1999-2009, THOMSON
               //       /  \       /\ \
       _______//_______/    \     / _\/______
      /      / \       \    /    / /        /\
   __/      /   \       \  /    / /        / _\__
  / /      /     \_______\/    / /        / /   /\
 /_/______/___________________/ /________/ /___/  \
 \ \      \    ___________    \ \        \ \   \  /
  \_\      \  /          /\    \ \        \ \___\/
     \      \/          /  \    \ \        \  /
      \_____/          /    \    \ \________\/
           /__________/      \    \  /
           \   _____  \      /_____\/
            \ /    /\  \    /___\/
             /____/  \  \  /
             \    \  /___\/
              \____\/

------------------------------------------------------------------------

{admin}=>
Telnet is a must on these as the web gui is so limited.
I want to check out a few things like non BT VOIP and DYDNS etc before I continue so bear with me.

I will be making the unlock as simple as possible, as I did the the V1 and 1.5 with no editing files required. It will be a JTAG job I'm afraid as I don't know how to create a flashable linux BootP image, and it will take up to 8 hours to backup your existing flash and then reflash the new OS which will be supplied.

Am hoping to get this all done by Christmas as a little christmas present to those that want it.

Nadolig Llawen all

Psi
Reply With Quote
  #13  
Old 16-December-2009, 16:11
ian.morgan
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

Great News !

Looking forward to seeing the results. Is it possible to provide a sneak preview of the JTAG part, so I can get a competent mate to do this in advance?
(If I attempt it with my soldering skills, I'll kill it for sure).

If you haven't time, no worries

Great work.

Ian.
Reply With Quote
  #14  
Old 18-December-2009, 11:55
tbaby
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

What a great news .. Looking forward to the christmas present
Reply With Quote
  #15  
Old 21-December-2009, 17:05
ILOVEMYSANDVAGE
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

very nice work indeed. any ntfs support ?
Reply With Quote
  #16  
Old 21-December-2009, 18:27
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

NTFS Support?
If you mean for the USB drive then no. That area of the flash is untouched.
Psi
Reply With Quote
  #17  
Old 21-December-2009, 19:24
ILOVEMYSANDVAGE
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

ok, what about native ext2 or 3 support does it have that? im thinking it would be a nice replacement for my dying nslu2. well once some firmware is released in the future ofc

do you have any tutorials on how to make a jtag cable with an old printer cable (would it work)? ive seen in x scene theres people making them for the x360 im wondering if it would be the same principle with this
Reply With Quote
  #18  
Old 22-December-2009, 09:14
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

Fat 32 only I'm afraid. That's as it comes from the Thomson.
RE: The Jtag cable yes the printer cable method will work and works well. Have a look at the 2nd to last and last page of the Home Hub V1 hacking page. One of the members here used a cut down printer cable. Same principle as the one on X-Scene (I am a member there as well).

PsiDOC
Reply With Quote
  #19  
Old 22-December-2009, 12:38
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

As promised I have a christmas present to you all. I have completed the Home Hub 2.0A hack tutorial.
It does require soldering and will take somewhere in the reigion of 6 - 8 hours to complete with your PC being tied up for a lot of the time during flashing.
If you have any questions please post them in the forum over on the site.
It's still in it's first incarnation and please if you see any discrepancies let me know on the site.
Link below:
http://www.psidoc.com/articles.php?article_id=2

Nadolig Llawen a Blwyddyn Newydd Dda
(Merry Christmas and a Happy New Year)
Here's hoping 2010 is good for you all.
Psi
Reply With Quote
  #20  
Old 22-December-2009, 18:01
ILOVEMYSANDVAGE
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

thanks for opening the door
now the fun begins
Reply With Quote
  #21  
Old 25-December-2009, 04:37
mrzetec
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

I really was thrilled when I found this solution. I have searched high and low for a way to make my homehub2.0 work with sky broadband.
I followed the guide to the letter, and I tried it on an xp and windows 7 machine. It failed on both because the brtag program cannot see the router. I am hoping this is a parallel port setup error in BIOS. Can anyone help?
Reply With Quote
  #22  
Old 25-December-2009, 10:43
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

Try all 3 settings in the bios and see what works for you.
Personally I have never had to change form the EPP/ECP setting an all the machines I have used for flashing, although I have seen reports of changing to EPP that have worked.
Of course check your connections are in the right places as well - I have made that mistake myself!
Also remember to keep the length of the cable as short as possible. Maximum 6 - 8"
Remember do NOT flash until you get 2 good dumps that compare correctly. 1 misprogrammed byte in the flash and you have a bricked router.

Psi
Reply With Quote
  #23  
Old 28-December-2009, 15:53
mrzetec
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

Ok, I have tried again on another router (same firmware) and used two other PCs. I tried all BIOS settings for the printer port. I kept my cables down to 100mm, I am confident in my soldering and the second router was brand new. Still the same problem where the JTAG software implies that a cable is unplugged!
I have the right router version, both routers still work, but although I am really determined I can't see the problem.
Reply With Quote
  #24  
Old 28-December-2009, 16:17
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

In that case there's something so blatantly wrong you're not seeing it.
Only thing I can think of is your connections.
On the JTAG drawing remember they go:

13 -------- TDO ------ J9 Pin 3
2 --------- TDI ------- J9 Pin 2
4 --------- TMS ------ J9 Pin 5
3 --------- TCK ------ J9 Pin 6
20 ------ ground ----- PCB Ground
25 ------ ground

TMS and TCK are both highlighted as it is easy to get them the wrong way round

Just a thought.
Psi
Reply With Quote
  #25  
Old 30-December-2009, 22:18
mrzetec
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

Attempt3: Embarrassingly I used bad info for the pin arrangement (my connector has no labels) and after a check with another pinout site I found a much better parallel illustration.
So now after going through the motions again the mod still does not work BUT I do get responses that seem to make sense.
After typing brjtag '-probeonly /window:1E000000' I get:



After typing 'brjtag -backup:custom /window:1E000000 /start:1E000000 /length:1000000' I get:

Then, the command window just seems busy; I can not type in it but the cursor flashes, nothing seems to be happening.

So, closer but not there yet........
Reply With Quote
  #26  
Old 31-December-2009, 04:27
ILOVEMYSANDVAGE
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

the backup of the flash usually takes around 4-5? hours. i set it off in the morning and went out n had a few beers by the time i come back it was done
Reply With Quote
  #27  
Old 01-January-2010, 12:35
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

@ Mr. Zetec.
Finally you're getting somewhere! Now try the settings in the Bios. Set it to ECP first then try again. Then EPP, etc etc. I am sure that ECP will work, but I have read of circumstances where using bi-directional has cured the issue.

@ Sandvage.
4 - 5 hours to backup? It's usually between 1 and 2 hours if using the parallel port in ECP mode and 2 - 3 in any other mode.

Regards,
Psi
Reply With Quote
  #28  
Old 01-January-2010, 22:49
mrzetec
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

@ PsiDoc,
Thanks for the hint. However, after trying ECP DMA0, ECP DMA1, ECP DMA3, NORMAL, BIDIRECTIONAL, EPP and trying every variation of port address I still have the same problem.
When brjtag reaches the halt processor stage nothing happens; the cursor just flashes and I am unable to type further commands.
I left it running all night and when I checked 9 hours later nothing had changed.
So, looking at PsiDOC's example brjtag results, (and my results posted above) I see that my results begin to differ on the IMPCODE line onwards. I am stuck, I know nothing about this utility and I am completely new to this kind of flashing. For now I will keep on looking for an answer, but I would be massively grateful to anyone that can help me further...
I really want to loose my sky router and get my far better HomeHub2 re-instated.
Reply With Quote
  #29  
Old 02-January-2010, 06:59
ILOVEMYSANDVAGE
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

@ Mr. Zetec.
4 - 5 hours to backup? It's usually between 1 and 2 hours if using the parallel port in ECP mode and 2 - 3 in any other mode.

Regards,
Psi
Originally Posted by PsiDOC View Post
i take it its due to the lengh of my cable im using.. its about a meter and a bit long. i dont think the dumps im getting from it are even matching though. my own fault for using such a long cable though once i do ill up you the 8.1.H.J firmwares if you still havent got them
Reply With Quote
  #30  
Old 02-January-2010, 15:46
PsiDOC
Guest
 
Posts: n/a
Default Re: Hacking the (allegedly) Unhackable. BT HomeHub 2.0A UNLOCKED.

In that case yes it's due to your cable.
6" or less you want to aim for.
Thanks for the firmware offer, which I'll accept gladly.

@Mr.zetec. I'm afraid there's still something silly going on with your setup. Do you have a Parallel port scanner or a Zip drive or something? Seems like something is grabbing the parallel port. Without going through your setup I am not quite sure what to suggest next.
Regards,

Psi

Last edited by PsiDOC; 02-January-2010 at 16:08.
Reply With Quote
Reply

Tags
broadband, bt, bt home hub, cable, car, christmas, compare, connection, dead, email, files, firmware, flash, forward, hack, hacking, happy, home, home hub, hub, intel, key, laptop, lock, make, offer, port, security, software, thomson, unlock, voip, web

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 11:15.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!