Guide: Unlocking and Modding Telstra Routers (Technicolor hardware)

[Mussels]

This guide will be most useful to the Aussie members of the forums here, but Technicolor modems are used in a lot of different countries under various brand names so it'll help them as well, as long as you can alter any relevant instructions yourself (Factory IP address may be different, choosing different firmware from the list, etc)

I also call these routers a Modem, Router or Gateway at various times - they all mean the same thing, in the context of this guide. Sorry.

Yes this is safe - it's all open source coding for an OS based on OpenWRT in the first place, the ultra geeks writing this stuff in the first place on the whirlpool forums would absolutely notice and kick up a fuss if there were any security concerns. In fact, one of the biggest deals is that you can now lock TELSTRA out of the router increasing security.


Why would i do this?
Because some of them are super high spec routers with AC2200, 1GB of RAM and the best VDSL modems money can buy.
Unlocked they can work with any ISP, enable a heap of useful features including being used to create high speed wifi mesh networks and are often for sale for $10 on the facebook marketplace or gumtree.

I personally have modded the Telstra Frontier (DJN2130), Telstra Smart Modem (DJA0230), and Telstra Smart Modem Gen 2 (DJA0231) with these instructions.

The super short summary:
1. Telstra lock these down tight, so tight you cant even change DNS servers
2. Telstra automatically do Firmware updates when they're online
3. You *may* get working 'free' Internet on the backup 4G SIM card so instructions are included, but they usually get disabled after a few months. This does not cost the original owner anything, but some consider it immoral.

All the information has come from a mix of the whirlpool forums, the hack-technicolor website (Generic to all technicolor routers) and finally TCH-GUI-UNHIDE, which is more exclusively useful to Telstra customers.
If any of my instructions get outdated, you can use those links to find newer information.



Prep work:
Save the instructions and relevant files first, and run two connections to your PC if you can so you can still access instructions and files as needed, while you work.

What you'll need:
1. A Technicolor router
2. PC with ethernet port and cable
3. Internet connection
4. Some software:
Putty (For entering commands into the router)
WinSCP
TCH-Exploit (to actually gain root)

Spoiler: Preparation:

Check the firmware installed onto your device in your web browser, usually http://192.168.0.1 or http://10.0.0.138
Find your Modem/Router in the list here https://hack-technicolor.readthedocs.io/en/stable/Repository/
Once you find your Router model, you'll see a list of firmwares: compare the one you have installed, and see if it's A B or C.
You can also download these firmwares to manually update the router or for recovery in case of mistakes, but this is optional.
The latest firmwares can't always be rooted, so be sure to check if root methods are available before letting it auto update.

The page here will then list links to what those letters mean - which is what method you can use to gain root access
Rooting Type 2 - Hacking Technicolor Gateways

All the ones i've used, have been type C# and thats what these instructions will follow.

Spoiler: Optional firmware update step:

You can connect the device to the internet and let it auto update to the latest version, but sometimes they cant be rooted.

Once rooted, you can use the method here to manually update:
Safe Firmware Upgrade - Hacking Technicolor Gateways
Theres some nice step by step instructions for this using winSCP to transfer the firmware and how to unpack and install it, that i see no way i can improve on - so use their guide!
The only not beginner friendly part is they forget to mention to use WinSCP to connect and transfer the file, and then use Putty to connect and run the commands

Essentially it is:

Rename and copy your firmware file to /tmp/new.rbi

preserve your root access with

mkdir -p /overlay/$(cat /proc/banktable/booted)/etc
chmod 755 /overlay/$(cat /proc/banktable/booted) /overlay/$(cat /proc/banktable/booted)/etc
echo -e "echo root:root | chpasswd
sed -i 's#/root:.*\$#/root:/bin/ash#' /etc/passwd
sed -i -e 's/#//' -e 's#askconsole:.*\$#askconsole:/bin/ash#' /etc/inittab
uci -q set \$(uci show firewall | grep -m 1 \$(fw3 -q print | \
egrep 'iptables -t filter -A zone_lan_input -p tcp -m tcp --dport 22 -m comment --comment \"!fw3: .+\" -j DROP' | \
sed -n -e 's/^iptables.\+fw3: \(.\+\)\".\+/\1/p') | \
sed -n -e \"s/\(.\+\).name='.\+'$/\1/p\").target='ACCEPT'
uci add dropbear dropbear
uci rename dropbear.@dropbear[-1]=afg
uci set dropbear.afg.enable='1'
uci set dropbear.afg.Interface='lan'
uci set dropbear.afg.Port='22'
uci set dropbear.afg.IdleTimeout='600'
uci set dropbear.afg.PasswordAuth='on'
uci set dropbear.afg.RootPasswordAuth='on'
uci set dropbear.afg.RootLogin='1'
uci set dropbear.lan.enable='0'
uci commit dropbear
/etc/init.d/dropbear enable
/etc/init.d/dropbear restart
rm /overlay/\$(cat /proc/banktable/booted)/etc/rc.local
source /rom/etc/rc.local
" > /overlay/$(cat /proc/banktable/booted)/etc/rc.local
chmod +x /overlay/$(cat /proc/banktable/booted)/etc/rc.local
sync

This unpacks your new.rbi and converts it to new.bin - this takes several minutes and may crash a router that's low on ram or free space
You can use './de-telstra -M' and './de-telstra -G' (disables guest wifi and removes its firewall rules) to reduce RAM usage for this process

cat "/tmp/new.rbi" | (bli_parser && echo "Please wait..." && (bli_unseal | dd bs=4 skip=1 seek=1 of="/tmp/new.bin"))

If you run out of free space and crash, you can also use a USB flash drive - but the location changes (Must be FAT32 formatted)
The USB version of the code is:

cat "/mnt/usb/USB-A1/new.rbi" | (bli_parser && echo "Please wait..." && (bli_unseal | dd bs=4 skip=1 seek=1 of="/mnt/usb/USB-A1/new.bin"))

Flash the firmware (make sure you edit this line if you didn't rename the file to new.rbi or copied it anywhere else!)

# Erase and write new firmware into booted bank
mtd -e $(cat /proc/banktable/booted) write "/tmp/new.bin" $(cat /proc/banktable/booted)
# Emulate system crash to hard reboot
echo c > /proc/sysrq-trigger

USB location:

# Erase and write new firmware into booted bank
mtd -e $(cat /proc/banktable/booted) write "/mnt/usb/USB-A1/new.bin" $(cat /proc/banktable/booted)
# Emulate system crash to hard reboot
echo c > /proc/sysrq-trigger

Spoiler: Getting Root access (Make sure you have the software from earlier downloaded!)

1.Power up the router, with no WAN connections. No SIM Card (you may have to remove a white sticker on the older models), no WAN cable and no phone cables.

2.Connect your PC's ethernet cord to the RED WAN port (Not the yellow LAN port!) for this first step only.

3. You need to change your network cards IP address and default gateway to 58.162.0.1 with DNS to 255.255.255.0
Exactly how to do this varies between versions of windows, but if you google "Change DNS in windows X" you'll find dozens of easy guides.



4. Once that's done, you'll need to run tch-exploit-win.exe (right click and run as admin) - further instructions are here but it's fully automatic with the exception of pressing the WPS button at a specific time
4a. At first you'll get a pretty generic looking window, but once the router connects to your custom-set IP address it thinks you're telstras update server - and gives the program full access.

4b.You'll get a wall of cool hacker text in a DOS looking window, that takes 1-5 minutes for the router to do it's thing and communicate with the program

4c. Eventually it progresses and asks you to press and hold the wifi WPS button, labelled as "pair" on some models - you may need to scroll down or expand the window to see this text

Once you've held that in for 3-5 seconds the text updates and says you're done. Revert your ethernet connection back to automatic IP and DNS, and move the LAN cable from the red WAN port to the yellow LAN port.
Congrats! You have root access!

Next up: tch-gui-unhide

Spoiler: Unlocking the router

If you need to do this offline, theres a guide here but it involves more putty and winSCP to transfer files into the router, as well as adapting some of the commands based on filenames and locations (root folder, USB flash drive, etc)
Theres several methods you can use to install this, but this is the simplest and doesnt require winSCP to transfer files.
It does require internet access, so this is when you connect the Technicolor routers WAN port to your existing networks LAN port, and give it internet access

Open Putty and enter the IP address of your router, SSH and port 22

You'll get a security alert on your first connection, just hit 'accept'


The next screens require you to type a login and password the default now is

root

for both
At this point you can run ./passwd and change the root password at any time, but for this guide i'm leaving it default to make it simpler.

You can then copy-paste the following command to have the router download and unpack the installer in one easy step:

curl -k -L https://github.com/seud0nym/tch-gui-unhide/releases/latest/download/$(uci get version.@version[0].marketing_version).tar.gz | tar -xzvf -

You'll get something like this as they download, they're only scripts so it's quite fast

From here on is when you can run any of those scripts by running ./scriptname in your putty terminal. The TCH-GUI-UNHIDE page has a lot of examples and explanations of what commands can be used, but the main ones to use and in what order would be:
(Many of these will prompt you to hit Y and enter to confirm, i'm not hand-holding that much)

./set-optimal-bank-plan

This resets your device, but makes sure the device wont lose the wrong settings from a reset and protects against corruption. After it reboots, connect with putty again by right clicking the top of the window and clicking 'restart session' and typing in the root username and password again.

./de-telstra -A

This prevents Root being lost, and removes Telstra exclusive services and stops telstras remote access. The -A command is just recommended defaults, run without any commands to see the whole list

./tch-gui-unhide

this opens up all the hidden menus telstra disabled. You can use -A for recommended settings, or manually enable and disable each setting

./tch-gui-unhide-cards

is an interactive script to help you enable or disable those cards manually, but you need to run the above command at least once before this works

This is my before image:

And after (zoomed out to fit with some pages still disabled)

Bonus page of in-progress content: Setting up spare routers as EasyMesh wifi clients! (without paying $300 to telstra)

If you're on a DJA0230 or DJA0231 You can use the following commands to set one router to be an easymesh AP instead of the controller, for that sweet sweet AC2166Mb wifi link (with ethernet out at the other end)

What should happen is router 1 has the controller active, and router 2 (with the controller disabled) should automatically pair with the network and copy wifi settings. What's happening is... not that.

./de-telstra -m

has commands to alter the easymesh AP settings, i'm working on the exact ones to force a device to the a 'client' now. The unlocked UI also has options for this.

Final version: The routers need to be on the same firmware, once my second DJA0231 was updated to 20.3c easymesh functioned easily.
All i needed to do was enable "agent" on the primary and disable "controller" on the secondary via the GUI, and connect them LAN to LAN

Wireless boosters dont seem supported via modding despite years of efforts by modders - they require a wired backhaul

Bonus code for VDSL users:
(hashtags make the code not do anything, they're for users to understand the code)
These unlock the VDSL download, upload, and total of both rates - some firmwares had lower limits (110 down and 30 up)

# Increase the max sync speed
uci set xdsl.dsl0.maxaggrdatarate='200000'
uci set xdsl.dsl0.maxdsdatarate='140000'
uci set xdsl.dsl0.maxusdatarate='60000'

#Remove old ADSL profiles and modes to sync VDSL faster
uci del_list xdsl.dsl0.profile='8a'
uci del_list xdsl.dsl0.profile='8b'
uci del_list xdsl.dsl0.profile='8c'
uci del_list xdsl.dsl0.profile='8d'
uci del_list xdsl.dsl0.profile='12a'
uci del_list xdsl.dsl0.profile='12b'
uci del_list xdsl.dsl0.multimode='gdmt'
uci del_list xdsl.dsl0.multimode='adsl2annexm'
uci del_list xdsl.dsl0.multimode='adsl2plus'

 

[Mussels]

I got doublestacked ipv6 working as well - short version, working ipv6 on a second attached router network

This was glitched as a firmware bug and the author of the mod issued a fix. The bug was that the prefix setting would vanish.

The simple fix LAN settings card, and lower the IPv6 prefix from /64 to /61
Why? I assume the google nest wifi mesh needs /3 worth of subnets, for it's 2.4GHz, 5GHz and backhaul?

All i care about, is that i beat google who said it wasnt possible

 

[lexluthermiester]

The key here is that ./de-telstra -G removes guest networks and their firewall rules, and those firewall rules are what fix the ipv6 issue

Nevermind my other suggestion. This is interesting.

 

[steen]

OpenWRT/Smart ROOter is very useful. Enabling 2nd SIP & USB tethering USB=>WAN is damn handy.

 

[Mussels]

Nevermind my other suggestion. This is interesting.

After consulting the author of the mods and doing way too much research onto IPv6, what it boils down to is each seperate subnet requires "/1" prefix allocated

/64 gives one IP to the router
/63 gives one range to share into X addresses
/62 gives an extra for the guest wifi (since its seperated to provide user isolation) - and the routers internal firewall rules must allow that traffic to flow to and from the WAN/WWAN

In this case, i have one for the telstras network, and then need two for the google setup - one for itself, and one for it's own guest network. The key here is that the google will not activate IPv6 if it doesnt get at least '/3' worth of prefix allocation (subnets? i dont know the correct terminology)

I got unlucky with removing the firewall rules breaking the subnet prefix setting (since the firewall blocked the traffic anyway), and lucky that the unlocked router allowed me to force it to a lower number - allowing more to pass through for the google/nest wifi to claim for itself.


The next time i reply to the failure of tech support google is giving me will be fun, proving they were entirely wrong about ipv6 being ever possible to work with dual stack routers. They said to just bridge my cable modem despite the fact that australia ripped up our HFC cable networks years ago since they're just objectively terrible - too prone to peak hour congestion, and upload speeds that make DSL look good (we had 100Mb down and 2Mb up, it was insanely worthless - the100/40 that replaced it is far superior... except to google)

OpenWRT/Smart ROOter is very useful. Enabling 2nd SIP & USB tethering USB=>WAN is damn handy.

These are apparently OpenWRT based in the first place. There are scripts to send the LTE, WAN and VDSL to a hard wired LAN port each, for example keeping them simultaneously active

 

[mechtech]

Ahhh our poor Aussie brothers suffering Telstra. Have they gotten any better over the past decade, or is the butt-hurt still in full effect??

 

[Mussels]

Ahhh our poor Aussie brothers suffering Telstra. Have they gotten any better over the past decade, or is the butt-hurt still in full effect??

The hardware on these is great, it's been ironic helping american friends on DSL (usually stuck under 8Mb/1Mb) with the best modems they can get having 256MB of RAM and low clocked dual core CPU's

Telstra are still the usual big boy company, only around because they've raised generations of people to think the only way to get a phone is on a 3 year contract...
Oh but get 5% off if you bundle that with your home internet (but pay 50% more than seperate services on other telcos)

____________________________________________________________________________________________________




Alright, next dumbass mod: installing Transmission so my Telstra gateway can download torrents to an attached USB 3.0 hard drive!
This is really heavy on the RAM usage, so i expect this would be unusable on Gen 2 devices with their low <512MB of RAM.
As i'm making this up as i go from mixing and matching various guides, i'll put down what i did, and try it again on a second router to be sure what steps were actually neccesary.

I have my test router on 192.168.3.1 but tried to edit all the commands for the default 192.168.1.1 - if you find a 3.1 anywhere, change to 1.1 for your own uses.

A lot of info came from here, but some of it's incorrect for this router
[OpenWrt Wiki] Transmission configuration

If it's marked with an * it's likely optional and can be skipped - i'm re-doing this on a second router later, and will confirm what is needed and what is not.



Open a web browser and load the packages card
* Tick custom feeds and update now
Load available packages tab (it'll be slow)
Search for and install all packages for Transmission


Open a putty terminal and log in to the root account on the router

In putty run:
uci set transmission.@transmission[0].enabled="1"
uci commit transmission
/etc/init.d/transmission restart

Then in web browser, go to http://192.168.1.1:9091/ (Your IP may be not be 192.168.1.1 - that's upto you to adjust the settings as you go)
You should get redirected to

http://192.168.1.1:9091/transmission/web/

Default firewall example to port forward to the transmission server:
This adds a firewall rule, but i've not confirmed it's working yet


uci add firewall rule
uci set firewall.@rule[-1].name='Allow-Transmission'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest_port='51413'
uci set firewall.@rule[-1].target='ACCEPT'
uci commit firewall
service firewall restart

(These are the final settings i ended up with, i need to check how to add them via the script above)
config rule
option name 'Allow-Transmission'
option src 'wan'
option proto 'tcp udp'
option dest_port '51413'
option dest_ip '192.168.3.1'
option target 'ACCEPT'
option enabled '1'




(I accidentally ran this twice, and had to use WinSCP and edit /etc/config/firewall to remove the bottom entry. oops.)


Once it's logged in and all behaving well, you change settings in the webUI itself - the wrench in the bottom left
The correct download location for a mounted USB drive on these routers is
/mnt/usb/USB-A1/

So you can use this as an example:
/mnt/usb/USB-A1/Downloads/

You can edit the settings file manually with WinSCP here: (remember, these files have no extension - so not .txt)
/etc/config/transmission

There are some 'whitelist' files here you'll need to add your IP range into, to be able to login with remote transmission clients (default is 192.168.1.* - you could set 192.168.*.* for example if you changed your IP range the router uses)

It seems they support FAT32 and NTFS but not EXFAT
You can find the web address for your drive (created based on its internal harwdare, sigh) on the "content sharing" card of the router

For whatever reason you can see this drive is now listed as sda2 - which means the location above i need to change the location to:
(I verified this was correct in winSCP by loading into the /mnt/ directory and seeing what paths showed up)
/mnt/usb/USB-A2/Downloads/


At this point the WEB UI worked and i can try to download to the hard drive, and i can remotely access it over the LAN.
The download errors due to lack of permissions for transmission to access the folder
I'm sure there are more secure ways to alter this but as a beginner to the unix? linux? file systems i just went with the root user:


(In Putty)

service transmission stop

edit the following in /etc/config/transmission

option config_dir '/mnt/usb/USB-A2/Downloads/'
option config_overwrite '1'
option user 'root'
option group 'root'

service transmission start

And now with 'transmission remote' windows software:

She's all working, webUI and transmission!

You can add this to the 'paths' setting in transmission remote so that you can 'open' a torrents folder location within the program
In my case, this was the code needed: (location the router uses = windows share location)
/mnt/usb/USB-A2/Downloads/=\\192.168.3.1\TOSHIBA_MQ01ABF050_2_23fd




random notes below:
*This might be needed (need to retest on new router/formatted drive)
chmod 777 /mnt/usb/USB-A2/Downloads/
(remember that you'll need to edit that command to A1 depending on the USB drive, or if the directory changes)


To do list:

I may need some sort of script to make this daemon start with the router, that's a future task

I'll probably want to change the config_dir, download_dir, and incomplete_dir variables to point to locations on external storage so settings are saved on the USB drive and not on the router (firmware updates can delete the temp directories)
*Once you change the config_dir you need to go to the new location (on your USB drive most likely) and edit the settings there, as the new file uses transmission defaults*

 

[Mussels]

An option script to run in Putty:

This converts "Eth3" which is LAN port 4 to us mortals into part of the guest network on the 192.168.3.x range
This let me connect my next wifis WAN port to LAN4, and then LAN to LAN them allowing regular old LAN traffic to cross networks

Disabling the DHCP on the nest wifi allowed the Telstra Gateway to controll all LAN traffic, while anything google hardcoded to go through their WAN port (mostly google home controls for smart devices) still works

uci set network.lan.ifname='eth0 eth1 eth2'
uci set qos.eth0.classgroup='TO_LAN'
uci set network.nest=interface
uci set network.nest.proto='static'
uci set network.nest.ip6assign='64'
uci set network.nest.ip6hint='3'
uci set network.nest.netmask='255.255.255.0'
uci set network.nest.ipaddr='192.168.3.1'
uci set network.nest.force_link='1'
uci set network.nest.rpfilter='1'
uci set network.nest.ipv6='1'
uci set network.nest.ifname='eth3'
uci set dhcp.google=dnsmasq
uci set dhcp.google.disabled='0'
uci set dhcp.google.nonwildcard='1'
uci set dhcp.google.domainneeded='1'
uci set dhcp.google.boguspriv='1'
uci set dhcp.google.filterwin2k='0'
uci set dhcp.google.localise_queries='1'
uci set dhcp.google.rebind_protection='0'
uci set dhcp.google.rebind_localhost='1'
uci set dhcp.google.local='/lan/'
uci set dhcp.google.expandhosts='1'
uci set dhcp.google.nonegcache='0'
uci set dhcp.google.authoritative='1'
uci set dhcp.google.readethers='1'
uci set dhcp.google.leasefile='/tmp/dhcp.leases'
uci set dhcp.google.resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
uci set dhcp.google.strictorder='1'
uci set dhcp.google.dhcpscript='/lib/dnsmasq/dhcp-event.sh'
uci set dhcp.google.domain='nest'
uci set dhcp.google.add_local_fqdn='0'
uci add_list dhcp.google.hostname='mymodem'
uci set dhcp.google.interface='nest'
uci set dhcp.google.notinterface='loopback'
uci set dhcp.nest=dhcp
uci set dhcp.nest.instance='google'
uci set dhcp.nest.interface='nest'
uci set dhcp.nest.start='2'
uci set dhcp.nest.limit='253'
uci set dhcp.nest.leasetime='1d'
uci set dhcp.nest.force='1'
uci set dhcp.nest.dhcpv6='server'
uci set dhcp.nest.ra='server'
uci set dhcp.nest.ra_management='0'
uci set dhcp.nest.ra_mininterval='200'
uci set dhcp.nest.ra_maxinterval='600'
uci set dhcp.nest.ra_lifetime='1800'
uci set dhcp.nest.ra_hoplimit='64'
uci set dhcp.nest.dhcpv4='server'
uci add_list firewall.@zone[1].network='nest'


uci commit network
uci commit dhcp
uci commit firewall
uci commit qos
/etc/init.d/network restart
/etc/init.d/dnsmasq restart
/etc/init.d/firewall restart
/etc/init.d/qos restart

 

[Goody]

Hey Mussels,
I am in Melbourne and have 2 Smart Models. I am stuck in step 4b and won't go ahead to the green text page. Any Ideas?

 

[Mussels]

Did you connect to the WAN port, for this step?
If you can list the actual model numbers and firmware revisions i can help further, but definitely check you've got the static IP correct, and connected to the WAN port


Oh, and scroll down... that text looks like it goes further

 

[Goody]

Hey Mussels,
Thanks for responding.

Did you connect to the WAN port, for this step?

Yes, I followed the steps closely. and repeated it with any possible combinations.
Like resetting factory the model offline, or when it was connected. Connecting the modem to the laptop when tch-exploit-win was running or it was connected and ran the app after. Used the USB to Lan adapter or used the Lan of the docking station and so on and so on.
even tried 3 versions of the tch-exploit-win.
Also I had 2 versions of this modem. no luck on any of them.

If you can list the actual model numbers and firmware revisions i can help further, but definitely check you've got the static IP correct, and connected to the WAN port

Here is the IP I set, however when I hit the OK a/\
nd connect to tch-exploit-win, the default gateway goes back to blank

Here is the firmware version which is the lastest` if the list

Oh, and scroll down... that text looks like it goes further

I did scroll down to the end of the page. no luck again. this time I waited longer and as you can see, the page is filled with white text.
in fact, it seems the tch-exploit-win is trying continuously, but it can't take control, and it stays in the request, Bound state and never goes to the offer state which was shown in your snip.

I also played with firewall rules and eased all the firewalls for home and public networks. Changed the current network to a home network. none were successful.
Put the tch-exploit-win folder and files as trusted and deactivated the defender in my Win 11.
The only things that I was not able to try were
1- Using Windows 10 or lower - I am using a Windows 11 pro Versio 22H
2- Using a proper lan card as all my computers only have USB C ports - What I am using is a Comsol USB C adapter


Also Tried to reset all networks as Cevad mentioned it worked for him in the Whirpool thread here >> https://forums.whirlpool.net.au/archive/31jjy6v9

Thanks for helping me out.

 

[Mussels]

DJA0231 is a gen 2 router, i've got several of those

20.3.c *432* isn't rootable

You'll need to downgrade to the "20.3.c.0389-MR20-RA" firmware from here:
Firmware Repository - Hacking Technicolor Gateways (hack-technicolor.readthedocs.io)


Theres a guide here
Recovery - Hacking Technicolor Gateways (hack-technicolor.readthedocs.io)
That has instructions on how to use BootP to flash a stock firmware (even older ones) to rollback the unit to 389, which will then work with the rooting program.
You can then use one of several methods to update to 432 and retain root, it just cant be done directly.

Instructions start at "Setting up the Server"

 

[Goody]

Oh man, you are the one!
It did work on both!
Thank you Mussels.

 

[Mussels]

The deleted question you asked about only shows if you're on ADSL2+, i believe it's on the xdsl config card once you're unlocked but i cant see it since i'm on VDSL



Oh if you are on DSL of any kind, get a ferrite bead and put it over your phone cable where it exits the wall socket. I've been able to get an extra 5Mb by doing that here.

 

[Goody]

I deleted it because I found where the setting is. You don't need to be on dsl or adsl2+ or vdsl. the snips below show how to get to the settings. It will be accessible only when the WAN sensing is switched off.

 

[Mussels]

Ah yep, that's hidden for me on VDSL


So far i've had 5 of 8 working SIM cards in these for working internet too, they throttle after about 80GB and can get disconnected if they hit that limit several months in a row, but they're great for running off a car battery (USB-C PD 12V) while driving or camping

 

[Goody]

I see!
I am planning to send it overseas to be used for ADSL2+ connections. In Iran dsl connections' vpi/vci is set to 0/35 which is different to Aussie companies (8/35).

 

[Mussels]

Once unlocked they're definitely top tier for use like that, since they support just about every major standard

 

[Goody]

Hey Mussels,
I reset the modem, and everything returned to Telstra default. Have you tried to fix the new settings as the reset to factory default?

Goody

 

[Mussels]

when you use the external factory reset, you lose root
when you use the internal software one (when modded) you can retain root - but the mods themselves are lost.
When the mods break the OS, you want the factory reset to do this

You can't lock the modded settings in, since factory reset does the equivalent of loading up an operating system .ISO file and reloading a clean OS.



So if you reset via the software, you can putty in and run the Tch gui unhide install script again - but if you reset via the button, you'll need to root the router from the start

this is where the backup and restore scripts that ./tch-gui-unhide installs are handy, if you have a fat32 USB drive handy (I think it supports EXFAT, too?)


those commands are
./mtd-backup
./mtd-restore

(they have their own advice/scripts if you want to restore a specific backup file, but the automatic setting is to make a new backup, and restore the most recent backup file)

 

[Goody]

I'll give it crack

 

[triumph_W]

Hi Mussels,

I tried to use Tch-exploit to get root access of my Telstra Smart Modem Gen 3, or Technicolor CorbraXH. Unfortunately, I forgot to remove the SIM when I turn it on and the firmware was updated from 20.4.0319-MR0-RA to the latest 21.4.0439-MR2.1-RA, which I believe is the reason why my root failed. I was stuck at the same 4b step as Goody mentioned,

Hey Mussels,
I am in Melbourne and have 2 Smart Models. I am stuck in step 4b and won't go ahead to the green text page. Any Ideas?
View attachment 305041

I followed every step such as setting static IP 58.162.0.1, connected to Red WAN port rather than LAN port, but still failed. Do you know why? Is that because my firmware version is not rootable?

 

[Goody]

Hi Mussels,

I tried to use Tch-exploit to get root access of my Telstra Smart Modem Gen 3, or Technicolor CorbraXH. Unfortunately, I forgot to remove the SIM when I turn it on and the firmware was updated from 20.4.0319-MR0-RA to the latest 21.4.0439-MR2.1-RA, which I believe is the reason why my root failed. I was stuck at the same 4b step as Goody mentioned,


I followed every step such as setting static IP 58.162.0.1, connected to Red WAN port rather than LAN port, but still failed. Do you know why? Is that because my firmware version is not rootable?

Mine was Gen2. And I found out the firmware of my modem was the one that hack does not work. So I downgraded the firmware and it worked.
The only issue is that if you hard reset the modem it goes back original firmware. Which means there is noway to change the original rom.

 

[Saran123]

Can anyone link a detailed video to downgrade the firmware of the Telstra dja0231. Also what does it mean when “turn off the gateway” and how do I do that?

Mine was Gen2. And I found out the firmware of my modem was the one that hack does not work. So I downgraded the firmware and it worked.
The only issue is that if you hard reset the modem it goes back original firmware. Which means there is noway to change the original rom.

Could you help me with this process, I am in the same boat as you and need help.

 

[Goody]

Can anyone link a detailed video to downgrade the firmware of the Telstra dja0231. Also what does it mean when “turn off the gateway” and how do I do that?


Could you help me with this process, I am in the same boat as you and need help.

Haven’t seen a video for this and personally i do make videos. But all steps are pretty straight forward. Just go to my original question and see Mussels's responds and the link he shared on how to reset the firmware to older versions.

Turn off the gateway means to disconnect the power to the modem.