Mussels
Freshwater Moderator
- Joined
- Oct 6, 2004
- Messages
- 58,413 (7.90/day)
- Location
- Oystralia
System Name | Rainbow Sparkles (Power efficient, <350W gaming load) |
---|---|
Processor | Ryzen R7 5800x3D (Undervolted, 4.45GHz all core) |
Motherboard | Asus x570-F (BIOS Modded) |
Cooling | Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate |
Memory | 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V) |
Video Card(s) | Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W)) |
Storage | 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2 |
Display(s) | Phillips 32 32M1N5800A (4k144), LG 32" (4K60) | Gigabyte G32QC (2k165) | Phillips 328m6fjrmb (2K144) |
Case | Fractal Design R6 |
Audio Device(s) | Logitech G560 | Corsair Void pro RGB |Blue Yeti mic |
Power Supply | Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY) |
Mouse | Logitech G Pro wireless + Steelseries Prisma XL |
Keyboard | Razer Huntsman TE ( Sexy white keycaps) |
VR HMD | Oculus Rift S + Quest 2 |
Software | Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware! |
Benchmark Scores | Nyooom. |
This guide will be most useful to the Aussie members of the forums here, but Technicolor modems are used in a lot of different countries under various brand names so it'll help them as well, as long as you can alter any relevant instructions yourself (Factory IP address may be different, choosing different firmware from the list, etc)
I also call these routers a Modem, Router or Gateway at various times - they all mean the same thing, in the context of this guide. Sorry.
Yes this is safe - it's all open source coding for an OS based on OpenWRT in the first place, the ultra geeks writing this stuff in the first place on the whirlpool forums would absolutely notice and kick up a fuss if there were any security concerns. In fact, one of the biggest deals is that you can now lock TELSTRA out of the router increasing security.
Why would i do this?
Because some of them are super high spec routers with AC2200, 1GB of RAM and the best VDSL modems money can buy.
Unlocked they can work with any ISP, enable a heap of useful features including being used to create high speed wifi mesh networks and are often for sale for $10 on the facebook marketplace or gumtree.
I personally have modded the Telstra Frontier (DJN2130), Telstra Smart Modem (DJA0230), and Telstra Smart Modem Gen 2 (DJA0231) with these instructions.
The super short summary:
1. Telstra lock these down tight, so tight you cant even change DNS servers
2. Telstra automatically do Firmware updates when they're online
3. You *may* get working 'free' Internet on the backup 4G SIM card so instructions are included, but they usually get disabled after a few months. This does not cost the original owner anything, but some consider it immoral.
All the information has come from a mix of the whirlpool forums, the hack-technicolor website (Generic to all technicolor routers) and finally TCH-GUI-UNHIDE, which is more exclusively useful to Telstra customers.
If any of my instructions get outdated, you can use those links to find newer information.
Prep work:
Save the instructions and relevant files first, and run two connections to your PC if you can so you can still access instructions and files as needed, while you work.
What you'll need:
1. A Technicolor router
2. PC with ethernet port and cable
3. Internet connection
4. Some software:
Putty (For entering commands into the router)
WinSCP
TCH-Exploit (to actually gain root)
Next up: tch-gui-unhide
This is my before image:
And after (zoomed out to fit with some pages still disabled)
Bonus page of in-progress content: Setting up spare routers as EasyMesh wifi clients! (without paying $300 to telstra)
If you're on a DJA0230 or DJA0231 You can use the following commands to set one router to be an easymesh AP instead of the controller, for that sweet sweet AC2166Mb wifi link (with ethernet out at the other end)
What should happen is router 1 has the controller active, and router 2 (with the controller disabled) should automatically pair with the network and copy wifi settings. What's happening is... not that.
has commands to alter the easymesh AP settings, i'm working on the exact ones to force a device to the a 'client' now. The unlocked UI also has options for this.
Final version: The routers need to be on the same firmware, once my second DJA0231 was updated to 20.3c easymesh functioned easily.
All i needed to do was enable "agent" on the primary and disable "controller" on the secondary via the GUI, and connect them LAN to LAN
Wireless boosters dont seem supported via modding despite years of efforts by modders - they require a wired backhaul
Bonus code for VDSL users:
(hashtags make the code not do anything, they're for users to understand the code)
These unlock the VDSL download, upload, and total of both rates - some firmwares had lower limits (110 down and 30 up)
I also call these routers a Modem, Router or Gateway at various times - they all mean the same thing, in the context of this guide. Sorry.
Yes this is safe - it's all open source coding for an OS based on OpenWRT in the first place, the ultra geeks writing this stuff in the first place on the whirlpool forums would absolutely notice and kick up a fuss if there were any security concerns. In fact, one of the biggest deals is that you can now lock TELSTRA out of the router increasing security.
Why would i do this?
Because some of them are super high spec routers with AC2200, 1GB of RAM and the best VDSL modems money can buy.
Unlocked they can work with any ISP, enable a heap of useful features including being used to create high speed wifi mesh networks and are often for sale for $10 on the facebook marketplace or gumtree.
I personally have modded the Telstra Frontier (DJN2130), Telstra Smart Modem (DJA0230), and Telstra Smart Modem Gen 2 (DJA0231) with these instructions.
The super short summary:
1. Telstra lock these down tight, so tight you cant even change DNS servers
2. Telstra automatically do Firmware updates when they're online
3. You *may* get working 'free' Internet on the backup 4G SIM card so instructions are included, but they usually get disabled after a few months. This does not cost the original owner anything, but some consider it immoral.
All the information has come from a mix of the whirlpool forums, the hack-technicolor website (Generic to all technicolor routers) and finally TCH-GUI-UNHIDE, which is more exclusively useful to Telstra customers.
If any of my instructions get outdated, you can use those links to find newer information.
Prep work:
Save the instructions and relevant files first, and run two connections to your PC if you can so you can still access instructions and files as needed, while you work.
What you'll need:
1. A Technicolor router
2. PC with ethernet port and cable
3. Internet connection
4. Some software:
Putty (For entering commands into the router)
WinSCP
TCH-Exploit (to actually gain root)
Check the firmware installed onto your device in your web browser, usually http://192.168.0.1 or http://10.0.0.138
Find your Modem/Router in the list here https://hack-technicolor.readthedocs.io/en/stable/Repository/
Once you find your Router model, you'll see a list of firmwares: compare the one you have installed, and see if it's A B or C.
You can also download these firmwares to manually update the router or for recovery in case of mistakes, but this is optional.
The latest firmwares can't always be rooted, so be sure to check if root methods are available before letting it auto update.
The page here will then list links to what those letters mean - which is what method you can use to gain root access
Rooting Type 2 - Hacking Technicolor Gateways
All the ones i've used, have been type C# and thats what these instructions will follow.
Find your Modem/Router in the list here https://hack-technicolor.readthedocs.io/en/stable/Repository/
Once you find your Router model, you'll see a list of firmwares: compare the one you have installed, and see if it's A B or C.
You can also download these firmwares to manually update the router or for recovery in case of mistakes, but this is optional.
The latest firmwares can't always be rooted, so be sure to check if root methods are available before letting it auto update.
The page here will then list links to what those letters mean - which is what method you can use to gain root access
Rooting Type 2 - Hacking Technicolor Gateways
All the ones i've used, have been type C# and thats what these instructions will follow.
You can connect the device to the internet and let it auto update to the latest version, but sometimes they cant be rooted.
Once rooted, you can use the method here to manually update:
Safe Firmware Upgrade - Hacking Technicolor Gateways
Theres some nice step by step instructions for this using winSCP to transfer the firmware and how to unpack and install it, that i see no way i can improve on - so use their guide!
The only not beginner friendly part is they forget to mention to use WinSCP to connect and transfer the file, and then use Putty to connect and run the commands
Essentially it is:
Rename and copy your firmware file to /tmp/new.rbi
preserve your root access with
This unpacks your new.rbi and converts it to new.bin - this takes several minutes and may crash a router that's low on ram or free space
You can use './de-telstra -M' and './de-telstra -G' (disables guest wifi and removes its firewall rules) to reduce RAM usage for this process
If you run out of free space and crash, you can also use a USB flash drive - but the location changes (Must be FAT32 formatted)
The USB version of the code is:
Flash the firmware (make sure you edit this line if you didn't rename the file to new.rbi or copied it anywhere else!)
USB location:
Once rooted, you can use the method here to manually update:
Safe Firmware Upgrade - Hacking Technicolor Gateways
Theres some nice step by step instructions for this using winSCP to transfer the firmware and how to unpack and install it, that i see no way i can improve on - so use their guide!
The only not beginner friendly part is they forget to mention to use WinSCP to connect and transfer the file, and then use Putty to connect and run the commands
Essentially it is:
Rename and copy your firmware file to /tmp/new.rbi
preserve your root access with
Code:
mkdir -p /overlay/$(cat /proc/banktable/booted)/etc
chmod 755 /overlay/$(cat /proc/banktable/booted) /overlay/$(cat /proc/banktable/booted)/etc
echo -e "echo root:root | chpasswd
sed -i 's#/root:.*\$#/root:/bin/ash#' /etc/passwd
sed -i -e 's/#//' -e 's#askconsole:.*\$#askconsole:/bin/ash#' /etc/inittab
uci -q set \$(uci show firewall | grep -m 1 \$(fw3 -q print | \
egrep 'iptables -t filter -A zone_lan_input -p tcp -m tcp --dport 22 -m comment --comment \"!fw3: .+\" -j DROP' | \
sed -n -e 's/^iptables.\+fw3: \(.\+\)\".\+/\1/p') | \
sed -n -e \"s/\(.\+\).name='.\+'$/\1/p\").target='ACCEPT'
uci add dropbear dropbear
uci rename dropbear.@dropbear[-1]=afg
uci set dropbear.afg.enable='1'
uci set dropbear.afg.Interface='lan'
uci set dropbear.afg.Port='22'
uci set dropbear.afg.IdleTimeout='600'
uci set dropbear.afg.PasswordAuth='on'
uci set dropbear.afg.RootPasswordAuth='on'
uci set dropbear.afg.RootLogin='1'
uci set dropbear.lan.enable='0'
uci commit dropbear
/etc/init.d/dropbear enable
/etc/init.d/dropbear restart
rm /overlay/\$(cat /proc/banktable/booted)/etc/rc.local
source /rom/etc/rc.local
" > /overlay/$(cat /proc/banktable/booted)/etc/rc.local
chmod +x /overlay/$(cat /proc/banktable/booted)/etc/rc.local
sync
This unpacks your new.rbi and converts it to new.bin - this takes several minutes and may crash a router that's low on ram or free space
You can use './de-telstra -M' and './de-telstra -G' (disables guest wifi and removes its firewall rules) to reduce RAM usage for this process
Code:
cat "/tmp/new.rbi" | (bli_parser && echo "Please wait..." && (bli_unseal | dd bs=4 skip=1 seek=1 of="/tmp/new.bin"))
If you run out of free space and crash, you can also use a USB flash drive - but the location changes (Must be FAT32 formatted)
The USB version of the code is:
Code:
cat "/mnt/usb/USB-A1/new.rbi" | (bli_parser && echo "Please wait..." && (bli_unseal | dd bs=4 skip=1 seek=1 of="/mnt/usb/USB-A1/new.bin"))
Flash the firmware (make sure you edit this line if you didn't rename the file to new.rbi or copied it anywhere else!)
Code:
# Erase and write new firmware into booted bank
mtd -e $(cat /proc/banktable/booted) write "/tmp/new.bin" $(cat /proc/banktable/booted)
# Emulate system crash to hard reboot
echo c > /proc/sysrq-trigger
USB location:
Code:
# Erase and write new firmware into booted bank
mtd -e $(cat /proc/banktable/booted) write "/mnt/usb/USB-A1/new.bin" $(cat /proc/banktable/booted)
# Emulate system crash to hard reboot
echo c > /proc/sysrq-trigger
1.Power up the router, with no WAN connections. No SIM Card (you may have to remove a white sticker on the older models), no WAN cable and no phone cables.
2.Connect your PC's ethernet cord to the RED WAN port (Not the yellow LAN port!) for this first step only.
3. You need to change your network cards IP address and default gateway to 58.162.0.1 with DNS to 255.255.255.0
Exactly how to do this varies between versions of windows, but if you google "Change DNS in windows X" you'll find dozens of easy guides.
4. Once that's done, you'll need to run tch-exploit-win.exe (right click and run as admin) - further instructions are here but it's fully automatic with the exception of pressing the WPS button at a specific time
4a. At first you'll get a pretty generic looking window, but once the router connects to your custom-set IP address it thinks you're telstras update server - and gives the program full access.
4b.You'll get a wall of cool hacker text in a DOS looking window, that takes 1-5 minutes for the router to do it's thing and communicate with the program
4c. Eventually it progresses and asks you to press and hold the wifi WPS button, labelled as "pair" on some models - you may need to scroll down or expand the window to see this text
Once you've held that in for 3-5 seconds the text updates and says you're done. Revert your ethernet connection back to automatic IP and DNS, and move the LAN cable from the red WAN port to the yellow LAN port.
Congrats! You have root access!
2.Connect your PC's ethernet cord to the RED WAN port (Not the yellow LAN port!) for this first step only.
3. You need to change your network cards IP address and default gateway to 58.162.0.1 with DNS to 255.255.255.0
Exactly how to do this varies between versions of windows, but if you google "Change DNS in windows X" you'll find dozens of easy guides.
4. Once that's done, you'll need to run tch-exploit-win.exe (right click and run as admin) - further instructions are here but it's fully automatic with the exception of pressing the WPS button at a specific time
4a. At first you'll get a pretty generic looking window, but once the router connects to your custom-set IP address it thinks you're telstras update server - and gives the program full access.
4b.You'll get a wall of cool hacker text in a DOS looking window, that takes 1-5 minutes for the router to do it's thing and communicate with the program
4c. Eventually it progresses and asks you to press and hold the wifi WPS button, labelled as "pair" on some models - you may need to scroll down or expand the window to see this text
Once you've held that in for 3-5 seconds the text updates and says you're done. Revert your ethernet connection back to automatic IP and DNS, and move the LAN cable from the red WAN port to the yellow LAN port.
Congrats! You have root access!
Next up: tch-gui-unhide
If you need to do this offline, theres a guide here but it involves more putty and winSCP to transfer files into the router, as well as adapting some of the commands based on filenames and locations (root folder, USB flash drive, etc)
Theres several methods you can use to install this, but this is the simplest and doesnt require winSCP to transfer files.
It does require internet access, so this is when you connect the Technicolor routers WAN port to your existing networks LAN port, and give it internet access
Open Putty and enter the IP address of your router, SSH and port 22
You'll get a security alert on your first connection, just hit 'accept'
The next screens require you to type a login and password the default now is
for both
At this point you can run ./passwd and change the root password at any time, but for this guide i'm leaving it default to make it simpler.
You can then copy-paste the following command to have the router download and unpack the installer in one easy step:
You'll get something like this as they download, they're only scripts so it's quite fast
From here on is when you can run any of those scripts by running ./scriptname in your putty terminal. The TCH-GUI-UNHIDE page has a lot of examples and explanations of what commands can be used, but the main ones to use and in what order would be:
(Many of these will prompt you to hit Y and enter to confirm, i'm not hand-holding that much)
This resets your device, but makes sure the device wont lose the wrong settings from a reset and protects against corruption. After it reboots, connect with putty again by right clicking the top of the window and clicking 'restart session' and typing in the root username and password again.
This prevents Root being lost, and removes Telstra exclusive services and stops telstras remote access. The -A command is just recommended defaults, run without any commands to see the whole list
this opens up all the hidden menus telstra disabled. You can use -A for recommended settings, or manually enable and disable each setting
is an interactive script to help you enable or disable those cards manually, but you need to run the above command at least once before this works
Theres several methods you can use to install this, but this is the simplest and doesnt require winSCP to transfer files.
It does require internet access, so this is when you connect the Technicolor routers WAN port to your existing networks LAN port, and give it internet access
Open Putty and enter the IP address of your router, SSH and port 22
You'll get a security alert on your first connection, just hit 'accept'
The next screens require you to type a login and password the default now is
Code:
root
At this point you can run ./passwd and change the root password at any time, but for this guide i'm leaving it default to make it simpler.
You can then copy-paste the following command to have the router download and unpack the installer in one easy step:
Code:
curl -k -L https://github.com/seud0nym/tch-gui-unhide/releases/latest/download/$(uci get version.@version[0].marketing_version).tar.gz | tar -xzvf -
You'll get something like this as they download, they're only scripts so it's quite fast
From here on is when you can run any of those scripts by running ./scriptname in your putty terminal. The TCH-GUI-UNHIDE page has a lot of examples and explanations of what commands can be used, but the main ones to use and in what order would be:
(Many of these will prompt you to hit Y and enter to confirm, i'm not hand-holding that much)
Code:
./set-optimal-bank-plan
Code:
./de-telstra -A
Code:
./tch-gui-unhide
Code:
./tch-gui-unhide-cards
This is my before image:
And after (zoomed out to fit with some pages still disabled)
Bonus page of in-progress content: Setting up spare routers as EasyMesh wifi clients! (without paying $300 to telstra)
If you're on a DJA0230 or DJA0231 You can use the following commands to set one router to be an easymesh AP instead of the controller, for that sweet sweet AC2166Mb wifi link (with ethernet out at the other end)
What should happen is router 1 has the controller active, and router 2 (with the controller disabled) should automatically pair with the network and copy wifi settings. What's happening is... not that.
Code:
./de-telstra -m
Final version: The routers need to be on the same firmware, once my second DJA0231 was updated to 20.3c easymesh functioned easily.
All i needed to do was enable "agent" on the primary and disable "controller" on the secondary via the GUI, and connect them LAN to LAN
Wireless boosters dont seem supported via modding despite years of efforts by modders - they require a wired backhaul
Bonus code for VDSL users:
(hashtags make the code not do anything, they're for users to understand the code)
These unlock the VDSL download, upload, and total of both rates - some firmwares had lower limits (110 down and 30 up)
Code:
# Increase the max sync speed
uci set xdsl.dsl0.maxaggrdatarate='200000'
uci set xdsl.dsl0.maxdsdatarate='140000'
uci set xdsl.dsl0.maxusdatarate='60000'
Code:
#Remove old ADSL profiles and modes to sync VDSL faster
uci del_list xdsl.dsl0.profile='8a'
uci del_list xdsl.dsl0.profile='8b'
uci del_list xdsl.dsl0.profile='8c'
uci del_list xdsl.dsl0.profile='8d'
uci del_list xdsl.dsl0.profile='12a'
uci del_list xdsl.dsl0.profile='12b'
uci del_list xdsl.dsl0.multimode='gdmt'
uci del_list xdsl.dsl0.multimode='adsl2annexm'
uci del_list xdsl.dsl0.multimode='adsl2plus'
Attachments
Last edited: