Installing a Telnet Server on a Wanadoo Livebox (Inventel DV4210) Wireless ADSL Modem Router

Inventel decided that they would ship this Router without a Telnet server installed. This means that there is no way to remotely manage the router other than through the supplied web pages. As the options available via the web page are rather limited I decide to look at what was needed to install a Telnet server to allow remote management. There are currently three methods that I have used to install a Telnet Server.

Via a Serial Connection,

First you need to build and install the serial port adapter. A schematic for the adapter is available here. No opening of the box required.

If required, you need to get root access. See here for more details.

You now need to copy the telnet server over to the Livebox. This Telnet Server is part of the TinyGT distribution ( site no longer available) for DG834GT Routers. This router is also based on the BCM634X chipset family. The easiest way to copy the file over is to use wget in the following manner.

cd /etc to get to a directory that is R/W in the EEROM of the Livebox.

wget ftp://ip.my.host.machine/path/to/utelnetd. If wget does not work, try disconnecting the ADSL connection. My Livebox doesn't allow wget to function over the local lan if there is an active cable connected. Why I'm not sure, but I think it is a routing issue. I have been informed by 'Stroller' that wget will also work with a web-server if you don't have an ftp server handy. You just need to modify the wget command.

The Telnet Server can then be started by utelnetd -p 23 -l /bin/sh -d.

To get the Telnet Server to start automatically, you can use this script within /etc/init.d/. cd /etc/init.d and then use wget to copy this script over. You then need to create links from this script to /etc/rc0.d, /etc/rc1.d and /etc/rc2.d directories with the link called S35telnet_server or any number after 30 (you need the network running before the server starts.) Ensure that all the files are readable and executable by everyone.

Via a modified cfgsave.dwb file (copying utelnetd only) assuming that the firmware version is low enough.

First, get a cfgsave.dwb file, unhide it and then modify the wifi.conf file within it as follows to copy down utelnetd and a couple of scripts to get it to start automatically. I added the following commands to the bottom of the wifi.conf used in here.

cd /etc

wget ftp://ip.my.host.machine/path/to/utelnetd

chmod 777 /etc/utelnetd

cd /etc/init.d

wget ftp://ip.my.host.machine/path/to/telnet_server

chmod 777 /etc/init.d/telnet_server

ln -s /etc/init.d/telnet_server /etc/rc1.d/S35telnet_server

Now save and hide the cfgsave file and install it on the Livebox, after ensuring that the above has been completed.

The Livebox should now automatically download the required files and reboot. This has only downloaded and installed the telnet server, it has not stopped the Livebox from automatically updating itself from Inventel's server when it gets an ADSL connection. The server that it tries to use is contained within the autoconf.conf and firm.conf files and really should be changed from developers.inventel.com to stop the automatic updating.

You should be able to telnet into the Livebox without having to enter a password ( as long as you included the password hack in the wifi.conf file within cfgsave.dwb). Once you have found that you can telnet into the Livebox you should restore the original cfgsave.dwb file onto the Livebox, otherwise the Livebox will keep running the hacked wifi.conf script every time it reboots. After a few reboots it runs out of room in the eeprom and does a hard reset which reformats the writeable portion of the flash with defaults and removes all your changes.

Via a modified cfgsave.dwb file (including fixing autoupdates from inventel.com) assuming the firmware version is low enough.

First, get a cfgsave.dwb file, unhide it and then modify the wifi.conf file within it to use wget to copy a script file from an ftp server and then run that script. I added the following commands to the bottom of the wifi.conf used in here.

cd /var

wget ftp://ip.my.host.machine/path/to/setup.sh

chmod 777 setup.sh

./setup.sh

This will download a setup.sh script file that will automatically copy down the required files to the Livebox. You need to ensure that the ip address within the setup.sh file has been correctly set for your ftp server. An FTP server for Windows is available from here, for Linux just install one from your distribution, You also need to copy down the correct version of the following files and place them in the correct directory on the ftp server. See comments within the setup.sh file.

You will need to copy your original wifi.conf (without the password hack) from your cfgsave.dwb file into the version specific directory.

for v5.01.4-uk, autoconf.conf, firm.conf, normal_boot

for v5.02.1-sp, autoconf.conf, firm.conf, normal_boot

for v5.02.2-uk, autoconf.conf, firm.conf, normal_boot

for v5.02.7-fr, autoconf.conf, firm.conf, normal_boot

for v5.03.3-uk, autoconf.conf, firm.conf, normal_boot

for v5.03.3-fr, autoconf.conf, firm.conf, normal_boot

for v5.04.2-uk, autoconf.conf, firm.conf, normal_boot

Now hide the cfgsave file and install it on the Livebox, after ensuring that the above has been completed.

The Livebox should now automatically download the required files and reboot. Using this setup.sh file you have also stopped the Livebox from automatically updating itself from Inventel's server. The server that it now tries to use is contained within the autoconf.conf and firm.conf files and should be set to 10.0.0.242. If you want a different address, change the entries within these files before downloading to the Livebox.

Via the websrv application backdoors.

See here for details.

Andy Potter.