华为版HN8145X6海鲜市场找人升级固件到R21 050的教程
本帖最后由 a4421565a 于 2022-5-7 07:40 编辑大致过程如下telnet链接你的光猫
Welcome Visiting Huawei Home Gateway
Copyright by Huawei Technologies Co., Ltd.
Login:root
Password:
WAP>su
success!
SU_WAP>shell
BusyBox v1.30.1 () built-in shell (ash)
Enter 'help' for a list of built-in commands.
profile close core dump
WAP(Dopra Linux) # cd /dev/shm
WAP(Dopra Linux) # tftp -g -l hwp -r hwp 192.168.1.11 这里要改成你电脑的本地ip
WAP(Dopra Linux) # chmod 777 hwp
WAP(Dopra Linux) # ./hwp 0xC0204D02 allsystemA
========== HW Pound ==========
Version: 1.5.0 (2021/08)
Improper use of this software application may damage the device.
ioctl(fd, 0xC0204D02, allsystemA, ...) return code = 0
WAP(Dopra Linux)# ./hwp 0xC0204D02 allsystemB
========== HW Pound ==========
Version: 1.5.0 (2021/08)
Improper use of this software application may damage the device.
ioctl(fd, 0xC0204D02, allsystemB, ...) return code = 0
WAP(Dopra Linux) # cat /proc/wap_proc/mtd_protect
Index:0 Name:bootcode Size:1048576 Flags:0x4000
Index:1 Name:ubilayer_v5 Size:267386880Flags:0x4400
Index:2 Name:flash_configA Size:126976 Flags:0x0
Index:3 Name:flash_configB Size:126976 Flags:0x0
Index:4 Name:slave_paramA Size:126976 Flags:0x0
Index:5 Name:slave_paramB Size:126976 Flags:0x0
Index:6 Name:allsystemA Size:51298304 Flags:0x400
Index:7 Name:allsystemB Size:51298304 Flags:0x400
Index:8 Name:keyfile Size:1142784 Flags:0x400
Index:9 Name:frameworkA Size:17014784 Flags:0x400
Index:10 Name:frameworkB Size:17014784 Flags:0x400
Index:11 Name:wifi_paramA Size:126976 Flags:0x0
Index:12 Name:wifi_paramB Size:126976 Flags:0x0
Index:13 Name:file_system Size:10539008 Flags:0x400
Index:14 Name:apps Size:101072896Flags:0x400
WAP(Dopra Linux) # tftp -g -l mtd6.bin -r mtd6.bin 192.168.1.11
WAP(Dopra Linux) # dd if=/dev/shm/mtd6.bin of=/dev/mtdblock6
100192+0 records in
100192+0 records out
51298304 bytes (48.9MB) copied, 20.148351 seconds, 2.4MB/s
WAP(Dopra Linux) # dd if=/dev/shm/mtd6.bin of=/dev/mtdblock7
100192+0 records in
100192+0 records out
51298304 bytes (48.9MB) copied, 19.019131 seconds, 2.6MB/s
WAP(Dopra Linux) # exit
success!
SU_WAP>reset
至此,光猫重启,升级结束
所用到的mtd6.bin文件论坛里已经提供很多了,那个hwp文件是什么我也搞不懂,升级后我用tftp也无法备份出来,懂的大佬可以在评论区回复
deleuzejing 发表于 2022-7-13 11:09
大佬,求个编译好的,先谢谢了
已经发了。我还是直接传上来吧,免的一个个发邮件挺麻烦的。
你们这样搞,以后不会再有人提供远程服务了,全部邮寄吧... 随心feixiang 发表于 2022-10-19 22:12
我用这个方法也不行,还是提示/bin/sh: hwmtd: not found
结合以上道友的总结,最终指令:
telnet 192.168.1.1
root
Hw8@cMcc或者adminHW
su (进入SU-WAP模式)
shell (进入WAP模式)
cd /dev/shm (进入到SHM文件夹)
tftp -g -l mtd6.bin -r mtd6.bin 192.168.1.2 (新的mtdblock6在电脑上改名为mtd6.bin,然后上传到shm文件夹)
tftp -g -l hwmtd -r hwmtd 192.168.1.2 (把hwmtd软件上传到shm文件夹)
chmod +x hwmtd (给hwmtd授权)
/dev/shm/hwmtd -u allsystemA (解锁allsystemA)
cat /proc/wap_proc/mtd_protect (看flag的值变成0x4400说明解锁成功)
dd if=/dev/shm/mtd6.bin of=/dev/mtdblock6 (刷mtdblock6分区)
/dev/shm/hwmtd -l allsystemA (上锁allsystemA)
exit (退出WAP模式回到SU-WAP模式)
SU_WAP>display version (在SU-WAP模式下查看版本号)
SU_WAP>display inner version (在SU-WAP模式下查看)
shell
reboot zhang260gt 发表于 2022-8-8 01:33
WAP(Dopra Linux) # /var/hwmtd -u allsystemA
/bin/sh: /var/hwmtd: not found
WAP(Dopra Linux) #
telnet 192.168.1.1
root
adminHW
su
shell
cd /dev/shm(进入到SHM文件夹)
tftp -g -l hwmtd -r hwmtd 192.168.1.11(把hwmtd软件上传到shm文件夹)
hwmtd -u allsystemA(解锁allsystemA)
hwmtd -u allsystemB(解锁allsystemB)
tftp -g -l mtd6.bin -r mtd6.bin 192.168.1.11(新的mtdblock6在电脑上改名为mtd6.bin,然后上传到shm文件夹)
dd if=/dev/shm/mtd6.bin of=/dev/mtdblock6(刷mtdblock6分区)
dd if=/dev/shm/mtd6.bin of=/dev/mtdblock7(刷mtdblock7分区)
exit
reset yjf8888 发表于 2022-5-6 16:08
是滴,会断了“内部人”的财路,不再远程搞。但仍期待本坛具有奉献精神的大佬不久就能突破此技术门槛的 ...
掏钱了,无所谓,学到多少全凭本事,再说了我也有点可惜没搞到关键的解锁分区的文件,这玩意要是没论坛里这么多大佬的无私奉献,大家也玩不转 696666666666666666 这个没有后续了吗? telnet 192.168.1.1
root
adminHW
su
shell
cd /dev/shm
tftp -g -l hwmtd -r hwmtd 192.168.1.11(把hwmtd软件上传到shm文件夹)
hwmtd -u allsystemA(解锁allsystemA)
hwmtd -u allsystemB(解锁allsystemB)
tftp -g -l mtd6.bin -r mtd6.bin 192.168.1.11(新的mtdblock6在电脑上改名为mtd6.bin,然后上传到shm文件夹)
dd if=/dev/shm/mtd6.bin of=/dev/mtdblock6
dd if=/dev/shm/mtd6.bin of=/dev/mtdblock7
exit
reset WAP(Dopra Linux) # cd /dev/shm
WAP(Dopra Linux) # chmod 777 hwmtd
WAP(Dopra Linux) # ./hwmtd 0xC0204D02 allsystemA
./hwmtd -l <mtd name> ... lock mtd
./hwmtd -u <mtd name> ... unlock mtd
WAP(Dopra Linux) # ./hwmtd 0xC0204D02 allsystemB
./hwmtd -l <mtd name> ... lock mtd
./hwmtd -u <mtd name> ... unlock mtd
WAP(Dopra Linux) # /dev/hwmtd -u allsystemA
/bin/sh: /dev/hwmtd: not found
WAP(Dopra Linux) # cat /proc/wap_proc/mtd_protect
Index:0 Name:bootcode Size:1048576 Flags:0x4000
Index:1 Name:ubilayer_v5 Size:267386880Flags:0x4400
Index:2 Name:flash_configA Size:126976 Flags:0x0
Index:3 Name:flash_configB Size:126976 Flags:0x0
Index:4 Name:slave_paramA Size:126976 Flags:0x0
Index:5 Name:slave_paramB Size:126976 Flags:0x0
Index:6 Name:allsystemA Size:51298304 Flags:0x400
Index:7 Name:allsystemB Size:51298304 Flags:0x400
Index:8 Name:keyfile Size:1142784 Flags:0x400
Index:9 Name:frameworkA Size:17014784 Flags:0x400
Index:10 Name:frameworkB Size:17014784 Flags:0x400
Index:11 Name:wifi_paramA Size:126976 Flags:0x0
Index:12 Name:wifi_paramB Size:126976 Flags:0x0
Index:13 Name:file_system Size:10539008 Flags:0x400
Index:14 Name:apps Size:101072896Flags:0x400
WAP(Dopra Linux) #
https://www.chinadsl.net/forum.php?mod=image&aid=100841&size=300x300&key=387e92a036c37c9f&nocache=yes&type=fixnone
hwp应该是个很简单的程序
坐沙发学习学习,顺便赚猫粮 果然有后门 找人远程升级的,什么也看不到,几分钟就升级好了。不过话说升级21版本后,WI-FI问题彻底解决。最牛逼的是5GWI-FI信号即使十分微弱,哪怕是微弱到有时候搜索不到的程度,一旦连接就不会掉线并且传输速度居然可以达到10m左右,打开网页流畅,r20版本时是不可想象的。 hwp文件刚拷贝到你本地时拷贝一份 很明显hwp是用来解锁两个系统分区的,allsystemA和allsystemB,他给放在shm这个用内存虚拟的目录下了,重启就会消失。这个海鲜市场的人不地道,只给你刷了两个主系统分区,不太负责。如果你原来是035,找人或者自己升级9和10分区以及14分区,要不然电信插件会频繁写日志且容易出错。 lp7049 发表于 2022-5-6 06:25
找人远程升级的,什么也看不到,几分钟就升级好了。不过话说升级21版本后,WI-FI问题彻底解决。最牛逼的是5 ...
其实x6的无线信号就那样吧,与稍好点的路由器没法比。我的x6砖了后在同样的位置放了一个ax3pro,老光猫桥接,无线信号明显好于x6,而且2.4和5g信号切换迅速,隔两堵墙立即2.4,转到隔一堵墙就立即5g。本来砖了后想再买个hs8145x6的,换上路由器后看这样子,现在就想着是不是把老光猫换成f610gv9得了。 pioneer81 发表于 2022-5-6 06:35
hwp文件刚拷贝到你本地时拷贝一份
没来得及 备份一下那家伙就给我把hwp删掉了... sdwfwmj 发表于 2022-5-6 07:15
很明显hwp是用来解锁两个系统分区的,allsystemA和allsystemB,他给放在shm这个用内存虚拟的目录下了,重启 ...
是的wifi和内存问题解决了 但是日志会高频次写入文件报错 HWP是回收站永久删除吗,用恢复软件看看,这确实卖家不地道!