BT Home Hub 2.0 Type B and BT Infinity Home Hub 2.0 Type B: Info, Unlock, Configuration and Usage Options

Hi!

BT Home Hub 2.0B on the left and the BT Infinity Home Hub 2.0B on the right!

Next up is the Home Hub 2.0 Type B router alongwith the Infinity Home Hub 2.0 Type B that is necessarily the same hardware as the first one but with different firmware and markings. It is quite a nice router from Siemens (some are 'Made in Germany' and some 'Made in Tunisia') and is one of my favourites. The openwrt wiki page provides all the details of the hardware. Unfortunately, the firmware prevents usage with other ISPs and as shown above in pictures some are found 'dumped' here in Pakistan in an unused condition so it is great that there is a method to 'unlock' these routers.

Firmware Unlock:

For the unlock of Home Hub 2.0 Type B as provided by the now defunct psidoc.com website:

Note: The Infinity hub can accept firmware for the non-infinity normal hub and can be unlocked in such a manner! Then, one can re-flash the infinity hub with it's original firmware with the unlock persisting!

All relevant files are available here!

- First, we need to determine the firmware version installed as the unlock works with firmware version 4.7.5.1.83.3.10 or lower

(To continue reading, please click on 'Read More')

- If the firmware version is higher than 4.7.5.1.83.3.10, then, we need to downgrade the firmware:

"Easily & safely downgrade your Hub 2B from 4.7.5.1.83.3.18 so you can unlock it.

Hi all I finally have a solution for those of you with Hubs on version 4.7.5.1.83.3.18 that get the Access Denied error when trying to use the Sysfolder hack.

The solution was there all the time! I just had to find it.

Ok here we go.
1: Download the 2 files attached below and extract them to your desktop password on both files is www.psidoc.com Both of the files are standard BT firmware updates. Versions 4.7.5.1.83.3.17 and 4.7.5.1.83.3.18

2: Make sure you are connected to the router via an ethernet cable. We're flashing a firmware here so we don't want any wireless hiccups.

3: Open you web browser and type in: http://192.168.1.254/firmware_upgrade
 it was that simple DUH!

4: Put in your password for the router.

5: Click the browse button and select HUB20B_4.7.5.1.83.3.17_PROD.rms as the update file.

6: Click OK. (You may be warned that all your settings will be wiped out. This is normal, and besides if it's a locked router you haven't configged to work your way anyway!)

7: The Hub update light will now flash 10~30 seconds and you will be asked to confirm the 'update' from 4.7.5.1.83.3.18 to 4.7.5.1.83.3.17 Click Yes.

In a few seconds the hub will reboot. The relay inside will click 3 times during the reboot and it will take slightly longer than normal to reboot to the blue lights don't worry this is normal.

Give it a couple of minutes to sort itself out with the new firmware and you can proceed to unlock properly using the other tutorial in this section.

Advisiory: The 4.7.5.1.83.3.17 firmware is a bit of an unknown entity and I don't think BT ever publically released it, so after unlocking the router properly I strongly recommend reupdating back to 4.7.5.1.83.3.18 using the attached HUB20B_4.7.5.1.83.3.18_PROD.rms firmware using the same method as above."

- Finally, we can unlock the router:

"

Items needed:
A Windows PC We need the fact that windows is a bloody minded bully whilst networking and tries to ride roughshod over everything Linux is just far too polite!
A USB drive 32mb or larger that works in the homehub 2B Check it works before you start the hack as the 2B can be a bit fussy on the USB Drive.
The files attached at the bottom of this post.

0: Preparation:
0.1: Download and extract the attached files. Password on file: www.psidoc.com
0.2: Plug your USB drive into your PC
0.3: Open DiskImage_1_6_WinAll.exe, say yes to the freeware licence.
Note: If in Vista or Windows 7 run as administrator!
0.4: Select the physical disk (not the Drive letter) that is your USB drive.
Note: Double check this because you can trash your PC hard drive if you get it wrong!!
0.5: Click the browse button and select ext3.img.
0.6: Click the start button. Writing takes approx 3 7 seconds and you can see it's progress on the progress bar.

Ground Control We're Ready for Liftoff!
1: Getting root
1.1: Reset router to defaults and let it boot again.
1.2: Pop the USB drive into the HomeHub 2B
1.3: Open My Computer and type in \\192.168.1.254\ when prompted for username : password it's admin:[password on back of the router] You should now see a network folder called USB1.
1.4: Double click USB1 and select the utelnetd and the smb.conf files, then select edit >> copy
1.5: Double click the SYS folder and then the ETC folder.
1.6: Select Edit >> Paste and confirm overwriting the smb.conf file.
1.7: Close the My Computer window you have been working in.
1.8: Open a new My Computer window and type in \\192.168.1.254\ and again double click USB1 folder and double click the SYS folder. Now go in to a couple of folders any will do in the file system but don't delete anything! The wandering about in the filesystem is to trigger the telnet into working.
1.9: Open Kitty and select the telnet button, ip address 192.168.1.254, port 4002, and click open. NOTE: if it doesn't work 1st time wait 15 seconds or so and try again... and again... and again. The samba doesn't update as quick as the 2A! You should be in after about a minute max and have a root telnet session.

Hello Houston... We Have Root!
2: Ok let's hack this bad boy! Finally the UNLOCK after all that fannying around above!
At the command prompt type in the commands below one at a time.
Note: everything before the ":<" is the command everything after explains what the command is doing.

2.1: ssh_cli :

2.2: conf print persistent/bt/domain_locking/enabled :

2.3: conf set persistent/bt/domain_locking/enabled 0 :<This is the unlock bit!

2.4: conf print persistent/bt/domain_locking/enabled :<Check the domain lock again will now reply (enabled(0)).. Hurrah Unlocked Hub!

2.5: conf del fw/policy/0/chain/fw_br0_in :<Unlocking the SSH command shell by deleting the firewall drop command (ethernet)

2.6: conf del fw/policy/0/chain/fw_br1_in :<Unlocking the SSH command shell by deleting the firewall drop command (wifi)

2.7: conf reconf 1 :<save everything to flash and reload configuration immediately.

Siemens did have some forethought and removed the telnet binary so we have no permanent telnet, however they did leave in the SSH (Secure Shell) and it is running by default.

We can use that for CLI access instead of telnet. Steps 2.5 and 2.6 remove the firewall actions put in place by Siemens to stop us connecting on the SSH port on the router so full access is granted.

To SSH in. Use Kitty again. Select SSH , ipaddress 192.168.1.254, port 22. username: admin password: [password on back of the router or whatever you have set it to.]. You will be asked about a security certificate, on connecting. Accept and store it.

The unlock is permanent accross firmware reflashing, rebooting and resetting to defaults using both the GUI and the recessed red button. The SSH CLI unlock is not permanent accross resetting to defaults so make a settings backup in the GUI when you are finished setting up. That way if you do a reset then restoring the settings should give you SSH access again.

One final note: In the unlock text file in the download I have made a spelling mistake in the commands to unlock. The word persistant should be persistent.

Psi"

Here is a video of the process:

(More info, screenshots and videos to follow! To be continued...)