Analysis friendly modern DSL routers/modems

This is only semi related to openwrt but many people around here know router hardware in depth.
I'm looking for DSL routers which support modern DSL speeds (100mbit and up) and are friendly towards analysis/firmware modifications. (Ideally they should also support bridge/modem mode and still be supported by the vendor.)

Looking through the hardware most seem to have a serial header, but iirc on some routers it is locked down or needs hardware modifications.
Most important imo is SPI flash. It would make dumping and reflashing very easy. But many manufacturers use NAND with lots of pins. Exception seems to be TP Link.
While being theoretically very useful, I could not really find much regarding JTAG. It mostly seems to be used on older models. Modern AVM devices seem to have the respective headers but you can't find any documentation or if it is usable.

Anyone knows manufacturers or devices which would fit in this category?

The only fully OpenWrt supported routers with VDSL2+vectoring (NOT super-vectoring, so only up to profile 17b/ 100/40 MBit/s) is the lantiq vr9 range of devices. Few of those vendors make it easy to flash OpenWrt and the devices themselves are showing their age by now (and are often troubled by unsupported or just low-end and/or BAD wireless), performance is pretty much at (above) its max for 100/40 MBit/s already. On the plus side these devices, are plenty and are cheap (but due to their age, they're slowly disappearing from the second markets). One of the best go-to examples for this kind of routers would be the https://openwrt.org/toh/bt/homehub_v5a.

So far there is only one supported 'better' and 'more modern' router with native support for VDSL2+super-vectoring (profile 35b, 250/40 MBit/s), the https://openwrt.org/toh/avm/avm_fritz_box_7530. In comparison to modern OpenWrt supported devices without integrated xDSL modems these are still rather low-end, but it's the best you can currently get with an integrated modem.

The actual firmware running on the firmware DSP (for either of the examples above) is a non-free blob, undocumented and often non-redistributable (so you will have to extract it from proprietary firmware in many case; always for vectoring capabilities), no changelogs and will have to 'find the best one'.

If you are looking for a dedicated xDSL modem (not running OpenWrt itself but explicitly supporting bridged-mode to another router), you need to check the business sector for matching device support. Draytek or ZyXEL are commonly used there, fully -officially- supporting modem-only mode (bridging), but hostile towards firmware modifications of any kind.

Some of the typical ISP provided modem-router all-in-one devices might support modem-only/ bridging operations as well, details vary greatly though (none of them are friendly to firmware modifications or flashing 3rd party firmware; modem-mode is often not a guaranteed selling point and might break or disappear at any time).

Thanks.
Yes, I know about the lantiq devices. My focus for now is less on openwrt but more on devices which allow for easier learning, analysis and potential porting of software in general. Plus having actually a future proof useful device as DSL router.
I maybe consider the 7530. But I always fear that it is easier to brick those.
With NOR flash you can at least always flash an old dump back just by hardware.
Alternative may be JTAG.
Do you or anyone else know maybe the pinout for this device or if it is possible to restore the OS via JTAG?
Alternative models which I have found which have SPI flash seem to be mostly from Zyxel or TP Link.

The AVM devices are relatively safe against bricking (bootloader based ftp recovery).

JTAG is always SOC specific, unless you're very intimately familiar with the SOC in question, it doesn't help you the slightest. Even if the JTAG footprint is left on the board, that doesn't guarantee that the supporting chicken food (resistors, capacitors, voltage regulators, level shifters, etc. pp.) is left in place. It's great if you are speaking ARM/ MIPS assembler fluently and are an avid electronics hacker, with a deep seated knowledge of reverse engineering wiring diagrams from existing PCBs, but it's not a fool proof recovery method (reflashing spi-nor externally kind of is, serial console access might be, if the bootloader cooperates; JTAG is not).

Let's be realistic here, the aforementioned dedicated business class xDSL modems are as hostile against hardware/ firmware hacking as it gets, but they're also ~15 bucks on the used markets (businesses don't buy used, home users tend to have different preferences, so these are unsexy and often cheap).

xDSL as a technology is pretty end of the line, there is little future development to expect (certainly in the fftc case, maybe-maaaybe for the fttb/ in-house usage scenarios), ftth and docsis are 'the future™'. The ipq4019/ 2x2 802.11ac based F!B 7520/ 7530 (~40 bucks used) is already at the lower end of the performance/ feature scale, but currently the best supported device with the most capable VDSL2 + super-vectoring modem available. If you want better, you need to get a dedicated xDSL modem in combination with a better 802.11ax router.

If you go the dedicated modem route, what exactly do you expect would 'break' it? OEM updates may appear once or twice a year, hopefully the vendor has tested their updates, what do you expect to break there? Obviously the situation changes if you actually want to develop on the modem DSP, but you aren't going to do it for the Broadcom devices (ZyXEL) and the (lantiq based) Draytek ones are as hostile as it gets in that regard as well, so no, you'd have to raise quite different questionsanswers before even attempting that.

EDIT: if you aim too high in your expectations, the only guarantee is that you'll never achieve anything. The world isn't perfect, so make the best out of the imperfections that are available to you. Don't let perfect be the enemy of good.

If you want a 'decent' all-in-one device, the F!B 7520/ 7530 is your guy, even if it's getting a tad long in the tooth in regards to CPU performance and wifi standards. If you value router performance more, filogic 830 (e.g. gl-mt6000/ t-56) is currently the best price/ performance ratio at the upper end - and the (dedicated) xDSL modem to go along with that matters rather little (it just has to meet the OEM promises).

EDIT2: Looking more than ~18 months into the future is rarely a smart idea when it comes to IT electronics, so better to get something cheap and good-enough now (and whatever you need, once you actually do need it) - than over-spending too much, just in case. If your region is currently limited to profile 17b (100/40 MBit/s), why bother about castles in the air - chances that your ISP might uprate you to profile 35b (250/40 MBit/s) are just as high/ low than that your area will see a ftth deployment (at least around here, the later is more realistic). …and profile 17b stuff is really cheap (almost a decade out of primary service), not that used F!B 7520/ 7530 would be really expensive. Slightly overspending on the router (CPU/ flash/ RAM, …) to give you more headroom for the future makes more sense, than overspending on the xDSL modem, 'just in case'.

it’s a shame they never perfected those sfp devices

ultimately that seems like the most convenient way in the end, you just have a switch with a sfp port and slot in a dsl port to it, but from what i’ve read they are a little iffy because they overheat or don’t use a great chipset

That is the worst kind of xDSL modem you could buy.

• what a waste for SFP, VDSL2 + super-vectoring (profile 35b) is 250/40 MBit/s at best
• you don't gain any freedoms, the SFP xDSL modem is still running the ~same proprietary firmware you'd see on a standalone modem
• firmware upgrades are basically impossible (you won't get them, there is no upgrade procedure that doesn't involve major surgery, opening the tiny SFP module and attaching cables to tiny PCB test points - and praying)
• you neither get a webinterface or line statistics
• the existing SFP based xDSL modems are badly optimized to ISP quirks (they're more designed for g.fast than profile 17b/ 35b)
• the SFP form factor is very prone to overheating, this is a real problem

...most of the disadvantages above similarly apply to SFP based ftth GPON ONT's.

Not a good argument.

You gain a device that only has the basic functionality, less bells and whistles etc.

I think there was still some way to do firmware upgrades, but the point is fair enough. I think if one was released today with a broadcom or intel chipset, the firmware is basically finished as far as dsl modeming goes. So yeah, i’d definitely consider it if it didn’t overheat.

Maybe, but the standards are pretty much done with VDSL2+ as far as i’m aware there’s less problems with all that telephone system quirk stuff.

Yeah obviously that would be a good thing to perfect… like I said in my post. Like you said though, the days of xDSL are going bye bye, even i’m getting fibre soon. Funnily enough, the last use case for DSL is what, some kind of long distance custom connection over a limited amount of copper wires.

I live in Germany and the only sane and hassle free option for me was to actually buy the ISP router from Telekom, the Speedport, and set it into bridge mode. Price is ok considered that it just works and the GUI is not that shitty. But beside link local ipv4 management there is not much you can gain from this device.

I just got a bunch of used 7520 to have a DSL router with SQM to play around with BGP.
At their price point you can just buy more of them so you can simply switch to the next one if you are not in the mood of recovering from mishaps.

Some of the budget DSL CO modems only sync at Annex A and either 17a or 30a. Not sure why the sync is picky. But it worked "good enough" for me, so I did not look into it.

I belive the only place you can find that is under "oxymoron" in the dictionary