Hi,
New guy here...
I just read this thread:
https://forum.archive.openwrt.org/viewtopic.php?id=67564&p=1
In post 22 a very skilled person, "Cadavrez", writes "If you want a firmware dump of this version I'll gladly share".
Well.... I'm looking for exactly that: Telenor firmware for TG799vac.
If someone in here can please help me, it would be very much appreciated!
OK, so you just want root access to the TG799vac - that's not a problem. I myself use this as a bridged modem, but previously used it as a modem router with good results.
The above outlines an end-to-end setup of how to gain root access and how to secure this configuration.
https://hack-technicolor.readthedocs.io/en/stable/Repository/#telstra-gateway-max
The above link shows compatible firmwares with the TG799vac, the most ideal one being the "17.2.0261-820-RA". Download that rbi, and flash it using autoflashgui (use the TG799vac 0261 setting) to gain root access. Once it's been done successfully (autoflashgui says to connect to the router over port 6666) follow the first link from "#reconfigure-new-firmware" onwards.
After you've set that up accordingly I'd recommend you check out https://github.com/Ansuel/tch-nginx-gui/wiki/Installation for a brilliant custom GUI solution that allows for granular control. You can also install LuCi if you're so inclined, but I think that this GUI is more friendly and conducive to the majority of use-cases.
Thank you so much for your help!
I have tried to use BOOT-P to send some Telia and Telstra firmwares to the device.
The process always fails with "File is not a valid BLI" message. (Using the serial interface to monitor the output).
I have tried with autoflashgui and tch-exploit to send firmware, but that fails to.
So my hope was that a valid Telenor firmware should success with BOOT-P...
Device info:
Device info:
Technicolor TG799vacXTREAM
Software Version 18.1
Firmware Version 18.1.0297-1321006-20191213145958
Hardware Version VANT-W
Bootloader Version 15.38.724-0000000-20150917132051-
OK, that only fails because they're different hardware models. To that end, simply try to flash it using https://hack-technicolor.readthedocs.io/en/stable/Repository/#tg799vac-xtream-vant-w - download the 17.2.0339 firmware and use autoflashgui, I'd advise setting it to Generic (Ping) to flash. Then secure it using https://hack-technicolor.readthedocs.io/en/stable/Hardening/ before installing that custom GUI.
Hi,
I have tried with all these vant-w files. I have also tried with plenty of other files. Allways same result: "File is not a valid BLI".
I don't remember exactly what went wrong when I tried with "autoflashgui". Perhaps I should try it some more.
I really appreciat your time to help me. Thank you!
OK, in that case it's really starting to get down to trial and error in terms of my knowledge in this. Also, BLI? That's strange, usually these firmware files come in RBI format. Best guess, maybe is to set up a TFTP server and try to flash the firmware as before using it, https://hack-technicolor.readthedocs.io/en/stable/Recovery/#bootp-flashing Then thereafter use one of the varying techniques to trigger a bank switch.
Hi,
That is exactly the method I have been using. BOOTP-flashing with TFTP. I also have a serial port connections to the device, so I can see the output:
Technicolor Gateway
(c) 2015, All rights reserved
Gateway initialization sequence started
Boot Loader Version : 15.38.724-0000000-20150917132051-
CPU : BCM63137B0
RAM : 256MB
Flash : 125MB NAND
Board Mnemonic : VANT-W
Market ID : FFFC
Entering BOOT-P mode (reason: BUTTON_PUSH )
BOOTP Reply received
Local IP: 192.168.10.2
BOOTP Server IP: 192.168.10.5
TFTP Server IP: 192.168.10.5
Filename: 172339w1021008closed.rbi
TFTP started
*** 0 kB received ***
*** 50 kB received ***
.
.
*** 23635 kB received ***
TFTP finished
File is not a valid BLI
Resetting the gateway
I have successfully used this method on a similar Telia (tg799vac vant-r) device. That one accepted the firmware sent with TFTP. I could then do the banck switch with "boot failure" procedure. After that I could use a method to get root.
So my guess is that if I have an rbi-file with old Telenor firmware it might work... 
tch-exploit also provides a cross platform dhcp + tftp server btw
Set your nic as a static ip then eg.
sudo ./tch-exploit-linux --ip="192.168.0.2 (your computers ip)" --tftp='/home/user/tch-exploit/release/VANT-Y.rbi'
or
sudo ./tch-exploit-linux --eth="en0" --tftp='/home/user/tch-exploit/release/VANT-Y.rbi'