Huawei B2338-168 and B2328-42

Both of the above are Huawei LTE CPEs based on MT7621, with an indoor/outdoor unit.

I am trying to modify the configuration, as I need to do some customization, but apparently Huawei signs the firmwares and checks against a public key, this prevents any and all modifications. The firmware format otherwise is a quite self-explanatory IPK format, easy to extract and dissect.

I managed to get the GPL source for both devices (after months of nagging), and it is possible to build an image, but nor the signing tool nor a private key is provided, therefor it is not possible to generate a valid image.

I am happy to share the GPL source with anyone interested in it.

This is the file which checks the the signature (signchk is only available in binary, no source):

path=`echo "$oldipkg" | sed 's#\(.*\)\/.*#\1#'`

ln -fs $oldipkg  $ipkg

pubkey=$pubkey" ""/etc/conf/app/dsa_pub.pem" 

cd /tmp
if [[ "$ipkg" == ""  ]]; then
	echo "0" > ipkg.chk 
	exit 1

for key in $pubkey; do
	rm -f ipkg.chk sign ipkginfo
	signchk "$ipkg" IPKG "$key" > /tmp/signchk.log 2>&1
	pass=$(cat "$ipkg".chk)
	if [ "$pass" == "1" ]; then
		ls -l "$ipkg" >> /tmp/signchk.log 2>&1
		md5sum "$ipkg" >> /tmp/signchk.log 2>&1

mv "$ipkg".chk ipkg.chk
rm -f $ipkg
rm -f sign ipkginfo
exit 0

If someone has any experience or suggestion about how to generate this signature, that would be awesome.

This is how the firmware looks like:


The "sign" file contains the signature. (the odu.ipk has similar format).

For other operators who are thinking of buying anything from Huawei: please don't. You will end up with a locked down CPE with an ancient kernel, which writes every log entry extensively to the flash which kills it in about 2 years time.

Can you share with me the firmware

Which one?

B2338-168 please

Where can I find the firmware for B2328-42?

Managed to get OpenWRT initramfs working. No drivers for EMMC, is there anything useful in the source code?

Here are the GPL sources and the latest generic firmwares for the two device types.

For those who wnats to flash them: be careful: your operators customization will be gone if you do so, and a previously saved config file cannot be reloaded to the device.

As these are all MT7621 devices, the source might be useful for @nbd as well.

1 Like

I would like to flash Huawei B2338-168. After flashing how can I access the admin dashboard?
admin / TDDLTEcpe

thanks, @dchard!

One more thing, I've flashed the Huawei B2338-168 with this file "huawei-dual-hisilicon-tf-2cc_V100R001C00SPC230_mips.ipk" but I see nothing related to openwrt. It is just a new firmware.

But the question is how do I put OpenWRT to the Huawei B2338-168? Will it work after flashing it with OpenWRT? Are you able to out some instruction on YouTube? I really like this device.


Yes, what this topic is about is the proprietary firmware, and the GPL sources. There is no OWRT support, but if you want, you can add support, likely not too complicated at least for the indoor unit, as it is a mt7621 based device.

thanks, @dchard!

Were you able to install OWRT to this device?

I answered this question already in my previous post. There is no OWRT support, so nobody was able to install OWRT on the device.

alright, I see @dchard.

What's really stopping us to convert the device in to OWRT?

Huawei is signing the device? Do we need a private key for generating a valid image?

Can you please give me their contact, so I also nag them. Maybe they will send us the key.

They do sign the image, although bootloader can be accessed after pushing the WPS button. I think the bootloader TFTP recovery does not use any sign verification process (not tested). To be honest, I am not interested in this device anymore, and it took quite a few months for me to extract the GPL source from Huawei, as they did not have it available when I first asked (the B2328-42 was on the market for 3 years already at that time). Based on my experience with both the devices and the vendor itself, we never buy Huawei CPEs ever again.

1 Like

thanks, @dchard!!!

that's a bummer honestly. However, I'll be stuck with this device for a long time yet. But I also want to switch out of the Huawei.

What kind of devices are you using now? Do you recommend any outdoor LTE device which supports OWRT?

Are you familiar with Mikrotik LGH LTE?

Not yet merged, but the ZyXEL NR7101 support is pretty complete:

EDIT: in master now:;a=commit;h=2449a632084b

See alse the preliminary device page:

I believe many of the family members, both indoor and outdoor CPEs, are very similar - based on MT7621 - and should be easy to add. This goes for both LTE and NR devices. I do have an LTE5398 indoor unit which I plan to add as soon as I get some time. This one has a Quectel RG18-EA modem and a WiFI module, and no PoE, but is otherwise very similar to the NR7101.

1 Like

Fantastic work @bmork!

Thanks for the recommendation. Looks like a good product.

I have a Zyxel LTE5398 now, any news on adding it to snapshot branch? :slight_smile:

Sorry, but that project never went anywhere. The device is almost identical to the NR7101 (except for less important stuff like modem type and casing) so there isn't much left to figure out. Which made it a bit boring....

Should be a nice project to start though :slight_smile: Console header is already soldered an all. Start by tftp loading an rambooting an NR7101 initframfs image and see where it goes