Both of the above are Huawei LTE CPEs based on MT7621, with an indoor/outdoor unit.
I am trying to modify the configuration, as I need to do some customization, but apparently Huawei signs the firmwares and checks against a public key, this prevents any and all modifications. The firmware format otherwise is a quite self-explanatory IPK format, easy to extract and dissect.
I managed to get the GPL source for both devices (after months of nagging), and it is possible to build an image, but nor the signing tool nor a private key is provided, therefor it is not possible to generate a valid image.
I am happy to share the GPL source with anyone interested in it.
This is the file which checks the the signature (signchk is only available in binary, no source):
#!/bin/sh oldipkg="$1" path=`echo "$oldipkg" | sed 's#\(.*\)\/.*#\1#'` ipkg=$path/verify.ipk ln -fs $oldipkg $ipkg pubkey=$pubkey" ""/etc/conf/app/dsa_pub.pem" cd /tmp if [[ "$ipkg" == "" ]]; then echo "0" > ipkg.chk exit 1 fi for key in $pubkey; do rm -f ipkg.chk sign ipkginfo signchk "$ipkg" IPKG "$key" > /tmp/signchk.log 2>&1 pass=$(cat "$ipkg".chk) if [ "$pass" == "1" ]; then break; else ls -l "$ipkg" >> /tmp/signchk.log 2>&1 md5sum "$ipkg" >> /tmp/signchk.log 2>&1 fi done mv "$ipkg".chk ipkg.chk rm -f $ipkg rm -f sign ipkginfo exit 0
If someone has any experience or suggestion about how to generate this signature, that would be awesome.
This is how the firmware looks like:
debian-binary data.tar.gz control.tar.gz openwmx.bin odu.ipk ipkginfo sign
The "sign" file contains the signature. (the odu.ipk has similar format).
For other operators who are thinking of buying anything from Huawei: please don't. You will end up with a locked down CPE with an ancient kernel, which writes every log entry extensively to the flash which kills it in about 2 years time.