Both of the above are Huawei LTE CPEs based on MT7621, with an indoor/outdoor unit.
I am trying to modify the configuration, as I need to do some customization, but apparently Huawei signs the firmwares and checks against a public key, this prevents any and all modifications. The firmware format otherwise is a quite self-explanatory IPK format, easy to extract and dissect.
I managed to get the GPL source for both devices (after months of nagging), and it is possible to build an image, but nor the signing tool nor a private key is provided, therefor it is not possible to generate a valid image.
I am happy to share the GPL source with anyone interested in it.
This is the file which checks the the signature (signchk is only available in binary, no source):
#!/bin/sh
oldipkg="$1"
path=`echo "$oldipkg" | sed 's#\(.*\)\/.*#\1#'`
ipkg=$path/verify.ipk
ln -fs $oldipkg $ipkg
pubkey=$pubkey" ""/etc/conf/app/dsa_pub.pem"
cd /tmp
if [[ "$ipkg" == "" ]]; then
echo "0" > ipkg.chk
exit 1
fi
for key in $pubkey; do
rm -f ipkg.chk sign ipkginfo
signchk "$ipkg" IPKG "$key" > /tmp/signchk.log 2>&1
pass=$(cat "$ipkg".chk)
if [ "$pass" == "1" ]; then
break;
else
ls -l "$ipkg" >> /tmp/signchk.log 2>&1
md5sum "$ipkg" >> /tmp/signchk.log 2>&1
fi
done
mv "$ipkg".chk ipkg.chk
rm -f $ipkg
rm -f sign ipkginfo
exit 0
If someone has any experience or suggestion about how to generate this signature, that would be awesome.
This is how the firmware looks like:
debian-binary
data.tar.gz
control.tar.gz
openwmx.bin
odu.ipk
ipkginfo
sign
The "sign" file contains the signature. (the odu.ipk has similar format).
For other operators who are thinking of buying anything from Huawei: please don't. You will end up with a locked down CPE with an ancient kernel, which writes every log entry extensively to the flash which kills it in about 2 years time.