Huawei B2338-168 and B2328-42

Both of the above are Huawei LTE CPEs based on MT7621, with an indoor/outdoor unit.

I am trying to modify the configuration, as I need to do some customization, but apparently Huawei signs the firmwares and checks against a public key, this prevents any and all modifications. The firmware format otherwise is a quite self-explanatory IPK format, easy to extract and dissect.

I managed to get the GPL source for both devices (after months of nagging), and it is possible to build an image, but nor the signing tool nor a private key is provided, therefor it is not possible to generate a valid image.

I am happy to share the GPL source with anyone interested in it.

This is the file which checks the the signature (signchk is only available in binary, no source):

#!/bin/sh
oldipkg="$1"
path=`echo "$oldipkg" | sed 's#\(.*\)\/.*#\1#'`
ipkg=$path/verify.ipk

ln -fs $oldipkg  $ipkg

pubkey=$pubkey" ""/etc/conf/app/dsa_pub.pem" 

cd /tmp
if [[ "$ipkg" == ""  ]]; then
	echo "0" > ipkg.chk 
	exit 1
fi

for key in $pubkey; do
	rm -f ipkg.chk sign ipkginfo
	signchk "$ipkg" IPKG "$key" > /tmp/signchk.log 2>&1
	pass=$(cat "$ipkg".chk)
	if [ "$pass" == "1" ]; then
		break;
	else
		ls -l "$ipkg" >> /tmp/signchk.log 2>&1
		md5sum "$ipkg" >> /tmp/signchk.log 2>&1
	fi
done

mv "$ipkg".chk ipkg.chk
rm -f $ipkg
rm -f sign ipkginfo
exit 0

If someone has any experience or suggestion about how to generate this signature, that would be awesome.

This is how the firmware looks like:

debian-binary
data.tar.gz
control.tar.gz
openwmx.bin
odu.ipk
ipkginfo
sign

The "sign" file contains the signature. (the odu.ipk has similar format).

For other operators who are thinking of buying anything from Huawei: please don't. You will end up with a locked down CPE with an ancient kernel, which writes every log entry extensively to the flash which kills it in about 2 years time.

Can you share with me the firmware

Which one?

B2338-168 please