Thank you very much for the download links
Hi,
I've successfully flashed 2600t and enabled ssh. I've been able to ssh into the router and then login as root. I've disabled updates and run the following, verbatim, with no errors, from a PC connected to the 4th ethernet port.
xmo-client -p "Device/Bridging/Bridges/Bridge[@uid=1]/Ports/Port[@uid=2]/Enable" -s "false"
xmo-client -p "Device/Bridging/Bridges" -a
xmo-client -p "Device/Bridging/Bridges/Bridge[@uid=3]/Ports" -a
xmo-client -p "Device/Bridging/Bridges/Bridge[@uid=3]/Ports" -a
xmo-client -p "Device/Bridging/Bridges/Bridge[@uid=3]/Ports" -a
xmo-client -p "Device/Bridging/Bridges/Bridge[@uid=3]/Enable" -s "true"
xmo-client -p "Device/Bridging/Bridges/Bridge[@uid=3]/Ports/Port[@uid=1]/Enable" -s "true"
xmo-client -p "Device/Bridging/Bridges/Bridge[@uid=3]/Ports/Port[@uid=1]/ManagementPort" -s "true"
xmo-client -p "Device/Bridging/Bridges/Bridge[@uid=3]/Ports/Port[@uid=2]/Enable" -s "true"
xmo-client -p "Device/Bridging/Bridges/Bridge[@uid=3]/Ports/Port[@uid=3]/Enable" -s "true"
xmo-client -p "Device/Bridging/Bridges/Bridge[@uid=3]/Ports/Port[@uid=2]/LowerLayers" -s "Device/Ethernet/Interfaces/Interface[PHY1]"
xmo-client -p "Device/Bridging/Bridges/Bridge[@uid=3]/Ports/Port[@uid=3]/LowerLayers" -s "Device/Ethernet/VLANTerminations/VLANTermination[VLAN_DATA]"
xmo-client -p "Device/IP/Interfaces/Interface[@uid=2]/IPv4Addresses/IPv4Address[@uid=1]/Enable" -s "false"
I can then restart the router but plugging an ethernet from my main router into the 1st ethernet port does not work, the router says it is not connected to the internet and none of the devices connected to it can reach the internet. Do I need to upgrade to a more recent firmware before running the xmo-client commands? Am I missing a step or any other ideas as to why this wouldn't be working?
Many thanks - Duck
Has anyone got the TalkTalk Business firmware for this router (Fast 5364)? SG4K1100014
Thanks in advance (with fingers tightly crossed)
1 Like
I've ended up with a couple of these and it would be great to see OpenWRT on them as it's a step up from the BT HH5/Plusnet Hub, it's beyond me to develop it but do OpenWRT take hardware donations and I'll send one to a Dev (please don't message me if you're just want one, I'll only send it to a dev)?
Due to the Broadcom SOC, this isn't going to happen, no drivers for the xDSL modem nor the wireless part (yes, you could support it to the extent of becoming a wired-only ethernet router, but that's it).
Hi David,
did you try to add root to the XMO user. Will this reset the root passwd in the internal busybox?
Hi,
Desperately seeking a firmware downgrade to allow me to setting set static routes on this questionable device, but the GoFile links previously published in this thread say the "upload does not exist".
Is it just me?
Many thanks.
Sorry, ignore that: just seen David Brent's very helpful compendium of links from last September.
Fingers crossed.
1 Like
Thank you for the links. They look like original links provided by Talk Talk servers to update router firmware!
Would it be possible to somehow list the directory contents, or some other way to try and obtain the firmware for the Business hubs from this site? Firmware verison is SG4K1100014 which would hopefully provide the additional features that the business hubs provide.
Thank you
Sadly there's no directory listing but if someone can provide the full version number, you could probably guess the URL as they all seem to follow the same naming convention.
Doing some googleing yielded the following results:
Hardware Version - FAST5364 3.00, Software Version - SG4K1100014, GUI Version – 4.58.2
firmware version SG4K1100014 GUI version 3.7.8 Hardware ver FAST5364 3.00
I noticed in the TT links, part of the version number is 6.72.xx.xx do you know where this number can be obtained from? I can try and ask on the TT forums to see if someone with the businedd router can find out their version number if I know where it can be found. Thank you.
What you really need is the value of the DeviceInfo/InternalFirmwareVersion property. If you could get someone who owns one to login to the admin interface and then use Developer Tools (usually F12) and run the command $.xmo.getValuesTree("Device/DeviceInfo") in a debug console, it will return an object with more details. This should give a few more clues if you can get it!
Details from the business hub (some info omitted from output):
AdditionalHardwareVersion: "3.00"
BackupSoftwareVersion: "SG4K1100015"
ConfigBackupRestoreEnable: false
Country: "UK"
DeploymentName: "TalkTalk"
Description: "F5364"
ExternalFirmwareVersion: "SG4K1100014"
GUIAPIVersion: "GUI v1.10.1"
GUIFirmwareVersion: ""
HardwareVersion: "FAST5364 3.00"
InternalFirmwareVersion: "6.72.44.7_Prod"
Mode: "GW"
ModelName: "F@ST 5364"
ModelNumber: "SagemcomFAST5364"
ProductClass: "F@ST 5364"
SoftwareVersion: "SG4K1100014"
SpecVersion: "1.0"
I did try and guess the link unsuccessfully using variations on SG4K1100014 and 6.72.44.7_Prod
While I don't have a residential version to compare, I can see that you can change DNS on the business hub, but not a lot else. I cant even add a static route, which is how I have ended up here "XMO_ACCESS_DENIED_ERR".
No ssh, so I tried to load a residential firmware to enable it via the Web UI from the above links and it no longer boots.
So regrettably I have managed to brick my TT business hub, when I power it on it responds to ping on 192.168.1.1 (bootloader) for about 3 seconds and disappears. If I could find the business firmware, I might be able to reload the firmware via TFTP/serial cable connected onboard, but thats about all I can think to do with it.
Why they restrict the firmwares so much is really annoying, a router that wont static route is like going back 2 decades.
Anyway, be warned trying to flash firmware's manually !
1 Like
Interesting findings! Shame it's following a different naming convention.
If you can get a serial console hooked up to the four pin header, you may get lucky. On the consumer model, the operational firmware is in mtd10 with a recovery backup in mtd9. Depending on the upgrade method, you might still have an old copy of the business firmware there which could be read out with dd if=/dev/mtd9 of=/root/tmp/backup.gsdf or at least copied back to mtd10.
Let us know how it goes!
1 Like
Might help others if you break your router with a bad firmware...
Firstly, I spent a lot of time trying to get a serial connection, I had 3 different COM to USB adaptors lying around (all used various Prolific Drivers), which I could data from, but garbaged characters (including on an XP VM with Hyper Terminal). I even tried an onboard mainboard COM port of an old PC. Same garbled characters.
In the end I purchased a £3 ebay special, "CH340" USB TTL Serial Adaptor - straight in no problem and could start playing/interacting with it.
Attached photo, just using ground, tx and rx (no VCC).
putty
COM12 (see device manager)
115200
It would start the boot process, but crash on line 1770 soon after "Run hg6d", no errors, just hung.
When the router boots, there is a
*** Press any key to stop auto run (2 seconds) ***
if you do this, it takes you to a bootloader, and I couldn't do a right lot from here as far as I could tell: help shows around 15 commands, nand/hex ish.
Let it run past that without pressing a key, and the kernel starts to boot, shortly after:
CPU: BCM63xx
Model: Sagemcom F5364v3
DRAM: 512 MiB
NAND: 512 MiB
You have about 2 seconds to press the space bar, this gets to a different prompt with more like 55 commands (again use: help).
Using printev, you can sort of see other commands the router uses when booting (gives you more detail).
Run this that and the other, recovery command are x etc.
Here you cant to a right lot in terms of hack, as it hasn't booted/mounted partitions yet, but you can switch to the rescue boot !
I found that the following allowed the router to boot.
ubi swap rescue operational
sb
Original command from printenv showed, ubi swap operational rescue, so I just switched operational and rescue around.
sb was the boot command, which starts it booting.
LAN cable connected, I am in, went into the GUI and did a factory reset. Its looking good. No need to switch back after, it seems to have fixed itself by booting into rescue.
Hope this helps someone else with there tinkering.
1 Like
Wow that's pretty good work! So are you now
successfully running residential firmware on the business hub? Also do you still have the business hub recovery backup in mtd9 partition that can be successfully read using the dd if=/dev/mtd9 of=/root/tmp/backup.gsdf command?
Hi all. Do you think it would be possible to turn this router (FAST 5364) into a wireless bridge using these xmo-client commands? I have a spare router and would love to use it to connect some wired devices to my Wifi.
So essentially I want the router to act as a wifi client and connect to my normal wifi and then bridge that to the ethernet ports so I can plug wired devices in.
@DavidBrent Excellent work as I was able to get bridge mode working as my DrayTek didn't like the Huawei cabinet my line was connecting to. Is there anyway to get access to the GUI whilst in bridge mode? At the moment I'm having to connect via Wi-Fi to access the GUI.
@ajama1 - yes, you can connect a separate cable from one of the other Ethernet ports to your existing router. Just make sure the 5364 is set to an IP on the same subnet as your network and disable DHCP. There may be a more elegant way using the single WAN cable and VLANs but I never tried!
@wasc - interesting idea, a good starting point might be to change Device/WiFi/Radios/Radio[@uid=1(or 2 for 5Ghz)]/DeviceOperationMode from 'InfrastructureAccessPoint' to something else?