Hi Guys ,

I have 2 Routers "VTECH IAD303+" , on of them is unlocked so I can change the username and the password for the PPPOE account , and the other one is locked . I cannot change the username of the PPPOE

there is a UART port on the router board , I wonder if its possible to clone the "opened flash image router" and copy it on the locked router . so I will have 2 unlocked routers

note: the router is running Jungo openRG customized firmware

router informations :
http://wiki.openwrt.org/toh/vtech/iad303n

Thanks Alot
Regards

(Last edited by y.balawi on 18 Feb 2014, 22:14)

According to the wiki the bootloader is u-boot. Depending on how crippled it is, you could use 'md' to hex-dump the contents of the flash, and then convert that to a binary dump. When I'm not mistaken there are (perl?) scripts around for that.
Then you might be possible to upload it using tftp, and write it to the other router.
http://www.stlinux.com/u-boot/flash

But beware, the flash might also contain calibration information (normally in a seperate mtd partition) for the specific hardware. If you copy this it can have dramatical impact on the wireless and adsl performance.

Thanks Alot for your reply ,

Let me explain my exact situation , the router works very fine with the existed software , but the ADSL Account is unchangeable . I managed to use UART Cable and log into the router using HyperTerminal , but the boot loader was locked with a password , my friend have a non-working router from the same company , when we tried to use UART cable on it , there was no password on it , and the telnet port is wide open . I logged into the router using telnet , but evey time I try to change the PPPOE password from the command line , the router reboots automatically without committing any changes. I tried to download files from the router using TFTP software , and it worked , but I don't really know what to do with these files , and there is something else

is it possible to get the bootloader password from the files ???

also at some point the bootloader says : Press ESC to enter BOOT MENU mode. .. I try to press ESCAPE button many times , but it didn't work ,
even CTRL+C and CTRL+Break

So you have telnet access to your 'locked' modem, and telnet+bootloader access to the other one?

Have a look at the mtd configuration, are they the same?

cat /proc/mtd

And is the bootloader in one of the Linux-accessible partitions? If yes, you can at least dump it, and have a look with 'strings' or an hexeditor to see if the password is embedded. (It should, but not necessarily in plain text).
If the partitions on the two boxes have the same sizes, I guess it should be possible to clone the 'open' box.