Hacking WiFi on Android can be tough. These are the best WiFi hacker apps that you can use for that. Make sure you only use them to connect to your own network or a network you have access to. Don’t try using them to connect to a network you are not permitted on. Or else, you may put yourself in serious trouble. That’s all for this post. I would like to root this router, then use the USB to bridge android phone for 4g connection. Not really did research on if it could enable this feature, but would like to have a try. To save $40 for a used frontier for 4g connection, already invested 5 hours on rooting this router = = update iinet tg 789v2 hack tutorial. Technical Truth.wifi hacking appsLatest Android apps for wifi hackingHello friends. In this video i have show you the 3 best wifi hacking apps.Please subsc. To grab knowledge, one can start using WiFi hacking apps. There are plenty of quality WiFi hacking apps available out there that can be used to test network security. List of 20 Best WiFi Hacking Apps For Android in 2021. In this article, we have decided to share a list of the best WiFi hacking apps for Android in 2020. Technicolor's use of advanced software enables an unlimited spectrum of potential services and applications. The future-proof software of Technicolor’s high-speed wireless and VoIP modems and routers and our smart service gateways allow for intelligent features and services. Android TV: How to reduce.
- Technicolor Router Settings
- Technicolor Router Hacker Using Android Phone
- Technicolor Router Hacker Using Android Device
- Technicolor Router Manual
NOTE: This guide is probably not going to be updated and it will remain here as an archive.
Current / new updates were originally published on the Whirlpool Wiki, but are now published at https://hack-technicolor.readthedocs.io/en/stable/
Archived content follows:- The basics
- Really advanced topics !
The basics
The TG799vac, known more commonly in Australia as the “Telstra Gateway Max” is a very capable piece of equipment. It has 802.11ac, a VDSL / ADSL2 modem (meaning NBN FTTN compatibility), a DECT base station, 2 x FXS ports for analogue ports, and an FXO port, is known for getting high sync speeds for VDSL2, has a high quality internal PCB and power supply and it's power consumption is quite good at 12 watts with WiFi on (typical router config) and 9 watts with WiFi off (typical bridge mode config). The newer verstions of this device are the TG800 'Telstra Gateway Max 2' and DJN2103 'Telstra Gateway Frontier', which most of the following will also apply to, if the device has a firmware version low enough, or which it can still be downgraded to.They are provided directly to Telstra – and as such, has Telstra branded firmware. There is no ‘generic’ firmware available that will just give you access to the modem as any other device you would purchase. Personally, I think this kind of sucks – as if you decide to use this device with anyone other than Telstra, you lose access to the VoIP functionality, DECT base station, FXO ports. That was the motivation to get into this device and re-enable as many features as possible.By default, the IP address of the modem will be 10.0.0.138.This guide is the 'new version' which uses the flashing tool developed by Mark Smith as well as the input from the Whirlpool community to enable as many features as possible.To use this guide you must be on firmware 17.2.0188-820-RA or lower (there are reports that the 17.2.0188-820-RB variant has the web flashing functionality disabled) or be able to downgrade to it.What you will need to proceed:- The AutoFlashGUI tool. This is compiled for windows but if you have Python 3 installed see the instructions at the top of the sourceautoflashgui.py for installing missing modules so you can run this on any OS (the latest version will ask to install missing modules but if it fails you may have to install them manually). Make sure you can run this tool and load the GUI up before you go offline!
- The v16.3 firmware rbi for your modem.
- The v17.2.0188-820-RA rbi file for your modem (If you flash to anything newer you may lock yourself out of the modem permanently).
- A SSH client. The famous Putty SSH client is recommended on Windows.
- A copy of this web page for reference while you're offline.
- Physical access to the modem so you can power cycle it and unplug the WAN/DSL while you're going through this process.
- A 'happy' modem! If it's in bridge mode or half the tiles are missing on the screen (which seems to be caused by corrupted config), factory reset it first.
The basic steps to getting root access to firmware v17.2 on your modem
Technicolor Router Settings
These instructions refer to the TG799, so if you are doing this for a different modem be sure to use the correct file names for the firmare.Run up the AutoFlashGUI tool and flash vant-f_CRF683-17.2.188-820-RA.rbi to your modem.This will take about 3-4 minutes. The flasher will try and root your modem but it will fail (silently) - this is expected. If the flash fails to push the firmware in, try again (is the username and password correct?), and if it still fails with some permission error in the console, you may have been locked out of flashing via the web interface: bad luck. Maybe a PXE firmware load can help but you require good luck at this point. Ask for help in the whirlpool thread! (Note that firmware before v15.x may require some manual work, see 'My firmware is so old that AutoFlashGUI can't authenticate to the modem!' )Now use AutoFlashGUI to flash in vant-f_CRF687-16.3.7567-660-RG.rbi and allow it to run through including getting root.At this point we are ready to do the procedure to activate root on 17.2 and switch over to it. This procedure works by allowing us to mod the inactive (but newer) image's file system and config, then switch back to it without doing a factory reset or official upgrade. Note that if you factory reset while on 17.2 you will need to run the entire procedure from where you flashed v16.3 to get root back, and it could upgrade and lock you out permanently in that reset state if it has internet access!Fire up your SSH client and connect to the modem on port 22.Have a look at your current modem state. It should look something like this: These modems use two flash partitions (bank_1 and bank_2) which can be upgraded/used almost independently. They are digital-signature verified before boot so you can't edit the rom image in the flash. The config is stored in the matching folder in /overlay i.e. /overlay/bank_2 (hint: you can see your modified config files in here if you want to back stuff up or see what changes you made). When a proper factory reset is done, the overlay partition is formatted (but not securely wiped - see section later). Run the following to set 17.2 up for temporary root and switch back to it:Now check it all looks right - you should get this output from the last command:Reboot and wait 3 to 4 minutes for the modem to boot into 17.2.Setting up firmware v17.2
Log in to the modem with SSH on port 6666 using root/root. At this point you have temporary root on 17.2, but it's not how we should leave things.Run the following in SSH to turn on more functionality and clean up. Note that you can only paste so much into the terminal in one go, so if you get weird errors just cut the block back a bit and try again:Now change the root password:Reboot now if you're not doing any futher configuration.At this point you should now be able to SSH in on 17.2 with root and your password (which should no longer be root at this point!)VOIP Setup
If you want to use VOIP, the following is the quickest way to set it up and remove some broken config that causes calls to be sent out via the FXO port which will be unplugged for everyone in Australia once you are on NBN unless you are in a fixed wireless area where the voice services are still being delivered over the copper lines. We also reset the LAN SIP inbound passwords here for security (see 'LAN SIP client use of the mini-PABX in the modem' to use them if you wish to but nothing else has to be done). Please don't post the default passwords in public forums as they could be a security risk for those still using them!Speeding up VDSL sync times
If you're on VDSL you may be able to speed up your sync times by removing redundant DSL profiles so the modem does not even try to use them. Don't do this if you're still on ADSL!If you wish to add the selections to the web interface to play with later, you can run the following:Running the TG799 as the router with a second router behind it (double nat)
Double NAT used to break many things, but testing with this configuration shows that most current applications are very tollerant of it. Most applications assume they are on a private network and that their visible IP is not the one they are visible on on the internet via, so if it's nested one more level down via NAT with a DMZ redirecting traffic to the second router's WAN interface it makes very little difference (if this guide is followed)!There are many reasons you would want to do this:Technicolor Router Hacker Using Android Phone
- You have a complex network setup with a more advanced router running services such as a VPN server and you still want to use the VOIP in the TG799 so that it can manage the packet priority tagging properly.
- You don't quite trust the TG799
- You want a simpler solution than the 'Using bridge mode with a dedicated PPPoE ethernet port' section below outlines which can be a nightmare to set up and debug if something goes wrong.
- You want easy access to the TG799 GUI so you can get sync speeds etc at the modem's IP. This is still possible in bridged mode but it's less stright forward.
- Set up the TG799 as above fully including VOIP etc and make sure it works to your satisfaction.
- The TG799's default LAN IP on Telstra firmware is 10.0.0.138 and subnet mask 255.255.255.0. If your inner router also has a default LAN subnet of 10.0.0.0 then it's advised to change one of them (probably the TG799 so your network will not be disrupted) to a subnet of your choosing such as 10.0.100.0 subnet mask 255.255.255.0. The rest of this section assumes you moved the TG799's LAN IP to 10.0.100.1 subnet mask 255.255.255.0.
- Add a 'static lease' on the TG799 under Advanced -> Local Network -> Static Leases with your internal router's WAN MAC address and a suitable ip such as 10.0.100.2.
- Connect your inner router's WAN port to one of the TG799's LAN ports.
- Confirm on the inner router that it got 10.0.100.2 as the WAN IP. If it did not, reboot both of them at the same time to get rid of any lingering DHCP leases. If that fails re-check the MAC address of the lease handed out from the TG799.
- On the TG799 under Advanced -> WAN Services -> DMZ enable it and set the IP to 10.0.100.2 . Set up DynDNS if you want to. Save.
- Turn off WiFi on the TG799.
Changing max sync speeds
You can change the max values for sync speeds. The value maxusdatarate controls the upstream maximum sync speed, maxdsdatarate controls the downstream maximum sync speed, and maxaggrdatarate is the maximum combined speed. The defaults are listed below. This doesn’t change any limitations imposed by line length – or at the DSLAM. If you won the node lotto and are feeling lucky you can modify these like so:Using bridge mode with a dedicated PPPoE ethernet port
I use the AP on the device on my LAN, but I also use the modem purely in bridge mode, which means I want to dedicate a port to my router to allow it to do PPPoE to my ISP. It should also work with IPoE. Thankfully, standard OpenWRT config applies. I added a new bridge called ‘adsl_wan’ and added eth4, eth3, atm_8_35 and ptm0 to it:You’ll need to remove eth3 from the LAN vlan. This gives you the port right next to the WAN ethernet (which is eth3 – eth4 is the WAN port) on the same bridge as the VDSL/ADSL modem. I have yet to figure out how to get the WAN port to do this – as it seems to be configured differently – maybe at the switch level.In this configuration you can use the WiFi as an access point for your LAN as it's attached to the LAN bridge.If you want to use the VOIP in the TG799 while in bridge mode, you will need to configure a default gateway, a nameserver, and configure the pabx to use the LAN bridge as the outgoing interface. The following example uses Google for DNS and assumes your router is at 10.0.0.254:You can check the current running dns withcat /etc/resolv.conf
Enable web interface features in Bridge Mode
If you have the modem in bridge mode, the web interface is gutted compared to in routed mode.EditTechnicolor Router Hacker Using Android Device
/www/lua/cards_limiter.lua and change the following function to:Restart the web interface via:/etc/init.d/nginx restart
Note that to get out of bridged mode you will still have to factory reset (and possibly do the whole rooting procedure again) or find and reverse the config changes that were made to flick it into bridge mode.Configuring multiple third party SIP providers
If you have multiple SIP accounts to log into – and with different providers, you can duplicate the entire sip_net section under a different name (very important, it will break VOIP completely otherwise) and configure as per above, or using the web interface. The web interface will see the section in the config once you add it in. It would be possible to add the section using UCI but it's quicker with an editor and you will get the most recent defaults from your existing profile rather than a stale web page!SIP call routing
Each DECT device or FXS port can be registered against one or multiple SIP accounts. Look for the incoming_map section against sip_profile_0Technicolor Router Manual
and edit as needed. This should also be possible via the web interface after running the above default config which adds in a web page to allow editing this config. This is my setup to route sip_profile_1 to the first registered DECT device – and FXS port 1:Registering DECT handsets
There is a button on the modem you can hold for five seconds, or after enabling all the ‘cards’ via the web interface, the easy way is to start DECT paring via the web interface. Click on the Telephony card, then ‘Start’ the paring and follow the instructions for your handset. This was straight forward for me.LAN SIP client use of the mini-PABX in the modem
It is possible to make calls out through the modem by registering as a SIP client. Clients 1 to 7 are configured and can be used like so for 1: To get a list of all the passwords set run this in SSH (noting that sip_dev_0 maps to phone1 etc):uci show |grep mmpbxrvsipdev.sip_dev_..password
Please don't post the default passwords in public forums as they could be a security risk for those still using them!Serial Console
A serial console can be added using a 3.3v to RS232 adapter. These can be found on ebay quite cheaply. The serial console is J5 on the board, and note from the picture below, R327 and R328 need to be solder bridged to pass the serial signals to the adaptor. In the pictures shown, Black = Ground, Yellow = RX, and Green = TX.Note that by default you can't log in on the serial console. If you want to enable this, edit /etc/inittab and changetoNAT ALG helpers
With the above changes you should now have a tile in the advanced GUI what allows you to change the settings for NAT ALGs.<insert screenshot when I have one>tcpdump is now in the diagnostics?
I was very happy to find this hidden gem. Sadly there is no icon for it so I had to reuse one. Read the memory usage warnings before using it! I tested it once and file it provided opened up OK in WireShark.Handy info for checking what's running in your modem
Checking what firmware is flashed and what is active:What processes are running? (you should not see cmwpd etc on this list!)What programs are listening as network services?How much free space is there left for config files?Can I see the full config? (be prepared for ~7700 lines of text hitting your console)Can I filter that output for say just things with the word password in them?What's that System Extras tab and what can I do in there?
- You can turn on logging to an external syslog server. On windows run TFTPD64 (from http://tftpd32.jounin.net/tftpd32_download.html) and configure syslog in the settings. You can enable more logging in the VOIP subsystem by editing the logging config in /etc/config/mmpbx
- You can trigger a PXE firmware upgrade to bank_1. This is only for advanced users! If you click this by accident you will have to wait for it to time out and reboot, or power cycle it while the orange light is flashing.
- You can turn SSH access on/off from the LAN/WAN.