What kind of authentication does Excitel use for ONTs?

  • Thread starter Thread starter JB701
  • Start date Start date
  • Replies Replies 28
  • Views Views 6,543
JB701

JB701

🇵🇸🤝🇮🇳
Messages
2,391
Location
Kochi, KL
ISP
Airtel
I've been trying to get Huawei HG8145V5 working on Excitel (currently on no WiFi dumb ONU). Serial Number change didn't work it wouldn't register with OLT. Goes between O2,O4,O5 states over and over. I don't believe its MAC Authentication as GPON doesn't have that from what I read here:

forum.huawei.com

HUAWEIs GPON Principles Modes of GPON System - Huawei Enterprise Support Community

Hell o My dearsThis another part of the GPON Principles lead us to know about the Management and the provisioning Modes of the GPON systemGPON PRINCIP ...
forum.huawei.com

Looks like its either S/N or S/N+Password Authentication.

Another thing I noticed is that the SN listed on Excitel portal is different from the one on ONU interface. On the portal its listed as (for example) "ONPL01151F88" whereas on ONU it shows "XPON01151F88". Neither SN worked on Huawei ofc.


Why use different ONU when Excitel offers their own dumb one? Because I think customers should be able to (also I've been obsessing over this for the past few days).
 
Ok so I've ordered an CH341A Flash Programmer and SPI Flash Clip (bricked my excitel ONU while messing around in telnet shell lol) to dump whatever files are inside the storage of the ONU (and possibly transfer it to another identical ONU).
 
neu7ro.jpg
5017050.jpg


So i got my USB to TTL Cable for accessing ONUs directly if Telnet or SSH isnt working. As I fried my Excitel ONU, i decided to test it on a same OEM Model DBC ONU.

The difficult part was the fact that the ONU doesn't have male pins sticking out, just four holes where the pins are supposed to be. So I had to connect male to male extension cable to the TTL Cable and connect the other end in the ONU. Would've been better to solder some pins onto it but I couldn't find my soldering iron (and I'm not good at it anyway).

Initially I tried it on the 4 holes circled in red but that didn't give any output, after trying and failing with different combinations, i connected the pins to the holes on the top . Turns out this is the actual TTL Serial out. I was able to connect to the ONU using Putty.

This person tried it on the Jio router. It's been linked on this forum before

github.com

Jio Fiber Modem Router Details (Serial log, ways to achieve Bridge mode etc) · fawazahmed0 Jio-fiber-Modem · Discussion #2

In the Name of God, Forgiving & Merciful Images: UI Inside Pics: Details: Processor: Econet en751221 (MediaTek)(MIPS) **IP:**192.168.29.1 Serial Pinout: Serial Speed 115200 Serial/root User Passwor...
github.com github.com

I'm going to the next step of this with the flash programmer and directly accessing the NOR Flash chip on the board of the fried ONU which won't turn on (marked in red near top of the image) like taking out the hard drive from a computer.

Hopefully it works out (waiting for it to arrive). If it does I'll also try to find a Jio router access the Flash on that and remove the password on that using the same.

This person made a short guide on how to do it:


Source
 


So I managed to desolder the chip without breaking its legs. Tips if you are going to this:

1. Use a ton of flux, it'll make it way easier I tried it yesterday without it on another chip and the solder wouldn't clump or melt properly.

2. You'll need solder wick for soaking up the solder, it'll make it way easier to remove.

3. Get some tweezers to lift the chip off the board while melting one side. Mine hasn't arrived yet so I used the soldering iron itself to lift it.

Took me an hour to do it, I've never soldered SMD stuff so it was certainly stressful.

Next, I'll try soldering the chip onto the spi reader board. I'm waiting for the helping hands and magnifying glass to do it. The chip is REALLY tiny much more so than it looks on the board itself. It's very very difficult to hold the board steady as well as the chip for soldering without helping hands.

Hopefully I didn't damage the chip. if I did, oops mission failed, will prolly try again on a different one.
 

Nope can't find anything about the laser

I meesed up the stupid memory chip and broke its legs while trying to desolder the bridge.

6suzmy.jpg
I guess that's it for this project then.there is a bit of the leg still outside though so I might the able to get a wire soldered to it. Unlikely though.

I should've gotten 67 37 leaded solder as it is the most suited for Small chips like these (didn't know then). The lead free solder I was using was solidifying so quick that it was real difficult to wick up the excess solder.
 
here is a bit of the leg still outside though so I might the able to get a wire soldered to it
Click to expand...
if you have steady hand , then worth a try 🙂 , always use leaded solder for hobby projects as it's easier to work with.
 
Ok so I found this Spanish article on replacing regular ONUs with GPON SFP sticks

valero-torres.es

SFP GPON de CarlitoxxPro funcionando sobre FTTH de Orange.

GPON ONU STICK CPGOS03-0490 Hace más de 2 meses que tengo en mi posesión, uno de los módulos que actualmente comercializa mi amigo Carlos. En ese tiempo, yo me dedique a verificar el correcto funcionamiento del módulo, para la conexión de Orange principalmente. Pero también, lo he verificado...
valero-torres.es

It mentions:

Now that we have the connection data entered, we have to trick the OLT into believing that our GPON module is the one provided by our ISP. To do this, we will connect through SSH and start by editing the /etc/init.d/sys.sh file , where we will specify the manufacturer of the ONT, the Hardware Version and again, the Serial Number.
Click to expand...

So it looks like there are ISPs which do check things other than SN like Manufacturer, hardware version, model. It looks like on my Huawei ont, these details can be edited by changing hw_boardinfo file in /mnt/jffs2 folder.

Can anyone on Excitel dumb ONU provide pic of the info page? I want to see if changing model number and stuff works. Hide the SN and MAC of course.

I also found this DASAN training presentation:

silo.tips

[PDF] DASAN NETWORKS GPON Training - Free Download PDF

1 DASAN NETWORKS GPON Train...
silo.tips silo.tips

During the initial connection between OLT and ONU, the ONU uploads the MIB information. On the OLT side, the OLT checks the ONU validation using ONU model name, firmware version and serial number.
Click to expand...

If the RADIUS authentication is required when the OLT and ONU are connected each other, the OLT sends Access-Request message with the authentication attributes (user name, user password, OLT-ID, ONU-ID, ONT model name, serial number, firmware version) to the RADIUS server.
Click to expand...

Probably how Excitel controls the WiFi version of the ONUs.
 
I found a very interesting page on this:

github.com

RTL960x/Docs/FLASH_GETSET_INFO.md at main · Anime4000/RTL960x

Hacking V2801F, TWCGPON657 & DFP-34X-2C2 GPON ONU SFP Stick to suite your ISP Fiber - Anime4000/RTL960x
github.com github.com


Some Fiber Vendor/Wholesale/ISP have explicit LAN Port Number provisioning or proprietary OMCI that ONT Stick cant not understand, this will make ONT Stick reply OK whatever OMCI OLT throw at!
Click to expand...

Must be why certain ONTs refuse to work with OLTs (I think some BSNL OLTs have something like this)
 
only if isp played nice or not be ASS , we could run own router just using GPON/EPON sfp transceiver module.

Source
Click to expand...

SN is not there idk why, i have just blurred PON Mac address.
I have a doubt my lco doesn't do device registration.
Sadly don't have extra ONU to confirm this theory.
And regarding your BSNL hunch it is correct.
 
@JB701 have you tried cloning mac address of Huawei ont? My ONT shows config success with excitel OLT but no internet because of different mac address.
 

Similar threads

Sanemi
What kind of authentication does genexis olt/generic olt uses ?
Replies
0
Views
278
Sanemi
Top