Aztech DSL605EW

by on Jul.06, 2013, under Computing, Networking

I had a spare Aztech DSL605EW which was laying about. So I got to trying out firmware routertech.org (some brilliant minds and great resources.) Eventually I managed to “brick” the router, i.e., the lights on the front panel would turn on when the router was powered up, do its usual initialization dance, but the PC would not get an IP address. WiFi SSID was visible, but I did not have the WEP key to connect to it. I realized I must have used a version of the firmware that was not able to handle the 1350A ethernet switch.

Next tried Adam2App.exe to connect to the bootloader, it connected after some attempts to get the timing right (I figured i need to click on the “Retrieve/Assign IP Address” button exactly at the 9th second after router powerup to connect consistently everytime.) I was then able to load the correct firmware on the router and I was then able to connect to the web interface. I then discovered that the RouterTech firmware only allowed ADSL as the WAN connection interface. The Internet connectivity to home is Ethernet over GPON, this meant that I would not be able to use this router at home if I ever wanted to.


When I discussed my dilemma with Troy, he volunteered to lend me his Aztech 605EW with the firmware that allowed Port4 of the Ethernet switch to be used as a WAN interface. So, now it was time to extract the firmware from Troy’s router. After some poking around here’s what I did to extract the firmware:

1. Started up a TFTP Server on my PC ( I used TFTPD32 by Ph. Jounin http://tftpd32.jounin.net/tftpd32_download.html)

2. Connected up my PC (Manually configured IP Address : and the router and telneted to the router (default UserID : root Password : admin)

BusyBox on localhost login: root
Copyright (c) 2004 Texas Instruments, Inc.
cli> shell

Starting /bin/sh
Type exit to return to the CLI

BusyBox v0.61.pre (2009.04.08-03:17+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
# cd /var/tmp
# cat /dev/mtdblock/4 > TroysFirmware.bin
# tftp -p -l TroysFirmware.bin

Now that the firmware was on my PC, I tried loading the dumped firmware using the web interface of my router. It aborted with a checksum failed error message, not entirely unexpected ;-). The only choice was to try and load this firmware using the bootloader interface. Back to the the Adam2App to connect to the bootloader selected the relevant settings (indicated by the arrows in the screenshot below) and used the “Download” button to select the firmware extracted earlier. A few minutes later it was up and running!


2 Comments :, more...

MAC address to manufacturer listing

by on Jan.30, 2011, under Computing, Networking

Found this listing very useful for forensics, among other things.

Leave a Comment :, , more...

PPPoE on the Draytek 2910

by on Jan.11, 2011, under Networking

Last morning the Internet connection through my Draytek 2910 at home failed. Usually restarting the Draytek would fix it. This time it refused to come back up. Then I connected a PC directly to the GPON device and created a PPPoE dialer on WinXP and the connection came up in a flash! That’s strange, I thought. Plugged the DrayTek back and tried changing the MTU, the PPP authentication and some other parameters. No luck.
Had a chat with Troy about this strange behaviour, he was also stumped.
The ISP tech came over this morning and meddled around with the device and no luck. I suggested that he connect the ISP standard router and configure it with my PPPoE parameters. He did and the link came up! So he left with the factually correct but useless  statement that “something was wrong with the Draytek”

Next I wiresharked the line to see what was going over the wires. I noticed the PADI was going out with the display name I’d configured on the Draytek for this connection! So obviously the so-called Display Name was NOT just that… it was being actively used as the service name in the PPPoE conversation.

Draytek 2910 WAN Setup page

Troy called me just then, after some discussion with his cronies and suggested that I remove the display name. The wireshark log confirmed Troy’s statement and figured that this must be the reason. Blanked out the Display Name in WAN Setup and… I had working Internet!

So now, its clear that something changed at the ISP end (although they vehemently denied it), since this device was working fine with these parameters till early last morning.

2 Comments :, more...

Troy and the Draytek 2820Vn

by on Aug.15, 2009, under Networking, VoIP

The Draytek 2820Vn is a great device for home and small-offices. It has two WAN ports; ADSL and Ethernet. Excellent VPN capabilities 32 simultaneous VPN tunnels (IPSec, PPTP, L2TP and L2TP over IPSec.)

In order to get point to point voice working either on VPN or LAN you need to ensure that

  1. the “External IP :” under VoIP -> SIP Accounts is the private IP of the router itself
  2. the SIP account in use is configured with  “Register via  LAN/VPN”
  3. “NAT Traversal Support” is set to “None”

Troy was trying in vain to get voice calls working. We hit on this combination after quite a bit of messing the parameters. The predecessor of the Draytek 2820Vn (the Draytek 2800VG) does not need these fiddly parameters configured and works just fine without these settings. This coupled with the fact that he’s bought 5 of these devices to internetwork the branch offices of a relative’s company, caused this networking boffin a lot of frustration.

Troy has since gone back to meddling with his favourites Cisco and HP ProCurve, thankful to your truly for having helped put this ordeal behind him!

Leave a Comment :, , , more...