Advanced Viking Voyager Hacking..
Where we get inside the gubbins of the viking based routers; BT Voyager 205, of course, CastleNet AR502, Dynalink RTA100, RTA500-D51, GlobespanVirata, Netgear DM602, Solwise SAR100 & SAR130 and probably others, and discuss such topics as firmware hacking, telnet scripting, router application building (and testing) without all the noise of folk asking how to get Command And Conquer (whatever that is) to work.Feel free to help out, offer scripts, applications, beta testing, debate, disagree, suggest, whatever, in the comments section, below.
I might put more text here, but really we just needed the breathing space away from the regular comments to cover the more "advanced" topics.. ;o) corz.org
Useful Links..
collection of useful things
Automatic Firewall Rule REMOVAL! (and more) HA!
well, it's a start!
potentially useful (rta100+) software & firmware
useful free IP scanner, for finding lost routers
weird solutions
Before you ask a question..
This is not the place to ask how to get eMule working, or your xbox, or whatever, try the main page for that stuff, which is a lot better than having your comment deleted, or worse.. ignored!
Hi,
Perhaps you can try looking here:
ftp://ftp.gentek.com/pub/gnet/ADSL-Modems/BB0060B/Firmware/2.1.050524k/
Hi guys, I've been doing abit of recoding on rad, and changed the way it works, as before when new forced rules are added to your router i had to add it and compile and distribute the rad win32.exe all over again.
so instead what i've done (i need to test it first) is the exe now reads the rule numbers in from a .txt or equivalent file, and then parses them to telnet for removal, this has two advantages:
1. the code for the program is way smaller due to it being a do ... until loop.
2. if a new forced rule is introduced you just add it to the bottom of the .txt file and it's removed, no more recompiling the exe.
anyways once it's test at home and i'm happy i'll post it.
testing done, and it works great, the source code is half the original size, and the rules.txt works great when adding new forced rules like 107 & 108:
anyway here's the source code:
once compiled place in a dir with a rules.txt file here's the contents of my rules.txt
and there ya go, a RAD program that never needs recompiling on Forced rule additions, just add them to the text file and their gone!
COR if you have an email, i'll send you the compiled .exe's to put in your resources page
NIce one, RichE. This is definitely a better way to do things, more UNIX-like, usually a good thing. I have a copy of autoit kicking around, though, so it's easy enough for me to compile/test, but if you want to send me anything, any of the email addresses kicking around here is good, something at corz.org or corzoogle.com usually gets to me pretty quick.
Anyway, even though I no longer have a 205 at 192.168.1.1 (by the way, not everyone's router is at that address), I gave it a whirl..
Firstly, it didn't seem to notice my rules.txt at all, and regardless, went into an infinite loop spewing out "delete ipf rule entry ruleid <enter>" over and over again into whatever application was at the top!
do..until is deadly in the wrong hands, consider a for-next loop.
You could check for the file's existence (I'm guessing your UPPER CASE is what prevented it from reading my "rules.txt" - lower case, as specified in your post), and then also check for the number of rules in the file. If either of these is null or zero, the script should exit immediately with an error message explaining the situation. A for-next loop, by its very nature, would prevent all rules.txt-based errors becoming fatal because the number of rules would be zero, ergo, no loop.
I'm savvy enough to know how to bring down a runaway application, but many users probably are not. It's always a developer's job to catch these things, not the user's. If they had, for instance, an explorer window at the front, and an appplication was selected (highly likely, they just clicked rad.exe) they would get instance after instance launched ad-infinitum, which would eventually bring down their machine. ouch!
Also, as it's still using that sendkeys thing, we need to have a messagebox telling the user not to touch anything. My windows versions of rad bring up a DOS box that says something like "STEP AWAY FROM THE COMPUTER! TOUCH NOTHING!!", which works rather well, so I'm told.
A good tip for any developer is to test it the way it *should* be, and then test it over and over again in all the ways that it *shouldn't* be. In other words, try and recreate the craziest user situation you can; router disconnected, no rules.txt, rules.txt with silly words in it instead of numbers, incorrect username incorrect pass, both, etc. etc. and see what happens. When every single test ends safely, and exactly the way you expected, THEN you release!
By the way, for anyone stumbling across this source and thinking WTF!?!? It's for "AutoIt", a fairly nifty BASIC-like scripting environment for Windows®
Keep up the good work RichE!
murix, a linux version of loadfi.exe would indeed be a valuable tool, we look forward to that!
;o)
i've updated the code to check for the existance of rules.txt and also the each line is numeric and not a letter.
anyway here's the updated code:
i'm also working on a way to make the commitedcfg.cfg easier to read, and i'm almost there with that as well.
hey, that was quick!
And perhaps the IP could be a dialog, too. 192.168.1.1 could already be in place for normal users to just hit <enter>, but at least those with their 205 at a non-standard IP could also use the application, a good thing.
And if the values could be saved so that, in the future, one might just click-and-go, that would be even better! Is there a way to store things, perhaps in the registry?
I figure it's best to suggest these things while you're hot!
/me gets back to the bash scripting..
;o)
another update that has an input for the ip address, and now stores all the inputs in an .ini file.
As before it checks for the RULES.TXT if it doesn't exist it now creates it with the rules I have forced on my router (no biggie if they don't exist)
if you can think of anything else, just let me know and i'll add it.
oh and BTW i found a command called AUTOUPDATE, which initially is set to TRUE, I typed AUTOUPDATE FALSE , and some of the rules didn't come back, just thought i say..
Hey! I thought you'd cracked it with that "autoupdate" command! I was so excited I had to go plug in my Voyager, check it out.
Nada, bummer
Okay, I got a kick to mess with RAD when I got back tonight, with the router plugged in anyway, and me itching to try out this AutoIt stuff, yes, I have a suggestion, here it is..
And a nice, pre-compiled version for the masses..
Don't take it the wrong way! I've been meaning to have a play with AutoIt for ages, and I was sure there must be a way to get it to do telnet. It turns out that although the release version of AutoIt has no TCP functions, the beta does.
I'm rather taken with AutoIt. Despite its flaws, it's a highly capable RAID system; just a pity it can't cross-compile for *nix. And here's me trying to get rid of my last Windows box!
Anyways, the 205's implementation of telnet is very simple, so it didn't take to long to cobble together a basic telnet functionality. While I was at it, I rewrote the basic structure of the application, cleaned up some stuff, and maybe you can learn some things from this. It's certainly not an object lesson in AutoIt (I'm a AutoIt n00b!) but it definitely highlights a few of the differences between coding and programming. It was fun, anyway, and the result is quite pleasing..
The data is stored in a "Voyager205" folder in the user's application data folder (RAD informs the user of this when it first creates the folder). The voyager's defaults are hard-coded in as defaults, though the user can override them all with the usual address/user/pass dialogs. Changes are stored in the ini file.
Then, and this is the fun bit, RAD V3 silently, and transparently creates a socket connection to the router (after a quick Ping, to check it's up and running) and begins a simple telnet session. It logs in, and if all goes well, chucks the delete rules down the wire. If the login fails, the user will be informed that their details were incorrect.
Every stage is error-checked, and it should be pretty much foolproof. I've tested it with my own router (happily living a non-internet-gateway life at 192.168.1.205) and everything looks great.
All feedback appreciated, of course.
for now..
;o)
I'm a techy by trade so coding and scripting is more of a sideline for me, and I won't take offence to anyone helping me learn easier ways to do stuff.
I've been trying to do a seamless way to do the telnet to the router, and you've done the hrad part, so if it's ok with you, can I have a look at the source, (i'll decompile rad v3) so I can implement it into other stuff i've done.
i haven't checked it out yet but i'm gonna do so asap and give feedback, like they say "two heads are better than one..."
feedback:
don't remove rule 31, you loose connection from the session for 31 is the rule for the telnet port, and it didn't remove rules above 31 for me, but i've edited the source rules.txt file and it works now, very nice Cor, now I'll finally finish VCCT... LOL
also the version of autoit i've been using has now been updated to the version that has TCP func's in, their cool, and so easy to use, oh and BTW thanx for the mention in the source.
The 31 thing is weird.
I added it because, when I was done, I noticed all rules *except* 31 had been removed, so I added it. On my 205, it makes no difference to the telnet session, which works great before and after. Very strange.
And if any of the rules were needed, why, for instance, does the web interface work afterwards? Gonna have to look into this! But for now, I could drop a note in the source, for if anyone has any troubles. Leaving it out is probably safer, then. It's the least interfering of all the rules.
Perhaps it's a firmware thing. Hmmm.
V1.8?
You're right about the TCP functions, they were a doddle. As was the 205 telnet. I had the RFCs all ready and waiting, my hex editor at the ready; none of it was required, just slam the text down the wire!
No need to decompile, source code is in the same folder, and the distro. I've set it so decompilation is possible, too (no password) in case the .exe gets separated form the au3 at any point. These things happen. I didn't bother with a license or anything, it's open-source, and free as in beer. Help yourself!
Lastly, this morning, I added au3 and ini file highlighting to my corz.org textviewer (source for that available in /engine), so you can view the source here in all its technicolour glory! Click that strange wee icon I created for my last post.
I updated the source this morning, too, just a few extra notes and stuff, but I didn't bother to recompile and package it; the functionality is the same.
I'm glad you got into the spirit of the work, I'm always happy to teach, and even happier to learn, when I can. So now I've learned a bit of AutoIt, and it's good to have it in my toolkit, highly useful. Yes, two heads are often better than one.
By the way, in my text editor - EditPlus - I can create "user tools" where you can hit one command and have your code compiled instantly, all from the text editor. If you are doing a lot of coding work, something like this is a real timesaver. It has a similar facility for web code, translating the system file path to your local web server's path, and presenting the rendered document on screen. Probably saves me an hour a day, every day.
On the subject of code and AutoIt, I'm actually considering writing a proper automated AutoIt telnet for regular telnet servers, scriptable remote commands would be a handy thing, something I've seen loads of people searching for (yes, I began by Googling), but no one actually coming up with the goods, yet. We'll see how time goes. My preferred approach is to try and motivate one the the AutoIt guys to write a function library!
One thing that comes to mind with all this is, how easy it would be to create alternative configurations (one reason I put that part into its own function), so instead of a list of numbers which RAD processes, it could simply be a list of whole commands, which RAD sends down the wire; in other words; all the router recipes here, tweaks and what-not could be provided as automatic RAD scripts (or RAH, rather!). I'll have a wee think about that. Perhaps a script drop-box, you just drag them onto it, and ballabang! Something like that.
This is the sort of thing I'm looking at for the telnet implementation, except with a shit-load of protocol negotiation and other stuff I know almost nothing about. True, the Voyager may accept our login and commands without further ado, but a real telnet server will not. SUPPRESS WHAT?!?
/me fires up tcpdump. Hmm...
something beginning with ff
l*rz..
;o)
Posting here is disabled at this time.