It’s not normally necessary, but the MAC (ethernet or hardware) addresses on the HG612 and most other Broadcom 63xx devices can be changed or “spoofed”. A tool in the Huawei firmware called equipcmd is used to do it.
There’s a lot of illicit interest in this in south-east Asia where WiMAX is a popular alternative to xDSL because of its low rollout cost. WiMAX uses the MAC for AAA (authentication, authorisation and accounting).
So if the MAC can be spoofed then the end user can free-load the internet on someone else’s WiMAX account. That’s the idea, any way! The modem makers and the WiMAX carriers are perpetually playing whac-a-mole to stamp out the activity. For some reason, WiMAX hasn’t caught on in the UK, so it’s not a problem here any way.
As for spoofing the MAC(s) on the HG612..
$ telnet 192.168.1.1 Welcome Visiting Huawei Home Gateway Copyright by Huawei Technologies Co., Ltd. Login:admin Password:admin ATP>sh BusyBox v1.9.1 (2010-10-15 17:59:06 CST) built-in shell (ash) Enter 'help' for a list of built-in commands. # equipcmd macaddr display display macaddr B482FEB7917E <---- that's the base MAC ending ..91:7e success #
# ifconfig
atm1 Link encap:Ethernet HWaddr B4:82:FE:B7:91:7F <--- 2nd MAC addr
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2834997 errors:7 dropped:0 overruns:0 frame:0
TX packets:1802091 errors:720 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3634140922 (3.3 GiB) TX bytes:312427091 (297.9 MiB)
br0 Link encap:Ethernet HWaddr B4:82:FE:B7:91:7E <--- base MAC addr
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1804183 errors:0 dropped:0 overruns:0 frame:0
TX packets:2832405 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:304213416 (290.1 MiB) TX bytes:3669797668 (3.4 GiB)
ptm1 Link encap:Ethernet HWaddr B4:82:FE:B7:91:80 <--- 3rd MAC addr
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:733 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
We change the MAC address:
# equipcmd setmacaddr 505152535455
set macaddr success#
# equipcmd macaddr display
display macaddr 505152535455 <---- our new base MAC addr ending ..54:55
success
#
Reboot the device:
# reboot
Connection closed by foreign host.
$
$ telnet 192.168.1.1
Welcome Visiting Huawei Home Gateway
Copyright by Huawei Technologies Co., Ltd.
Login:admin
Password:admin
ATP>sh
And we can see it’s now using the new MAC(s)..
# ifconfig
atm1 Link encap:Ethernet HWaddr 50:51:52:53:54:56 <--- new 2nd MAC addr
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
br0 Link encap:Ethernet HWaddr 50:51:52:53:54:55 <--- new base MAC addr
inet addr:192.168.1.50 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:163 errors:0 dropped:0 overruns:0 frame:0
TX packets:144 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16405 (16.0 KiB) TX bytes:48377 (47.2 KiB)
ptm1 Link encap:Ethernet HWaddr 50:51:52:53:54:57 <--- new 3rd MAC addr
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
There’s a bit more about the equipcmd tool here [1]. Plus a few hidden commands. Not sure what they all do, so use with care!
[1] http://huaweihg612hacking.wordpress.com/2011/07/17/the-atp-cli-and-equipcmd/
Hello , very nice info .
but i have Problem to login with ATP Interface , i test all Default username and password for login but not success , can help me how can i recovery or reset username and password for ATP login ?
Thanks