About the HG612

This blog is about the Huawei HG612 EchoLife VDSL2 modem-router.

The HG612 is supplied by BT OpenReach as the Consumer Premises Equipment (CPE) for its Fibre To The Cabinet (FTTC) service.

Currently, the HG612 serves as the OpenReach demarcation point for FTTC products provided by all other ISPs.

The blog explores the methods for unlocking this device to enhance its security and functionality. This includes modifying the firmware to obtain line statistics from the xDSL layer.


156 Comments

156 thoughts on “About the HG612

  1. could you please gather as much information as you can about which GPL licensed software packages are used, including kernel modules.

    Once gathered this information should be emailed verbatim to license-violation@gpl-violations.org, including: version numbers where identifiable, product identification such as model number (HG612), manufacturer (huawei), relevant firmware versions that contain the softwares mentioned, along with details of any proprietary software that can be identified as being linked to any of the aforementioned GPL software such as the bhal kernel module (http://forum.huawei.com/jive4/thread.jspa?threadID=335335).

    This is so that somebody can take matters further in prodding huawei towards releasing the toolchain, source packages and any modifications they have made which are required to re-create the softwares which are licensed under the GPL.

    • Hi,
      We are facing problem with the router during auto negotiation with intel e1000e driver.
      It detects 10Mb only with auto negotiation

    • i have the sp10 version it does the firmware update i follow the instructions to the letter but
      when its done it says no network accsess any ideas ?

  2. Damn, Daniel you beat me to it. I am currently researching into FTTC and this gem popped up.

    I am a paid associate member of the FSF (although a relatively new one) and I’d like to offer any help if needed in regards to this GPL violation. Unfortunately I am ‘just’ a member and not part of the gpl-violations team, but if you can think of something that I could help with then please ask.

    Its unfortunate that Zen, as a responsible ISP (i.e. they have obligations to BT), recommend against modifying this insecure box: http://forum.zensupport.co.uk/39992/40400/permalink/ShowThread.aspx#40400 , however personally it sounds that you have paid for it as part of the installation visit (that and its on your property etc) – £90 activation fee. Good thing to note though is that the synch rate is available via BT’s speedtester (see link).

  3. Hi Guys!

    Thanks for your comments and offers of help to obtain the GPL’ed code for this device from Huawei.

    I understand from private emails[*] that Huawei has already made a formal promise to supply all the GPL’ed code for the HG612. That promise was made a couple of weeks ago. Apparently, Huawei told the requestor that the GPL code is going to be made available via Huawei’s ftp site.

    I see from the gpl-violations mailing list that Huawei has recently fulfilled an earlier request for GPL’ed code for another of its “Home Gateway” devices, the HG553, a hybrid 3G/xDSL modem-router.

    So, crossed fingers, Huawei will keep to its promise and will soon release the GPL code for the HG612..

    Cheers,
    asbokid

    [*] Would the person who made that GPL request to Huawei be willing to make the correspondence public, please?

    • Hi Chris,

      The unlocking instructions are now in a PDF document..

      See the link at the top right of the blog .. “Instructions for unlocking Huawei HG612

      Cheers,
      asbokid

  4. Hi, I have 2 Huawei HG612s here – a 2B and a version 1, on both I can get to the stage of uploading the firmware, but after it reboots I get nothing at all. Am I missing something here?

    • Hi Martin,

      The unlocked firmware is confirmed as working on both of those revisions of the HG612.

      In fact, the unlocked firmware should work with all revisions of the HG612, from Revision 1 through 2V and 2B, and apparently on the latest Revision 3B, too. [1]

      After you have re-flashed with the unlocked firmware, how are you connecting the PC to the Huawei?

      You may have to use the LAN2 port on the modem to access its web interface, just so you can reconfigure both LAN ports the way you want them.

      Thank you to Little_Bird (Pauline) for clarifying the issue here.

      Cheers,
      asbokid

      [1] http://forums.thinkbroadband.com/fibre/t/4048458-re-success-telnet-log.html

  5. In your second sentence, above, you write:

    “The HG612 is supplied by BT OpenReach as the Consumer Premises Equipment (CPE) for BT Infinity, its Fibre To The Cabinet (FTTC) product.”

    Perhaps the latter section would read more correctly as:

    “. . . (CPE) for all ISPs / CPs Fibre To The Cabinet (FTTC) products.”

  6. What if i can’t get to the “firmware upload web page”. Are this instructions works with all versions of the HG612 ? My one on the background says: Echolife HG612 FTTC VDSL NTE Firmware Version:V100R001C01B028SP06. Just to let know that i am doing EXACTLY step by step what instructions says. Help……..

    • Hi Arek,

      The ethernet controller of your PC is definitely configured with static IP address 192.168.1.100? Would you check that is true with the IPCONFIG or ifconfig tool.

      The PC is connected by an ethernet patch cable to the LAN2 port on the HG612?

      Turn off the HG612 and follow the instructions afresh.

      I’m using an unlocked B028SP06 right now, so unless something else is amiss, it should work.

      Famous last words :-)

      cheers, a

  7. I solved the problem – untick everyting in lan configuration except MS client and IP4. One of the protocol was blocking packages (no firewall softwer btw). HG612 flashed, configured. So far so good. Thanks to askboid

  8. Hi again. I’m trying to connect Netgear DG834G V2 with HG612 for adsl ISP. Netgear doesn’t have QOS. How should I set up HG612 to work with access point netgear. DHCP on HG612 but should it be as bridge or router ? Do i have to define lan port 1 or 2 between netgear or assign LAN1 or LAN2 to atm protocol ?

  9. Just posting to confirm that I successfully flashed a v3B router yesterday, was painless thanks to the thorough instructions.

  10. Hi all,

    I’ve been reading this blog with great interest in the last few months. Good to see that Huawei have finally done the right thing and released the source code.

    If I were to go ahead and flash my router with a modified source code, what do you think Openreach would make of that ? Is the router their property or are you free to hack it up as you see fit ?

    How about purchasing an unbranded HG612 outright from somewhere (any clues?) and plugging that into an FTTC circuit – permitted or not ?

    excellent work. Asbokid, you’re a trailblazer.

    Dan

    • Hi, Dan,

      Thank you for your kind words :-)

      It is great that Huawei has kept to its promise by releasing the GPL’ed source code for the HG612. It does seem to have respected the spirit of Open Source software. In fact, Huawei has released more source code than was necessary to meet its obligations, which is even better! Somewhere on the internet is a Powerpoint presentation given by Huawei on the subject of OSS and the company’s recognition of the GPL, but it’s always nice to see words put into practice!

      I ain’t no lawyer, but would guess that the modem remains the property of BT Openreach, at the very least until the end of the minimum contract period, and maybe beyond that. The terms of the contract should clarify this.

      The risk in modifying the device is that it will become ‘bricked’, whether during the unlocking process itself, or from an incompatible update issued later by Openreach/Huawei. The latter doesn’t seem very likely, however, since the unlocking only modifies an XML file to lower the firewall level.

      In theory, if it does go wrong, Openreach could impose a charge for damaging its equipment, and for the call-out costs of replacing it. Openreach could blame the failure of the device on its unlocking, even if that wasn’t the cause. It is relatively easy to discover whether the device has been unlocked. This could even be done remotely, by checking the CRC fields in the firmware header, for example.

      As for buying a spare for unlocking, the HG612 is a BT-specific model, but the units do crop up for sale on ebay, periodically. There are also many similar devices that use the same Broadcom 6368 VDSL2 chipset found in the Huawei. For example, the Dare DB120-B2+ used by ChinaTelecom as its FTTC CPE can be purchased online for under £20. And with 802.11n, 4 ethernet ports, a USB port, more RAM, more flash memory, and a metal enclosure, the Dare is quite a bit better than the Huawei, too. [1] [2]

      cheers, a

      [1] http://translate.google.com/translate?hl=en&sl=zh-CN&tl=en&u=http%3A%2F%2Fwww.wifizoo.net%2Fviewthread.php%3Ftid%3D43049
      [2] http://forum.kitz.co.uk/index.php?topic=9707.0

  11. Without unlocking this modem, can it be used on an ADSL1 line simply just by plugging it into our filtered faceplate and then doing as for BT Infinity?

    • Hi Ed,

      I don’t think the modem will work with ADSL1 while it is still locked. The Huawei firmware defaults to PTM (and pppoe) for the Layer 2 interface whereas ADSL1 uses ATM (and pppoa).

      Once it is unlocked though, it should work fine. See the screenshots on this page for ADSL2+. The first screenshot shows an option for G.Dmt. This is also known as G.992.1 or ADSL(1).

      http://huaweihg612hacking.wordpress.com/2011/09/01/using-the-hg612-on-an-adsl2-line/

      Configured for ATM, the Huawei automatically runs a ppp daemon to manage the data link. In the normal FTTC configuration, ppp(oe) is managed by a separate device, usually the BT Home Hub or BT Business Hub.

      cheers, a

      EDIT:

      Thanks for your email about your participation in an Openreach trial of ERADSL1. Presumably, if the modem is supplied by Openreach then it will be configured already for that?

  12. So if I was to unlock it for my own benefit, how would I set it up so the HH3 could use the connection? Would it still be the same, its just I noticed the HG612 also supports authenticating itself, then I don’t see how the HH3 would work on the line?

    • Hi again, Ed,

      Sorry, I’ve never used a HomeHub, so can’t really comment.

      You only need one modem per subscriber line. The HomeHub3 has an integral ADSL2+ modem of its own (which makes its inclusion in the BTInfinity VDSL2 package rather strange).

      I recall there are different firmware builds for the HH3. One build is for BTInfinity where the internal ADSL2+ modem remains unused (since the HG612 VDSL2 modem is needed instead). And then there is another HH3 firmware build for ADSLn connections where the HH3 internal modem is used.

      The best places to ask would probably be http://forum.kitz.co.uk/ or http://forums.thinkbroadband.com/
      cheers, a

  13. Well I decided to Unlock the Modem using the unlocked firmware, and could not get it to sync on my line? I did exactly as the picture’s said on your website, and still it would not work?

  14. I bought one of ebay because I wanted to test with it before I got the OR one after xmas for the trial. I will e-mail some screen shots to you.

  15. Unlocked on 3B and works very well.

    Interesting stats – look forward to DMT mod for VDSL as I’ve no experience with Unix.

    Are the settings in the unlocked firmware exactly the same as originally configered by BT?

    • Hi Charles,

      Glad it worked for you!

      The settings in the unlocked firmware are identical to the original settings, except for the firewall setting. That has been dropped from the custom “BT” firewall rulechain (which blocks all LAN-side access to the device) to the “Standard” setting.

      As for the DMT tool, that has been put on ice because we don’t have a VDSL2 line to test it on. The modified source code is all there for anyone who wants to continue with it though.

      Cheers, a

      p.s. sorry about the delay in replying.

  16. Hello there i know im a little off topic but I’m trying to collect all the info and help i can get so here it goes
    i want to do this to a similar device an Huawei Echo Life HG861 GPON Terminal but I’m to newbie , anyway i already had some success I’m able to login to the device by web interface and telnet ,access the shell and have what i suppose are privileged rights on the machine, but after reading your blog I’m not so sure I have the right users because your web interface looks similar to mine but a lot more options ,so my question is can you please help me to find a way to retrieve all the users of the device in order to have full rights on it?

  17. This kinda of modding\hacking\unlocking gets me giddy with excitement. Then I hear my theme music start playing “White and Nerdy” – Wierd Al :D

    Your a cool dude, will be using this brilliant guide to unlock my kit, as my life with out RRD graphs isnt worth living.

  18. Just unlocked my 2B version of this using the SP10 unlocked FW and all is great, I have UI access to Modem + Router now

    Question though, line stats show

    Max: Upstream rate = 31364 Kbps, Downstream rate = 84876 Kbps
    Path: 0, Upstream rate = 20000 Kbps, Downstream rate = 79999 Kbps

    Speedtest still only gets me 75/16

    Is there a cap on the modem I can remove or a setting to make it sync faster ?

    Cheers ;)

    • You are synced at the maximum speed BT currently allow on their network. Nothing you change on the router will improve that.

      However turning off QoS has been seen to improve the upstream speed as for some reason BT have this configured with QoS enabled despite the fact there are no apparent rules configured.

  19. For anyone else having trouble getting the firmware images, the links to the unlocked/original firmware at the top right of the blog seem to be dead :-(

    The link to the Linux Toolkit for Building Custom Firmware works though (but it contains the original firmwares only – no prebuilt unlocked ones) so if you have a Linux box somewhere you should be able to use that to build your own.

    I’ve just updated my modem (installed today) – I’ve got the 3B, and the patch worked fine.

    Thanks to everyone for making this blog and the hard work in figuring everything out!

  20. The links to the firmwares that give a 404 page, if you look to the very left of the 404 page there is a menu bar, hit file > download, original and unlocked FWs are in the same dl

  21. Hi Daniel and Dave,

    Thanks for your messages and for pointing out the missing files. Google has gone bad again losing files.

    It looks like Google has lost the directory structures *sigh!*. In the past google did restore lost files, so hopefully that will happen this time, but if not there are some local copies to replace what is missing.

    See: http://productforums.google.com/forum/#!category-topic/docs/report-a-problem/eqK2PECbpW4

    EDIT: I’m not aware of a cap on the modem itself, Dave. People have reported that they squeezed out an extra half meg by changing the queue weights under [Advanced | QoS], iirc.

    EDIT2: The most important files lost by Google Docs have been manually uploaded yet again.. *sigh!* Thank you very much to Dave and Daniel for noting their absence.

    cheers, a

    • Hi Mike,

      It looks like Google has borked the migration of accounts to its new Google Drive service.

      I will endeavour to get the files restored. In the meantime, for those with a Linux box, the Toolkit will create an unlocked firmware image for you.

      cheers, a

  22. Pingback: Yay! I am a new sky fibre bb customer! - Page 4

  23. Has anyone looked at the power consumption of the HG612? It would be interesting to find out in financial terms what it costs to leave the modem on 24/7 for an entire year.

  24. I doubt it will be noticeable unless you are running your home on batteries !
    To put in comparison, I have my 950w PC running about 16 hours a day and that uses about £1 a day, without unplugging the adapter, I would guess about 1w ? so maybe £3.60 per year ?

  25. What makes you think that? I have a pre-pay electric meter that shows me £ by £ as it is being used. My system uses around £1 a day. I have to put the money on the meter, I watch it being used, I know how much it uses without the PC on and how much with the PC on.

  26. Who said anything about it running at 950w for 16 hours a day?, if you knew anything about PC’s you would know the wattage of the PSU is it’s maximum load ability, unless I built a system that pulled exactly 950w under load and I was running it at 100% for 16 hours a day, then it’s fairly obvious to the average joe that a 950w machine is not pulling 950w constantly. A pointless argument, I have no idea why you even replied. Bored ?

  27. Your comment suggested that it was otherwise stating a max power rating that its not running at is pointless. Perhaps as a suggestion stating the average power usage over the 16hrs might provide some form of a reference point. So knowing nothing about computers is a mute point, I could suggest that my PC with a 680 w psu used less than 1kwh when on over a 60 hr period however its in standby.

  28. What? So you suggest that everytime I comment on the power rating of my PC I have to connect up a power consumption meter and check how much it is pulling ? No. When someone is describing the power their PC is rated at, you tell them the wattage rating the PSU is marked as unless otherwise requested, ie. “What does your PC pull under max load” My comment did no such thing as suggest my PC constantly pulled 950w. Again this shows your lack of knowledge in this department. No-one who had a clue would ever suggest their PC constantly pulled the max wattage the PSU could provide. Infact, no-one with half a clue would fit a PSU to a machine that could pull that much from it and leave no headroom.

    Also the fact that you even asked about the openreach modem power consumption over a year is laughable. You have shown you know everything about nothing and really should be on a different site educating yourself on 1. Computers and electricity in general, and 2. How NOT to troll a site that has absolutely nothing to do with your ridiculous question, this site is about unlocking and modding the modem, not how many extra pennies it will cost you per year to run it. I suggest you get a clue. End of conversation. Back on topic.

  29. What are you on, it wasn’t even me that asked? You’re attacks on my apparent lack of knowledge will not cover you’re misleading information. Why are you getting so defensive? Perhaps we should do a little maths to work out your average load. So 6p per unit average. 16hrs 6×16 = 96p per day if you average max load. as your on a pay meter your tariff must be much higher. 1w 36p per year 10w £3.60 per year

    • Hi Sam,

      According to Huawei, the HG612 uses <6 watts of power, but that takes no account of the efficiency of the PSU, which will have a power consumption of its own.[*]

      Duplicated below is a post made to the ThinkBroadband forum back in March when there were concerns about the adequacies of the Huawei's PSU:

      ThinkBroadband contributor MHC has already performed some useful tests on the Huawei HG612. MHC discovered that the Huawei draws a peak current of 550mA on a 40/10Mbps 17MHz VDSL2 service. [1]

      His findings closely correlate with the specs published in the latest release (Feb 2012) of the BT Supplier Info Note (SIN 498 Issue 3.3) [2]

      According to British Telecom, the power consumption of the Huawei HG612 (“Type 1 VDSL2 Active NTE”) is <6.5W.

      6.5W = 540mA @ 12V.

      As an aside, the other VDSL2 CPE, the ECI B-FOCuS V-2FUb/I Rev.B ("Type 2 VDSL2 Active NTE") consumes <8.6W.

      The EU has issued Regulations (EC Regs 1275/2008) concerning the power consumption of broadband access equipment. The Code of Practice to those Regulations defines target efficiency levels for broadband CPE. Manufacturers are expected to meet those targets.

      For our interest – establishing the demands of the PSU of the HG612 – we need to know the full power operational state of the modem, rather than its power consumption in "standby" or "low-power" modes.

      The Huawei HG612 is powered by a Broadcom 6368 System-on-Chip (SoC). The 6368 is highly integrated and requires few external components that would add their own load. The 6368 integrates a dual-MIPS32 core, an analog front end (AFE) and a line driver, and a number of 'chiplet' modules. [3]

      The Huawei is based upon the Broadcom 96368MVWG board reference design. Several of the 6368 core modules are not used by the Huawei. These modules include a USB host controller and a SLIC controller for analog voice telephony. The 6368 also supports an external 802.11n transceiver but this is not present on the Huawei. To reduce power consumption, unused modules are disabled by the Huawei at boot-time.

      Broadcom has published a White Paper entitled "BCM63XX/BCM68XX Power Management" in satisfaction of those EC regulations [4] Several board reference designs are listed with their power consumptions in various states.

      The 96368MVNGR [VDSL2, 4FE, 802.11n (43222), USB] is the closest reference design to the 96368MVWG design used by Huawei for the HG612.

      According to Broadcom, the 96368MVNGR consumes 7.3 watts in Full-Power state. However, that figure includes the power consumption of an active 802.11n radio and USB host controller, neither of which are used by the Huawei. 7.3 watts must be well in excess of the maximum power consumption of the Huawei…

      7.3W = 610mA @ 12V.

      According to those back-of-envelope calculations, the original 700mA rated PSU supplied with the HG612 is quite capable of adequately powering the device safely.

      cheers, a

      [1] http://forums.thinkbroadband.com/fibre/4098966-power
      [2] http://www.sinet.bt.com/498v3p3a.pdf
      [3] http://pdf.eccn.com/pdfs/Datasheets/Broadcom/CM6368.pdf
      [4] http://www.broadcom.com/collateral/wp/63XX_68XX-WP10

      A few more back-of-envelope calculations using a power consumption for the Huawei of 6.5 watts:

      A unit (kWh) in the standard Southern Electricity tariff costs 12.09p + VAT.

      0.0065 * 0.1209 * 24 * 365 = yearly running cost for the Huawei HG612.

      Around £7 per annum, by my reckoning.

      As for the ECI, the other VDSL2 modem supplied by BT Openreach, with its slightly higher power consumption of circa 9 watts:

      0.009 * 0.1209 * 24 * 365 = £10 per annum.

      cheers, a

      [*] Measuring the true power consumption of a switched-mode power supply is not straightforward because of the way it draws current in pulses.

      See: http://www.allaboutcircuits.com/vol_2/chpt_11/2.html

  30. Hi, I have a HG612 v3B, installed earlier this year under the BT exchange programme. Unlocked firmware seemed to flash OK, and after the modem rebooted I got the login prompt as shown in the instructions. However, when I tried to log in using username admin and password admin, I was returned to the login screen with an error message something like ‘incorrect username or password, 1 failure’ (I don’t recall the exact wording). Further attempts to log in bounced me back to the login screen each time, but the error message did not reappear. I tried switching the modem off for a few seconds then on again, but this made no difference. I then connected the modem to the phone line. The DSL light came on and my router reported that it had it had re-established a PPoE connection to my ISP (BT Infinity). However, I found I had no internet access. I tried cycling the modem power – still no access. Finally I re-flashed the locked SP10 firmware and was then able to reconnect normally.

    Any suggestions?

    • Hi Greybeard33,

      Thanks for leaving a message. That’s strange.

      Did you try the telnet interface as well as the web interface? They are initially configured with the same “admin”:”admin” combination of username and password, but they can be re-configured differently.

      A long reset – achieved by holding the reset button on the HG612 for ten seconds after it has booted and stabilised – might solve the problem. A long reset forces the modem to use the default username and password (admin:admin).

      It’s a long stretch but could there have been an issue with the PC browser? The Huawei web GUI relies heavily on Javascript so if it is disabled or nobbled in the browser, that could cause problems. But it wouldn’t explain why you had no connectivity.

      Maybe a few screenshots of the Huawei’s GUI would clarify where the problem may lie.

      Perhaps log-in via telnet (using the Putty telnet client, not the poor offering from Microsoft), and have a look to see what is happening.

      Good luck!
      cheers, a

      • Hi asbokid,

        Thanks very much for the help. You were correct that it was a browser issue. I logged in successfully via telnet, even though using the Microsoft client :), then managed to log into the GUI from a different PC using both IE9 and Chrome on Win7. Finally I got it work on the original PC (IE9 on Vista SP2) by manually adding the modem address to the Intranet Zone (with default security settings), although it still seems a bit flaky. I haven’t yet found which particular setting was causing the problem.

        The connectivity issue turned out to be a “red herring” – the modem is now working fine with the unlocked firmware.

        Cheers, GB33

  31. I have the 3B model, what firmware do I want to flash?
    The SP06 or SP10??
    The guide doesn’t seem to explain what model needs what firmware
    Thanks
    Dom

    • Hi John,

      version 2 is the unlocked version (numbered so as not to confuse it with version 1, the original locked version!).

      If you’ve retained the original firmware image file that you flashed into the Huawei, you could always verify with md5sum that it is the same version.

      cheers, a

  32. Hi all,
    i have just bought a spare hg612 modem off ebay with the intention of unlocking it, will it log straight onto the isp network without any passwords as I dont know what mine would be.
    Thanks

      • Thanks for the info, got my new hg612 and now it’s unlocked. is their any thing i can now do to increase my through put speed. i have got 39998Mb showing on the xDSL layer, but my speed tests are only between 16 & 25Mb.

  33. We have found some success from disabling the QoS and all firewall options. Please make sure that you have an active Firewall and AV on your machines as what little protection this did offer will be gone. Remember firewalls don’t just stop people getting in they can stop them getting back out.

  34. Probably a perfectly obvious answer to this but I cannot connect to the internet via LAN2 (I have a homehub connected to LAN1 for wireless access)
    I flashed the HG612 without any problems and can telnet in via LAN2 to get the line stats etc but it would be nice to be able to access the net from that port as well, am I missing an obvious setting somewhere or is this not possible?

    Cheer

    • Hi Lucifa!

      Not sure what to suggest since I don’t have Windows 7. It sounds like a general networking issue, if networking is skewy on that laptop. Maybe try again with the other laptop you mention.

      cheers, a

  35. Pingback: Hacked FTTC Huawei Echolife HG612 two questions - Page 2

  36. How feasible would it be to add DHCP Option 61 (for authentication) to the DHCP client?

    It already supports Option 60 (I was quite surprised that it is actually labelled like that in the web interface, rather than “Host Name”, which I actually find rather confusing because you never know if you are using Option 60, 61 or something completely else…)

    There is (IMHO) a clear benefit for a certain UK ISP if you could handle DHCP authentication at the modem :)

    • Hi MrTOad!

      dhcpc, the DHCP client, should already support DHCP option 61. It looks like it is compiled in by default. Huawei generously released its patches to the dhcpc codebase.

      In the Huawei HG612 SP10 f/w source tree [1] (ignore refs to HG522) see under:

      ~/huaweisp10source/opensource/dhcpc/dhcpc.h


      /*started by g00121640 - dhcp request - option 55 - dns server */
      #define DHCPC_VERSION "\n V100R002C05 DHCP Client V3.03\n"
      /*ended by g00121640 - dhcp request - option 55 - dns server */

      /*start of .. by c60023298 */
      ...
      /* HG522 OPTION60 */
      #define DHCPC_OPTION60_SELECT_SWITCH

      /* HG522 DHCP - OPTION 61 */
      #define DHCPC_OPTION61_SELECT_SWITCH

      /* HG522 DHCP - OPTION 116 */
      #define DHCPC_OPTION116_SELECT_SWITCH

      /* VDF DHCP - OPTION 77 */
      #define DHCPC_OPTION77_SELECT_SWITCH
      ..
      /*end of .. by c60023298 */

      and also

      ~/huaweisp10source/opensource/dhcpc/dhcpc.c (line #1301 onwards)

      dhcpc could be re-compiled so that by default it always uses option 61, regardless of invoked command line parameters. It could then be dropped into the firmware tree and flashed in.

      This is Sky Broadband? Not sure what you would do with MER though. No doubt you know of the excellent wiki on Sky/MER by Matt Thornhill (mrmt32) [2]

      cheers, a

      EDIT: Chinese characters removed.

      [1] http://www.huaweidevice.com/worldwide/technicaIndex.do?method=gotoProductSupport&productId=3019

      [2] http://wiki.ph-mb.com

      • Yup, is SKY Broadband.

        And the whole MER thing has me confused… At the moment I’m using a pFsense box to handle the authentication as described here:

        http://forum.pfsense.org/index.php/topic,48663.msg260065.html#msg260065

        I have the feeling that configuring the WAN interface on the HG612 as DHCP and putting the same username|password string on the DHCP Option 61 field could work the same way.

        At least is worth a shot. It would open the door to using appliances like SonicWALL, FireBox et without having to use the Sky router as “intermediary” (figuratively speaking) or a pFsense box as I’m doing.

      • All this dealing with electronic equipment is killing my manners… every day I drift away a bit further from human courtesy… Thanks for looking into it :)

        I haven’t used a compiler for more than two decades, so recompiling the code might be a bit of a tall order for me, but at least I know what I had in mind is feasible… one step at a time :)

  37. How do you change from bridged mode to router mode? If I select EoA, I can see the option but I cannot establish a connection. When I switch to PPPoA, the modem can connect and it passes its internal ping test but the connected computer has no web access. I’ve tried the port binding options on both ports but no joy. DHCP is working fine. I have only one PC connected to the modem. Using SP10 unlocked firmware on a version 3B unit.

    Thanks

  38. Struggling still, found the menu item finally and downloaded. Do I use the .zip or the unzipped? The former, in common with many other attempts reports that it cannot be used as it contains an illegal image. My Macbook Air automatically unzips the file and then bins the original zip file. I recovered it.

  39. Asbokid, would you be so kind as to help a desparate Londoner with a port forwarding issue on the HG612. All the ports are forwarding fine at router level but I cannot for the life of me get them to open from the modems end and they seem to stay closed on the HG612. I cannot acess POP3 e-mail or my PS3 as the NAT just keeps on failing. My ISP keeps telling me that they are not blocking any ports and are of no help whatsoever. Pls could you e-mail me should you be willing to give me a hand. I cannot think of anyone better to ask for help. PS. I have opened up the HG612 using your firmware but all the settings are currently as BT left them after having done a soft reset. Thanking you in advance.

  40. hi.. about huawei bm622i. do you know how to hack change mac on this modem? i appreciate if you can help us… with lack of tut we are forced to pay for reconnection of this unit…. thank you

  41. Pingback: The ATP> configuration CLI and equipcmd | Huawei HG612 Hacking

  42. I got an HG612 today, followed the instructions and flashed the unlocked firmware. I even got it connected to my ISP, but somehow I have lost the ability to connect to the device – except to reflash firmware.

    I can hold down reset, power up, connect via browers in windows and ubuntu to 192.168.1.1 just fine with my PC ethernet address set to 192.168.1.100. I get the firmware update page and I can flash the original firmware or the unlocked firmware. Flashing appears to work just fine (the power light and Lan lights go off/on and stabilise after a couple of minutes). Both LAN ports appear to work fine but attempting to connect via various browers, PuTTY, KiTTY (in Telnet or SSH modes) fails. I do not get the HG612 Login Page. Pressing Reset when the device has booted appears to have no effect, I’ve held Reset down for 5s and released it, the Power light does not blink.

    I am at a loss to understand what to do next. Any ideas? If I leave it powered off will it reset to Firmware defaults?

    • Hi DMcDonnell,

      Oh dear, that doesn’t sound very good. Though since the bootloader web server is still running, all is not lost. That said, I’m lost for suggestions. The PC is still configured with a static IP address of 192.168.1.100? And the Huawei still has 192.168.1.1?

      If you hard-reset, that is, hold down the reset button for 5 or 10 secs once booted, the modem should always revert to its default IP address of 192.168.1.1 .

      Also, maybe try DHCP. The Huawei can be quirky like that. It doesn’t like a static IP address cropping up in its DHCP address pool, iyswim. Also, if you’re using a static IP address, it won’t let you use its dnsmasq nameserver. Quirky thing.

      Is there a firewall or net security settings in the way on the PC? Not even the telnet interface to know that the firmware is running fine and it’s just a problem with the PC?

      Hope you get it sorted, asap.

      cheers, a

  43. Good work, @asbokid, greatly appreciated. I left the HG612 powered off for a few hours, cold started my PC & laptop, reinstalled the unlocked firmware and bingo it came up perfectly. Damned if I know what I did wrong. Happily I have it working perfectly with my ISP, Vodafone Ireland, using PPPoE over ADSL2+.

    Couple of questions:

    Is it possible to save a configuration file? The option, in the Maintenance Menu, is greyed out for me.

    It is possible to use a BT Home Hub V3B as a wireless access point with the HG612 running the unlocked firmware on a non BT ISP? I suspect not. Some of the other BT Hubs with OpenWRT should work fine and that is probably the direction I shall take but the BTHHV3B looks nice and I’d like to have a play with it :)

    • Yah! Glad you got it sorted, DMcDonnell!

      Yeah, at a guess, BT asked Huawei to grey-out that option. It is present and working on other Huawei devices. Bit of a shame, but the configuration file can still be gotten via the telnet interface! And it can be restored via the web interface!

      Sorry, don’t know anything much about the HH 3.0b. The one here got broken. Though the team at psidoc.com are studying it with a view to unlocking it, and putting openwrt on it. It has an unusual (unique?) firmware architecture on it, iirc.

      cheers, a

  44. Do tell how to save the config via telnet, please.

    I have a working BT HH 3.0b if you want it. I cannot use it here. I am aware of the efforts on Kitz & PsiDoc to crack it and of your contribution to that, and previous successful, efforts.

    Cheers, Dermot

  45. Thanks for the kind offer, Dermot. The HH3.0b doesn’t do much for me though! As for the firmware config, come to think of it, there is some almost identical firmware for the HG610V which isn’t nobbled in that way. It should flash in and run fine. Lemme check! cheers, a

  46. Hi,

    I am having trouble getting to the upload screen. I have connected it to my computer with an ethernet cable in lan2. The computer is configured to 192.168.1.100 and 255.255.255.0. Pressed reset, power unplugged, plugged back in and reset held for a further 5 seconds. Router also still plugged in but i have tried it both ways.

    The lan2 and lan1 lights flash like crazy and then both turn off and only the lan1 come back on. At no point can i access the routed through 192.168.1.1. Any ideas where i am going wrong?

    Thanks

    • Hi Callum,

      Sorry to hear it’s not working for you.

      Common problem is a firewall in the way on the PC. What operating system is running on the PC? Sounds like a network configuration issue. Firewalling or routing, or similar. Maybe try another PC, a different browser, or a Linux Live CD?

      Good luck! It will get sorted, just a bit of tinkering needed somewhere.

      cheers, a

  47. Thanks for the fast reply.

    I am using windows 7 currently. I just looked and i have windows firewall turned off. Microsoft security essentials needs to be disabled maybe? I have another pc i can try it with tomorrow as well.

    Should i only have ipv4 enabled on the adapter?

    I’m not sure if this explains why the lights would stop flashing completely. The network light flashes on my laptop port but nothing comes back from the router.

    • It shouldn’t be a problem if IPv6 is also enabled. It’s IPv4 that matters. Flashing ethernet lights normally indicate the presence of traffic. Whereas, perhaps, the HG612 is just sitting there, waiting for a connection that never arrives for some reason. My money is on the PC network config. Some security application preventing the network connection to the Huawei, perhaps. Hope you get it sorted soon, if you haven’t already, Callum.
      cheers, a

  48. @asbokid said “As for the firmware config, come to think of it, there is some almost identical firmware for the HG610V which isn’t nobbled in that way. It should flash in and run fine. Lemme check! cheers, a”

    Any joy?

  49. @asbokid

    My HG612 is in a production environment now. I will buy one on ebay and test the HG610V firmware on it. When does your HG610V auction kick off? I’d like one of those.

    btw, you may have seen that Zack Cutlip succeeded in hacking the BT Home Hub 3B, see Kitz/PSIDOC for details.

    Very many thanks. Greatly appreciated!

    • Hi DMcDonnell,

      Interesting re: the BT Home Hub 3b. Judgment is reserved until some source code is actually published that persuasively demonstrates a remote exploit.

      Several aspects to his claims are not ringing true.

      At best, the firmware of the device is reportedly running in the very controlled emulator environment. That is not the same thing as hacking a networked device. We need to see whether that is the case..

      Though of course, whether the claims are genuine or not, it’s great for raising the profile of your “network security” business! ;-)

      cheers, a

      P.S. The auction of HG610V devices is running now. Just a couple left out of the current batch. All yours if you want it. Not everyone likes dogs, so probably going to do the next batch for another charity. Not sure which yet. Any suggestions? Trocaire, maybe? Or perhaps Shelter?

  50. Thank you for your insight into the BT Home Hub 3.0B hack claims, I see it may be only hacked in theory…. not really the same thing. It will be interesting to see how it pans out as BT are aware of developments.
    I shall await your next batch of HG610s. I have been out bid on both HG612 I make offers on recently. It is very decent of you to route funds to various charities. I would consider making a donation to the likes of OpenWRT, psidoc and the like also.

    Regards, Dermot.

  51. Excellent way of explaining, and pleasant paragraph to obtain facts on the
    topic of my presentation subject, which i am going to deliver in school.

  52. Anyone heard any news about unlocking the HH3 Type.B yet? All I would like to do is modify the default DNS addresses that DHCP gives out.

  53. Hi Guys..

    Fantastic site! I am on an ECI cab with an 80/20 Infinity2 product from BT. I have purchased a “new” HG612 rev 3b from ebay and intend flashing it with the SP10 hacked firmware once I get my hands on it. My intention is to use the modem as a full router/firewall and get rid of the HH3 thingy.

    Has anyone tried this configuration? Can I expect problems?

    Thanks for being patient with a newbie.

    Cheers..

    • Having spoken to A. on this subject, I know that he does not have a VDSL2 based service and nor do I. Hence no first-hand experience of its use on VDSL2.

      With regards to using the HG612 as a full modem/router/firewall/NAT device/DHCP server/DNS server/etc (have I covered everything? ;) ) I would suggest that you make appropriate investigations to see if its processor will really be capable of running all those services at the rate that an 80/20 Mbps configured line would require.

      As for anyone having tried that configuration, yes I do believe so. Let me see . . . Ah yes, I have a link to a ThinkBroadband forum post [1], from around nine months ago, that may help you decide.

      [1] http://forums.thinkbroadband.com/fibre/f/4109217-huawei-hg612-working-as-a-router.html

      • Thanks for that burakkucat…

        I had seen that thread, but was more concerned with performance and reliability issues.

        I can now confirm that, whilst the HG612 works faultlessly as a modem/router in that the chipset syncs fine with the ECI dslam, performance suffers significantly as soon as the firewall is enabled… I guess the processor is not up to the work required for packet inspection on a VDSL2 connection. With the original Openreach equipment, I was achieving 72Mbit down and 17Mbit up on speed tests… With the HG612, the web interface showed that I had a line rate of 79999 down and 20000 up, however, the downstream speed test reduced to around 52Mbit and remained at that speed fairly consistently when the firewall was enabled.

        So, I have switched the hacked HG612 to bridged mode and use a Cisco 2911 (scrounged from my son) for router and firewall.. This performs as fast as the original equipment, but I have the advantage of seeing line stats and have a fully configurable firewall.

        Many thanks for the firmware and keep up the excellent work … :-)

        John

  54. Loading the SP10 unlocked firmware works great, thanks. I am having a frustrating problem that I hoped you may be able to help with.
    I have changed the hg612′s lan address to 192.168.1.2. My router(Netgear WNR2200) is set to 192.168.1.1(DHCP 192.168.1.3-254).
    I can access the hg612 fine when on the LAN locally but if I try to set up a standard port forwarding rule up on the Netgear router(ie. WAN:8888 -> 192.168.1.2:80) it refuses to forward.
    Probably more of a Netgear issue but just wondered if you had managed to access the hg612 from the WAN and how it can be done. Thanks.

  55. FWIW, the only way I have managed to access the HG612 remotely is to access one of the PCs connected to the Netgear WNR1000v3 router via LogMeIn, whereby I can control that PC as though I was sat in front of it & thus access the HG612 as per usual, with a spare router port being connected to the HG612′s LAN2 port.

    I do not have any ports forwarded etc. as the HG612 & Netgear are both in their default configurations (apart from the HG612 being unlocked).

  56. Morning Gents,….

    If I wanted to use Lan2 on my Huawei HG612 EchoLife VDSL2 modem-router for my games console can someone provide me with the info on how to do this?

    If it is possible of course?

    Thanks in advance

    • It depends whether you are using the HG612 on a VDSL2 (FTTC) or an ADSL2+/ADSL2/G.Dmt service.

      If the former then no, it is not possible. If the latter then yes, it can be done. So to which type of service do you subscribe, in As7ro-land?

  57. Hi,
    Firstly, thanks to all involved to unlock the HG612.
    Secondly, thanks to all involved to unlock the ECI – hopefully mine unlocked by the end of the week :)

    Just really wanted to confirm my use of HG612. I had FTTC installed 3 days ago and was supplied an ECI router. I have an unlocked HG612 for curiosity testing with my old ADSL connection. The engineer said it was best to use an ECI modem to match the ECI dslam but said HG612 should work ok. He did not know I had a HG612.

    So when using the HG612, I experienced the same as hangar18 in terms of speed – both the original openreach equipment and with the HG612 in bridge mode = 72Meg/17Meg but when using the HG612 as the modem to connect, it was reduced to 60Meg.

    However, saying that, my speed estimate before FTTC install was 58Meg and I was seeing a lot of errors in bridge mode and experienced web pages not wanting to load (although I could ping). I think DSM has kicked in now and in bridge mode = 60Meg/17Meg with hardly any errors – although I wonder if using HG612 as the modem to connect forced this.

    Same experience was true with HG612 and my old ADSL connection, it connected at a lower speed than my DG834gv2. say around 2Meg as opposed to 2.8Meg – my speed estimation was about 1.8Meg so I do think that the HG612 has a better understanding of the capability of your line.

    In terms of use, I have been using the HG612 as the DHCP server, coupled to a DG834gv2 and default ISP FTTC router, it was handing out IPs to my wireless devices no problem. I had the firewall enabled and didn’t notice any problems there. I also had games console on LAN2 with no problems.

    I am back to using the ECI right now (only been 3 days since install) as I want to see if my connection still has errors (web pages not loading – although I could ping) but I think the drop in speed may have resolved this.

    Have nice day

    • Hi KerPow,

      Thank you for sharing all of your observations. Others will doubtless find them useful for their own comparisons.

      It will be great when, or if, the ECI is fully understood for obtaining stats for comparison, too.

      Cheers, a

  58. Heya,

    i bought an hg612 and got it unlocked now but i still dont understand how to make it connection to the internet via pppoe. I made following settings:

    ATM: “VPI 1 VCI 32″ “DSL LATENCY PATH0 and PATH1″ “EoA” “VCMUX” “UBR Without PCR”
    WAN: “Layer2 interface at,1/(4_1_32)” “WAN connection Enable” “Service List Internet” “Port binding nothing” “Connection mode Route” “Connection type PPPoe” “Username and Password” “DHCP spoofing and others off” “Authentication mode Auto” “Dialing method Auto”

    Those settings work with my Vigor 2850 but the hg612 always shows “pendingdisconnect”

  59. Connection established now, but still a problem. If i connect any of my computers to the hg612 it doesnt route me into internet. Whats wrong with this? I connect to Lan-Port 1 which is bound to WAN and set the hg612′s ip as gateway but i cant acess the internet.

  60. I have flashed and can access the latest firmware by plugging PC directly into LAN2.

    I have then reconfigured LAN2 as 192.168.1.2 so it does not conflict with my router/switch web interface on 192.168.1.1. Can still access HG612 via 192.168.1.2 if PC plugged directly into LAN2. However, if I daisy chain my PC via my 4-port router/switch (i.e. PC into 4-port router/switch, then plug HG612 into another port on the router/switch) I can no longer access the HG612 web interface via 192.168.1.2 (using HG612 LAN1 or LAN2), though bridged internet access still works fine (via HG612 LAN1) in this daisy chained config.

    Surely I should still be able to access the HG612 web interface if PC plugged in via my 4-port router/switch? Is there some config I need to change? Any help appreciated.

  61. It still doesnt work, it connects to internet very well but if i plug anything to lanport and set up its ip-adress as gateway it doesnt let me in to internet. If i ping from web-management to internet-adresses it works but it just doesnt route my computers into internet. Whats wrong with this?

  62. It works now without any issues, i configured it to bridge ppoe and use it as modem. It is connected to my mainrouter, makes no difference because it is in both cases the same way connected.

  63. Handy tip for anyone wanting to use the modem in bridge mode but still have gui access via wireless.
    Configure your lan subnet the same as the modem, plug lan1 in your router wan port as number then lan2 from the modem into a lan port on your router.

  64. All they need to do is to enroll with their name, email, contact number and country and vemmabuilder will cater to the particular country of the person.
    It won’t take you extremely long to work out what way to employ it. We saw earlier that we could, through links to email addresses, contact directly with an email.

  65. Then, write a short ad copy that lays more emphasis on
    the product’s benefits. com, but they also promise earnings everytime you use the site. Turbo Tax is just as safe to use as going to a tax professionals.

  66. What’s up Dear, are you actually visiting this site on a regular basis, if so after
    that you will absolutely take fastidious knowledge.

  67. It’s the best time to make some plans for the future and it’s time to
    be happy. I’ve read this post and if I could I want to suggest you some interesting things or advice.
    Maybe you could write next articles referring to this article.
    I want to read even more things about it!

  68. Pingback: Unlocking a HG612 Revision 3B | newspaint

  69. We’re a gaggle of volunteers and opening a new scheme in our community.
    Your web site offered us with useful info to work on.
    You have done a formidable task and our whole group can be thankful to you.

  70. The reset button serves three purposes:

    (1) With the HG612 powered up, a “press and release” will cause the device to re-boot.

    (2) With the HG612 powered up, a “press, hold for 5 – 10 seconds, then release” will reset the device to the default configuration and cause a re-boot.

    (3) With the HG612 currently powered down, a “press, hold, power up the device, continue to hold for 10 – 20 seconds, then release” will cause the Broadcom bootloader firmware update page to be accessible from the default IPv4 address of 192.168.1.1

  71. Hi i dont suppose anyone could help me? i need to use the second ethernet port on the router but i cannot for the life of my figure out how to? any help

    Thanks!!”

    • A couple of questions for you, George.

      (1) With what service are you using the HG612 device? G.Dmt, ADSL2, ADSL2+ or VDSL2?
      (2) For what purpose do you wish to use the LAN2 port?

  72. There quite a bit of focus now on the names in the mistresses, the photos of the mistresses,
    and also the possible sex tape from one from the mistresses.
    When the brain is riding normal sleep architecture, it’s going to produce more theta (the regularity that’s responsible
    for drowsiness) in the evening and, automatically less during the day.
    Being around those who do not drink alcohol
    is also very important.

  73. You really make it seem really easy together with your presentation but
    I to find this matter to be really one thing that I feel I
    might never understand. It sort of feels too complicated and very extensive for me.
    I am taking a look forward for your subsequent put
    up, I will attempt to get the hold of it!

  74. Can I ask a stupid question?..

    In lay terms, what is this box? BT have installed one at my mum’s house along with a BT branded router. She is supposed to have Infinity connection but I can’t connect any devices wirelessly – my devices are saying the connection is too slow…?

  75. I’ve recently hacked a HUAWEI HG612 (and am using it in conjunction with a BILLION BiPAC 7800DXL which has worked flawlessly on a previous Virgin Media connection) and can’t get any ports to open/forward at all.

    I’ve left the HG612 configuration completely default (other than changing the LAN IP address) and as it’s in default bridge mode (no NAT etc) I assumed all ports would be ‘open’ or passed through. I’ve tried changing every setting I can see with no luck. If I do a port scan (https://www.grc.com/x/ne.dll?bh0bkyd2 etc) then it shows all ports as ‘Stealth’.

    Settings for DMZ and Port Mapping etc are only configurable on Interface pmt1.301 (where it’s Interface pmt1.101 that’s bound to the physical LAN1 port) which makes sense but doens’t help any.

    Any help would be greartly appriciated, I really don’t want to have to install this all-in-one hub that BT now supply but might have to.

    Many thanks in advanvce.

    • What an absolute, utter and total buffoon I am!

      Typing this message made me go and check something within my router and, lo and behold, I’d been opening the ports on the wrong WAN interface. What a doughnut! All is working fine now as it was on my previous connection.

      Anyway sorry for bothering you, thanks for the unlocked firmware and documentation and many apologies for the appalling spelling and typos in my above comment.

  76. Hey,

    I got my modem unlocked and was wondering if there’s anyway to set the correct date and time for logging purposed? Also, can I change the telnet password, and enable SSHD?

    Thanks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s