///ZTE mf65 Mode Switch(Updated)///

///ZTE mf65 Mode Switch///

this page is uploaded to any web dir:
UPDATED(2017)

Download this file:
mode.html


Upload it to any directory and use it to switch thru modes via html

Modes:
factory_mode">Download Mode(DIAG+AT+MODEM)
debug_mode">Debug Mode(RNDIS+DIAG+AT+MODEM)
work_mode">Work Mode(RNDIS)

 1. After you have selected and applyed the switch, check the page title for status, then refresh!

To return to default mode Send AT+ZCDRUN=9 Then AT+ZCDRUN=F to COM(X) ZTE NMEA Device

///////ZTE MF65 -- Unlocking A Few More features (Fastboot)

///////ZTE MF65 -- Unlocking A Few More features (Fastboot)

/mf65_efs/Secondary/web/js/config/ufi/mf65/menu.js 

or

/js/config/ufi/mf65/menu.js

By changing the file that controls the menus

we can enable/disable a few more options like:

((#phonebook))

#group_common

#group_family

#group_friend

#group_colleague

((#status)) 

#STK

#traffic_alert

 #USSD

((#Wifi_setting))

#ap_station

((#device_setting))

#update_management

#dlna_setting

#fastboot

((#firewall ))

#port_filter

#port_forward

#port_map

#system_security

#dmz

#upnp

we simply remove the commenting out and re upload the file and this will enable

any function that has been left out;

use/see previous methods for ways to do this if unsure

[extra note]

this file can also be used to disable the httpshare for guests

this file can be used to either strengthen or weaken a routers structure and presentation to anyone able to access its the websever.

(((Warning...))))

please be mindful of the closing brackets on the file

iiNet Budii(1031) (Telnet Access)(With Username and Password)

iiNet Budii(1031) (Telnet Access)

so telnet was always another open port available to us from the network,

although it never responded to any login attempts even if we 100% knew the password and user was correct;

This was solvable by one of two approaches.

(1)

The easiest by far was to simply grab the consumer release of the firmware,

inside its folders is a compilable c file for telnet (they've named it telnetc)

Budii1016_consumer_release/bcm963xx_4.12L.01_consumer

/userspace/gpl/apps/telnetc 

this is a pretty basic busybox telnet file

a few modifications have been made over the years

 one includes this little function

    telnet_data_set_autheninfo(&g_telnet_data, "iismshamswii", "i20U18r4E3");
    addr.s_addr = inet_addr("10.1.1.1");
    telnet_data_set_serverinfo(&g_telnet_data, &addr, 23);

meaning that iismshamswii will work as the username

with i20U18r4E3 as the password

so we have logged in now we use iinet@sh to break the cli and we have full access to the router

(2)

searching the strings of the telnetc file on the router obtained by any earlier method will have provided those two pieces of information as they are hard coded into all of the routers using that firmware without that part being patched or otherwise dropping the telnet packets  

(extra note)

iiNetBoB
^^^can be password changed by admin with a external mips passwd program[usb], but only until restart.