Franks Electric Dreams

ZTE MF910/ZTE910B/ZTE MF910V/Telstra MF910v  This guide exists in both linux and windows format Please follow the instructions as per O/S or untill instructions converge |+++++++++++++++++++++++++++++++++++++| Default credentials: For ZTE MF910/ZTE910B/ZTE MF910V/Telstra MF910v root:oelinux123 Web Interface Password: password |+++++++++++++++++++++++++++++++++++++| Getting Setup: Download the mode switch html to run locally: http://lopoteam.com/3AY9 Also ensure you have ADB (Android Debug Bridge) installed on your computer: ADB: Linux: https://dl.google.com/android/repository/platform-tools-latest-linux.zip http://lopoteam.com/37Bw Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip http://lopoteam.com/37Ac |+++++++++++++++++++++++++++++++++++++| Lets Begin |+++++++++++++++++++++++++++++++++++++| Plug your device into the computer to download drivers. Linux: Open Terminal cd ...

ZTE MF910V Mode Switch / ADB Enable / AT Commands / Debug AT mode : /goform/goform_set_cmd_process?goformId=SET_DEVICE_MODE&debug_enable=X Change X to either 0 or 1 this enables and disables qualcomm services, Debub / Adb :  /goform/goform_set_cmd_process?goformId=USB_MODE_SWITCH&usb_mode=X Change X to be the value matching the desired mode. 1-4 is RNDIS 5 is CDC 6 is ADB. or this page is uploaded to any web dir: UPDATED(2017) Download this file: tools.html Upload it to any directory and use it to switch thru modes via html

ZTE MF910V LFI : HTTPshare exploit Telstra MF910V: passwords are base64(encode) The Config file has the sd card function turned off in the basic state SD_CARD_SUPPORT: true or false mf910v SD_BASE_PATH: / from mf65 /*** SD 卡根目录 @attribute  {String} SD_BASE_PATH */ SD_BASE_PATH: '/mmc2', change to '/' menus relating to httpshare are stripped out (webs)/js/config/menu.js in this file the following functions are commmented out #httpshare_guest #sd (sets the menu item up again) #sdcard(settings part for sd card menu) #httpshare(file viewer for sd card menu) by un commenting these we can enable the sdcard function again we need to change the pre path in the httpshare.js file we will change this to '/mmc2' /** * 前置路径，发现有的设备会将sd卡数据显示在web目录 *  @attribute  {String} prePath *  @example * prePath = "/usr/zte/zte_conf/web"; */ var prePath = "/mmc2";// "/usr/zte/zte_conf/web"; then use the commands...

///ZTE mf65 Mode Switch/// this page is uploaded to any web dir: UPDATED(2017) Download this file: mode.html Upload it to any directory and use it to switch thru modes via html Modes: factory_mode">Download Mode(DIAG+AT+MODEM) debug_mode">Debug Mode(RNDIS+DIAG+AT+MODEM) work_mode">Work Mode(RNDIS)  1. After you have selected and applyed the switch, check the page title for status, then refresh! To return to default mode Send AT+ZCDRUN=9 Then AT+ZCDRUN=F to COM(X) ZTE NMEA Device

///////ZTE MF65 -- Unlocking A Few More features (Fastboot) /mf65_efs/Secondary/web/js/config/ufi/mf65/menu.js  or /js/config/ufi/mf65/menu.js By changing the file that controls the menus we can enable/disable a few more options like: ((#phonebook)) #group_common #group_family #group_friend #group_colleague ((#status))  #STK #traffic_alert  #USSD ((#Wifi_setting)) #ap_station ((#device_setting)) #update_management #dlna_setting #fastboot ((#firewall )) #port_filter #port_forward #port_map #system_security #dmz #upnp we simply remove the commenting out and re upload the file and this will enable any function that has been left out; use/see previous methods for ways to do this if unsure [extra note] this file can also be used to disable the httpshare for guests this file can be used to either strengthen or weaken a routers structure and presentation to anyone able to access ...

iiNet Budii(1031) (Telnet Access) so telnet was always another open port available to us from the network, although it never responded to any login attempts even if we 100% knew the password and user was correct; This was solvable by one of two approaches. (1) The easiest by far was to simply grab the consumer release of the firmware, inside its folders is a compilable c file for telnet (they've named it telnetc) Budii1016_consumer_release/bcm963xx_4.12L.01_consumer /userspace/gpl/apps/telnetc  this is a pretty basic busybox telnet file a few modifications have been made over the years  one includes this little function     telnet_data_set_autheninfo(&g_telnet_data, "iismshamswii", "i20U18r4E3");     addr.s_addr = inet_addr("10.1.1.1");     telnet_data_set_serverinfo(&g_telnet_data, &addr, 23); meaning that iismshamswii will work as the username with i20U18r4E3 as the password ...

In the last mf65 post  we covered the local file listing method  and briefly touched on the changes to the config file  for constant file listing for the sd card functions i managed to soft brick my device by directory transversal on the sd card base path basically the router would try and load the httpshare page, get to the share path and sd base path, ultimately just reading /mmc2/../ and it would just freak out and not load so it sat around for a while. Now im back and have a solution that,  fixes my problem and gives us access to the internal files we will need a windows machine (xp++)  QPST, the modem drivers and putty  (ZTE WCDMA technologies MSM issue ??) (if you cannot find the drivers keep looking they are around try dcunlocker support files(i had to try several drivers before my machine acknowledged them)) using :   /goform/goform_process?goformId=MODE_SWITCH&switchCmd=FACTORY ...