By Ric
To all having problems with the webpage use the android app, it works perfectly... If you don't have a android device or if you have the latest android version (the app crashes in lp) then go ahead and install jellybean 4.3 in virtualbox and install the app in there (this is the ONLY thing that worked for me)
http://www.techverse.net/how-to-install-android-43-jellybean-windows-computer/
BTW for those who don't have compatible firmware, you can grab 6h2d30 and downgrade from 6h2d45 from this site
http://www.dslreports.com/forum/r29495723-NVG510-Firmware-Update?r=0.569024503414475
posted at 10/23/2015 7:27:26 AM
Go to Comment
By Nico
Hello Earl. The application closes after I enter the access code each time? Not entirely  sure what I could do.  Thanks
posted at 9/20/2015 1:39:24 AM
Go to Comment
By Anonymous
Who df is stupud enough to ddos themself
posted at 9/9/2015 3:20:26 PM
Go to Comment
By Anonymous
Haha, I am thinking about DDoSing my friend's Minecraft server. I know a ton of DDoS programs and I've DDoSed my own internet with a PoD DDoS attack before. I know what I'm doing, and I could probably take down my school's internet if I had enough people.
posted at 9/8/2015 11:57:13 PM
Go to Comment
By Anonymous
Didn't work for 599 :-(
posted at 9/5/2015 7:25:28 AM
Go to Comment
By Anonymous
Sums up my High School Career perfectly.
posted at 8/27/2015 6:43:07 PM
Go to Comment
By tiger-atl
Earlz, Thanks a million for this root.  Does this make it possible to enable loopback NAT?
posted at 8/26/2015 3:44:07 AM
Go to Comment
By Jae
Hi -- the bridge mode does not persist after reboot.  We completely lost internet the day after this was setup, the customer rebooted the modem, and we ended up with double NAT after reboot.  No factory reset, no nothing.
posted at 5/13/2014 3:56:00 PM
Go to Comment
By Kenneth
Hey, I got into the router just fine, however it dumped me right to nsh as soon as I telnetted in, not sure if that is a problem or not. Secondly when ever I change mgmt.lan-redirect.enable to off and go to save it says the directory is dirty and wont let me save my changes. Any idea on how to change this?
posted at 5/9/2014 4:44:52 PM
Go to Comment
By Anonymous
> You can even use rust to write an OS kernel with just a bit of added assembly. Try doing that with C#.. 

http://en.wikipedia.org/wiki/Singularity_%28operating_system%29


But I do agree, Rust is a lovely language.
posted at 5/6/2014 10:29:31 AM
Go to Comment
By Phil
Interesting post, Rust is certainly looking to be an interesting language. If you like type-safe, highly-error-checking native-code-producing languages, have you ever tried Ada at all?
posted at 5/3/2014 1:04:14 AM
Go to Comment
By Anonymouse
Do look into D too, it's shaping up into something real nice.
posted at 5/3/2014 12:52:03 AM
Go to Comment
By Nick
I enjoyed your post.  You have an interesting viewpoint on open source, do you think you could send me a PR: https://github.com/nickdesaulniers/What-Open-Source-Means-To-Me ?
posted at 5/2/2014 10:31:37 PM
Go to Comment
By KZ
First of all thank you for all the hard work to find this vulnerability and create this site. Kudos! I am a very unhappy AT&T customer who has for almost 6 months been trying to get my NVG589 into bridge mode. I have tried a variety of methods all suggested by different people on line. occasionally one will work for a couple of days and then quit again. I have never been able to replicate success so I thought I would give your hack a try. I have tried to use the hack locating the nonce value and plugging it into your control2 page script. I very quickly get a response from the RG on the update page saying "invalid firmware image". After rebooting the RG I am not able to access the CLI on port 28. I have tried a simple telnet from the CLI in windows 7 as well as putty both result in a connection failed.  I then took a look at the nonce value again and noticed that it changes with each reboot of the RG. I don't know if that is significant but I thought I would mention it.I have tried this several times with no 
posted at 5/2/2014 8:45:14 PM
Go to Comment
By Earlz
No, there isn't. I've stopped working on it. 
posted at 5/2/2014 2:52:54 PM
Go to Comment
By ThaCrip
Shaun said... "That is what I did, but in my case the NVG-510 continues to pull the working public IP, and the DD-WRT router pulls a different, non-working, but public IP."

also, i noticed i got to generally go into the DD-WRT router and under it's "Status > WAN" section that you have to click the 'DHCP release' and then wait a few seconds and then click 'DHCP renew' and then the DD-WRT router should attempt to make a connection (it usually works pretty quickly in my case) as i have the 'Setup > Basic Setup' and under the 'WAN connection type' have that set to 'Automatic Configuration - DHCP' and i got the MTU set to 1500 (i am not sure if the MTU setting matters).

p.s. sorry for the nearly 3 month late reply.
posted at 4/30/2014 10:29:07 AM
Go to Comment
By Earlz
I am temporarily disabling comments due to spam. Until I get better spam blocking support, please email me at earlz -at- this domain (earlz dot net) with issues
posted at 4/10/2014 1:46:23 PM
Go to Comment
By Earlz
I am temporarily disabling comments due to spam. Until I get better spam blocking support, please email me at earlz -at- this domain (earlz dot net) with issues
posted at 4/10/2014 1:45:55 PM
Go to Comment
By Anonymous
This was working. Now all I get is a "failure to connect, no login prompt" error message.
posted at 4/8/2014 6:45:00 AM
Go to Comment
By Bullltaco
Any updates to getting this thing rooted?  If so, please post or email to bullltaco@gmail.com.
posted at 4/3/2014 6:04:32 AM
Go to Comment
By JAW
Earlz, I don't know if you still monitor this page, but I figured I would give it a shot.  I have followed your instructions and I still can not get to the root.  Every time I put the nonce value in your page I get a invalid firmware message.  I have a NVG510 with •NVG510 9.0.6h2d30 firmware, Windows 7 (64 bit), IE 11 and I am connecting via CAT5 cable with no other devices connected to NVG 510.  Any suggestions?  I don't have access to an Android device otherwise I would do the $3.00 app.
posted at 4/2/2014 1:28:14 AM
Go to Comment
By Drewcycle
Thank you for creating this! I can hardly believe what a POS RG ATT chooses to use for their vaunted 'UVerse'. Can this app be used to enable Port Forwarding through a static, public IP to our privale LAN without having to use an additional router behind it? On our old DSL this was cake, just poked pinholes, but talking with an ATT tech he said it cannot be done with the new unit. But then he said the DHCP can't be turned off, either. For the moment, as a workaround, I am using the upstream address that the device lists as its Broadband address even after enabling the Public IP option. But the Tech told me that that IP address is dynamic so we cannot rely upon it. I know it isn't a big deal but it is the principle of them demanding I use a crippled piece of equipment. They are so arrogant.
posted at 4/1/2014 8:38:59 PM
Go to Comment
By bobthecat
My goal is to improve the VOIP line going through the nvg510, to do this I think I need to put the nvg into bridge mode and put configurable router behind it. Will this app help me? Reading above it seems like problems occur when ATT updates the firmware, how often does this happen?  
posted at 4/1/2014 8:13:26 PM
Go to Comment
By XRumerTest
Hello. And Bye.
posted at 3/30/2014 9:19:26 AM
Go to Comment
By whoezdaboss
I just purchased the app for a motorola NVG589 and it does not seem to work. I am getting this error: "Does not appear to be an NVG510. This may not work yet on the NVG589 and other modems. Sending Backdoor installation script Error: Enabling telnet backdoor did not seem to work.

DONE!"

So does this mean it did not work? 
posted at 3/23/2014 7:29:27 PM
Go to Comment
By Anonymous
I have a wireless access point ( no ports other than wan port)
I would like to use this as before to do all my port fowarding  and just use the uverse modem which is wireless with ports
If this can be done if you coud let me know 
Thanks
Denton
Email  zeeworldproductions@gmail.com
posted at 3/21/2014 7:35:06 PM
Go to Comment
By Samizdata
Well, it didn't work quite as listed, but I have managed to enable UPnP and also get the redirect disabled.  Now, does anyone have a clue on how to properly reset the device list?  (Sorry, no Android device.)
posted at 3/19/2014 11:51:38 PM
Go to Comment
By john
I'm getting page cannot be displayed in both IE and FF trying to root the modem. How does your page know how to access the modem? Mine is not on the default IP and it's not listed on my PC as the gateway because I have a router behind the modem. 
posted at 3/19/2014 12:03:17 AM
Go to Comment
By john
Sorry I also meant to ask where is the Wiki mentioned in the first comment in this thread?
posted at 3/18/2014 8:05:34 PM
Go to Comment
By john
I'd like to get the app just because it looks way easier. Do I need to install the backdoor before enabling uPnP and true bridged mode? Currently I'm using some complicated configuration with IP Passthrough that doesn't seem to really do what I need. Should I do a factory reset before using your app? Does the factory reset put the subnet back to 192.168.1.x? 
posted at 3/18/2014 8:04:49 PM
Go to Comment
By Earlz
umm.. both. So, the exploit has been changed so that it doesn't need that telnet shell. It now installs a backdoor telnet shell on port 28 that can reach a root shell and activate bridge mode and such. 
posted at 3/12/2014 6:45:27 AM
Go to Comment
By Anonymous
I'm interested in buying your app to support the time you've researched on it, and set up a bridge mode from an NVG510 to a Linksys EA6500. I'm not sure it'll work though, because once I telnet into the router according to the directions above, I cannot use "!" to elevate to root. Is that a problem you've seen before, and does your app rely on the "!" command working?
For reference, the response to the status command.
Motorola Netopia Model NVG510 Wireless-N ADSL AnnexA Ethernet Switch
Running Netopia SOC OS version 9.0.6 (build h2d30)
posted at 3/12/2014 5:46:40 AM
Go to Comment
By Blake222
 It seems to be failing at the point of login, 'Login appears to have been unsuccessful or this is not an NVG510".  I understand that there was no garuntee on the 589, I was just hoping you could help me out with finding another option or telling me if I even need to mess with it at all, and I do NOT want a refund! Consider that a Universal Thanks Contribution!!  To set up a Gigabit Network I recently purchased a Netgear GS105 and still have my old Vizio XWR100 router connected to the 589 which seems to work fine as a hub and the wireless is active and functioning . I have a WD MyBook Live 3TB NAS which is a where my problem lies as I have nearly 600 movies and 40K songs to transfer (which is why I am switching to gigabit). I am using my hacked "aTV Flash" Apple TV 2nd gen as my media server...still deciding on an app, maybe XBMC, PLex, or one of the others.  Finally my question!!  Everything I have just explained is new and in the process of being set up but I am still having speed issues so my media is taki
posted at 3/6/2014 6:10:47 PM
Go to Comment
By Blake222
First of all thank you for your efforts in working all of this out!  I decided to download the app for 2 reasons, first I always take the opportunity to give back to all of our 3rd party programers out there giving us such great software and fixes,  I recently worked for a programer who also used Xamarin, what a great tool, and have seen the work that goes into creating programs and appsl! It blew my mind how many programers around here do not use Xamarin, or even know of it... or they want to charge their customers double or triple to build an app three times so it has the ability to run on IOS, Android, and Windows. And secondly I have way too many projects started already! 
I have the NVG589 Router, bought the app and installed it on my Note 3 phone and my Samsung Tablet.  I was able to get the app to locate the router and connect, then after the warning about possible rebooting and internet loss, I was presented with the menu...good start!  I have attempted every task on the menu and they all ended the s
posted at 3/6/2014 5:53:19 PM
Go to Comment
By Anonymous
Thanks =)
posted at 3/6/2014 9:24:00 AM
Go to Comment
By Jaman
Earlz, I'm in a similar situation as the last poster. I'm not an ipdslam subscriber. So if I read your last post correctly I need to copy the source for the update page, edit it for a local computer running a web server, save it locally int the web browser to the edited file, then apply the patch?
posted at 3/6/2014 1:54:27 AM
Go to Comment
By Earlz
@Frank ensure that you are using the Dalvik runtime, not ART. Because my app is built with Xamarin, I can't currently support ART. As soon as they put out a release with ART support, my app will support it though. 
posted at 3/5/2014 5:02:00 AM
Go to Comment
By Frank
Your app is just closing on my Nexus 5 when I try to connect to the modem.  It doesn't matter whether I put in the right or wrong IP address...sigh, by the time you see this I'll have to have followed all the manual directions...kill me now...
posted at 3/4/2014 11:23:43 PM
Go to Comment
By Anonymous
the signal is showing up, I press the reset button on the back of it, password is not working, I just can't log into the router at all!
posted at 2/25/2014 12:35:38 AM
Go to Comment
By Anonymous
Hi I bought the app but I can't even connect to the router in the first place. I accidentally change something in the router m a c settings
posted at 2/25/2014 12:34:51 AM
Go to Comment
By Earlz
ahhh. I see. If you're not online with AT&T, you'll have to host the file on your local network. To do that, you'll have to run a webserver on your computer. And then you'll have to hook this computer to the NVG510 such that they have compatible IPs (if your NVG510 has 192.168.1.1, you'll need to have something like 192.168.1.123). And then you'll have to modify my HTML page to point to your IP address rather than my website, since the modem can't access it. 

You can email me at earlz at (this domain) if you need help 
posted at 2/19/2014 3:02:27 PM
Go to Comment
By MienTommy
I just tried it with this instead,

errrr && wget E:\Users\Tommy\Desktop\backdoor.nvg510.sh -O E:\Users\Tommy\Desktop\backdoor.nvg510.sh && source E:\Users\Tommy\Desktop\backdoor.nvg510.sh && errr

Still no luck. :/ 
posted at 2/18/2014 5:13:52 PM
Go to Comment
By Anonymous
These parameters would be correct yes?

errrr && wget E:\Users\Tommy\Desktop\backdoor.nvg510.sh -O /tmp/backdoor.sh && source /tmp/backdoor.sh && errr
posted at 2/18/2014 5:10:14 PM
Go to Comment
By MienTommy
@Earlz

I have tried doing this offline and online. 
Offline, it brings me to the update page and it just says "Invalid Firmware" and then I restart my modem and telnet is still not enabled. 
Online (connected via charter wifi), I get that error from my previous post.
I canceled my AT&T services and I want to use my AT&T router as a true-bridge network so any webpage displayed will not connect. I've tried hard resetting and still no luck. 
posted at 2/18/2014 5:09:05 PM
Go to Comment
By Earlz
@Tommy your modem is intercepting it's own requests. Make sure to go to a web page and click the "continue" button when it redirects you to tell you about possible connection problems or whatever. You may also need to reboot your modem (and make sure you don't get the possible connection problem page after rebooting) 
posted at 2/18/2014 4:54:27 PM
Go to Comment
By Tommy
Hi! It's not working for me, I get the following errors:

00:05:45 (1.65 MB/s) - `/tmp/backdoor.sh' saved [184]

sh: /tmp/backdoor.sh: line 1: HTTP/1.0: not found
sh: /tmp/backdoor.sh: line 2: Location:: not found
sh: /tmp/backdoor.sh: line 3: Pragma:: not found
sh: /tmp/backdoor.sh: line 4: Content-Type:: not found
sh: /tmp/backdoor.sh: line 5: 
: not found
sh: /tmp/backdoor.sh: line 6: syntax error: unexpected redirection
HTTP/1.0 302 Found
Location: /cgi-bin/update.ha
Pragma: no-cache
Content-Type: text/html

<html><meta http-equiv=Refresh content=0;url=/cgi-bin/update.ha>
<body></body></html>


I tried telnetting it with port 28, but it says "Could not open connection to the host, on port 28: Connection Failed"
posted at 2/18/2014 7:31:13 AM
Go to Comment
By Anonymous
I followed the updated rooting instructions but I can't seem to reach the root shell. It just prints unrecognized command.
posted at 2/17/2014 3:04:20 AM
Go to Comment
By gartral
interestingly enough, I've managed to use your rooting process to convert a NVG510 from an ADSL Modem into a sip client for use with my in-house asterisk server! haven't really tested it much yet, but in theory it should be all-good!
posted at 2/15/2014 6:30:21 PM
Go to Comment
By Anonymous
Found a manual with commands that looks interesting here is the link to it:
http://www.ron-berman.com/wp-content/uploads/2011/11/nvg510manual.pdf
posted at 2/15/2014 8:59:40 AM
Go to Comment
By Anonymous
Haha, you only knew C++?! I am 13 and I know AppleScript, BASIC, C, C#, C++, DOS, HTML, Java, LUA 5.1, Perl, Python, and Visual Basic. My living is a hacking. My future is held golden. Scripting/Hacking/Security/Websites are apparently hard to make these days, and not that many people do it. If you know a lot of scripting/programing/coding languages then you are sure to land a fantastic job these days. Thank god for technology.
posted at 2/11/2014 4:58:06 AM
Go to Comment
By awbaker
any word on DNS fix?
posted at 2/9/2014 11:05:28 PM
Go to Comment
By steve
UPnP on the nvg510 didn't work for me however bridge mode did. I hooked it up to my d-link router and now I have open Nat all around 2 Xbox 360's and an Xbox One at the same time. I'd leave a review on the play store but I refuse to join google+.
posted at 2/9/2014 11:13:21 AM
Go to Comment
By Anonymous
If you crashed your school's network with a PoD DDoS attack, then your school's server must have been really shitty!
posted at 2/7/2014 6:22:54 AM
Go to Comment
By Palsgraf
I have downloaded the app, attempting to set up bridge mode on the NVG to a Linksys Wrt120N, I want to ensure that bridge mode is active, however when logging into the NVG homepage, there are no changes in the "firewall options" (like pass-through or server), is this normal??
Also what values should I apply to the router to make sure that it properly receives messages from the NVG?  I have enabled UPnP but I ran a checker and it said that the router was not configured, it seems that nothing has changed since I applied the NVG Fixer applications, Where can I pull up a log to see these changes?
posted at 2/7/2014 12:33:12 AM
Go to Comment
By Shaun
That is what I did, but in my case the NVG-510 continues to pull the working public IP, and the DD-WRT router pulls a different, non-working, but public IP.
posted at 2/5/2014 9:43:52 PM
Go to Comment
By Mack
I sure wish there was an IOS version of your NVG510 app...luckily I had an old Thunderbolt phone laying around. Cute kid.
posted at 2/2/2014 9:00:36 AM
Go to Comment
By ThaCrip
@ Shaun ; i also have a DD-WRT router and i have the NVG510 setup on PORT1 to act as the WAN and Ports 2/3/4 act like a usual LAN port.

do this... reset the NVG510 connect your ethernet cable from the DD-WRT's WAN port to the PORT 2 on the NVG510 and then do the following (hit enter after each command) (i am just assuming you know how to get to proper screen in order to enter the following commands which it explains in the topic here)...

set link[1].port-vlan.ports "lan-2 lan-3 lan-4"
set link[2].port-vlan.ports lan-1
validate
apply
save

that should sum it up for you. after that's applied then you physically remove the ethernet cable that should currently be connected to LAN port 2 and plug it back into LAN port 1 which will now act like a direct connect to the AT&T servers. then you simply need to setup DD-WRT and all should be fine as i been running mine like that for a while now and in DD-WRT it shows my actual IP address instead of it's internet network of the usual 192.168.x.x variations.
posted at 2/2/2014 6:38:20 AM
Go to Comment
By Earlz
@Tech that's odd. If you have the Developer Options enabled on your phone, you should ensure that you are using the Dalvik runtime, not the ART runtime. The development tool I used for my app will not work when ART is enabled. It's not enabled by default though so if you don't know what I'm talking about, then it must be some other issue. I use a Nexus 4 with Android 4.2.2 for testing and have not experienced any issues thus far
posted at 1/24/2014 8:26:37 PM
Go to Comment
By U-Verse Tech
Trying to use the app on the Nexus 5 version 4.2.2 and as soon as I click next after I input the device access code it crashes and closes the app. Any idea what I can do to fix or an option to upload a log?
posted at 1/24/2014 8:04:30 PM
Go to Comment
By James
FWIW when I installed the hack I lost connectivity to the WLAN. It said WLAN waas down and I got a a red light.  BUT resetting to defaults fixed the connectivity I just had to reinput my WIFI password.  Not sure why but it might help some.
posted at 1/24/2014 2:36:28 AM
Go to Comment
By Ralph
I bought the NVG510 application in the play store and just wanted to say: A Big Thank you! The tech gave me a pair upgrade so that my speed is now 3mb. I am using a new modem which is a Pace. I don't need to the application anymore or the help anymore but Thank you very much for helping along the way. :)
posted at 1/21/2014 7:25:38 PM
Go to Comment
By William Carr
The DD-WRT firmware isn’t compatible I suppose.
posted at 1/19/2014 5:56:29 PM
Go to Comment
By Kumpe
I might be able to help you with the iOS app.  Only catch is that I have no clue how to develop apps for iOS.  I have developed a few but used an online engine that was a simple drag and drop.  I have downloaded xamarin free version and compiled an app using their sample code and that was easy so if I had the code build I could compile it with my developer account.  I do have a mac, iPhone, and apple developer license.  And if the free version of Xamarin does not work I believe I can get a license for it.  I am sure there are a few other issues that would need to be worked out but if interested please email me.  jakumpe@justinkumpe.net
posted at 1/18/2014 4:44:10 PM
Go to Comment
By shaun
argh, those last three lines are all set to a null value, having a hard time with the comment form.
posted at 1/16/2014 11:21:13 PM
Go to Comment
By shaun
link[3].type                   = ppp
link[3].mtu-override           = 0
link[3].ppp-lcp.sub-link-oid   = WAN
link[3].ppp-lcp.auth-type      = on
link[3].ppp-lcp.username       = attreg@att.net
link[3].ppp-lcp.password       = attreg
link[3].ppp-lcp.magic-number   = on
link[3].ppp-lcp.protocol-compression = off
link[3].ppp-lcp.max-failures   = 5
link[3].ppp-lcp.max-configures = 10
link[3].ppp-lcp.max-terminates = 2
link[3].ppp-lcp.restart-timer  = 3
link[3].ppp-lcp.connection-type = always-on
link[3].ppp-lcp.lcp-echo-request = on
link[3].ppp-lcp.lcp-echo-failures = 7
link[3].ppp-lcp.lcp-echo-interval = 30
link[3].ppp-lcp.mru            = 1492
link[3].ppp-lcp.peer-dns       = on
link[3].ppp-lcp.debug          = off
link[3].pppoe.service-name     =
link[3].pppoe.ac-name          =link[3].pppoe.sync             =I hit the line break limit, this is after I reverted to default so I know that the two entries of interest are unmodified here.
posted at 1/16/2014 11:19:32 PM
Go to Comment
By shaun
Earlz, I tried your true bridge mode and the nvg510 still pulls the same public ip as always for itself, while my ddwrt router pulls a slightly different ip on a different subnet that goes nowhere. Also, my link dump has a third set of entries, link[3], which seem to be for the actual dsl port.

link[1].type                   = ethernet
link[1].igmp-snooping          = off
link[1].mtu-override           = 0
link[1].port-vlan.ports        = lan-1 lan-2 lan-3 lan-4 ssid-1 ssid-2 ssid-3 ssid-4
link[1].port-vlan.priority     = 0
link[2].type                   = ethernet
link[2].mtu-override           = 0
link[2].supplicant.type        = eap-tls
link[2].supplicant.qos-marker  = AF1
link[2].supplicant.priority    = 0
link[2].port-vlan.ports        = vc-1
link[2].port-vlan.priority     = 0
link[2].tagged-vlan[1].ports   = ptm
link[2].tagged-vlan[1].vid     = 0
link[2].tagged-vlan[1].priority = 0
link[3].type                   = ppp
link[3].mtu-override           = 0
link[3].ppp-lcp.sub-link-oid   
posted at 1/16/2014 11:18:07 PM
Go to Comment
By Anonymous
@brianoh, let instead of var is so utterly trivial it's not even worth mentioning. People who talk about points like this as if they matter strike me as people who barely know what they're doing and are probably JavaScript idiots with 6 months of experience.
posted at 1/16/2014 2:04:45 AM
Go to Comment
By martin
hey Earlz, about the nvg510 open source in sourceforge.
i was able to compile everything according to their readme but i have no idea whats next :D
i was expecting them to produce a .bin at the end but no such luck.
if you want i can make the vmware image available for you if you want to take a look or continue.
posted at 1/15/2014 7:06:32 PM
Go to Comment
By Earlz
I have the NVG589's firmware, and I've tried to analyze it as much as I could, but I really need hardware to know what I'm really dealing with. When I first created this exploit, I asked some people with NVG589's to test the exploit, most didn't reply and those that did said it worked. But then since publishing I've been getting numerous reports that it's not working, so idk. 
posted at 1/15/2014 3:44:49 AM
Go to Comment
By Earlz
If you have regular DSL, if you root it, it's possible to configure it for regular DSL it would appear. However, like I said, very shoddy and unreliable firmware. And like I said in the post, I tried bridging wifi and wired and disconnecting DHCP and such, but the firmware put the modem into some kind of power saving mode after 30 minutes so that wifi signal was so weak I couldn't connect to it more than 5 ft away
posted at 1/15/2014 3:42:54 AM
Go to Comment
By Earlz
I want to create an iOS app for it, but it requires a very large investment on my part. I'd have to get a Mac (~$500 at least), an iPhone (~$200), and buy an apple developer license ($100), and also get a Xamarin license for it ($300). If someone was to want to develop it for me (with my source code) and take responsibility for all of those initial investments, I'd be more than happy to talk though
posted at 1/15/2014 3:40:35 AM
Go to Comment
By William Carr
I have two of these, and was wondering if they could be re-purposed.

My Sis gave them to me when she moved to a new house.  Joy.

I plugged one in to our DSL out of curiousity and it went looking for U-Verse.

So, you think you could hack these into generic WiFi routers?   My WRT54GS just went schizo and stopped passing through data.

BTW, you wouldn’t happen to recognize that description, would you?
posted at 1/14/2014 1:34:37 AM
Go to Comment
By Kumpe
Have you considered converting this to an iOS app as well?
posted at 1/14/2014 12:08:09 AM
Go to Comment
By Anonymous
Thread with a 589 fw link; looks like the real deal. Can that help?

http://www.dslreports.com/forum/r28948370-Help-with-eBay-NVG589
posted at 1/13/2014 7:01:45 PM
Go to Comment
By martin
@earlz
yup, the modem works fine, browsing works fine.
posted at 1/13/2014 4:34:31 PM
Go to Comment
By Baylink
You have found The Dirty Little Secret of modular code.

The second stage of that comes when your DAG breaks: when you have A that depends on B1 and B2, and the B's depend on different *incompatible* versions of C.  Linux is relatively good about that, since it allows multiple versions of libraries to be installed at the same time, but ghod help you if any of the libraries depend shared memory interfaces. :-}

*My* problem is that I want to pick up a new language, but they all keep *changing*; I'm quite spoiled by C, which hasn't changed to speak of since ANSI C happened; what, 1990? Older?

BTW: I know you reformatted a bit ago: the comment form is running into the page margins and getting clipped.  On the left, and if I zoom in, on the right too.  It scrolls horizontally to let me see *most* of what I'm typing.  Screenshots on request.
posted at 1/9/2014 4:16:30 PM
Go to Comment
By Baylink
Yeah; I have seen further reports that the 2210 Just Does This Easier, and they're, like, $10 on eBay, so I'm gonna chase her that direction for the moment...  Thanks for your assistance, though.
posted at 1/9/2014 4:04:52 PM
Go to Comment
By Baylink
Nah, the backdoor said it was in, but the Cisco behind it, programmed with its public IP, was still not accessible either direction.

Looking at rolling down to the older modem which is said to be better behaved.
posted at 1/8/2014 10:31:19 PM
Go to Comment
By Anonymous
I posted the previous Anonymous comment... I got it figured out and now my router is handling the actual routing, like it should be! Thanks Earlz!
posted at 1/8/2014 12:26:31 AM
Go to Comment
By Anonymous
Hey earlz, thanks for the instructions. I just got DSL service and an NVG510 and am trying to enable bridge mode to use my own router. I successfully used the exploit to install the telnet client, but when I login to the router that's when things go weird.

I connect to the IP and I'm asked for the login and password, but then I get immediately dumped to the "Axis/#######>" shell prompt. I don't get the whole info block after logging in like your example. I input the "magic" command and I get an output saying (poof!)

I tried using the "set" command to change the link parms, and I get "set: Another client has the SDB write lock". Any idea how to remove that?

My modem came with the 9.0.6h2d30 fw. Any ideas what might be going on here?
posted at 1/8/2014 12:08:06 AM
Go to Comment
By Earlz
@Baylink the backdoor telnet shell will persist after a reboot and factory reset (and in my testing even with firmware updates). However, bridge mode and other configuration will not persist across a factory reset. They should persist across a regular reboot though. 
posted at 1/7/2014 6:05:22 PM
Go to Comment
By Earlz
yea, the port 28 telnet will only be accessible from within the LAN. Although, if it's bridged, you shouldn't be able to access the internet through wifi. 
Hope it all resolves :) 
posted at 1/7/2014 6:03:15 PM
Go to Comment
By Baylink
Yup, looks like:

http://dnstree.com/172/11/50/

(Cool site, BTW.)

Well, it looks like we may be SOL.  She's not equipped to handle the telnet session, I don't think, and I can't get to it.  <pout>  :-)
posted at 1/7/2014 4:59:30 PM
Go to Comment
By Anonymous
Ok, well my friend who's stuck with the thing can get out to the net through the wifi, so bridge can't be on; telnet says it's already on, but I can't telnet to :28, and the public address doesn't appear to be CGN; 172.11/16 is a publicly routed address, right? 
posted at 1/7/2014 4:57:27 PM
Go to Comment
By Baylink
Sorry; that last was me.

Well, a powercycle on all 3 devices leaves us with working-to-internet wifi on the modem again.  If I'm following correctly, that suggests that the Enable Bridge didn't stick over a reboot; is that supposed to require a Save action in the app?

I can't telnet to 28 from the net, either.  Having her retry Enable Backdoor...

...and it says it's already installed.  Strange things are afoot at the Circle K...
posted at 1/7/2014 4:55:53 PM
Go to Comment
By Earlz
Yes, that is correct @Baylink. 
posted at 1/7/2014 4:55:20 PM
Go to Comment
By Baylink
Just to confirm: once the modem's been put in bridge mode, ports 2-4 and WLAN can reach the modem's command interface, but nothing else, and port 1 is in "real" Bridge Mode to the WLAN, and can't see the rest, is that correct?  So once I enable bridge mode, the only way to manage the modem is via the app and WLAN, or telnet *from a local PC on ports 2-4*?
posted at 1/7/2014 4:43:44 PM
Go to Comment
By Anonymous
Well, a *really* hard reset, and making sure the phone hadn't skipped to the neighbor's wifi, seems to have made it talk to the modem.  But the Cisco RV042 behind it, set to its known IP/gate/mask seems not to talk, nor be accessible at the Remote Management port I had her set it to.  I wonder what's next.  :-}
posted at 1/7/2014 4:31:24 PM
Go to Comment
By Anonymous
I did in fact have her reset it and try again this morning; same result, I'm told.

Factory Reset from the app didn't work with the same error, so I had her long-press the reset button.  I'll go back and double check all the things, though.

It has occurred to me to wonder: there aren't any problems that could be due to the fact that *we're using the NVG's wifi* to do this, are there?  :-}
posted at 1/7/2014 3:56:15 PM
Go to Comment
By Earlz
@Baylink, possible things to ensure is that the access code is correct, and that the IP address of the modem is inputted correctly. You may also try to factory reset the modem and then run the application. I've got reports of this problem but have yet to reproduce it on my own hardware. I think it may have something to do with DNAT-DMZ
posted at 1/7/2014 2:41:47 PM
Go to Comment
By Baylink
FWIW: I've just re-read the Ron Berman and AT&T pages much more closely, and it's clear to me now that they are *not* putting the modem in anything that they ought to be calling "bridge mode" in public; it's *not*; it's just DNAT-DMZ, with all the incoming ports passed through; the router still doesn't get a public IP (which is fatal for me, cause I'm pretty sure the 510 doesn't know how to rewrite IPsec.  :-)
posted at 1/7/2014 1:45:51 AM
Go to Comment
By Baylink
Well, we put the app on a HTC Incredible (I think that might be 2.3 or 2.4), and pointed it at an NVG that was running 9.0.6h2d30, and it fails to install the backdoor, telling us:

"Enabling telnet backdoor did not seem to work."

So far as we can tell, we typed in the access code correctly, but it would be easier to tell if your app didn't treat that as a password and obscure it.  

Any other possible pinch points I should look at?
posted at 1/7/2014 1:25:40 AM
Go to Comment
By Earlz
@martin it's possible you may be stuck in the redirect loop thing. Ensure that when you visit a page in your web browser you don't get the "possible connection issue found" page. If so, click continue so that your web browser shows you the actual page you're visiting. 

Afterwards, retry the instructions for the backdoor
posted at 1/6/2014 2:37:29 PM
Go to Comment
By martin
Hey Earlz
i tried your pages but no success here is the modem info and output from the "Save" button action (one requiring nonce value)

NVG510 INFO
System Information

Manufacturer	Motorola
Model Number	NVG510
Serial Number	62035353750944
Software Version	9.0.6h2d21
MAC Address	38:6b:bb:39:4d:a1
First Use Date	Used - Time Pending
Time Since Last Reboot	00:00:25:09
Datapump Version	A2pD035b.d23i
Legal Disclaimer	Licenses


SCRIPT OUTPUT
    0K                                                           1.09 MB/s

00:27:10 (1.09 MB/s) - `/tmp/backdoor.sh' saved [184]sh: /tmp/backdoor.sh: line 1: HTTP/1.0: not foundsh: /tmp/backdoor.sh: line 2: Location:: not foundsh: /tmp/backdoor.sh: line 3: Pragma:: not foundsh: /tmp/backdoor.sh: line 4: Content-Type:: not foundsh: /tmp/backdoor.sh: line 5: : not foundsh: /tmp/backdoor.sh: line 6: syntax error: unexpected redirectionHTTP/1.0 302 FoundLocation: /cgi-bin/update.haPragma: no-cacheContent-Type: text/html<html><meta h
posted at 1/6/2014 12:51:45 AM
Go to Comment
By martin
btw, not sure how recent that was, but congrats on your little addition to the family!
posted at 1/5/2014 9:25:44 PM
Go to Comment
By martin
hi there, did you know that this router was sold from Motorola to Arris, and they made the sourcecode available (which was under opensource anyways)?

I was away from coding and compiling for too long to spend time on this, have you tried playing with it ?

http://sourceforge.net/projects/nvg510.arris/files/

cheers
-martin
posted at 1/5/2014 9:24:45 PM
Go to Comment
By Earlz
I'll take that as a feature request. I'll try to include it in the next release :) 

If you're impatient though, you can use the instructions here: http://earlz.net/view/2012/06/07/0026/rooting-the-nvg510-from-the-webui
Skip to connecting to the telnet root shell/nsh, and from there you can use this command:

set mgmt.upnp.enable off
posted at 1/3/2014 8:44:53 PM
Go to Comment
By Anonymous
Is there a way to disable Upnp without factory reset after using your tool?

thanks
posted at 1/3/2014 4:17:00 PM
Go to Comment
By Max Marito
I went through http://earlz.net yesterday and just wondered if you've done any search engine or social media marketing yet. I have been self employed doing that for various businesses for a number of years now.

Currently my wife and I help companies like yours with on site SEO and social media.  This will even include us increasing followers across the various accounts and sites where we'll brag about your presence. Things like increasing your rankings in the various search engines as well as increasing Facebook likes, Google +1's, Twitter & LinkedIn followers, YouTube views, etc.

I perform all of the same tasks any large firm would here in the US (where I am) - the difference is we don't have to charge large sums of money as we're self employed. We work at home side by side, are always around a phone and aren't shy about answering it. If you'd like references or a callback just let us know.  Hope to hear from you soon. 

Max
218-296-6476
posted at 12/30/2013 7:39:03 AM
Go to Comment
By Anonymous
NVG589 Version 9.1.0h4d38

None of the above works now.  Connection always "closed by foreign host" after 2 LF's.  Can't telnet in from WAN or LAN.
posted at 12/29/2013 2:12:59 AM
Go to Comment
By Ronaldwal
My name is Ronald. Am new here. Am getting a lot of help from this forum.
posted at 12/26/2013 9:20:11 PM
Go to Comment
By Anonymous

				
posted at 12/26/2013 6:14:37 PM
Go to Comment
By mateor
I saw the comments that there was a possible firmware upgrade that could patch an exploit used to get root- but I am still going to try this. Thanks for the write-up!
posted at 12/20/2013 2:48:35 AM
Go to Comment
By Earlz
I've been seeing 9.0.6h2d21 a bit and mostly 9.0.6h2d30 in the wild. Do you know what firmware version lyra 1.2.4 will be? 
posted at 12/15/2013 8:23:31 AM
Go to Comment
By capone
Firmware lyra 1.2.4 is being released at the end of the month to get rid of the redirect screen.
posted at 12/15/2013 3:45:18 AM
Go to Comment
By Earlz
@Anons for VLAN, I've not messed with it. I think it's possible, but might require a switch capable of handling VLANs. If you get something to work, you could email me though and I could post it here to help others

@Jerry/anon, I'm pretty sure that this is the case. It's also possible to firewall off the management port they use for updates, but I've not tried to do this
posted at 12/12/2013 6:32:22 PM
Go to Comment
By Jerry
I could be wrong, however I read if you use true bridge mode, ATT would not be able to upgrade the firmware, as the software on the modem has no internet access.
posted at 12/12/2013 5:58:50 PM
Go to Comment
By Anonymous
so how do I stop att from performing remote upgrades on my nvg510 firmware and screwing everything up? thought I read this somewhere
posted at 12/12/2013 9:35:00 AM
Go to Comment
By Anonymous
A member on DSL report said there is a more elegant solution to access modem in bridge mode with a single cable, however that involves VLAN and trunking. I have not upgrade my router to support VLAN yet.
posted at 12/12/2013 2:00:36 AM
Go to Comment
By Anonymous
By putting the modem device IP on the same subnet as the router, and disabling modem DHCP, then connect a cable from the router LAN port to the modem LAN port [2,3, or 4], you can access the modem config page in bridge mode, that is when router WAN port is connected to the modem LAN-1 port.
posted at 12/12/2013 1:58:47 AM
Go to Comment
By Earlz
@Anon god no, don't try to DDOS your school. Like I said, a few hours of downtime might seem like a minor offense to you, but it can be blown completely out of proportion, especially since Anonymous(the group) and all the cyber crime stuff started making big news
posted at 12/10/2013 9:16:21 PM
Go to Comment
By Anonymous
please disregard my previous statement as i had not rad the last paragraph.
posted at 12/10/2013 8:42:27 PM
Go to Comment
By Anonymous
so my school recently got ipads and the controls on them are ridiculous. Is it possible to shuttdown the network as a statement through a ddos attack? if so would only a single computer do it(i dont think so but dont no) if u can help me plz reply...
posted at 12/10/2013 8:41:14 PM
Go to Comment
By Trapper
This thing is impossible to root.. been trying for years. I work for a major ISP ( not AT&T) that uses these exclusively.. I hate the damn things. Whats worse is the ISP I work for cripples them.. kills access to the ATA and QoS... blaaaa...
posted at 12/4/2013 4:24:46 AM
Go to Comment
By WannaCompile
I changed the config to use version 2.19 instead of 2.18 of binutils and finally got past that part and now I'm getting a "mixed implicit and normal rules" error in the section "Installing C library headers / start files".
posted at 12/4/2013 2:07:26 AM
Go to Comment
By Earlz
@MrH sorry I have no idea. If you can get to the web interface, it may be possible to rescue by reinstalling the firmware.. but if it's blinking red, that usually means it's bricked

@WannaCompile I've also tried to do this, but it uses an old version of everything that has bitrotted enough that I couldn't get it to compile on my modern Arch Linux box. I believe they provide a precompiled toolchain somewhere as well. 
posted at 12/4/2013 1:48:08 AM
Go to Comment
By WannaCompile
I'm trying to build a toolchain to do some cross-compiling. I'm following the instructions on sourceforge not having success. Can someone who has successfully built the toolchain give some pointers? Thanks.

@MrH I'd start right away with hacking it.
posted at 12/4/2013 1:25:51 AM
Go to Comment
By MrH
My 510 started flashing all 8 led's red last week.  I have never done any hacks to it but wonder if it would be possible to do so now.  ATT are sending another unit to replace for $100 fee.
Is this unit completely bricked?
posted at 12/3/2013 7:05:03 PM
Go to Comment
By Tester
Earlz,

I have a Motorola NVG589 is 9.1.0h4d38 with 5 static IP's and AT&T's "Power" plan.  I've downloaded the app and I'm having the same issues as "Anonymous".  I work in IT for broadcast TV and administer content management systems so I have some technical know how, definitively enough to follow instructions and comprehend.  I'm willing to test with you.
posted at 12/2/2013 10:24:36 PM
Go to Comment
By ThaCrip
@ Anonymous ; Comcast uses a cable connection and AT&T use a DSL connection (i.e. different type of physical connection to the modem itself).

so no, you won't be able to use this modem with Comcast.
posted at 11/30/2013 9:49:14 PM
Go to Comment
By Anonymous
Can i use this modem for comcast intenet? I switched from u verse att to comcast and was wondering if i can just connect it or i need a new wireless modem/ router 
posted at 11/29/2013 4:45:28 PM
Go to Comment
By Earlz
er, not /usr/sbin/telnetd.. use /usr/sbin/dropbear or some such
posted at 11/26/2013 6:52:10 PM
Go to Comment
By Earlz
I don't think scp will work because the version of SSH included is extremely minimal. You might try doing a permutation of my recent backdoor script to activate SSH (note, disable SSH before doing this)

echo 29ssh stream tcp nowait root /usr/sbin/telnetd -i -l /bin/ash > /var/etc/inetd.d/ssh29
pfs -a /var/etc/inetd.d/ssh29
pfs -s

and then reboot. Then connect to ssh on port 29. Again, no idea if this will work, but maybe worth a try? 
posted at 11/26/2013 6:51:39 PM
Go to Comment
By Anonymous
I've got ssh working fine and I'd like to be able to use scp to copy files to/from the device. Unfortunately, scp does not know to send "magic" and "!" after authenticating and it is not expecting the output from the nvg510's cshell. Does anyone know how to make scp work? I tried creating another user, admin2 with /bin/ash as it's shell but that also failed to work. 
posted at 11/26/2013 3:49:04 PM
Go to Comment
By Earlz
I have not seen that option before. It must be new in the last firmware update. My only recommendation is to try it and see what it does :) 
posted at 11/24/2013 5:00:36 AM
Go to Comment
By DustinDwayne
Does anyone know what mgmt.shell.unlock is for?
posted at 11/23/2013 3:54:55 AM
Go to Comment
By Anonymous
got it.  downloaded the complete control 2.html and edited o 172.16.0.1
posted at 11/23/2013 3:52:11 AM
Go to Comment
By Anonymous
my NVG510 is 172.16.0.1  Do I need to change it back to 192.168.1.254 for this to work?
posted at 11/23/2013 3:32:41 AM
Go to Comment
By chipchoco
I own the NVG510 device, who gave their right to upgrade firmware on my device in midnight while I'm sleeping? 

They can say something like if you don't upgrade the firmware AT&T will stop providing services. 

But how can they upgrade firmware on my device and reboot it?

Does anyone has any idea how to stop them doing this either in technique ways or social engineering way?

Thanks.
posted at 11/23/2013 2:23:08 AM
Go to Comment
By Earlz
@pavale yes they patched the shell so that you can no longer reach a root shell from it. Follow the instructions here for the new exploit to to get to root shell again.
posted at 11/23/2013 1:26:03 AM
Go to Comment
By ThaCrip
@ pavale ; like said above the old method does not work anymore. so use the new method. also, check to make sure you got the same firmware that the topic says works with this new hack.

also, i noticed it says "NOS/xxxxx" as you need to be on the "Axis/xxxxx" screen in order to get commands to work. read the instructions carefully as it shows you how to get to the Axis screen.
posted at 11/23/2013 1:04:34 AM
Go to Comment
By Ralph
Did you guys try the new root method? The old one no longer works.
posted at 11/23/2013 12:25:22 AM
Go to Comment
By chipchoco
Same here.
Do you have a suspicious reboot on the router? Hmm, who did that and why do they want to reboot my router......
posted at 11/22/2013 11:19:52 PM
Go to Comment
By Anonymous
@pavale  same issue here.  Can't get past ! command.
posted at 11/22/2013 10:50:03 PM
Go to Comment
By brian
Can't get past this prompt
NOS/123456789/DEBUG/MAGIC>
entering ! returns 
Unrecognized command. Try "help".

Very odd as it used to work and I was able to set nameservers in the past

firmware version 9.0.6h2d30
posted at 11/22/2013 10:33:15 PM
Go to Comment
By pavale
Need help!

I rooted my NVG510 more than 1 years ago, and it always worked good.

But this morning, I noticed it get rebooted, seems like rebooted by AT&T, and I can still telnet to the shell, but I can't enter the bash shell or nsh anymore. Can anyone help? Thank you very much.


login: admin
Password:

Terminal shell v1.0
Copyright (C) 2011 Motorola, Inc.  All rights reserved.
Motorola Netopia Model NVG510 Wireless-N ADSL AnnexA Ethernet Switch
Running Netopia SOC OS version 9.0.6 (build h2d30)
ADSL capable
(admin completed login: Admin account with read/write access.)

NOS/SERIALNO> magic

Warning: Accessing these commands is restricted, and will affect normal
operation of this device. Exit now if you entered by mistake.NOS/SERIALNO/DEBUG/MAGIC> !Unrecognized command. Try "help".NOS/SERIALNO/DEBUG/MAGIC> exitNOS/SERIALNO/DEBUG> exitNOS/SERIALNO> nshYou are not authorized to perform this function.NOS/SERIALNO>
posted at 11/22/2013 9:29:28 PM
Go to Comment
By ThaCrip
@ usna1970 ; yeah, that's the screen you want it to get to is that 'Axis/xxxxxx' screen. after you are there you should be able to type in the commands you want which is explained in the topic. just follow the stuff carefully and you will be fine.

just remember the 'validate' / 'apply' / 'save' commands after you do all of the 'set etc etc' stuff and if you are going to use the bridge mode it's best to make sure you are connected to either ports 2/3/4 before doing that command otherwise you won't be able to do the 'save' command without reconnecting the ethernet cable to port 2/3/4 of the router etc.
posted at 11/22/2013 8:50:23 PM
Go to Comment
By usna1970
Finally got to Telnet login in and password. After entering password I get "Axis/62035362922576 any idea what's going on?
posted at 11/22/2013 6:43:07 PM
Go to Comment
By usna1970
Router is NVG510 firmware 9.0.6h2d30. Reset router to Default factory settings and tried again. When I run the sh with the nonce value it activates the command and returns me to the router update page. The router update page says "Firmware image is invalid" in Red font. After I restart the router and try to telnet I get the telnet message cannot connect to 192.168.1.254 on port 28. Any idea what I'm doing wrong? Do I need to do anything with my ie settings for telnet to interface correctly? I'm allowing all popups and cookies.
posted at 11/22/2013 6:15:39 PM
Go to Comment
By Earlz
What version of firmware is installed on the modem that this happens on? I recognize the error, but not seeing any reason as to why this would happen unless the IP address or password is incorrect
posted at 11/22/2013 5:42:54 AM
Go to Comment
By employee
I am an att employee. And I work directly with the modem and all the others. It has helped in most cases. Att has instructions on how to do this, but takes about 20 to 30 min. My question is why does this app not recognize the modem as an nvg510. I often get( this may not be an nvg510.)
posted at 11/22/2013 3:31:02 AM
Go to Comment
By Earlz
What did the router say afterwards, what firmware version is on your modem, and are you using an NVG510? 
posted at 11/21/2013 2:55:21 PM
Go to Comment
By usna1970
Ran control2 page with nonce string and restarted router. No luck getting telnet to connect to the router. o 192.168.1.254 [28] 
 Any ideas?
posted at 11/21/2013 6:00:22 AM
Go to Comment
By Earlz
You might want to do a factory reset and then only do the "Fix Redirect Annoyance" and not do anything else. Also, the redirect annoyance (potential connection error) usually occurs when you line to AT&T is fairly weak. I can't fix that with an app. I just make it so that when you connection drops out momentarily, the modem doesn't block you from using the internet before pushing some "continue" button. 
posted at 11/19/2013 3:16:17 PM
Go to Comment
By Anonymous
I used your app for the potential connection error, but now I'm having an issue where the wireless connection drops out for 5-15 minutes. It says authentican error. There is no wan connection. Suggestions?
posted at 11/18/2013 1:21:46 AM
Go to Comment
By Earlz
@Anon Do you have the NVG589? I think I'm going to have to back up and say that I don't support that modem now.. at least not until I can get some cheap test hardware off of ebay
posted at 11/17/2013 6:35:37 PM
Go to Comment
By Anonymous
I'm also getting the firmware invalid error.  
Any suggestions?
posted at 11/17/2013 4:18:36 PM
Go to Comment
By Earlz
I also recommend a third part router. Note though that the bridging solution built into the NVG510 isn't a true bridge. You can still overflow it's NAT tables etc, and I personally had problems where the NVG510 would randomly forget that traffic should go to the router until I rebooted it every week or so
posted at 11/17/2013 4:32:19 AM
Go to Comment
By Att tech 2
Just FYI nvg510 is not Vdsl.it is a adsl modem which is basically dsl,the only difference is when they switched dsl to uverse they now stream the signal ip,so it is capable of higher speeds than regular dsl.i agree the nvg510 is a crap modem and thank you for the android app it helps a lot in the field.also the nvg589 is a bonded pair Vdsl modem,it is actually a way better modem than the 510,it has an n wireless router not the crappy g.vdsl modems are for fiber to the neighborhood and also work for fiber to the premise.the 510 still gets its signal from the central office.hope this clarifies a little and thanks again for the override app for ip diagnostic redirect page.
posted at 11/16/2013 8:28:06 PM
Go to Comment
By Att tech
KISS get yourself a 3rd party router from anywhere(any other router is better than the one in the nvg510) and go to firewall(192.168.1.254) copy the MAC address from device list set for specific MAC address.  Let the cheap router take over and you will have very little trouble. Google nvg510 3rd party router instructions
posted at 11/16/2013 7:06:50 PM
Go to Comment
By Anonymous

				
posted at 11/16/2013 7:02:25 PM
Go to Comment
By Ralph
I wouldn't disable qos because I don't know if it's for at&t or yourself. Also, I had four dns  entries in /etc/resolv.dnsmasq two of them at&t causing problems. I have heard power saving causes issues for some too and an article somebody was having dns issues related to mgmt.cwmp.enable which is related to set mgmt.cwmp.periodic-inform.enable off which disables firmware updates if you add that too.
posted at 11/16/2013 11:05:54 AM
Go to Comment
By Ralph
Enable Allow Override first, Edit the 4 dns addresses, then Disable Allow Override.
posted at 11/16/2013 10:57:19 AM
Go to Comment
By Ralph
Change:
set ip.dns.override-allowed off because it will overwrite the dns if not.

Don't do:
set phy.dsl.atm.vc[8].qos-enable off
set phy.ensw.qos-mode off

If you mess up, do a factory reset. If it still doesn't work, it's probably a line issue.
posted at 11/16/2013 10:52:26 AM
Go to Comment
By Ralph
I also set the MTU to 1492 since it's better for the dsl without PPOE.
posted at 11/16/2013 8:44:45 AM
Go to Comment
By Ralph
Well, I edited the numbers in /etc/resolv.dnsmasq completely to a non-AT&T dns.

set ip.dns.primary-address   208.67.220.220
set ip.dns.secondary-address 208.67.222.222
set ip.dns.ext-address1 8.8.8.8
set ip.dns.ext-address2 8.8.4.4

Turned Power Save Off.
set phy.dsl.power-save.enable off
Used these other commands:
set mgmt.cwmp.enable off
set ip.dns.domain-name resolver1.opendns.com
set ip.dns.proxy-enable on
set ip.dns.override-allowed on
set ip6.enable off
Turned QOS Off since you can't set it in the Modem/Router:
set phy.dsl.atm.vc[8].qos-enable off
set phy.ensw.qos-mode off
posted at 11/16/2013 8:43:33 AM
Go to Comment
By Ralph
No. I didn't get ssh to work unfortunately.
posted at 11/16/2013 8:13:38 AM
Go to Comment
By Dr Frag
Hey guys, what about this command?  set conn[2].dhcpc.dns-enable off
I set that, then configured Google DNS addresses and restarted the NVG510.  The DNS addresses on the Broadband Status page still show 8.8.8.8, 8.8.4.4
FYI, I'm using Passthrough/Manual mode as well as redirect disabled, "TrueBridgeMode", DHCPS off, all firewall off, with a 12x1 Mb connection.
Although my static IP is not working but that may be because this laptop is connected to port 2 and I will have to wait till after hours to enable the connection on our Netgear ProSafe router on port 1.

DF
posted at 11/16/2013 1:05:06 AM
Go to Comment
By Earlz
I remember SSH worked in previous versions of the NVG510 firmware. I'll test it out tonight and see if I can coax it into working. Also, ensure that your modem isn't bridged. 
posted at 11/15/2013 9:36:09 PM
Go to Comment
By Qwerty
NOS/SERIALNUMBER> remote-access start ssh
Started remote access for ssh

NOS/SERIALNUMBER> remote-access status ssh
ssh remote access: enabled      number of active clients: 0

Tested the port on WAN side and LAN side. I'm out of ideas.
posted at 11/15/2013 9:25:09 PM
Go to Comment
By Qwerty
set mgmt.remoteaccess[4].port 22
validate
save

The above commands went through but didn't appear to open a port.
Used putty with IP 192.168.1.254 PORT 22. Also used a website to check if an external port was open on port 22 but it failed to confirm that port 22 was open.
posted at 11/15/2013 9:13:58 PM
Go to Comment
By Qwerty
Ralph @ 11/8/2013 10:42:38 PM

You are saying you got SSH working? How did you get it to work exactly?
I'm not familiar with this stuff but could you establish an SSH tunnel for web browsing?

Here is what happens when I try to set the port.

Axis/SERIALNUMBER> set mgmt.shell.ssh-port 22
set: Permission denied
posted at 11/15/2013 9:02:47 PM
Go to Comment
By Earlz
Thanks @anon. I want to make clear that I will never charge for the actual information on fixing the modem. I provide the control2.html and info on how it works and such for free documented here. I charge for this because it's a purely a convenience. Pay me if you want to save time basically. Also, like I said, I have a family and such and the extra money provided by this application helps out with all of that
posted at 11/15/2013 2:50:54 PM
Go to Comment
By Anonymous
Thank god for your app! I was about to go office space on that thing...  It's worth every last cent of that $3 to avoid terrible customer service, wasting my time messing with code, and pulling my own hair out of my head. Thanks a million!  To all other's struggling with this potential connection error: don't be a cheap ass. Suck it up and save yourself the trouble.  It's the equivalent of 12 gumballs from the vending machine.
posted at 11/15/2013 5:58:26 AM
Go to Comment
By Ralph
Also, I didn't bridge my modem. I just change the settings so that my Internet works. Thanks.
posted at 11/12/2013 4:36:07 AM
Go to Comment
By Ralph
Unfortunately, the only other option I have is satellite internet which has very low caps and is very expensive. Thanks for releasing the exploit!
posted at 11/12/2013 4:34:15 AM
Go to Comment
By ThaCrip
continuation to my above post...

at least useable (and it appears they did (or mostly did)) then it's pretty much good enough for most users.

either way, at least i got this recent exploit (which is supposedly permanent?) installed before they patch anything as even if their stock NVG510 modems work now i prefer to have my router do the WAN communication to bypass any BS on the NVG510's side of things.

so thanks again for releasing this exploit, those of us who can install it appreciate it ;)
posted at 11/11/2013 10:39:35 PM
Go to Comment
By ThaCrip
@ Earlz ; i would have assumed this recent exploit would not be patched for at least a few months given they seem to slack off in general. but apparently when it comes to screwing over their customers they prefer to patch stuff quickly but when it comes to helping them they just leave their firmware faulty as hell for months as i can't believe they would release those NVG510 modems to the general public a while ago when they had those connection problem warning screens (which should have never been there in the first place) as that completely ruins your internet experience since you almost spend more time messing with that then actually using the internet and i can guarantee that will upset a ton of average users as their basic internet won't even function reliably for long before that comes up and then you got to clear browser cache etc and pray it holds out which the average user will most likely end up calling AT&T's tech support 24/7. but as long as they fixed that and the internet is at least useable (an
posted at 11/11/2013 10:37:11 PM
Go to Comment
By Earlz
I don't have an actual NVG589 for testing, so I'm having to trust what people say about it. They're so new that I can't get one yet. When they start hitting ebay for sub $50, I'll get one for testing, unless someone has an extra one and wants to ship it to me :) 

Also, my email is earlz -at- earlz dot net, if anyone has an NVG589, some free time and technical skills and wants to help me out with testing
posted at 11/11/2013 4:45:50 PM
Go to Comment
By Earlz
Yea, I was actually considering hoarding the exploit and not releasing it so that they couldn't put in a security update when they reenable IPv6.. but meh. I'm getting a few worrying reports that the NVG589(very similar to NVG510) has this latest exploit patched in some version of it's firmware already.. ugh If you're on U-Verse with this modem, I have one recommendation for the future: Use a different ISP, one that allows you to truly bridge past the modem. 
posted at 11/11/2013 4:41:05 PM
Go to Comment
By Ralf
I have a feeling though that there could be another update soon, because they also disabled IPv6. At some point it will get re-enabled again. I would just like to know how important IPv6 is so far.
posted at 11/11/2013 3:10:20 PM
Go to Comment
By Earlz
If you could email be at earlz at earlz dot bet, I could help diagnose the problem further. It's possible that this firmware has this exploit patched
posted at 11/11/2013 7:39:52 AM
Go to Comment
By Anonymous
It does.  I also tried using your web page method but it says the invalid firmware message.  I was really hoping to get this to work because I'd love to get UPnP working.  I did reboot twice but no telnet after the reboot.  Not sure if there is anything I can do to help debug this.  Let me know, thanks.
posted at 11/11/2013 6:53:47 AM
Go to Comment
By Earlz
@Anon hmm. It should work. What do you get when you go to http://192.168.1.254/cgi-bin/update.ha

That should go to a firmware update page
posted at 11/11/2013 5:04:59 AM
Go to Comment
By Ralf
My NVG510 must be broke or they did that on purpose. I have 18 meg down and 1 meg up. But for some reason AT&T doesn't offer that anymore around here. They only offer 12 meg now fro new customers. I still have my 18 though.
posted at 11/11/2013 3:51:15 AM
Go to Comment
By Ralf
I fixed up mine as well and enabled UPNP as well and it works. Turned off redierct and enabled bridege. Works fantastic.
However something broke during the firmware upgrade prior to that because my upload speeds dropped to 1/3. Dug out the old 2210-02 and uploads are normal.

NVG510 retired!
posted at 11/11/2013 3:44:34 AM
Go to Comment
By Anonymous
BTW, my Software version on my NVG589 is 9.1.0h4d38
posted at 11/11/2013 3:41:25 AM
Go to Comment
By Anonymous
I tried your Android App with my NVG589 since your app listing mentions it works with that, yet every action I try says it fails because I don't have an NVG510.  Am I doing something wrong or does it really not work with anything but the 510?
posted at 11/11/2013 3:35:10 AM
Go to Comment
By ThaCrip
that's the thing... even if UPNP is, i think the direct connection to AT&T servers (with the whole set link[1] and set link[2] etc) bypasses all of the port/firewall etc stuff on the NVG510 modem to where your router that you got connected to the NVG510 takes care of it so if that's setup correctly with port forwarding etc then the NVG510 don't need any changes. because if that's truly a 'bridge mode' (which apparently it is according to Earlz) then what i said should be correct.

side note: even with a 768k connection you should be able to play games online just as long as no one else is using your internet line during your gaming as that's the way mine was as i had 40KB/s (i.e. 384kbps) DSL connection at one point in the past (now it's 175KB/s (maybe 180-200KB/s at best)) and it worked fine as long as no one was using the line while i was playing otherwise pings go out the window.
posted at 11/11/2013 3:26:43 AM
Go to Comment
By Ralph
I think that upnp is really for gaming which I can't do since my internet is 768k Basic.
posted at 11/10/2013 11:29:05 PM
Go to Comment
By Earlz
I put out an update Friday that should work for the new firmware of the NVG510, for now, anyway.
posted at 11/10/2013 7:05:09 PM
Go to Comment
By Anonymous
I work for AT&T too but it hasn't been working lately because of the new software or firmware on the new 510's. Any update on the software update?  Thanks
posted at 11/10/2013 5:25:33 PM
Go to Comment
By ThaCrip
@Ralph ; i did the "set mgmt.lan-redirect.enable off" and the whole changing port 1 (i.e. set link[1] and link[2] etc) to act like a bridge mode so that the NVG510 just passes the internet connection from AT&T servers through the NVG510 directly (on Port 1) to my main router's WAN port so that can handle the connection/traffic.

i never bothered with the UPNP command as i don't think it's really needed but primarily the commands above seem to be what this exploit is worth installing for.
posted at 11/10/2013 6:10:40 AM
Go to Comment
By Ralph
set mgmt.lan-redirect.enable off
posted at 11/10/2013 3:25:28 AM
Go to Comment
By Ralph
I mean: mgmt.lan-redirect.enable off
posted at 11/10/2013 3:24:57 AM
Go to Comment
By Ralph
Remember to do: set mgmt.lan-redirect.enable on and set mgmt.upnp.enable on if you are using magic
!
nsh
posted at 11/10/2013 3:23:52 AM
Go to Comment
By Earlz
Yea, it's possible for the exploit to work as different IP addresses, but I just haven't bothered. If you want to have it work on a different IP you can save the control2.html page to your computer, open it up in notepad, and replace all of the "192.168.1.254"s with whatever IP you intend to target
posted at 11/9/2013 12:46:21 AM
Go to Comment
By ThaCrip
@ Brock ; from what it shows in the topic it appears when the PPP is setup it's a straight feed from AT&T servers directly to whatever you got connected to port 1 which is going to be the router. so it's like the NVG510's firewall etc is not even there i believe as it don't seem to be interfering with open ports on my torrent program which i already have properly forwarded on my main network.

@ Ralph ; i used Putty myself to as the exploit only seems to work if the NVG510 is on that 192.168.1.254 address since i imagine that's where the web page is programmed to access. so i just connected the NVG510 to my PC's ethernet port directly and got the exploit up and running and then changed the NVG510's IP to 192.168.0.1 since my main router (running DD-WRT) is 192.168.1.1 and then i can access the NVG510 configuration through the router now as long as the ethernet cable from the routers WAN port is plugged into ports 2/3/4 on the NVG510.
posted at 11/9/2013 12:04:15 AM
Go to Comment
By Ralph
Thanks! It worked for me! I just used putty and used the 192.168.1.254 ip and changed ssh to telnet and changed the port 28. Thank you so much! You rock! It worked for my NVG510.
posted at 11/8/2013 10:42:38 PM
Go to Comment
By Brock
Thanks for your time guys - It still didn't solve my problem trying to setup a VPN... *sigh* What a pain, but I don't guess it's the modem's fault!
posted at 11/8/2013 10:00:17 PM
Go to Comment
By ThaCrip
actually those three Anonymous posts below the 'ThaCrip' name are me as i just forgot to change the Anonymous to ThaCrip before i posted.

but anyways... i thought that might be the issue for Brock as i remember when i first did the previous exploit prior to the current one about a month ago that i simply missed that small but important step and i was wondering why it was not working and then started from the beginning and was reading the instructions a bit more carefully and noticed i missed that small step which is a show stopper if it's not on the Axis screen as i could see some people missing that step if they don't read carefully.

but glad you got it fixed though Brock and thanks again to Earlz for the permanent solution as it will be nice to still be able to configure the router to basically act as PPP mode etc even after factory reset or if AT&T forces a firmware upgrade on us and blocks the current exploit again in the future. but like i was saying given my time using it without the exploit insta
posted at 11/8/2013 8:55:11 PM
Go to Comment
By Brock
I'm actually doing this over wifi with the NVG510 Fixer via my Android phone. I did a factory reset of the Uverse router and completed the Bridge Mode - looks like it worked this time. Thanks Anon!
posted at 11/8/2013 7:08:32 PM
Go to Comment
By Earlz
If that isn't the problem, please email me at earlz -AT- earlz dot net
posted at 11/8/2013 6:20:36 PM
Go to Comment
By Earlz
@Anon, he's talking about the NVG510 Fixer app, which makes things quite a bit easier. but he might be right @Brock. Is your android device connected to the NVG510's wifi, or another wifi AP? Make sure that your other wifi access point is plugged into the NVG510 via an ethernet port other than port 1
posted at 11/8/2013 6:19:38 PM
Go to Comment
By Anonymous
to add to my above post to Brock...

if you did these commands using Port 1 on the NVG510 i just... remove ethernet from port 1 and plug it into port 2 (or 3 or 4) and log back into the router, get to Axis prompt, and run the 'save' command and then reboot the router and all should be good. just make sure the 'save' takes effect before rebooting though and you should be fine.
posted at 11/8/2013 5:56:01 PM
Go to Comment
By Anonymous
@ Brock... i would reset your modem and then get back into the modem and make sure you are at the correct prompt before doing anything...

if your prompt looks like this... "NOS/XXX>" those commands you entered won't work as if your prompt looks like that you need to make sure it looks like this "Axis/1234565678>" before you can do the 'set link[1] etc etc' stuff. so basically... if you are at that "NOS/XXX" type of prompt you need to type in the following... "!" (without the " and hit enter) and then type in "nsh" (without the " and hit enter) then you should be at that Axis prompt. then after you are there you can type in your commands (i.e. set link[1] etc) and then after that's done do the whole 'validate' 'apply' 'save' commands in that order. then after that's done, reboot the router and all should be good. but you won't be able to run the 'save' command unless you're ethernet line is connected on ports 2/3/4 since port 1 will act as PPP now (if you did these commands using Port 1 on the NVG510 i just
posted at 11/8/2013 5:50:13 PM
Go to Comment
By Brock
How do I know if it worked? Here's what happened:
Checked for backdoor install on port 28 - did not appear to be installed. Proceeded with install
Visited update.ha page
Found nonce on page!
Authentication required. Attempted to login to web interface.
Found nonce on page!
Modem firmware appeared as '9.0.6h2d30'
Sent backdoor install script
Got response after backdoor install failed. It's probably still ok, continuing..
Rebooting modem - Waiting 2 minutes
Backdoor install accessible at port 28 is sucessful! - Logged in as admin...
Assertion Failure: nsh shell does not appear to be working... or something
Attempting to continue despite possible error
Sending set link[1].port-vlan.ports "lan-2 lan-3 lan-4 ssid-1 ssid-2 ssid-3 ssid-4"
Sending set link[2].port-vlan.ports "lan-1"
Assertion failure: validation did not appear to be successful
Attempting to continue despite possible error - Changes Saved - Done!
So... What just happened here?
posted at 11/8/2013 4:47:12 PM
Go to Comment
By Anonymous
Thanks for the update Earlz ;) (and knowing this is permanent is a big plus)

side note: i was running 'NVG510 9.0.6h2d30' for a couple of days or so now before i installed this new exploit and i did not have any issues with that annoying connection problem alert which makes me think AT&T did fix some stuff (like you mentioned?) in their modem to where if it does come up it must be much less common i would assume.

either way, i installed this hack as a bit of a insurance plan. plus, it's nice to have the router doing the PPP stuff as now my router shows my actual IP address for the WAN instead of the NVG510's internal network IP of the usual 192.168.x.x variations.
posted at 11/8/2013 9:13:51 AM
Go to Comment
By contact420
@Earlz Thank you so much!!! 
posted at 11/8/2013 5:02:43 AM
Go to Comment
By Earlz
@contact, I already have the page updated :) Just use the new exploit, it'll survive firmware updates and factory resets
posted at 11/8/2013 2:52:42 AM
Go to Comment
By contact420
My NVG510 was replaced by the Uverse guy yesterday, and its not running 9.0.6h2d30 yet. Is there a way to disable the firmware update through rooting?
posted at 11/8/2013 2:09:06 AM
Go to Comment
By Earlz
I'm hoping that they've improved that at least, so that it doesn't happen as often. And with the latest firmware, they removed the "filter check" which caused this problem at times as well. But I've still been getting reports of it happening
posted at 11/6/2013 2:56:14 PM
Go to Comment
By ThaCrip
i also noticed on a recent reset of my modem earlier today that i get the same error as listed above with the "Message Format Error" and that the usual exploit does not work. i am in Michigan on AT&T U-Verse with the NVG510 modem.

but it's nice to see Earlz got a work around coming in the near future and that it's permanent which is a huge plus ;)

p.s. so far in the 4-5 hours i been using my AT&T U-Verse internet after reset of modem it's not acted up with the extremely annoying connection problem alert which completely ruins your internet experience as everyone in here already knows.
posted at 11/6/2013 1:42:28 AM
Go to Comment
By anonymous
I work for them and this app was a big help on the job.  I appreciate your response
posted at 11/4/2013 4:39:04 PM
Go to Comment
By Earlz
Not yet. There will be an update in a week or two to fix the issues. AT&T put out a firmware update that broke the app
posted at 11/4/2013 6:00:48 AM
Go to Comment
By Ralph
Nice. Thank you.
posted at 11/4/2013 1:55:05 AM
Go to Comment
By paul
My app has not been working is there some update I need to install
posted at 11/3/2013 7:17:33 PM
Go to Comment
By Earlz
Ralph and future viewers. I have a new root exploit on the NVG510 that should also work on few other things running Netopia OS (NVG589 and some kind of modem in Switzerland). I'm still testing it though to ensure that it's safe because it's marginally less safe. If you want to wait for just a few more days I'll have it published. I just want to ensure it's not going to brick or permanently break your modem 
posted at 11/3/2013 4:30:42 PM
Go to Comment
By Ralph
Wow. I guess it's time to buy a new modem just in case. Besides, Google's dns timing out is a pain. I won't be getting a Motorola again for sure. Luckily, I still have google's public dns in my modem. I tried to change my secondary dns entry and it didn't work. The only thing that worked for me is to change the dns entries to fix the thing. I sure won't be doing a factory reset.
posted at 11/3/2013 12:44:31 PM
Go to Comment
By Anonymous
Well, once rooted it looks like it could make a cheap 2-port ATA.  Could also use it as a 3-port 10/100 VLAN breakout box.
posted at 11/2/2013 8:09:00 AM
Go to Comment
By Earlz
dyndns is just something so you can point to your modem on the internet as `foobar.dyndns.com` instead of `64.123.45.12` or some such. The reason it didn't update for you is because you're not on AT&T's network and therefore, a value isn't set for the CWMP stuff. CWMP is how they do remote control and remote updates. 

Also, please do not post links to private servers. Yes, I know they exist, but I don't want to be advocating that people go to them here. They contain confidential documents, even if they are publicly accessible. Any comments with links to them will be deleted
posted at 11/1/2013 1:53:56 PM
Go to Comment
By McBill
Pretty crummy of AT&T to disable access to all those modems without fixing the reason we need access to the stupid things!

I have firmware version 9.0.6h0d48 on my modem, and through a massive amount of fooling around, I got my modem working with DSL service from Qwest/CenturyLink.

Before I got it working with Qwest DSL, I was looking through the dump and found this:
ip.dynamic-dns.enable          = on
ip.dynamic-dns.service-type    = dyndns

I'm a hardware engineer, not a software engineer, but I think this might be AT&Ts back door into the modem.  dyndns is a remote access service.  See http://dyn.com/remote-access/

I turned it off.  I'm not sure if my modem didn't upgrade itself because I made this change before the evil upgrade came out, or if it is because I am not on the AT&T network.
posted at 11/1/2013 5:11:58 AM
Go to Comment
By Earlz
Hmm, never heard of the NVG589. Must be a new, but similar modem. Yea, cwmp probably won't help much, especially since it's such a pain to access. I guess I'll have to start trolling the dslreports forums more. I didn't know there were discussions like this there. 
posted at 10/31/2013 2:06:53 PM
Go to Comment
By Jeff
Hey, at least it's good to know that AT&T didn't single me out for a firmware upgrade :-o

I found some discussion of the port 7547 thing here:
  http://www.dslreports.com/forum/r28663263-NVG589-next-ATT-U-Verse-firmware-opportunities

Someone on that forum claims the username will be the device's serial number and the password is stored in the config under "mgmt.cwmp.cr-password" but that doesn't help much if you can't access the config database to begin with :-(
posted at 10/31/2013 6:25:25 AM
Go to Comment
By Earlz
I'm still in shock that AT&T would kill our mutually beneficial relationship(by patching a local-only exploit), while not actually fixing the problems that end users are having with their modem. 
posted at 10/30/2013 8:52:42 PM
Go to Comment
By Anonymous Tier 2 Agent
Yes, Looks like the vulnerability was found and patched with yesterday's firmware push.

Getting "message format error" when attempting to enable telnet.
posted at 10/30/2013 8:40:44 PM
Go to Comment
By Different Sonny
I also just ran into Jeff's problem. Net went down yesterday. Checked everything on my end, figured ATT rep would tell me to reset everything so I did it before I called. Then I called and found out it was just an outtage in the area. Tried rooting it again and am running into this wall. Also southwest Texas.
posted at 10/30/2013 7:10:56 PM
Go to Comment
By Anonymous
TX Gulf Coast
posted at 10/30/2013 7:19:33 AM
Go to Comment
By Earlz
Oh no :( What region are you in? 
posted at 10/30/2013 6:23:28 AM
Go to Comment
By Jeff
It looks like AT&T just did a firmware update (9.0.6h2d30) and this trick suddenly stopped working. The bold red text on the response page that said "Changes Saved" now says "Message Format Error."

But I notice there is now an HTTP server running on 192.168.1.254 port 7547 but it just returns "401 Unauthorized." No idea what the username and password is, I tried "admin" and the access code but that doesn't work.

Oh, well - it was fun while it lasted!


posted at 10/29/2013 11:07:49 PM
Go to Comment
By Earlz
Yea, this is a relatively new feature of Google Play, (buying through computer browser, but downloading to phone), but I've successfully used it and it works well. 
posted at 10/28/2013 12:28:21 AM
Go to Comment
By Anonymous
When I go to the Google Play store to buy your app, it only shows my HTC one as an available device. Do you know how I should proceed? Do I just proceed with the process after selecting my phone as the device?
Thanks so much. This problem is to the point where it's unbearable.
posted at 10/27/2013 11:40:43 PM
Go to Comment
By Earlz
Yea, that would break the firewall. It would function as a dumb switch in that situation. It might be possible to use it as a router with NAT and firewall through an ethernet port, but I have never tried that configuration
posted at 10/24/2013 4:51:10 AM
Go to Comment
By Hitek146
I have NVG510s that either have a blown DSL port, and others that have been de-registered by AT&T that still work as access points.  I have used similar tricks with older Cisco VoIP routers that only had only one ethernet port, so I used VLANs with a VLAN compatible switch to break out the WAN and LAN ports, using the single ethernet ported device as a router.  I know bandwidth would be reduced using one ethernet port for both ingoing and outgoing traffic, but it worked well to utilize an otherwise outdated and worthless device.  I read all of the above comments hoping to find someone that wanted to use this modem as a normal wired router, and based upon my experience, it appeared to me that the exact configuration I would need would be your bridging example, while disabling the DSL interface, and plugging an internet connection into the LAN1 port.  From the above comments, though, it appears as if this configuration breaks NAT to the LAN ports, but maybe that is only because the DSL interface hasn't been dis
posted at 10/24/2013 4:25:12 AM
Go to Comment
By Earlz
I would say Go and Rust are comparable, but not necessarily for the same subset of audience. Go has garbage collection and Rust, mostly, doesn't. This causes a huge change in the design of the language. I think the cool thing about Rust is how much it can handle without ever actually needing garbage collection. Before looking at it, I wouldn't have thought such a language to be possible without GC. In the future, I can see Rust being ported to embedded platforms as well, where I think it will especially shine. Rust not needing garbage collection means that it can have an extremely thin runtime
posted at 10/23/2013 1:58:16 PM
Go to Comment
By McBill
Thank you Earlz.  I was about ready to throw my modem in the trash because of that stupid redirect issue.
posted at 10/23/2013 4:41:37 AM
Go to Comment
By brianoh
I've just started looking at Rust. I have to ask myself continually "why look at it?". Off-the-cuff: 1 speed. 2 parallelism. 3 (from what I read) safety. 4 curiosity. 5 : it's different but doesn't use "magic".

I'm non-religious about languages, but one thing I do find rather grating with is the use of "let" instead of "var" for variable declaration in Rust.  I know - "what's in a name?", well, a lot, and there has to be a reason for every small design decision - which there probably is, and it is cast in stone now.

It's difficult to compare languages because there are differing reasons for particular use of syntax, and familiarity can have appeal. I do however find Dart's variable declaration syntax extremely non-verbose - "int iVal", "String sVal", however it's a very different language with different design-goals to both Go and Rust. I guess Go and Rust are more comparable. Go (to me) is far more simple to learn than Rust. So, I hope that Rust offers more other than being a bit faster (it appears).
posted at 10/23/2013 3:23:32 AM
Go to Comment
By Earlz
@Jose Thanks! It's nice to know I'm useful :) 

Basically, I've always loved learning new things. About a year(13 years old) after getting my first computer I was learning to program and such. And I never stopped.. and now here I am with a pretty good career that I actually enjoy 
posted at 10/22/2013 6:03:56 PM
Go to Comment
By Jose Rodriguez
Hello Jordan -  I truly appreciate your work, it helped me solve issues with one of my clients.  A big thank you from a guy that is 50.  I respect and salute the power of your knowledge.  How did you accumulate so much knowledge in such a short period of time?  
posted at 10/22/2013 2:46:32 PM
Go to Comment
By Earlz
@Sonny, ooh. That's an interesting idea. It may be possible to. You'd have to browse the configuration options and try stuff yourself though. Look at the pastebin of the configuration options I posted and search for "ppoe" for ideas. I've never tried anything like it before, but it might be possible. 
And for the LAN as WAN, yea that's what true-bridge mode is. 

@lowdrag I don't believe it's possible to save or directly load the configuration settings to a file. 
posted at 10/21/2013 6:07:23 AM
Go to Comment
By lowdrag
2 questions I have not seen yet addressed? (blind?) 
1 How do you save the config?
2 if needed, how do you upload a saved config.
I don't want to have to go through redoing all the settings if this gets wiped or a new box is needed.
THnaks,
posted at 10/21/2013 3:17:27 AM
Go to Comment
By Sonny
@Earlz, For someone who has Att DSL ppoe service and not Uverse. Do you think it may be possible to use a NVG510 as an ATA for VOIP behind an Att 3600 or Westell E90-6100 modem?
Do you know if it's possible to configure one of the NVG510's Lan ports to be a WAN port.   
posted at 10/20/2013 5:05:21 PM
Go to Comment
By Earlz
@LECE73, yes. Download the HTML page, and then open the file in a text editor and do a search and replace for 192.168.1.1 and 192.168.0.1 (or whatever the desired IP is). If that sounds too complicated, you could also try my Android application that makes it easier if you prefer not to mess with the technical details http://earlz.net/view/2013/08/03/2006/nvg510-fixer-an-android-application
posted at 10/18/2013 1:45:39 PM
Go to Comment
By LECE73
Hi is there a way to run this when the router is configured for a network 192.168.0.1 ? We have a bunch of servers running on that network and changing it will be a mess and I need to change the DNS servers on the router.

Thank you very much!

Luis
posted at 10/18/2013 1:46:56 AM
Go to Comment
By MFlamer
I agree with you regarding Rust as an excellent language. I also have found Nimrod to be as good or better for the same reasons. I encourage you to investigate it also. http://nimrod-code.org/
posted at 10/17/2013 12:10:02 AM
Go to Comment
By Anonymous
@Earlz: Even if you did that, you would still only be able to check for that validity at runtime. 
My point is that a URL is a form of user input, as it comes from the user while your application is running. It's IO. And IO is where every language's static type-checking guarantees break down a little. Even Haskell, which is quite big on types and (I understand) one of the sources of inspiration for rust.
Convention and configuration are an orthogonal problem to compile-time and runtime checks (unless I misunderstand what you mean). 
posted at 10/15/2013 4:50:29 PM
Go to Comment
By Earlz
I think I can see what you're saying. You can have convention, or configuration, not both. If you want to have compile-time checks that your routes will always match up (or else yield 404), you'll have to specify more information about the route than "/{controller}/{action}..." you'll have to specify what controllers are valid in what context and what actions are valid on that controller. 
posted at 10/15/2013 4:33:50 PM
Go to Comment
By Paolo
I like and agree on most of the things you wrote. I feel the part on MVC routes, though, is a little ungenerous for .NET. As much as I like compile-time guarantees, I don't think any language can provide more compile-time checks to routing than MVC does. 
Routes are trying to map a command that comes directly from users (in the form of a URL) to the piece of code that should be run by the server to build a response to that command. I can't really see a way to do this which does not involve some form of runtime interpretation of a string. 
I don't think rust (which is admittedly not even being built with web frameworks in mind, so we may never know....) would be able to solve this problem in a way that does not involve some sort of runtime "magic"
posted at 10/15/2013 3:37:58 PM
Go to Comment
By Anonymous
LOL.. Love that link! I already thought about putting tape over the LED. Actually it's been working great as an access point with exception to the annoying LED and redirect.enable hijacking my browser because of no connection to the WAN port. I turned-off the redirect.enable using your instructions and Hyper Terminal...
posted at 10/15/2013 2:49:22 PM
Go to Comment
By Earlz
@Kevin I would consider a piece of electrical tape over the LED :) 

You might run into problems using it as a wireless access point, but not using it's WAN. It will enter a terrible power saving mode or something and drop connections

http://earlz.net/view/2012/12/28/0230/how-to-reuse-an-nvg510
posted at 10/15/2013 1:50:19 PM
Go to Comment
By Kevin
The flashing red LED is very annoying to my wife.. lol :)
posted at 10/15/2013 1:37:58 PM
Go to Comment
By Kevin
Hi I would like to use NVG510 as wireless access and turn-off the WAN port? Will this work: set link[2].port-vlan.ports off
posted at 10/15/2013 1:36:12 PM
Go to Comment
By Earlz
Well, usually it's very hard to have really good support on all 3 platforms. I haven't tried it, but it looks like it should work with a little bit of setup with MingW
posted at 10/14/2013 7:24:54 PM
Go to Comment
By James Dunne
Rust is a first class citizen on Linux but currently a third class citizen on Windows, where I would love to use it for a few projects that otherwise could not be done on Linux due to hardware support issues.
posted at 10/14/2013 3:37:50 PM
Go to Comment
By Earlz
@asterite, the problem I encountered was I couldn't get sockets to work, despite everything looking right in the socket's source code. I understand that the language is extremely young, and that's another reason why it's not quite for me. I don't mind bleeding edge, but I need to actually be able to get stuff done as well. 

As for the license, it will prevent anyone in the future from contributing to your project until you get that sorted out. 
posted at 10/13/2013 6:30:16 PM
Go to Comment
By asterite
Hi there from Crystal :-)

We're sorry you couldn't get it to work. What problem did you encounter? We can help you make it work.

About the license: we are still thinking which license to use, that's why we never replied to you. Please understand that the language is still very young, we are very few in the team and we do it in our free time.
posted at 10/13/2013 4:42:07 AM
Go to Comment
By Joey Ezechiels
I already considered Rust an interesting language, but your blog has convinced me that Rust should be the next language I learn.
posted at 10/12/2013 9:41:49 PM
Go to Comment
By Earlz
@Anonymous. It sounds like you have either a line or hardware problem. I'd do a factory reset of your modem and then call AT&T about it. (do the factory reset so that AT&T doesn't blame your custom configuration as being the problem) 
posted at 10/10/2013 2:03:33 PM
Go to Comment
By Anonymous
Hi I rooted the nvg510 and put it in true bridge mode I added a linkys e2500 router and set the DNS for openDNS. Everything has been working as it should for the last few days, but the last week I have been struggling again. My problem is the fact that nvg510 seems to still disconnect and reconnect like it did before I rooted it.The reason I think its the nvg510 is I will go into the room and look at the lights on the device the broadband light will be blinking while the service light is red. Then it seems to reset itself after a few mins and then continues. What could be cause of this?
posted at 10/10/2013 6:03:34 AM
Go to Comment
By Cir-c
Well let me know, because I am going nuts with this thing.... I just bought an ASUS ac66u which I love and love to use... My roommate loves to see NAT 1 on his ps3 which the 2 wire gives him and my AC66u used to on WAVE broadband. He gets NAT 1 on the DMZ+ but as soon as I give him DMZ+ I loose all the functionality of my vpn my plex and I am limited on max connections not to mention no 5ghz. By the was ac66u in dmz+ with ac66u dmz mode to ps3 still gives nat 2 and I would say "seriously you notice a difference?", but the thing is even I see the latency comparatively typing =). So if you have any use for me, or my endless config. attempts my email is circy6@hotmail.com. Great work though I love to see people doing there part to fix the beta products that we are forced to use. hehe
posted at 10/9/2013 2:01:35 PM
Go to Comment
By Earlz
@anon, no. When you use this application configure your modem it is persistent. If you disconnect the internet or power, when you start your modem back up, the changes will still be applied. The only way the configuration will be erased is if you do a factory reset
posted at 10/4/2013 2:03:18 PM
Go to Comment
By Anonymous
If I close this app or disconnect my device from the internet, will I have to do it again?
posted at 10/3/2013 11:10:03 PM
Go to Comment
By KJ
I purchase your NVG510 fixer app from Google Play for $3 and it did not work.  It ran on my android, connected, made adjustments and completed...and nothing happened to the NVG510.  There was no change detected at all.  Of course, I rebooted and connected my sonicwall to port #1, rebooted it and nothing happened.  My configuration settings incorporated the static IP settings that were in the NVG510 into the sonicwall.  Is there a way I can contact you for some assistance?  Please contact me at kirk@pcsupportbiz.com.  thank you.

posted at 9/26/2013 7:38:33 AM
Go to Comment
By Earlz
@Anon, yes I can. I'll include that in the next update to the application. I warn you it may take a while before I put out another update though
posted at 9/22/2013 9:33:56 PM
Go to Comment
By Earlz
@KJ Bridge mode should not affect other settings. You should be able to enable and disable it and have no side effects. However, I can't guarantee that, so always write down what settings you've applied in case a factory reset is required
posted at 9/22/2013 9:33:02 PM
Go to Comment
By Anonymous
Can you add undo upnp?
posted at 9/21/2013 4:28:59 PM
Go to Comment
By KJ
Earlz,  I do have a question I'd like to ask you:  Using your NVG510 Fixer app I set the router to bridge mode and for some reason find that I want to undo the bridge mode, so I set it back, will the settings that the NVG510 had prior to entering bridge mode still be
in the router or will they be erased or scrambled?  Also, a suggestion for a new feature for your fixer app would be a save settings feature.  Thank you,  KJ
posted at 9/21/2013 1:19:14 AM
Go to Comment
By KJ
Hi!  I just purchased your fixer app.  When I use your app to put the NVG510 into "true" bridge mode...is it really bridge mode?  Now its just a modem?  I've got to hang a Sonicwall onto an NVG510 tomorrow.  In the past I've had such terrible experiences with this router and AT&T...if its a true bridge mode I just might live through this experience.
Thanks.
posted at 9/21/2013 12:19:59 AM
Go to Comment
By Earlz
Yea, I'm not really familiar with Cisco VPN, so I don't know how it works. I'm not for sure what would be wrong with it
posted at 9/20/2013 2:54:03 PM
Go to Comment
By Captain Red Beard
I have 2 work computers in the house: mine and my roommates. We both use Cisco VPN to access our employers networks. Both worked fine when I had ATT DSL and used the 2Wire gateway. Now that I have switched to U-Verse internet and have the NVG510 gateway, my work computer connects via VPN, but my roommate's does NOT, Tried a custom NAT/Gaming setting and an IP Passthrough and nothing works. Is there a root fix that I can employ to fix this problem? All other computer, eReaders, smart phones, and wireless printer connect with no problem.
posted at 9/19/2013 10:43:28 PM
Go to Comment
By Earlz
I am almost for sure that it's flat out impossible to use VoIP with true bridge mode. True bridge mode basically takes the modem out of the traditional network. As far as the modem can go, it doesn't have an internet connection
posted at 9/16/2013 12:56:08 AM
Go to Comment
By Mongo
Enabling True Bridge mode does kill the VOIP service on my NVG510 (at least if that's the only thing you change).  If anybody has any clues for making VOIP work in True Bridge mode, I would be pleased to experiment and report results.  So far, I have not found any objects that appear to be VOIP related from the nsh shell.  However surely there must be something that causes it to get enabled and disabled?  Might serve as a starting point?
 
posted at 9/15/2013 9:44:43 PM
Go to Comment
By Earlz
@Kal, yes it should be removed assuming that your router behind it is capable of handling enough concurrent sessions. Note this is only for the NVG510 though
posted at 9/15/2013 2:00:50 AM
Go to Comment
By Kal
Once the modem is bridged, is the concurrent session restriction removed? I am purchasing one as I think that is the trouble that I am having at my school with my 3801.
posted at 9/14/2013 9:15:43 PM
Go to Comment
By Anonymous
upnp enable on works. just did it on mine.
posted at 9/14/2013 9:58:07 AM
Go to Comment
By Earlz
Are you sure your modem is actually at 192.168.1.254? 
posted at 9/13/2013 1:51:31 PM
Go to Comment
By Earlz
You only need Bridge Mode if you want to use a separate router behind your U-Verse modem without creating what's called a "double NAT". 
posted at 9/13/2013 1:50:54 PM
Go to Comment
By Anonymous
What does bridge mode do on nvg510

posted at 9/12/2013 11:41:38 PM
Go to Comment
By Anonymous
i get 404 when i click save after inputing the nonce value
posted at 9/12/2013 11:24:02 PM
Go to Comment
By Miami Uverese
I dont understand?  what is bridge mode and do i need it?  also  thru this can i improve me speed
posted at 9/12/2013 10:54:35 PM
Go to Comment
By Anonymous
^^^ I was only pointing out that the websites pedro listed had links to this blog.
posted at 9/11/2013 6:29:47 PM
Go to Comment
By Earlz
See this later update: http://earlz.net/view/2013/06/01/2042/hacking-the-2-wire 

Basically, this thing is a very secure beast. There has been a guy trying to hack it in a similar way to me for 2 years and he still hasn't made significant progress
posted at 9/11/2013 5:54:04 PM
Go to Comment
By Barry
Any updates?
posted at 9/11/2013 4:50:33 PM
Go to Comment
By Anonymous
@Anon btw lastyearswishes.com is the old domain name of this blog. 
posted at 9/11/2013 3:31:14 PM
Go to Comment
By Earlz
@Motz you're looking at it :). The easiest way is to use this Android application. From that all you have to do is push a single button to enable bridge mode and thus be capable of using a better router
posted at 9/11/2013 3:26:16 PM
Go to Comment
By Anonymous
@Pedro
The "set link[2].port-vlan.ports "vc-1 lan-1" shouldn't be any different than the one described in this thread (In theory). If you notice, link[1] supports more than one port. I would imagine link[2] should have the same functionality as vc-1 is only a virtual port.

Also I would like to note that the website mentioned references this blog for it's information.

References

    http://lastyearswishes.com/blog/view/4fcc69bc4aa5d8385420c705
    http://lastyearswishes.com/blog/view/4fcff51b4aa5d8385420c706

posted at 9/11/2013 8:57:15 AM
Go to Comment
By Hurtzdoenut
For Windows 8 users,

You may have to install the telnet service before you can try any of this. To do so, Right-click on the bottom left of your screen (where you access your start menu) and click "Programs and Features" (or do so by going through control panel). On your left hand side you will see "Turn Windows features on or off". Click on that and scroll down until you see a check box that says "Telnet Client" Check that box and click OK. Wah Lah!!! Youcan now access telnet through your command prompt. Telnet, by default, is not installed in Windows 8 for security purposes.
posted at 9/11/2013 8:34:20 AM
Go to Comment
By Hurtzdoenut

				
posted at 9/11/2013 8:26:51 AM
Go to Comment
By Hurtzdoenut
@ Earlz

This is probably irrelevant by now but I just found this thread. Kudos for the info btw. I read earlier that you tried to use the NVG510 as a wifi connection due to your other only being a G standard. You also mentioned the reason you quit using it was due to it's "power saver mode" or whatever was bogging the signal. Have you tried to manipulate the "phy.wl80211.wmm.powersave"? It has an on/off switch.

Just curious.
posted at 9/11/2013 8:24:41 AM
Go to Comment
By Motz
Hello! Have you figured out any way to do a simpler root? I know I am capable of rooting the modem, but would very much be willing to throw some cash your way for something easier. We just got UVerse as it is the best option where we are (Detroit), and I definitely I want to use a MUCH beefier router.
posted at 9/10/2013 10:07:13 PM
Go to Comment
By Earlz
Yes, clear your cache and possibly restart your computer
posted at 9/10/2013 6:42:22 PM
Go to Comment
By Ling
Hi
I tried both manual (according to a Youtube video https://www.youtube.com/watch?v=o_O6rus8Yqw&feature=youtube_gdata_player) and your app. I didn't solve the redirect problem. Although I haven't cleared my cache. Do you think it could be related that? My email is flyerwolf@gmail.com   
posted at 9/10/2013 5:49:30 PM
Go to Comment
By Earlz
@Pedro, no you haven't opened up telnet to the world, only to your local network. 
posted at 9/10/2013 5:07:08 PM
Go to Comment
By Uncommonly common uncommon name
This is very helpful, thank you. 
It is worth noting that my name is levi
posted at 9/10/2013 4:55:05 AM
Go to Comment
By Pedro
Earlz, you have saved me hours of headaches!  The NVG510 has been a piece of junk since the day AT&T gave it to me.  I'm on my 3rd one--they keep thinking it's hardware when I know the problem is software.  I used to have DSL Extreme with a bridged 2Wire modem of some kind and will go back to them as soon as my low price with AT&T is over.

I'm a relative novice (not sure what "nsh" means) but I found your instructions easy to follow -- I had never used Telnet before.  Now I have put my trusty Netgear router (which has 3,586 more features) back in play.

One possibly dumb question: by enabling Telnet via "set mgmt.shell.telnet-port 23", have I opened up my modem to the world?  Should I disable it by entering "set mgmt.shell.telnet-port 0"?

Finally, http://tuxhelp.org/doku.php%3Fid=networking:taming_nvg510.html says that bridge mode is enabled via "set link[2].port-vlan.ports "vc-1 lan-1"" which is slightly different than your command.  Is there a functional difference?

Thanks again for saving my san
posted at 9/9/2013 7:35:39 PM
Go to Comment
By Tinkerer
Yes please, let's hack this piece of garbage. The upnp, firewall, and bridge issues are painful!
posted at 9/9/2013 2:22:26 PM
Go to Comment
By Nick
Earlz, you are awesome. This fixed all of my issues except for the fact that my connection is super slow. Thanks!
posted at 9/6/2013 4:33:46 AM
Go to Comment
By Anonymous
Nevermind. Didn't see the 'nsh' line
posted at 9/6/2013 2:57:05 AM
Go to Comment
By Anonymous
After telnet I am able to set variables, but validate, apply and save commands are missing:
# validate
/bin/sh: validate: not found
# apply
/bin/sh: apply: not found
# save
/bin/sh: save: not found
posted at 9/6/2013 2:52:22 AM
Go to Comment
By Testing...
test
posted at 9/2/2013 8:11:40 PM
Go to Comment
By Phillip T
I suppose I will just try to work with the IP Passthrough...cause I want to implement my pfsense
box into the mix....  Perhaps switching over to UVerse wasn't such a grand plan after all :(

Thanks.
posted at 8/23/2013 12:05:10 PM
Go to Comment
By Earlz
If you do bridge mode with VOIP, I'm 99% sure you'll lose VOIP service.. You can try it, but be ready to do a factory reset if you lose service
posted at 8/23/2013 4:47:35 AM
Go to Comment
By Phillip T.
I have the NVG510 uverse setup, but I also my at&t VOIP configured through this as well, and was 
curious if anyone has bridged this nvg510 and lost the VOIP?  I really want to do this, but I also
need to keep my VOIP service going.  I have already hacked and ssh'd into the nvg to change
the primary, and secondary dns, and my voip was not affected.  I was a little paranoid to 
do the complete bridge until I heard from someone else with my same setup.

Thanks for sharing this hack!  
posted at 8/23/2013 12:29:47 AM
Go to Comment
By Anonymous
The easiest way to access the modem when behind a router and bridged is to hook one of the NON-BRIDGE ethernet ports from your modem to your router.. So, you'd have 2 ethernet cables between your modem and router. With this method, your router would have a WAN IP and a LAN IP of (say) 192.168.2.1 and your Modem would then have no WAN IP, and have a LAN IP of 192.168.1.254.. The only thing to be wary of is that you want to ensure that your router is handing out IP addresses through DHCP and not your modem.. This may require disabling the modem's DHCP server
posted at 8/21/2013 2:00:03 PM
Go to Comment
By Earlz
You can download the webpage and change it's source so that instead of 192.168.1.254, it uses 192.168.2.254.. and if that's too technical for you, you can instead use my Android Application called NVG510 Fixer (for $1 on Google Play) which allows you to input an IP address and enable telnet and a few other common problem fixes. 
posted at 8/21/2013 1:56:15 PM
Go to Comment
By Anonymous
I enabled true bridge mode and I assume it is working as my router now displays a WAN ip and gateway, but I cant figure out now how to access the modem when behind the router? Previously I was using the passthrough method with a pinhole so i could access my modem and router both via "pinhole" by having each on different class c subnet with /16 mask, this doesnt seem to work after puting modem in true passthrough. Ideas?
posted at 8/21/2013 6:39:42 AM
Go to Comment
By Anonymous
You cant change your IP address with UVerse. Think of UVerse as working like a really big LAN and you have not a static, but a "DHCP reservation" whereas you are identified by your MAC address and then always assigned the same IP. So you maybe could technically get a different IP by changing your MAC but it would likely end your service as your MAC is tied to your account and if you were to change your MAC back again, you would get the same address again.
posted at 8/21/2013 5:50:34 AM
Go to Comment
By Anonymous
Earl, I am trying to root my Motorola modem per your instructions and web site, but if fails
because my modem has an ip address of 192.168.2.254, and your website code is looking for 192.168.1.254.
Any advice other than changing the routers ip address to the default?

Thanks, great work!
posted at 8/21/2013 1:40:27 AM
Go to Comment
By Anonymous
I changed the modems MAC Address through the root, and it did not issue me a new external IP.
posted at 8/16/2013 12:36:14 AM
Go to Comment
By Anonymous
@Earlz

Is it possible to brick the modem just by changing one number in the MAC address? I'm kinda scared to do it.
posted at 8/15/2013 8:25:38 PM
Go to Comment
By Anonymous
@Earlz

Thanks for the info, the reason I want to change my MAC address is because I am thinking that would give me a new IP address. I have had same u-verse IP forever... I've tried everything to change it to no prevail. 
posted at 8/13/2013 8:53:16 PM
Go to Comment
By Earlz
@Anon yes, it's possible to change the Mac Address. It's quite risky though and I'm not sure if it's reversible. Get to the `nsh` shell and then I think `mfg mac-info <MACADDRESS>` should work. Messing with the mfg command though is very dangerous and not reversible by factory reset. I can't guarantee it won't brick your modem
posted at 8/13/2013 5:39:34 AM
Go to Comment
By Anonymous
Is it possible to change the modem's MAC address through root? 
posted at 8/13/2013 3:37:02 AM
Go to Comment
By bdc-devel
Ah yeah, I have a ZyXel NBG4615 behind, will look it up, thanks!
posted at 8/8/2013 4:00:05 PM
Go to Comment
By Earlz
@bdc this is because AT&T's IPv6 support isn't "native". They tunnel the IPv6 through IPv4 with software. So, when you do true bridge mode, you lose that feature. Difficulty of setup ranges from impossible to easy, depending on your router behind it. Look up IPv6 tunneling. Here is one I found quickly: https://www.sixxs.net/main/
posted at 8/8/2013 1:53:41 PM
Go to Comment
By bdc-devel
Quick question, I got "True bridge mode" setup and all is fine, I also have an ipv6 enabled line ... while IPv6 works fine when connected to port 2, the NVG510 refuses to send the ipv6 info to my router on port 1 ... any suggestions ?
posted at 8/8/2013 9:04:45 AM
Go to Comment
By Earlz
@BellTech I was told there was some internal documentation now at AT&T to use my website, basically. I think that's pretty awesome. I never expected AT&T themselves would take an interest in this site(although I'll always provide all this information free and with no strings attached). 
If it's not confidential(I'd like to show it to others), is there anyway you could send me a PDF or some such of it? I'm very curious as to what exactly they're instructing. 
posted at 8/2/2013 2:28:16 PM
Go to Comment
By BellTech
Thank you, thank you, THANK YOU for all of the hard work and hacking you have put into the NVG510! The resolution of the LAN IP redirect issue has been a godsend for many irritated customers of mine. Couple that with a true bridge mode config that is not affected by an RG hard reset (customers love mashing recessed buttons) and my life at work has become much easier. Thank you again, sir. 
posted at 8/1/2013 4:31:03 PM
Go to Comment
By Anonymous
at&t in instructing there techs to use your web site to turn off the redirect on nvg510 modems this is an  internal document they have there logo all over it and there very proud of it.
posted at 7/25/2013 2:18:16 AM
Go to Comment
By mroboto
I ran your code on the 510, and got telnet access (finally!). After poking around a few, I tried "configure", and got access to the configuration prompt. I used " set ip dns primary-address x.x.x.x ", and got the shell prompt, no error.
exiting, I was asked to save, hit " y ", and checked the modem status. DNS CHANGED! SUCCESS! THANKS A MILLION!
posted at 7/14/2013 8:25:44 AM
Go to Comment
By Matt
Here are the commands I used to change the DNS:
set ip dns primary-address 8.8.8.8
set ip dns secondary-address 8.8.4.4
set ip dns proxy-enable off
validate
apply
save
posted at 7/11/2013 6:16:36 PM
Go to Comment
By Random dude
Reminds me of that one time when my cousin asked me to create a virus so he can crash his school's file system.
posted at 7/10/2013 10:00:11 AM
Go to Comment
By JDS7801
I'm late to this game but I am happy to report that my UVERSE via NVG510 is now usable as a primary link to the Internet. I still cannot believe that AT&T never updated their software to eliminate the "Potential Connection  Issue" cacheing problem. It must of cost them thousands of dollars in support calls. Thanks for helping us fix a bug that they were unwilling to address. I address the DNS problem by putting hard DNS addresses in every machine that connects through the NVG510. Earlz you are the Man!!!
posted at 7/9/2013 3:48:12 PM
Go to Comment
By David T.
--For people who are like, "why do you need true bridge mode?" 1) Double NAT is never an efficient way of setting up a network, and 2) I am absolutely unable to do SSL tunneling unless I put the NVG510 in true bridge mode.
posted at 7/7/2013 4:54:39 PM
Go to Comment
By David T.
3) U-Verse is very sensitive... minor issues in the transmission lines or at the CO will send your speeds into the tank. Every few months my speeds take a dump and I have to call up and get service... they always send an inside tech first which is useless (because I know my setup is fine) and then I have to wait for an outside tech to be dispatched. If I am lucky, the outside tech can fix the problem, if I am not lucky, the outside tech has to escalate even further meaning more delays...
4) This means every few months when I call AT&T, the first level tech wants to run diags, and invariably tells me that they can't find my modem (because I have it in true bridge mode) so I have to do a full reset and leave it factory defaults until the issue is fully resolved (or the rest of the techs are going to be like, "hey, your modem isn't responding...) Then I have to go back and reconfigure the modem afterwards each time back into true bridge mode.
--For people who are like, "why do you need true bridge mode?" 1) Do
posted at 7/7/2013 4:54:20 PM
Go to Comment
By David T.
Even with NVG510 switched to true bridge mode and my router handling everything, AT&T is sh*t... it boils down to four things:
1) They do some very proprietary management stuff with the NVG510 as far as DHCP leases and network provisioning. In true bridge mode the typical router doesn't have a clue how to handle it and the connection just goes south. A renew/release on the router and possibly a reboot of the NVG510 is necessary once a month to correct this kind of issue.
2) Especially with naked DSL, you are trying to pull 6, 10, 12Mbps over the standard telephone wiring in your house... this is a basic flaw with U-Verse, as standard telephone wiring was never designed to handle those speeds. It's why twisted pair cabling was developed. AT&T will give you twisted pair from the pole to your house, and a twisted pair cable from the modem to the wall plug, but won't replace the internal run except as a last resort.
3) U-Verse is very sensitive... minor issues in the transmission lines or at the CO will send y
posted at 7/7/2013 4:53:46 PM
Go to Comment
By David T.
Even with NVG510 switched to true bridge mode and my router handling everything, AT&T is sh*t... it boils down to four things:
1) They do some very proprietary management stuff with the NVG510 as far as DHCP leases and network provisioning. In true bridge mode the typical router doesn't have a clue how to handle it and the connection just goes south. A renew/release on the router and possibly a reboot of the NVG510 is necessary once a month to correct this kind of issue.
2) Especially with naked DSL, you are trying to pull 6, 10, 12Mbps over the standard telephone wiring in your house... this is a basic flaw with U-Verse, as standard telephone wiring was never designed to handle those speeds. It's why twisted pair cabling was developed. AT&T will give you twisted pair from the pole to your house, and a twisted pair cable from the modem to the wall plug, but won't replace the internal run except as a last resort.
3) U-Verse is very sensitive... minor issues in the transmission lines or at the CO will send y
posted at 7/7/2013 4:53:46 PM
Go to Comment
By Ryan8431
I've been having problems similar to this link: https://discussions.apple.com/thread/2328853?start=0&tstart=0
Behind my NVG510 I have a D-Link router with various devices connected...PCs, PS3s, iPhones, iPads, Printers, etc.
ONLY when opening a browser from a secondary computer, the NVG510 loses sync.
The only way I can get it to sync afterwards, is plug my primary PC directly to the NVG510 and reset connections.
My primary PC is also the one who's MAC I have my router set to clone, and the same MAC defined in the NVG510 for Passthrough. Then I connect my router back up and everything is fine, until I try to open a browser from the secondary computer again...
Any thoughts?
posted at 7/5/2013 8:25:37 AM
Go to Comment
By The_NetZ
And my third comment tonight XD, but I think you want to hear this, as I've figured out how to ssh into the NVG510
its actually so simple I don't see how you didn't figure it out yourself, considering how much you did, lol. From tilda (my favourite terminal emulator) I ran:
ssh admin@nvg510 
and gave it my admin password, and boom! I'm in, and 192.168.1.254/cgi-bin/logs.ha shows
"2013-07-05T00:54:33-05:00 L4 cshell[2995]: TS: "admin" completed login via SSH from 3232236002"
Note: I added the nvg510 to /etc/hosts to make telnet easier as I can tab complete the hostname nvg510 instead of manually typing the ip.
posted at 7/5/2013 6:02:31 AM
Go to Comment
By The_NetZ
Actually nevermind, lol. I got the dns setup right, but have you had a look at busybox on this machine? could do some interesting things with that...
posted at 7/5/2013 4:35:34 AM
Go to Comment
By The_NetZ
Yeah, I'm looking into that. I want to do as best as I can with it, within legal limits. I'm trying to set the google public dns server (8.8.8.8 & 8.8.4.4) but at the save step it keeps telling me "The database is dirty", which is really getting to irritate me XD. Any ideas what is wrong here?
posted at 7/5/2013 3:15:58 AM
Go to Comment
By Howler
Beta Testers Await
posted at 7/4/2013 3:10:53 AM
Go to Comment
By Earlz
@Netz, yea they don't include iwconfig. Broadcom ships a proprietary (and very hard to use) utility called `wl`. You might try searching for some info about it, and I believe it does respond to `--help`. I was messing with something unrelated to power levels, but noticed that the help page mentioned power levels along with a big huge "adjusting this may cause your device to be illegal according to the FCC and/or fry your wireless chip" kind of warning. If you're going to adjust power levels, ensure you take small steps to ensure you don't overheat the chipset
posted at 7/3/2013 3:11:34 PM
Go to Comment
By The_NetZ
Hey, me again. closer and closer to a decent machine, lol. My current question regards power management for the wifi device. Normally under linux you can issue some iwconfig commands to enable/disable power management, and hopefully boost signal strength with that. However, during my last telnet session with a root shell it seems this is one of the "lacking" linux/unix utils you make mention of (why people feel the need to gut the awesome power of linux I don't understand [or perhaps I do and just don't want to really hate them for it]). is there an nsh or other command available to do the same?
posted at 7/3/2013 12:56:08 PM
Go to Comment
By Earlz
None yet unfortunately :( A very tough modem to crack
posted at 6/19/2013 8:43:32 PM
Go to Comment
By Anonymous
Any updates? I've been prodding a 3801hgv I bought on ebay, to no avail.
posted at 6/19/2013 5:22:04 AM
Go to Comment
By Earlz
It's impossible to have 2 xboxs have an open NAT type. The best you'll be able to do is one open and one moderate, unless you pay AT&T for an extra IP address. This is inherit with how the internet works. To get one to be open, you'll have to forward port 3074 (UDP and TCP) and port 88(UDP) to the xboxs IP address. 
posted at 6/15/2013 12:55:42 AM
Go to Comment
By Anonymous
First of all THANKS for putting this together. It's awesome. However, I'm still fighting a problem and hope someone can help. I have 2 Xbox 360s using the same NVG510. I followed the procedure to enable Upnp but both Xbox NATs are Moderate instead of Open. I went back in and verified that Upnp is still enabled and it is. Anyone have ideas?
posted at 6/14/2013 10:59:03 PM
Go to Comment
By Jice
@earlz Sorry. I think that I confused myself.  I used my public IP address from within my network and was greeted by a telnet prompt, so I assumed it was publicly accessible.  But, I tried from an outside machine, and did not get a telnet prompt.

posted at 6/11/2013 4:39:02 AM
Go to Comment
By Earlz
@Jice ick! On my modem, it only turned it on to the LAN by default(though there was an option to turn it onto WAN as well). I recommend after getting into the modem turning ssh on and telnet off in that case.. and look for an option to turn WAN access to it off, if possible. 
posted at 6/10/2013 3:36:06 AM
Go to Comment
By Jice
This appears to open up telnet both internally to your network as well as externally.  Couple of questions:

1) Is it possible to configure to only allow telnet from within your network?
2) If/when accessing telnet externally, are passwords always sent encrypted?

Thanks,
Jice

posted at 6/9/2013 5:15:39 PM
Go to Comment
By Nate
Thanks for posting this. I have been having a problem with intermittently slow connections and disconnects. I used your pass through setup and my internet works better than ever. I do have one question the modem is working fine, all diagnostics say pass but the broadband light blinks red? This was happening last night after I restarted the gateway for being slow. AT&T did a line test and said everything is fine. Thats why I landed here to root the modem. Any suggestions other than the true bridge mode?
posted at 6/6/2013 2:00:02 PM
Go to Comment
By Tom
I followed your 510 guide only to realize I have the 3801HGV. I would love to get this thing rooted!
posted at 6/4/2013 1:36:13 AM
Go to Comment
By Tom
I'm having trouble. When I submit the form on your exploit page it takes me to a blank page. if I load http://192.168.1.254/cgi-bin/etherlan.ha directly it says 404 not found.
posted at 6/4/2013 1:33:17 AM
Go to Comment
By Earlz
@anon if you look at my project's dependencies, I made a fork off of a LGPL licensed project for that. 

See here: http://mbed.org/users/gertk/code/vga640x480g/file/821e34a87609/vga640x480g.c

I didn't steal it, and I'm pretty sure I'm not violating the LGPL license for it either. My contributions are LGPL, but my actual project is BSD with a reference to that project
posted at 6/4/2013 12:35:05 AM
Go to Comment
By Anonymous
Looks like you just took http://mbed.org/users/Ivop/code/vga640x400/file/746c1bf00d40/vga640x400.c and make it look like your own.
posted at 6/3/2013 7:44:21 PM
Go to Comment
By Izkata
On Android, there's at least one project meant to sort of pseudo-do what you're talking about:  OpenIntents ( http://code.google.com/p/openintents/ )

For example, the OI File Manager can be called by your app for Open and Save dialogs - you don't need to implement a custom subpar one yourself.
posted at 5/30/2013 4:12:00 AM
Go to Comment
By Anonymous
Wait, so Windows 8 restricts an app to opening only certain types of files?  And here I was already annoyed enough at the idea of a file type being associated with a single application!
posted at 5/29/2013 10:37:39 PM
Go to Comment
By Anonymous
I don't know much about computers but when I was in High School my best friend and I had English class together.  One day I took a screen cap of him using Microsoft Word, and set it as the desktop image.  The teacher called the IT guy and he couldn't close the window.  He didn't realize it was a photo so he got the   startup discs and reformatted the whole computer.  We did not get in trouble. haha
posted at 5/28/2013 6:52:06 PM
Go to Comment
By Anonymous
goood
posted at 5/26/2013 9:55:04 AM
Go to Comment
By Anonymous
no comment broo

you are doing a good job
posted at 5/26/2013 9:07:01 AM
Go to Comment
By Earlz
@Sunny I tried that exact thing, since the NVG510 is wireless N and my current wifi is wireless G. Just give up. I managed to get it to work, but I had to reset it once an hour or the wireless signal would become so weak as to be non-existent, apparently some kind of power saving feature I couldn't figure out how to disable. 

See also: http://earlz.net/view/2012/12/28/0230/how-to-reuse-an-nvg510
posted at 5/24/2013 5:01:17 PM
Go to Comment
By sunnymat
Hello Earlz, this is really a great work..This has been very helpful in getting into this modem but i havent been able to get it to work like the way i wanted it to.. Can you let me know if this is possible - I switched to cable recently and have no use of this modem now so I was trying to set it up a wireless access point with a lan port plugged in directly to the back of my cable modem/router. I tried the true bridge mode You have mentioned above except i removed the ppp since i do not want that to happen but that doesn seem to work.. Can You let me know if i am missing something or this will not work..
posted at 5/24/2013 1:18:41 PM
Go to Comment
By Earlz
With the way bridge mode is setup, maybe, maybe not. If you bridged it, you might try running an *extra* network cable from your router to your modem (use one of the non-bridge ports). I'm not sure it'd work though and it'd probably require some extra configuration. I didn't have an NVG510 which supported VoIP, so I don't know. 
posted at 5/23/2013 1:30:25 PM
Go to Comment
By Earlz
Yes. It'd probably be an nsh command like:

set mgmt.account[0].password "mypassword"

posted at 5/23/2013 1:28:16 PM
Go to Comment
By Anonymous
I have a problem that I can't seem to work around and wondered if you can help.
I have put the modem in pass-through (needed it for work, and AT&T didn't give a crap; so, I hacked it!)
But, now, my phone doesn't work.  My phone uses the modem for the "dial tone" (at least, that's what the tech told me).
It seems that forwarding everything to my internal router has disabled the phone line.  I thought I could get it
to work by putting vc-1 into the list of ports on link[2].  But, sadly, that does not work.  Any suggestions?
posted at 5/23/2013 2:13:25 AM
Go to Comment
By Anonymous
Here's a question: can you change the device access code from within telnet?
posted at 5/22/2013 7:54:06 PM
Go to Comment
By Earlz
@NetZ. Oh wow! I wasn't aware that when the network went down the login functions were basically not used. That's... interesting heh. Anyway, you can probably get the network password from the `nsh` command line.

If you do a `dump` from nsh, one of the fields it lists should be the admin password.. 

Note: I don't condone this behavior at all though. 
posted at 5/22/2013 6:44:53 PM
Go to Comment
By The NetZ
many thanks on this site, got me a few steps closer to getting this thing actually decent. could the following be done?: I personally don't know the admin password to our router, and there is great animosity between be and the current network admin, who is quite frankly incompetent (he bought a usb keyboard for his laptop because he thought it was broken; turns out he had numlock on for a couple years). So, I was able to enable telnet by using your page and a trick using that annoying redirect (which is my goal to get rid of, ironically). Apparently when your get that redirect you have access to the full functions of the router (meaning you can reset it, whatever, during this). So I waited till the net failed (common enough) and after the redirect I used your page to enable telnet.

So, if you can do this sort of thing while redirected, can, could you obtain the admin password as well?
posted at 5/22/2013 6:28:19 PM
Go to Comment
By Anonymous
Drawing circles is hard. :-)
posted at 5/14/2013 6:45:17 PM
Go to Comment
By JFH
Dude, I seriously need to send you some cash for this. 
I have been fighting with AT&T 'support' for over a month to get
rid of that stupid connection 'error' redirect message. This is what I wanted. I just did it
- rooted the blasted thing - now but confidant this will address the issue. Also disabled 
that worthless DHCP server they have on the unit. 
posted at 4/30/2013 10:01:31 PM
Go to Comment
By Anonymous
Thanks for the tutorial, though my problem seems different than anyone else's.  What happens for me is the redirect, but only when browsing with the http port.  If I go to http://google.com, it redirects.  When I go to https://google.com, it works.  Yahoo messenger works, my gmail notifier works, but all websites will start redirecting when using port 80.  I've shut off the redirect per the tutorial above, but that just makes it redirect to 192.168.1.254 when having its "issues."  The only workaround I have is using a public proxy server when it's acting up.
posted at 4/30/2013 3:19:54 PM
Go to Comment
By Levi
I have already done nsh. After that it shows up as axis something(not at my computer) but for  I can not change anything
posted at 4/24/2013 1:17:35 AM
Go to Comment
By Earlz
@Levi You have to get to `nsh` first. See the section surrounding the "fixing common problems" header
posted at 4/23/2013 4:43:12 AM
Go to Comment
By Levi
when i type in the upnp or redirect code it simply says "usge: set OBJ.ITEM VALUE" WHY!!
posted at 4/22/2013 11:27:16 PM
Go to Comment
By Levi
Never mind i got connected but how do i enable upnp?
posted at 4/22/2013 2:54:50 AM
Go to Comment
By Levi
@Earlz i enabled telnet on my pc but i cant seem to figure out how to connect to my router using telnet can someone help?
posted at 4/22/2013 2:20:35 AM
Go to Comment
By Levi
@Earlz how do i connect using telnet?
posted at 4/22/2013 2:08:43 AM
Go to Comment
By Joshua Cornutt
You pretty much described my highschool experience as well!  Haha!
posted at 4/18/2013 9:44:01 PM
Go to Comment
By Anonymous
Thanks for the great work, I FINALLY got rid of the stupid redirect!

For those of you with modems on a different default ip (like me) here's what I did:
Copy the source code out of the page that enables telnet. Save, change the ipaddress, then launch the page. 
Maybe for future users, the page can be modified so that a user can enter the ip as a field as well.

posted at 4/18/2013 2:42:03 AM
Go to Comment
By Sebastian
Thanks you...
posted at 4/17/2013 3:53:45 AM
Go to Comment
By Anonymous
I am interesting in anyone's results with Static IP also.
I would love to use true bridge mode with this thing as I use PfSense but can't afford too much down time for trial and error.
Also do we have any way to make it ignore any firmware upgrades? My worry is we set this thing up, get it working great finally and a firmware upgrade jacks it up and locks telnet out but for now static IP true bridge would be great!
posted at 4/12/2013 4:30:07 PM
Go to Comment
By Mr. Koolaid
Hahahaha, Ginger!
posted at 4/12/2013 10:53:09 AM
Go to Comment
By miguel
This is legit Jordan I like it bro. Don't listen to the douchbag dissing.
posted at 4/12/2013 6:36:09 AM
Go to Comment
By Earlz
@dotmatrix Yea.... I have no idea? I would think it should *just* work if you manually configure your router behind bridge mode to use the static IPs. you might make sure your gateway and netmask is correct. I remember having some problem at some point with AT&T handing out a gateway which fell outside of the netmask, thus requiring me to manually override the netmask. 

Not sure if that applies in this case though unfortunately. I've never had experience with their static IP support
posted at 4/12/2013 4:42:56 AM
Go to Comment
By d0tmatrix
Thank you for the information! I was able to follow your directions to enable true bridge mode, but now I can't seem to figure out how to use my static public IP addresses assigned by AT&T. I am currently using DD-WRT on my router. If I enable the router to use DHCP to configure its IP, it is assigned a random public IP. I can use a traceroute to get my gateway IP. If I use this gateway IP and my private IP I was assigned, nothing works. If I connect the router to LAN 2- LAN 4 and use DHCP in DD-WRT I get a private IP from the NVG510 and everything works. I was assigned 4 static IP addresses. I can't seem to get Uverse Tech support to help me understand how my static IP works. 
posted at 4/12/2013 12:29:37 AM
Go to Comment
By Anonymous
Hey Earlz,
Whats the best way to turn the nvg510 into a switch, I managed to do it by disabling the dhcp server and giving it an ip address outside of the main routers ip range. Is this enough? should i disable the firewall and is it possible to disable the broadband light it keeps flashing red. Thank you for all your time and work on this project, take care.
posted at 4/11/2013 6:25:49 AM
Go to Comment
By Anonymous
Once upon a time I was messing around in Photoshop and found this obscure WBMP format. It turns out that it's a very simple monochrome image format originally designed for mobile phones. I bet it'd work well for you. https://en.wikipedia.org/wiki/WBMP
posted at 4/6/2013 6:42:16 AM
Go to Comment
By VINOD KUMAR
THANK YOU FOR THIS
posted at 4/4/2013 8:56:43 AM
Go to Comment
By Anonymous
just a test
posted at 4/3/2013 1:53:13 AM
Go to Comment
By Anonymous
That'd be hash cash. Good idea, but vulnerable to botnets. 
posted at 3/31/2013 5:30:03 AM
Go to Comment
By Earlz
@Mattkilla this WILL NOT help. If you're getting a crappy connection speed, 99% of the time it's AT&T and it's infrastructure's fault. (for instance, paper wrapped wires that were first installed in the 40s is not going to be capable of a good connection) 
posted at 3/25/2013 2:23:13 PM
Go to Comment
By mattkilla
so just to clarify turning on telnet does what? and true bridge mode would be beneficial to whom? im trying to tweak my modem to allow a higher access speed to each individual device. I never get close to what i pay for. was just wondering if someone could explain these few things in lay-mans terms
posted at 3/25/2013 12:24:58 AM
Go to Comment
By Mr. C.
To enable WAN ping response, from the initial command shell type:
configure
conn
set
"WAN" (w/o the quotes)
hit return on everything except "icmp-echo-drop"
type "off" (w/o quotes) when you get to this point.
return on everthing else
type validate
type save
your modem should now respond to pings from the WAN port
posted at 3/20/2013 3:31:51 AM
Go to Comment
By DT
Nevermind I figured it out. My router was on port 4 instead of 1, doh! What ends up happening that if you put your router on another port after putting it in true bridge mode, it detects the router and overwrites your changes. I've turned off the DHCP server in the modem to prevent this in the future, should I inadvertently use the wrong port again.
posted at 3/18/2013 2:49:05 AM
Go to Comment
By DT
Thanks for the info, Earlz!
I am having a problem where I can put the router in true bridge mode, but it reverts back to non-bridged mode after a few days. Telnet still works, I just have to redo the commands. Have you or anyone else noticed this? Is there any fix? I am doing both save and apply.
posted at 3/15/2013 9:39:43 AM
Go to Comment
By Modified10Real newbie
figured it out lol 
posted at 3/11/2013 1:07:29 AM
Go to Comment
By Modified10Real newbie
@Earlz or who can help. Thanks you all for the information here!
help with #nine and any other useful information for a real newbie would be greatly
appreciated.
  
quote 9.Now you should be able to login to the modem with telnet.
 The username is admin and the password is your modem's "access code" 
that should be written on it.

I cant figure out how to access telnet on mac i go to teminal-new connection
 choose remote login (telnet)then i add http://192.168.1.254/cgi-bin/etherlan.ha
 to server-side box says server is found & i click connect and get back a message
that says this:

 http://192.168.1.254/cgi-bin/etherlan.ha: nodename nor servname provided,
 or not known
[Process completed]
i cant get passed this part thanks for any help.

ATT always for the shareholders not the customers
and there new plans for expansion are undiscribable.
posted at 3/10/2013 6:32:45 AM
Go to Comment
By Anonymous
If I go through with logging in > magic > ! > nsh i cant do anything.   However, if I just type magic it is already at the nsh prompt, and I have configured upnp and google's dns servers to be working working after reboots and everything. There is no apply command though, but after validate and save it seems to apply.
posted at 3/9/2013 7:59:33 PM
Go to Comment
By Anonymous
Great work.  Thanks!  I was able to log into the ssh server using "admin" and the device access code as the password.  I am running 9.0.6h2d21.  Since AT&T won't allow you to disable the DHCP server from the UI, I did it using the command line.  The DHCP server was giving me problems.  Even though we had it set to only give out 1 IP address, the other boxes using another DHCP server on the network would mysteriously end up with att.net as a domain search suffix and the router as the DNS server.  Hopefully this will solve the problem.
posted at 3/6/2013 11:20:47 PM
Go to Comment
By Anonymous
what do i do when i can't ajust my firewall because i don't have the access code required
posted at 3/2/2013 6:35:03 PM
Go to Comment
By Earlz
Interesting! This is much more source code than they gave out when I first took a look at their source code archives. Last I checked, they only had the "OSS" download available. They appear to leave out some crucial parts such as DSL and VoIP support.. but with what they've given, I'd expect a usable image for routing could be made. Only real problem is there is no documentation on how to reflash the modem other than that it uses CFE somehow
posted at 3/2/2013 3:47:20 AM
Go to Comment
By dick
wikidev?
http://www.wikidevi.com/wiki/Motorola_NVG510
posted at 3/1/2013 10:29:41 PM
Go to Comment
By dick
Motorola is pleased to provide the open source software used in the NVG510 device!

Please note that this project is for distributing, discussing, and supporting the open source software we release. This site does not provide any SDKs nor general purpose developer support for the NVG510.
http://sourceforge.net/motorola-home/nvg510/home/Home/
posted at 3/1/2013 10:27:00 PM
Go to Comment
By dick
Of interest to you, Earlz?
We are pleased to announce the Open Source redistribution for the NVG510 DSL CPE gateway product.
http://sourceforge.net/motorola-home/nvg510/news/2012/01/nvg510-open-source-redistribution/
http://sourceforge.net/projects/nvg510.motorola-home/files/README-NVG510.txt/download
http://sourceforge.net/projects/nvg510.motorola-home/files/
http://sourceforge.net/motorola-home/wiki/Projects/
posted at 3/1/2013 10:25:05 PM
Go to Comment
By Tim S
HUGE thanks to Earlz for his hack and to Brother for the DNS-specific fix. I've had the DNS failure to resolve issue for over a year and it drove me bananas daily. I read the instructions and I was able to change the primary and secondary DNS of the NVG510 modem. I don't know if the settings will stick after a reboot or power cycle, but I do that maybe once every 3 months so it's no big deal. Anyway here's the exact command line syntax for other newbies like me:

login: admin
password: <number on your modem>
magic
!
nsh
You will need to login once more at the NSH prompt

Axis ############>
set ip.dns.proxy-enable off
set ip.dns.override-allowed on
set ip.dns.primary-address 208.67.222.220
set ip.dns.secondary-address 208.67.220.222
validate
apply
save

Open up a CMD prompt in Windows and type in "ipconfig /all"
You should now see that the primary and secondary DNS numbers have been changed to the OpenDNS servers.
Thanks again. You guys rock. I can't wait to try some of the other more obs
posted at 2/25/2013 7:22:26 AM
Go to Comment
By Anonymous
Yep, that did it.  Actually I just changed the IP of the modem (and the DHCP IPs), and the IP on my inside router.  Rooted the modem, changed the IPs back, and all is well.  Thanks much.
posted at 2/22/2013 3:21:21 AM
Go to Comment
By Dngrsone
Hahaha... optimistic pessimism.  I love it.

Whelp, if I try, I will report back, either way it goes.  Be a shame to waste a decent wifi if it doesn't work out that way.

@Anonymous-- I have mine set to a different IP, and the hack doesn't work for me.  I think the page Earlz set up assumes the default IP when it sends the command to the modem.  You might try resetting the modem to default settings and then hit it with the hack.  
posted at 2/22/2013 12:14:04 AM
Go to Comment
By Earlz
@dngrsone In theory it could work, but I haven't been successful in getting it to. Once you put it in bridge mode, the wireless is basically useless. However, you could MAYBE disable the DHCP server and then have a setup like `modem bridged-out -> router in -> router out -> modem non-bridged port` and I THINK that would work. No guarantees though. Worst case is it'll reset everything to defaults when it crashes
posted at 2/21/2013 6:43:09 AM
Go to Comment
By Anonymous
No, it didn't come set that way, I assume it would revert back to 192.168.1.254.  I changed it because that's how my previous network was setup when I switched ISPs, and it made it easier to change over.  I could change it back to the default if that's necessary, but then I will have to change the config of the router that sits behind it.  I'll do that if I have to, just checking to see if that is the issue before making the changes.
posted at 2/21/2013 4:04:35 AM
Go to Comment
By Dngrsone
If I put my NVG510 into true bridge mode (to use with a Smoothwall Express firewall), would I be able to use the NVG510's wifi from behind the firewall (like, route the Protected LAN into lan2)? 
posted at 2/21/2013 2:31:57 AM
Go to Comment
By Earlz
@Anonymous did your modem come shipped that way? Like if you do a factory reset does it reset it to 192.168.1.254?
posted at 2/20/2013 10:12:51 PM
Go to Comment
By Anonymous
This doesn't seem to work for me, but I also have my NVG510 assigned as 192.168.0.1 - is that messing up the control page?
posted at 2/20/2013 5:34:14 AM
Go to Comment
By Earlz
As I noted at the beginning of the article, this is an open problem. It would appear that AT&T has hardcoded the DNS settings to be permanently non-configurable. I've heard of some hack with changing the DNS server's configuration file, but I don't imagine this being easy
posted at 2/18/2013 4:37:35 AM
Go to Comment
By The Brother
Update.  Device was turned off overnight and the DNS settings reverted to the factory at&t dns setting.
Anyone know how to make it permanent?  Re-entered using the configure command in normal shell and it seemed
to behave the same.  The settings would stay there during a reboot, but if it was turned off, the settings would
go back to 0.0.0.0 for primary and secondary
posted at 2/17/2013 11:03:57 PM
Go to Comment
By The Brother
To add to the previous Brother post.  Go to http://www.opendns.com/support/article/64 to test
the settings and the tests were all successful.  
I believe the DNS proxy setting (ip.dns.proxy-enable = on is the default) allows the device ie., router to allow name requests to be forwarded to the
ATT name servers. Turning that off and and setting open DNS servers allows the hosts on the network to recieve
those IP addresses via DHCP.  Well see what happens after a couple days to see if the settings hold.
Note:  The ip.dns override-allowed setting was 'ON' as the default.  I did not change that in the articel above
it shows it as off.  Not sure why but, it works for me with it ON.

Didn't know it could be easy... when you know a few secrets. Saved me running out and getting another router!

A BIG thanks to EARLZ for pointing us all in the right direction.  Would never have done it without your help.
posted at 2/17/2013 4:03:08 AM
Go to Comment
By Brother
"ipconfig /all" now shows Open DNS name servers.
posted at 2/17/2013 3:28:12 AM
Go to Comment
By Brother
My brother figured out the DNS changes.  He changed the proxy setting to "Off", Then he set an IP for the primary and Secondary setting, then applied, saved, then rebooted.  And it worked. The override was already set to "On". "iponfig /all" now show Open DNS name servers.
posted at 2/17/2013 3:25:50 AM
Go to Comment
By Brother
My brother figured out the DNS changes.  He changed the proxy setting to Off, The set an IP for the primary and Secondary setting, the applied, saved, then reboot.  And it worked. The override was already set to on. IP config now has the open DNS ips.

posted at 2/17/2013 3:16:24 AM
Go to Comment
By Earlz
@Anonymous oooohhh... That sounds scary :( I have no way of verifying, but it sounds like the remote vulnerability might not exist in your firmware version(ie, it was patched). Email me at earlz @ this domain name(earlz.net) and I'll try to work out what's happening. 
posted at 2/16/2013 3:53:24 AM
Go to Comment
By Anonymous
When I press "Save" on the complete_control page, I get redirected to my router configuration page, but it says:

"Address must not be on network (10.x.x.x)"

=/
posted at 2/16/2013 2:27:37 AM
Go to Comment
By Earlz
@Sean normal DHCP. It's definitely NOT PPPoE. If you need a username and password for it, you chose the wrong one. 
posted at 2/9/2013 3:06:25 AM
Go to Comment
By Sean
Once the TrueBridgeMode has been able, what connection type would then be chosen in my Asus router? PPPoE or normal DHCP?
posted at 2/8/2013 11:30:10 PM
Go to Comment
By Alan
Thank you so much for this!
posted at 2/4/2013 8:48:50 PM
Go to Comment
By Earlz
@Whit I ended up compiling this as well at the same time, but for whatever reason didn't mention it here. Just go to https://github.com/arduino/Arduino/tree/master/libraries/Wire and copy the makefile above and make modifications to link to Wire.c and twi.c
posted at 2/4/2013 1:15:37 AM
Go to Comment
By Whit
Thanks! I was looking for something this simple without using the Arduino IDE. 
My problem now is that there is no wire library (i.e. "Wire.h" not found). Is there away to include this in the build above?
posted at 2/3/2013 9:27:34 PM
Go to Comment
By Earlz
@Toao, very good point! I hadn't thought about that. I'll add a note to the article
posted at 2/1/2013 2:47:31 AM
Go to Comment
By Toao
Thought I should note, that for those having trouble with bridge mode after hitting apply, make sure you are configuring the modem via port 2,3,4 and NOT doing it on port 1, as when you hit apply port 1 will drop the telnet connection and begin the bridge to ATT. YOU MUST do the configuration while on lan port 2,3, or 4 so that you can SAVE or your configuration will NOT be persistent (it will reset every time the router turns off and you will lose bridge mode). I did this bridge mode last night and when I rebooted my Cisco router I lost all configuration and my router was DHCP'd a private net IP instead of the precious REAL internet IP I had earned.... lol
posted at 1/31/2013 6:17:16 PM
Go to Comment
By Pepper
Thanks for doing this. I think just putting the thing in bridge mode is going to solve my issues. I am now able, from the outside world, to pull up a web page hosted on my test machine behind the nvg510, just got to figure out why rdp and ping are not working yet.
posted at 1/30/2013 8:23:23 AM
Go to Comment
By Dr. T. Sathish
I am a biology researcher, i have some data i want to cluster analysis by SOM method would you help me in this regards
my mail id is satish.tadikamalla@gmail.com

Thanks in advance  
posted at 1/28/2013 11:09:52 AM
Go to Comment
By Anonymous
I'm little confused with the lines of code:

set link[1].port-vlan.ports "lan-2 lan-3 lan-4"
set link[2].port-vlan.ports lan-1

So after I do this, which port do I have to connect my router to?
Thank you Earlz you are genious!

posted at 1/25/2013 5:25:01 PM
Go to Comment
By AnonymousW
Earl,

Thank you soooo much.  I could not get my Slingbox with the NVG510 until I read your article and enabled
UPnP.  Now it works great.
posted at 1/19/2013 1:20:54 AM
Go to Comment
By Earlz
It depends... define "static". If you put your NVG510 in bridge mode, then your router has to handle all of this. So, if you get a static IP from AT&T, your router has to be configured to use that static IP. 
posted at 1/17/2013 5:14:26 AM
Go to Comment
By Anonymous
I really want put my NVG510 into "true-bridge" mode.
Can I apply the same method for a STATIC IP instead of dynamic?
posted at 1/17/2013 12:39:41 AM
Go to Comment
By Anonymous
I tried your instructions for the bridge mode and while it works, for some reason, the Broadband Status page of the NVG510 still showed the device as getting a valid public IP address and from the shell I could actually ping out to the public internet.
posted at 1/11/2013 8:50:09 AM
Go to Comment
By Anonymous
Once you enable ssh, you can log in with the user "admin" and password set to your device access code.
posted at 1/6/2013 8:39:57 PM
Go to Comment
By Aaron Borden
@Anonymous re: motopia, it looks like it's included in the source available here http://sourceforge.net/projects/nvg510.motorola-home/files/NVG510-OSS-1.0/NVG510-OSS-1.0.tar.bz2
posted at 1/6/2013 6:43:44 PM
Go to Comment
By Earlz
@Tony hmm that's odd. Have you tried doing a factory reset and then following the bridge mode instructions? 
posted at 1/6/2013 5:17:24 AM
Go to Comment
By Tony
Cant seem to follow the true bridge guide. Modem locks up after doing "apply" after entering the two set commands.
posted at 1/6/2013 12:32:37 AM
Go to Comment
By Anonymous
Do I have to do a reset on NVG510 before turn it to True Bridge Mode? Currently, I am using IP-Passthrough Mode.
posted at 1/3/2013 10:41:35 PM
Go to Comment
By Anonymous
@Earlz 
Well, lets say I buy another nvg510 and register it with my service will that change my pubic ip 
address given that the mac address is different?
posted at 12/30/2012 10:08:49 AM
Go to Comment
By Earlz
@Anonymous: I assume you mean your public IP address. And probably not. If AT&T is even mildly competent, their servers won't allow this. However, changing manufacturer tied values and such may induce something like this. I'll warn you that this is one of those things AT&T will notice though and that probably voids your service agreement
posted at 12/30/2012 6:46:18 AM
Go to Comment
By Anonymous
Is there anyway I can change my ip address with the root access? 
posted at 12/30/2012 12:31:09 AM
Go to Comment
By Earlz
@Anonymous: It is indeed more complicated than just statewide. Apparently the NVG510 is used where there is 
U-Verse internet and phone, but not TV. (and using VDSL, not fiber to the home/node)

Also, you should watch out for patents with that technique. I think AT&T thought of it first! 
posted at 12/27/2012 3:28:06 PM
Go to Comment
By Anonymous
Regarding the modem in Ohio:

I am in Columbus and just recently (this month, December) started using Uverse, and they sent an NVG510.  So apparently it's more complicated than just statewide Ohio=3800HGV.

Anyway, I don't know how this can even be legal, the pure shittiness of the NVG510.  Isn't this why we have consumer regulatory agencies and stuff?  Hey, I have an idea how to make lots of money, I'll offer people high-speed internet with a one-year contract, but instead of actually providing them internet or anything like that I'll just send them a brick and tell them it's a modem!
posted at 12/26/2012 6:28:14 PM
Go to Comment
By Earlz
@Technobabe: I have no idea. First off, I'd make sure that it's really the NVG510. Plug a different computer to it and see if you have the same problem. If so, then see if wireless has the same latency issue. Beyond that, as a last resort you might want to try my true bridge mode to use your own router. This gets the NVG510 completely out of the way and lets your router do what it was made for.. routing. 
posted at 12/18/2012 9:23:01 PM
Go to Comment
By Technobabe
Wow, Earlz, this is awesome! So nice to be able to CONTROL this bloody thing! I am having a strange problem with the NVG510, and I was wondering if you can point he in a useful direction to fix it. I have an NVG510 with a 3-bit subnet and a Linux server with an Intel eepro100 network card wired into the NVG510. When I fire up the NVG510 and plug nothing into it, the ping responses are at about 50ms. As soon as I plug my Linux server into it, the ping response time bounces all over the place - anywhere from 50ms to 600ms, although mostly in the 150-200ms range! The SMARMY AT&T tech told me that I have a "network configuration issue" and AT&T doesn't work on that. So, I went thru EVERY networking setting on both the server and the NVG510 at least 3 times, and I can see nothing that would cause this. Any ideas? Since I had AT&T replace the NVG510 and got the 50%+ packet failure down to consistently under 5%, the thru put is good, but why not get every bit of speed I can get? Thanks for any insight you can provid
posted at 12/18/2012 7:58:05 PM
Go to Comment
By Earlz
@Anonymous it does enable UPnP at least partially. The only thing I use UPnP for is so multiple XBoxs can have an open NAT type and this did the trick with 2 Xboxs... however, I set this up for one of my friends who has anywhere from 3-6 setup at a time and only 1 ended up with an open NAT type. Not sure if that's a limitation of xbox live, only having a single IP, or if this modem doesn't have a good UPnP implementation
posted at 12/18/2012 5:30:27 PM
Go to Comment
By Anonymous
Can confirm that the uPnP option does indeed enable uPnP.
posted at 12/18/2012 3:32:06 PM
Go to Comment
By Earlz
@Occam, highly doubtful. If I ever get U-Verse again, I can try my best to root it though. (Moved to Ohio and they told me I can't use the two NVG510 modems I already have of course. ugh, but apparently the modem up here is the 3800HGV) 

However, I've heard that the 3800HGV modem is much more sane than the NVG510, including being able to collect interesting things like precise line statistics and charts. 
posted at 12/17/2012 8:07:39 AM
Go to Comment
By Earlz
Heh, I also tried it with a bit of Sirancha. That gave it some definite spice. But yea, at the least you need some garlic though. 
posted at 12/17/2012 8:04:54 AM
Go to Comment
By Occam
Will this work with the 3800HGV-B?
posted at 12/16/2012 9:19:27 PM
Go to Comment
By Jon Neal
I just tried something similar after reading this. I didn't have garlic salt or ground ginger, though. I'm not a fan of pepper either, so I didn't add that. I cooked about a cup and a half in a tablespoon of vegetable oil, threw in some soy sauce and then chili powder (gives it a slight taste of spicyness) and a pinch of salt. Still tasted pretty amazing, but not as many flavours as yours! I'm going to have to get some more spices and herbs here to add some more flavour to meals. Delicious!
posted at 12/16/2012 2:35:19 AM
Go to Comment
By Earlz
@MG that's exactly what I did. This particular exploit could've been found though without having the source code to the web application, but without access to the `nsh` shell and list of template configuration options, I wouldn't have been able to know what to change the form value to in order to enable telnet. 
posted at 12/14/2012 3:17:11 PM
Go to Comment
By MG
Hi, I really liked your articles even if I don't own that kind of router. I've always wondered, how did you manage to get to the exploit? My guess is that you opened the source of a web page that allows you to edit some useless setting, via the standard UI or by downloading the page using the serial port stuff, then see how the post was made and then replicate the request mechanism with a different option name (like "mgmt.shell.telnet-port") and different value.
Am I correct? Am I missing something?
Thanks, and great job anyway.
posted at 12/14/2012 9:07:14 AM
Go to Comment
By Earlz
@Geeknik you shouldn't have any problems. You'll just have to make sure that your router properly handles the static IPs. You may have to manually set the IP(s) of your router in order to get it to work. I'm not for sure if AT&T directly passes down a static IP from their DHCP servers

@Anonymous I don't believe it's DNS enforcement. There is a management port open on the modem(to the public), but I can't get at the password. Tried brute forcing it, but didn't get anywhere. Also, by doing the true-bridge mode, this management port gets closed. With true bridge mode the modem literally does not think it's even connected to the internet. I don't believe updates or anything will be received in bridge mode. 
posted at 12/14/2012 3:28:45 AM
Go to Comment
By Anonymous
Protip from someone who's dealt with similar bullshit from a Verizon-provided router: the DNS configuration and other settings may be being remotely enforced by a backdoor web configuration interface, or possibly just the remote management interface over the DSL line. In the Verizon configuration, the reason for opening a backdoor to router management was, as far as I could tell, for Verizon support requests from people who don't know what a router is and because certain services required opening ports to communicate with some of the cable TV services behind the coax part of the network, and they wanted to force auto configuration (look up MoCA if you're interested). Of course it's a gaping security hole (I could access it from anywhere on the Internet).
Point is, if you're lucky and it turns out DNS enforcement cannot be done over the DSL management interface, you may be able to stop the DNS behavior by disabling that remote management feature / port in the firmware (or adding firewall rules to prevent it f
posted at 12/14/2012 1:58:19 AM
Go to Comment
By geeknik
I have static IPs, will putting them into 'bridge' mode cause any problems here?
posted at 12/14/2012 12:40:40 AM
Go to Comment
By Anonymous
What I don't get is if everything works as expected, 
why would you want to do this?
posted at 12/13/2012 7:22:23 PM
Go to Comment
By Earlz
It's been so long since I've touched that code. I have no idea how it worked. I never could get the whole processor to synchronize with memory correctly. Like I said, look at the revision history. If I recall correctly, the last revision I committed was massively broken
posted at 12/7/2012 5:05:45 AM
Go to Comment
By Anonymous
can you explain the core_tb.vhdl??
how to get the memoryaddress? ~~how it changes? THX
posted at 12/6/2012 6:30:33 AM
Go to Comment
By Earlz
@Anonymous I'm not sure. You might try running an older revision. It never did get completed because it had some bug I spent over a month trying to figure out
posted at 12/5/2012 5:09:45 PM
Go to Comment
By Donna
Earlz - Thank you so much for the hard work you have put in.  I have one HUGE issue with this modem.  I called ATT and they informed me I needed to buy Static IP's for this to work!!!  huh???  I have 5 devices that I need port forwarding for.  I set them all up in the modem, no issue.  But the ports never open.  Only the first two, 81 and 82.  I have about gone blind looking at all of the settings.  I see no restrictions.  Can you or anyone else help me find the control to open more than 2 ports??  Please feel free to email me at choices@hotmail.com
posted at 12/5/2012 4:13:24 PM
Go to Comment
By Anonymous
HI, recently ! I have been studying your project TINY CPU~~in the file memory.vhd I think there are some
mistakes there so that I got error when I run the testbench!!Can you help me check it out~~THX 
posted at 12/5/2012 2:57:26 AM
Go to Comment
By Earlz
Don't worry it's on my todo list :) It's actually a fairly high priority for me (I planned to get it done before I rebranded my site, but it didn't make the cut). So, it will probably be implemented in a month or two
posted at 12/4/2012 7:52:12 AM
Go to Comment
By Daniel15
Your blog is missing an RSS feed so I can't subscribe to it :(
posted at 12/3/2012 11:12:15 PM
Go to Comment
By Earlz
@Anonymous I'm not sure. I suspect there might be a way to do the bridging and then configure one of the unused ethernet ports so that you can hook another ethernet cable from your modem to your router (ie, the modem will be on your LAN, but not be the router). 

This is a much worse problem than just doing port forwarding. Doing the bridge mode described here makes the modem so it can't access the internet directly. I suspect it's possible to work around, but I have no idea how to do it. 
posted at 11/28/2012 4:58:17 AM
Go to Comment
By Earlz
Long story short: I've been too busy to bother updating this(ie, recreating the image). After I get this website "rebranded" (moving to earlz.net), I may have more optimistic news 
posted at 11/28/2012 4:53:57 AM
Go to Comment
By Anonymous
:-(
posted at 11/28/2012 2:50:26 AM
Go to Comment
By Anonymous
Everything working great. Set to bridge to Netgear and is working great. Thanks! Only problem is now my AT&T Voip line quit working. Is there anything I can do about this? Is there a certain port that needs to be forwarded or something? Right now the NVG510 has a reg phone jack output on it and I just plug my phone straight in it and it worked, but now there is no dial tone. Any thoughts? Can we port forward a an port on netgear back to nvg510 somehow, or change a setting via telnet, or port forward to a lan port on netgear then plug phone to that port (with adapter), etc? Any help would be appreciated. Thanks!
posted at 11/28/2012 1:20:57 AM
Go to Comment
By Anonymous
well, found this blog after banging my head against my keyboard (waiting for a 2gb download from dreamspark).

Remaining time 2h, strange thing is 2h ago it also was 2h...
Use to have msdnaa (at least I think it was called that 2 years ago), never had problems with that.
posted at 11/26/2012 9:09:06 PM
Go to Comment
By Earlz
Yep, they basically say "hey where going to give you really bad legitimate access to our software so that you consider 'why am I not just pirating this'"
posted at 11/25/2012 7:45:16 PM
Go to Comment
By Anonymous
I thought there's a problem with my connection, it was horribly slow. Thanks for informing. They simply force people to get the software from somewhere else.
posted at 11/25/2012 2:56:43 PM
Go to Comment
By Earlz
@Anonymous I don't know. There have been numerous reports from others about this problem but no one has seemed to find a solution yet. I don't use this modem anymore (switched to Cable), so I don't update any of this anymore. If anyone can figure it out though, I'll definitely publish a link to it. 
posted at 11/18/2012 8:35:26 PM
Go to Comment
By Anonymous
Thanks for this great help! I changed the dns servers but they are randomly being changed back. I assume is because I have dynamic IP or any time router is rebooted. I tried "override", but didn't work. I also set "dns proxy-enable" to off. But when I did this, I could no longer use the internet. Any help on how to get NVG510 to "hold" on to the DNS servers I input for good without changing back to att? Can I change DNS from DHCP?
posted at 11/18/2012 9:26:55 AM
Go to Comment
By Earlz
@Anonymous you must get to the "nsh" shell. Type in `magic`<enter> and then `!`<enter> and then `nsh`<enter> and you'll get to the shell discussed here. 
posted at 11/17/2012 3:16:23 AM
Go to Comment
By Anonymous
Followed instructions.  Was able to get into the modem - but "help" didn't look anything like above.  No validate, save, etc.

Different version of the hardware perhaps?
posted at 11/16/2012 4:45:22 PM
Go to Comment
By Raul
Hello, I saw Anonymous had issues with not being able to ping this modem from the outside. I have the same problem. All I need to do is be able to ping its public IP to know that its up.
posted at 11/8/2012 4:14:04 PM
Go to Comment
By KE4UKZ
Fascinating project, with loads of potential.  Reminiscent of Gates and Jobs back when they were just hacker geeks like the rest of us.
posted at 11/6/2012 4:42:18 PM
Go to Comment
By Earlz
@topher(heh use to know a friend way back when that went by that alias). It already does this. AT&T probably just happens to give you the same IP address every time. You can't "force" AT&T to give you a different IP. The only thing you could maybe do is use MAC spoofing to make AT&T "think" that you're a different client. I don't think that's physically possible with this modem though, even rooted(nor possible with DSL even?). 
posted at 11/3/2012 12:36:42 AM
Go to Comment
By topher989
I'm blown away by how you managed to unlock the full potential of what was in my opinion, a kids toy.
Really great job exploiting this gaping hole in security, Motorola should be ashamed.

Perhaps you could help me, I'm trying to set the router to renew its dhcp lease every time its rebooted.
I would like the router to receive a different IP address from ATT. Is this even possible and if so how?
posted at 11/2/2012 11:14:56 PM
Go to Comment
By Tater
Absolutely bloody amazing sir. Unlocked the full potential of this assumed-to-be-POS that I have been using for months with an hourly trip to the world of cgi-bin. But no more. I am grateful on a level you will never know. VPN access is difficult when you can't keep up a connection. I should not have to tether to my phone or use my broadband card sitting in my own living room! Thank you sir! 
posted at 10/25/2012 4:00:19 AM
Go to Comment
By Anonymous
Hello. Any news? Hash file? The download problem? Please...?
posted at 10/24/2012 9:02:48 PM
Go to Comment
By Earlz
@thinkdiff heh, forgot about this WIP page. That actually is extremely simple. Where did you enter these commands from?
posted at 10/24/2012 6:43:16 PM
Go to Comment
By thinkdiff
Hey - thanks for your work on the NVG510 so far, very helpful!

I tried to get bridge mode working on my NVG510 tonight. It seems a simple "brctrl delif br1 eth0.16 ; brctrl addif br2 eth0.16" did the trick. Is this also how you did it?
posted at 10/24/2012 4:10:03 AM
Go to Comment
By Earlz
Glad I could help. This problem is EXACTLY why I set out to discover a "true" bridge mode, the passthrough
thing kept magically breaking(I'd have to reconfigure it every week or two). After getting kicked
off of xbox live yet again because of it I decided I'd had enough and went to unscrewing things
posted at 10/22/2012 1:28:03 PM
Go to Comment
By Anonymous
About a week ago, passthrough suddenly stopped working for me. The amount of time I poured into getting the NVG and my router to play nice is shameful. "Broken" doesn't even begin to describe just how useless this thing is because of how they chose to cripple it... worst of all, it's not even heavy enough to properly hold a door open or be a boat anchor.

Using the description above, instead of entering into shell mode, I executed 'configure', navigated to the named "LAN" and "WAN" links and was able to change the assigned vlan ports right from the command line and restart. 

Within seconds, it was obvious that all of this 'value add' was the source of wasting my time day and night for a week when all I truly needed was a real bridge mode. Moving to real bridge mode solved every single network issue I was seeing. Thanks for making this post. I had no idea what I was going to try next short of change carriers given that I rely on my broadband connection to make a living.

posted at 10/22/2012 7:49:48 AM
Go to Comment
By Anonymous
I'm unable to get my NVG510 to respond to ICMP/ping requests over WAN from the internet. Suggestions?
posted at 10/20/2012 5:38:50 PM
Go to Comment
By Earlz
I can provide a hash file easily enough.

For the ungzipping error, I'll have to look into that. 
posted at 10/19/2012 2:48:34 PM
Go to Comment
By Anonymous
Well, look at this:

$lub>/x/m/i/OpenBSD> gunzip openbsd_51_i386_1g.img.gz 

gzip: openbsd_51_i386_1g.img.gz: unexpected end of file

Downloaded it twice, same error.
posted at 10/19/2012 1:33:42 AM
Go to Comment
By Anonymous
Thank you, that's very kind of you. But how about an MD5 or SHA hash file?
posted at 10/19/2012 1:28:30 AM
Go to Comment
By arw1292
figured it out lol thanks :)
posted at 10/16/2012 9:51:24 AM
Go to Comment
By arw1292
it says my database is dirty and wont allow me to save when i set mgmt.upnp.enable to on.
posted at 10/16/2012 9:49:48 AM
Go to Comment
By Earlz
@Newbie Hi! The included unix utilities for the NVG510 is a bit.. sparse. I believe the only way to edit files on the device is to use `cat` and output redirection. However, if you value your sanity, you won't do that :P 

What I did to edit files is setup a TFTP server on my network and then use the included TFTP client on the modem to upload and download files. This is probably the easiest option. I've gotten a tip from elsewhere about some people compiling a less-restricted Busybox for the modem and then uploading it via TFTP. 
posted at 10/7/2012 5:41:49 PM
Go to Comment
By Newbie
I followed the foregoing instructions and was able to get to the root via "magic" then "!".  I can both Telnet & SSH into the root.  I'm totally new to Linux and have been researching UNIX/Linux commands on Google.  However, I can not seem to figure out how to edit /etc/dnsmasq.conf or /var/etc/dnsmasq.conf.  Under either directory, whenever I enter vi /etc/dnsmasq.conf or vi /var/etc/dnsmasq.conf both Telnet & SSH return "/bin/sh: vi: not found".

I've also tried the commands edit; ed; ex w/the same results, e.g. "/bin/sh: ex: not found".

Any ideas on what I'm missing or doing wrong?
posted at 10/7/2012 2:44:16 PM
Go to Comment
By Anonymous
Great work 
posted at 10/3/2012 11:28:29 PM
Go to Comment
By Earlz
Heh, that's US carriers for you
posted at 10/1/2012 1:21:11 PM
Go to Comment
By Eric
Cool. Add SD-Card and a possibility to launch programms from that. You'll have sth. like an old dos/linux.
posted at 10/1/2012 1:15:21 PM
Go to Comment
By Anonymous
Your phone plan is so expensive ! 'can't believe it...
In france, you get 3Gb/months, plus free MMS/SMS and calls accross all europe for 19.99€/month...
posted at 10/1/2012 10:06:06 AM
Go to Comment
By Earlz
@zoobab what do you mean? all of the pins are still there for UARTs or GPIOs. Or if you mean using the mbed as a "graphics processor" to hook up to your router, I'm sure it's possible, in fact, it shouldn't even be too difficult. 

@Anonymous The CPU speed is bumped to 100MHz. As for CPU time, I'd estimate somewhere between 25% and 50%. I have no idea how much really though. I can just say I don't notice anything awfully slow. For instance, drawing the hackaday picture one pixel at a time in nested loop is instantaneous, so while it will programs some, I don't imagine anything too noticeable. 
posted at 9/30/2012 11:03:20 PM
Go to Comment
By Anonymous
What clock speed are you running at, and what percentage of CPU time (ballpark) does it take to display VGA video?
posted at 9/30/2012 10:53:28 PM
Go to Comment
By zoobab
Any idea if it would be possible to connect that to a serial port, like the one of an openwrt router at 3.3v TTL?
posted at 9/30/2012 10:49:53 PM
Go to Comment
By Earlz
@Tom thanks! It still has a lot of work to be done, but I think it's good enough to tell people about it :) 

Heh, also, I'm kind of surprised my website is handling the load so well. CPU usage has only spiked by about 2% more since being published
posted at 9/30/2012 10:40:18 PM
Go to Comment
By Tom
Incredible !!!! Realllly a good work ! 
posted at 9/30/2012 10:16:09 PM
Go to Comment
By johnnyboy
Ah well thx for the info and the exploit never the less. I am using your suggestion to forward the wan side to lan port 1 and it works flawless. I also saw your post on openWRT forum, even though no replys to it hopefully someone will figure out how to run openwrt on it!
posted at 9/28/2012 4:31:12 AM
Go to Comment
By Earlz
@Johnny Unfortunately, no. I'm sure it's possible, but I don't have U-Verse anymore so I haven't looked into it further
posted at 9/17/2012 2:11:47 AM
Go to Comment
By johnnyboy
Hey thanks for the info man. Any idea how to add static DHCP leases?

posted at 9/16/2012 5:59:41 AM
Go to Comment
By create
ah yes.... I read up to the ! and missed the next paragraph about nsh.... time to get my eyes checked :)
posted at 9/14/2012 3:44:31 PM
Go to Comment
By Earlz
@create: Yes, I believe this is documented on the remote exploit page. And as for QoS, before I switched ISPs
and stopped working on it, I was trying to figure out how to prioritize certain traffic. 

It looks like it has the ability to prioritize, but it's not documented at all. 
posted at 9/14/2012 1:18:10 PM
Go to Comment
By create
I was successful at using the remote exploit.  Thanks!  One thing to add though is that the telnet console logs you in to a Netopia OS which is different than the above shell.  To be able to do the configuration things you describe I had to do:
magic
!
nsh

And then log in again.
Anyone figured out how to do QoS with this thing?
posted at 9/14/2012 5:33:36 AM
Go to Comment
By Earlz
@Anonymous: Hmm.. that's odd. Make sure you get the username/password prompt in your telnet client. And if all else fails, try doing a factory reset, then redoing the remote-exploit and try to login again. 
posted at 9/11/2012 3:57:14 AM
Go to Comment
By Anonymous
Hello, I enabled remote telnet access. But can't access via any number of username/password combos. Any idea where to look?
posted at 9/9/2012 8:31:46 PM
Go to Comment
By Anonymous
test
posted at 9/5/2012 4:30:24 AM
Go to Comment
By Splatt
After reading rbeam's comment, I'm confused as to whether changing these values bridge it or not?
set link[1].port-vlan.ports "lan-2 lan-3 lan-4" 
set link[2].port-vlan.ports lan-1
posted at 8/1/2012 12:41:21 AM
Go to Comment
By Anonymous
Testing.. 
posted at 7/12/2012 8:32:22 AM
Go to Comment
By Earlz
@Anonymous. About the DNS problems. I know about this, but I don't see any easy solutions so far. 
posted at 7/11/2012 7:00:37 AM
Go to Comment
By Anonymous
How can I get the router to stop overriding my changes to the dns server?
Tired of having to go in again and again to change my nameserver back to google/opendns
I already tried the ip.dns.override-allowed option and that didn't stop it.
posted at 7/10/2012 8:54:03 PM
Go to Comment
By Anonymous
Question how do i stop the redirect error from happening?
posted at 7/8/2012 4:35:26 AM
Go to Comment
By Earlz
@Anonymous Well, that stupid redirect page bugged me non-stop. It'd appear out of the blue sometimes without even a power failure. One time it did it, kicked me off XBox Live for no reason and I decided the fight was on. I have 2 modems anyway, might as well open one up. So, I opened it, got to the serial port.. and eventually ended up looking at the source code for the Web Interface and found a vulnerability. I had quite a few friends that had the same modem and same problems, so I documented it hoping to help everyone with this crappy modem. AT&T doesn't seem likely to ever patch their horrible firmware and don't care at all about how poorly it's designed.. Hopefully this trend continues because this exploit would be really easy to patch, and I believe it's the only one that exists 
posted at 7/5/2012 7:12:54 AM
Go to Comment
By Anonymous
I wanted to say Thanks You for studying this device and sharing your findings.

Because of you I was able to disable that god awful redirect page.  It's a shame AT&T has this modem so jacked up and worse they don't seem to care.

Anyway,  Thanks again.
posted at 7/5/2012 3:16:43 AM
Go to Comment
By Earlz
@Anonymous(1) heh good point there.
posted at 7/4/2012 10:05:03 PM
Go to Comment
By Anonymous
When I override the DNS settings and set override-allow to on, my settings are still overwritten by ATT's dhcp settings for some reason.  Any ideas?  Thanks for your awesome guides.  It's the best resource on the entire internet for this  piece of hardware.
posted at 7/4/2012 6:17:09 PM
Go to Comment
By Anonymous
Not sure if it will work for you, but on your complete_control page you are posting to ethconfig.ha or something like that.  I made it work by changing your form to post to etherlan.ha.  Maybe they had an update?
posted at 7/4/2012 6:12:39 PM
Go to Comment
By Earlz
@bushing I believe your problem was probably the pullup resistors. They gave me problems and I ended up having to desolder them(there is a way to get around it without desoldering though)

That's kind of what I thought sdump was but I wasn't sure
posted at 6/30/2012 10:09:03 PM
Go to Comment
By bushing
Just found this -- nice work!  I've been waiting for this for a long time, I hate this modem, and I seem to have wired up my serial TX line incorrectly (it never responded to any bytes from me).

re sdump v dump -- sdump dumps "status", i.e. constantly-updated things like ethernet frame errors.  dump dumps the actual configuration info.
posted at 6/30/2012 8:08:32 PM
Go to Comment
By Vijay
This worked like charm. I used chrome browser. I used chromes built in capability to 'inspect element' (available via right click on any web page) to edit the values as suggested. Now I am able to telnet in to the device. Thank you very much for the articles.
posted at 6/29/2012 5:12:49 AM
Go to Comment
By Earlz
@rbeam ah, I wasn't aware of that. I still am unfamiliar with how U-Verse works, technically. 
posted at 6/29/2012 2:00:32 AM
Go to Comment
By rbeam
Nothing about Uverse is PPP.  PTM is "ethernet" (mac encapsulated) over the DSL layer -- vs. ATM in legacy DSL.  "vc-1" means "virtual circuit 1"; ptm doesn't have vc's, so that's why removing vc-1 doesn't break anything.
posted at 6/28/2012 6:18:40 PM
Go to Comment
By Anonymous
The open source firmware release isn't complete enough to build a firmware image. It's missing the proprietary `Motopia` module which appears to actually make everything work
posted at 6/19/2012 1:37:26 AM
Go to Comment
By geogriffin
nvm. just saw your reference to the GPL sources above and read your other article about the web ui vulnerability! good work! what a gaping hole!
posted at 6/17/2012 8:43:03 PM
Go to Comment
By geogriffin
have you seen the 'open source' firmware release at:
http://sourceforge.net/motorola/nvg510/home/Home/

even if that actually does build a flashable image, i'd be too afraid to flash it. any thoughts?
posted at 6/17/2012 8:28:24 PM
Go to Comment
By Earlz
I didn't apply. Though I'm considering deleting this post as I feel it's a bit too harsh. 
posted at 6/9/2012 7:26:26 AM
Go to Comment
By Earlz
Hey, sorry about the bad formatting of your comment. I guess that's a comment bug I missed in testing.

Anyway, I saw residential, but tried and it didn't like it much. It broke out quite a few more options, but
is still missing some basics like DNS nameserver changing. 

Also, thanks for updating that wiki. I wasn't for sure if this information really belonged there or not.
I did not even think of using that method to get files off of the modem! I instead opted to use the tftp client on the modem. 

Hopefully we can get more people taking control of this modem and posting their own tricks. 
One of the odd things I thought about it was that it supports having 4 different wireless networks.

Also, I believe the modem has USB support on the processor, but not all of the support hardware for it, as I don't see any pinout for it.  
posted at 6/9/2012 6:21:06 AM
Go to Comment
By Anonymous
I'm glad you are digging into this modem and found this! I'd looked through the config stuff but missed the redirect disable option.

From the contents of /www/residential, it looks like either the software was designed for of devices, or this device is capable of supporting USB devices and DLNA.

I added info to wikidevi about grabbing data from the device, such as /www/*.
posted at 6/8/2012 3:19:12 PM
Go to Comment
By Anonymous
So you didn't get the job...?
posted at 6/7/2012 3:39:50 AM
Go to Comment
By Anonymous
Testing... ?
posted at 5/11/2012 4:19:43 AM
Go to Comment
By Earlz
Just making sure I didn't screw it up :) 
posted at 3/16/2012 6:23:22 AM
Go to Comment