TTL and ONT

F

freejlr

Hi guys, I need to access my ONT but my ISP didn't give me the username and password to access as root.

I have seen users connecting to the ONT through the uart, in order to capture the boot data.

Well, I don't know anything about electronics, and I thought it would be simpler, but my ONT board on the pins doesn't have a reflection of what it is.

If it is RX, TX GND etc... How could I identify each pin? On the other hand in my USB I have 5 pins RX,TX,GND,5V,3V3.

The voltage pins are to power devices that do not have current? In this case, if I feed my ONT with its supply, I would not need to connect those pins? Only RX, TX and GND?

Sorry if I'm saying something incoherent

On the other hand, my ONT board has three other pins, which I don't even know what they are. I will make the connection with Putty, I have seen that FreeBSD detects my USB as uslcom, when I get the communication with Putty, I will try it with Freebsd and uart.

I leave some screenshots.

https://ibb.co/g4KqVxc
https://ibb.co/7jp9bHj
https://ibb.co/P900w2P
https://ibb.co/Bw7jPvc

Regards.
 
You're right. Don't connect the 5+ or 3+ pins to anything.

You probably will not break anything randomly trying out which pins are which. However, if the header is not actually a TTL UART, that's a danger of breaking something.
 
OK, you have an ONT ... which is nothing but a simple networking device, which connects your ISPs optical network to your copper network. That ONT has an internal connector with 5 pins. You have no idea what those pins are. You can probably identify one pin that is ground by looking at the copper traces: it's the pin connected to the big areas of copper. You might be able to identify a +5V or +12V pin using a volt meter, by checking whether it is connected to the power pin of any chip or the input pin. But to build a serial interface, you need 3 pins (Gnd, RX, TX), and you have 5 pins, so this will require a lot of trial and error.

Next question: You think that 5-pin connection on the ONT is a UART. There are lots of different types of UART, depending on the voltage. It might 3.3V, 5V, or +- 12V. Since we don't know what these pins are connected to, we have no idea. If you connect your USB-based serial board and the UART on the ONT at the wrong voltage, they will probably not work, and perhaps blow up (although probable not, most inputs today can handle 12V safely). One important hint would be to try to trace the copper lines from the 5 pins. If any go into a chip that says something like "MAX232" (or any chip that has 232 in its model number), then you know what their function is. There is a small surface-mount 8-pin chip nearby, you might want to check it.

Failing that, all you can do is use a voltmeter and check voltages, and do trial and error.

Now lets assume you get the hardware interface to work. How will you know that you have succeeded? Do you even know the protocol to use on the serial interface? What characters will you send, what responses do you expect back?
 
With a voltmeter I have identified GND there is a pin that does not beep and has voltage, no continuity, then the other three have 3.3V.

I have managed to report information but nothing clear, as expected.

My intention was to try to capture some data, about my username and password, I can't access my ONT.

I only get data like this, I don't know if I'm doing something wrong, or if it's as it should be.

Captura de pantalla (3).png


If this way is not possible, I will have to find another way to know that information.

Regards.
 
freejlr said:
With a voltmeter I have identified GND
Click to expand...
Good starting point

there is a pin that does not beep and has voltage, no continuity,
Click to expand...
What does "not beep" or "no continuity" mean? My suspicion: Given that its voltage is near 0, it is probably an input, so it might be the receive data pin (assuming serial).

then the other three have 3.3V.
Click to expand...
Quite possible that one of those is transmit data. If I remember right, an idle serial port is high, which in 3.3V TTL logical is about 3.3V.

I only get data like this, I don't know if I'm doing something wrong,
Click to expand...
Have you checked baud rate? Today, any number of bits other than 8 is unlikely, and parity is rarely used.
 
ralphbsz said:
Good starting point


What does "not beep" or "no continuity" mean? My suspicion: Given that its voltage is near 0, it is probably an input, so it might be the receive data pin (assuming serial).


Quite possible that one of those is transmit data. If I remember right, an idle serial port is high, which in 3.3V TTL logical is about 3.3V.


Have you checked baud rate? Today, any number of bits other than 8 is unlikely, and parity is rarely used.
Click to expand...

Correct, my baud rate was wrong, now I can see the boot sequence.

But I am unable to communicate with TX, if I thought that pin with voltage 0 would be the input, but I have tried all the pins other than GND and RX.

In the usb the led remains inactive all the time, I am unable to transmit anything, since when starting the boot, it tells you to press any key to interrupt it.

The boot, you can see the login for a second, but then it disappears and you can't see anything at all.

I think that the next step would be to be able to interact with the ONT system to be able to see the users, etc... what do you think?

I leave a link to pastebin, where you can see the whole sequence, if you could see my ISP and my zone code :)

Boot

On line 195 the login begins, but as I said it is hidden instantly. On the other hand there are three more pins that I don't know what they do, one of them is GND the other two have 3.3V.

Regards.

P.S: in line 190, it can be seen as some variables, which can be the user and the pass.
 
Your "USB thing" is a little USB-to-serial adapter, if you look carefully at the picture, you see a Silicon Labs CP2102, which is a common USB serial adapter. I don't know how it is wired, but you may have to configure your FreeBSD serial port to not use hardware flow control, that might enable the transmit line.

Another good idea: You can buy USB-to-serial adaptors that have LEDs for the RxD and TxD lines. I think Adafruit has those in the US (if I remember right, there is one in my basement box of random adaptors). Those are exceedingly useful, to see whether there is any traffic.
 
I'll try, but I forgot to say the reason for all this, and maybe it's not necessary. If it is better I will put it in another new thread, my idea is to install an sfp card and the module, to be able to get rid of all the equipment of my ISP.

I have seen that it can be done, but I don't know what I need apart from that, I doubt very much that be as simple as having the ISP team put the router in bridge mode and PPPoe. I have seen that freebsd supports several cards, but I guess I will need data from my ONT.


IYes my usb to ttl adapter has rx and tx leds, I'll try it.

Regards.
 
freejlr said:
https://ibb.co/7jp9bHj
Click to expand...
That 5 pin connector could be a JTAG port. You typically use that to program and/or debug an FPGA/CPLD. The traces on the PCB from the connector appear to go directly to that flatpack chip in the middle. Can you identify that chip? I can't read the markings on the picture. If you can identify the chip you might be able to lookup the datasheet for it. Armed with that information you should be able to tell what that connector is actually connected to.
 
SirDice said:
That 5 pin connector could be a JTAG port. You typically use that to program and/or debug an FPGA/CPLD. The traces on the PCB from the connector appear to go directly to that flatpack chip in the middle. Can you identify that chip? I can't read the markings on the picture. If you can identify the chip you might be able to lookup the datasheet for it. Armed with that information you should be able to tell what that connector is actually connected to.
Click to expand...
I'll try.

covacat said:
i doubt you can replace the gpon box with an ethernet card
Click to expand...
It is not an ethernet card, if an sfp card, plus an sfp module, the cards would be easy, just look for one that is supported by freebsd.

But see what sfp modules are compatible with the card and my ISP doesn't know that anymore. Of there you want to have as much data as possible.

Regards.
 
ONT, as defined in the GPON standard, is not a simple media converter. ONT shares last mile passive fiber connection from OLT with many other (up-to 32, 64 or 128) ONTs in the neighbourhood. So it must use particular protocol, to communicate properly with OLT, and not to disturb these other ONTs. None of the above two examples would work.
en.wikipedia.org

GPON - Wikipedia

en.wikipedia.org en.wikipedia.org
 
ipsum said:
None of the above two examples would work.
Click to expand...
"
• Complies with ITUT-T G.984.2, G.984.2 Amendment 1
• Complies with ITUT G.988 ONU management and control interface (OMCI) specification
"
people actually used the 'gpon stick' in russia on rostelecom network
read the comments on the aliexpress page
the sfp/stick is actually a mini/embedded ont
 
OK, my bad failing to scroll down the page and check technical details. Yes the stick is an ONT device and rostelecom seems to be the one that tolerates (or even approved) the device for their FTTH service. All the comments on the aliexpress page, except just a few ones, seem to come from russia only. But still, I don't think any ISP would let plug their fiber to just any ITU-standard ONT. Mainly for stability and (more importantly?) business reasons.

Coming back to the OP and his reasons. In your first post here you said about "the username and password to access as root" (which then appeared to be an attempt to login to the shell of the ONT box itself), while later you clarified that you actually needed PPPoE authentication details. So, did you ask a proper question to your customer service and they understood you? It may be also possible that you can setup a new password yourself, using your account page at your ISP (this is the way it works with my ISP). In such a case the helpdesk would definitely not have access to your password, but should give you advice how you recover/change it yourself. Also, if your helpdesk is not helpful about that, try your local community support forum, if there is any.
 
I have already identified all the pins, and I have been able to interact with the ONT. But I have not got anything about the user and the pass.

By letting the boot sequence finish, I try to interact with the console, it asks me again for the login and the pass.

das.png


So it's useless... The session is not logged. You can only see some information before boot, and some variables.

ff.png


What would be the step to follow, since the session is not permanently logged?Copy some image as the root one, there you can see it in the global variables, but how?

My intention is to know all the possible data, I do not want to make a PPPoe connection, with that it would only be enough to put my router in bridge mode and my PPPoe user and pass. But my intention is to remove all the equipment from my ISP, I think I will need more information.

I'm going to see the equipment that I provide covacat.

Regards.
 
What would I do? Use those commands to dump the entire contents of the "memory", fpga, and SPI flash and see what's in there. If it's Linux, maybe they have a filesystem with a script on there that does the login and reads the username and password from a file.
 
Agreed. Dig into your u-boot menu.
Chances are they have stripped out useful tidbits.
But look at emmc and partitions on it to get clues to the base OS.
Perhaps figure out CPU used and make your own u-boot build with everything enabled.
That might be a tall order as I am sure there is no public uboot build for this device.
So fake it until you make it. Is there an USB port on the device?
 
freejlr said:
You can only see some information before boot, and some variables.
Click to expand...
Yes that is all you need to get started. That is the u-boot console.
You got further than I imagined possible.
Using u-boot makes this feasible. I dunno about finding your credentials though.
That seems sketchy.
But congratulations on finding a u-boot console. That was the hard part.
Now back it up and hack it up.
 
The ONT never logs in with the user, the kernel simply shows the events in the first tty and overwrites the login. No, the ONT does not have a USB port, in any case if I have to copy something, I don't know if I can do it directly from the COM port to my machine.

I have seen that my ISP has a U-BOOT manual, but as mentioned, my U-BOOT seems incomplete and with hidden functions, or it is another version...

U-Boot reference

I want to thank you for your support, this weekend I will have time to look in more detail at the options you have told me.
 
You must log in or register to reply here.
Back
Top