Comtrend Technical Info

From AAISP Support Site
Revision as of 20:28, 7 March 2011 by TonyHoyle (talk | contribs) (Comtrend technical stuff)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Comtrend technical details

The comtrend 'ipv6 capable' router that AAISP are trialling is a fairly standard broadcom chipset. It has 1 DSL port, 4 ethernet ports and a wireless LAN. There is also a USB port which acts as an external storage device.

It is unusual (unique possibly) in that the broadcom kernel/drivers can be compiled with ipv6 enabled. This means that a 3rd party firmware with ipv6 DSL support and a linux userspace is entirely feasable (indeed, at least one is in development).

It has 64MB of RAM, and runs Linux 2.6.30, and busybox 1.00.

Passwords

In addition to the documented default password of root/12345 there are 3 others:

nobody/12345
support/support
user/user

All users have a UID/GID of 0.

Userspace

Out of the box the router is unfirewalled and doesn't start configuring iptables until you enable it on the WAN and reboot. It appears to not use ip6tables, but as we don't have access to the source for the ipv6 version of the router this may have been fixed.

It has the following ports open:

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:44401           0.0.0.0:*               LISTEN      
tcp        0      0 192.168.1.1:1780        0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:30005           0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:49431           0.0.0.0:*               LISTEN      
tcp        0      0 :::80                   :::*                    LISTEN      
tcp        0      0 :::21                   :::*                    LISTEN      
tcp        0      0 :::22                   :::*                    LISTEN      
tcp        0      0 :::23                   :::*                    LISTEN      

The entire 'normal' operation is controlled by a comtrend proprietary application called SMD. In the default firmware this is started by /etc/profile!

Busybox is linked with several proprietary libraries. These appear to replace the standard tftpd and ftpd functionality.

CFE

In common with other routers of its type it uses CFE. if you hold down reset for 10 seconds whilst powering up eventually it will drop into a CFE recovery mode where you can flash a new firmware using a browser. This means it's somewhat harder to break (unless you corrupt CFE itself).

Tech stuff

# cat /proc/cpuinfo
system type             : 96328A-1341N1
processor               : 0
cpu model               : Broadcom4350 V7.5
BogoMIPS                : 319.48
wait instruction        : yes
microsecond timers      : yes
tlb_entries             : 32
extra interrupt vector  : no
hardware watchpoint     : no
ASEs implemented        :
shadow register sets    : 1
core                    : 0
VCED exceptions         : not available
VCEI exceptions         : not available

Onboard hardware

Visible chips are

Broadcom BCM63281    ADSL2+ controller 
Broadcom BCM43225    Wifi/Bluetooth
Samsung   K4T511630  RAM 
Macronix MX25L6445E  8Mb Flash