Germany’s largest cable ISP Kabel Deutschland is sending their customers artificialy crippled router hardware with disabled wireless functionality.
When ordering your internet access, Kabel Deutschland is giving you the choice between three seemingly different router models:
Kabel Deutschland offering three seemingly different routers
The first model seems to be basic router without any wireless features, the second model is also a rather basic router but with wireless functionality, the third model is a FRITZ!Box 6360 – a full-feature device. For the last two models Kabel Deutschland is asking for a 2 or 5 euro monthly fee.
What they do not tell you: the first device (free) is the same box as the second device and has wireless functionality too – but Kabel Deutschland will remotely disable the wireless feature, hoping that people will pay them every month to unlock this feature.
Unlocking the wireless functionality of the Hitron CVE-30360
So, lets take a look at this box. It is manufactured by a Taiwanese company called Hitron Technologies Inc. So lets look at the router admin interface (point your browser to http://192.168.0.1/ – the default login is “admin” for the user and a blank password). In the admin interface we find the model name: “Hitron CVE-30360″.
According to the manufacturers website, this router DOES support wireless networking. However, the version that Kabel Deutschland sends out to their customers will check for a custom firmware configuration via TFTP/SNMP, download the config and disable the wireless functionality.
So after the device gets its new configuration, we will not find any wireless settings in the admin interface. However, we can still access to following page in your browser:
http://192.168.0.1/admin/wireless.asp
When accessing this page, you will get a alert stating “WIFI function is notAvailable yet!” – ouch. Press OK and ESC afterwards. You will now find yourself on a blank page, so lets take a look at the HTML source! If you scroll over the code you will find the following line:
<div id="maincontent" style="display: none;">
Yes, they are using CSS to hide the wireless settings – oh boy. Obviously, this is not much of a barrier. If you are on Google Chrome you can hit F12 to modify the HTML document on the fly. On Firefox you can use a add-on called Firebug. So, go to your favorite browser, navigate to that piece of HTML and remove the style=”display:none” part and apply the changes. You should now see the full wireless menu. Next, hit “Factory Reset” and wait a few seconds.
If you now refresh the site you will see the previously hidden wireless menu and can setup your wireless network as you wish. This will last until the device re-downloads the configuration file from the ISP again (usually every 5-7 days).
Possible GPL violation?
On a other note: while working with this router, i discovered that Hitron Technologies seems to be using dnsmasq on their devices. dnsmasq is a GPL software that acts as a DNS forwarder and implements DHCP. On Hitron’s website we find no mention or license notice that they are using dnsmasq as a part their firmware, also there are no firmware source code downloads on their website. Also, they seem to be using the GoAhead web server software without respecting their license. I contacted Hitron regarding these issues but did not yet receive any response from the company.
Update: here is a tiny batch script that will automate the unlocking (curl binary is required)
@echo off SET HOST=192.168.0.1 SET USER=admin SET PASS= curl --cookie-jar cookies.txt http://%HOST%/login.asp -s curl --cookie cookies.txt --cookie-jar cookies.txt --data "user=%USER%&pws=%PASS%" http://%HOST%/goform/login -s curl --cookie cookies.txt --cookie-jar cookies.txt --data "dir=admin/&WFReset=Wifi%%20Factory%%20Reset%%20&file=wireless" http://%HOST%/goform/Wls -s curl --cookie cookies.txt http://%HOST%/goform/logout -s