I HACKED my Internet Service Provider's router. So I could get rid of it.
Vložit
- čas přidán 18. 12. 2023
- 🚀 Part two is up! 👉 • How to HACK your ISP r...
🔗 Links mentioned in the video:
➡️ SFP GPON module: www.fs.com/de-en/products/133...
➡️ IP phone forum: www.ip-phone-forum.de/threads...
➡️ Frtizbox image builder: github.com/PeterPawn/YourFrit...
👉 Follow me on Threads: www.threads.net/@tomazzaman
👉 Follow me on Instagram: / tomazzaman
====================================================
Video gear I use to make these videos:
- Camera: Sony a7 IV (amzn.to/48Vj9L9)
- B Camera: Sony a6400 (amzn.to/3QhgkwB)
- Lens: Sony 20mm f1.8 (amzn.to/48Vj9L9)
- B Lens: Sony 16-55mm f2.8 (amzn.to/3Qg69si)
- Key Light: Amaran 100D (amzn.to/3Qhy2PF)
- Modifier: Aputure Light Dome SE (amzn.to/45yBDyi)
- Top Light: Falcon Eyes RX-18TD (amzn.to/3RWmgfX)
- Fill Light: Amaran T4c (amzn.to/3s03sln)
- Kicker Light: Amaran B7c (amzn.to/4943Sro)
Audio Gear:
- Mic: Neumann KM185 (www.thomann.de/intl/neumann_k...)
- Preamp: Grace Design m101 (www.thomann.de/intl/grace_des...)
- Interface: RME Babyface Pro FS (www.thomann.de/intl/rme_babyf...)
(Disclaimer: some links may be affiliate so I make a tiny kickback from your purchase at no additional cost to you) - Věda a technologie
Wow. I didn't see this coming. Thanks everyone for kind words of support, I'll do my best to answer to everyone asap, but there are so many of you it'll take me a minute or two. Much love! ❤ (And for all of you who have subscribed - or are about to - a warm welcome!)
I'm also working on my own router (currently in the planning stage). If you can spare two minutes, please fill out this pricing survey: research.typeform.com/to/KegRLBkD
welcome to (current year) -- all ISPs are trash and haven't updated anything in decades but their prices.
Thank you Tomaz for doing these videos. There is an equal community of tech (&infosec) enthusiast here in EU and having something available here (not to mention piece of equipment I actually have) that we can work with .. and on... is really nice. Otherwise I never even thought about this issue until you mentioned the brand of your router. Most things regarding tech aren't border/country specific, but this one kinda is. So thank you. Again.
? So you get free 5G Broadband now ? 🤔 I don't understand a single word you're saying but bro 😂❤ If you were in Australia I'd send my unit to u
@@TurboLoveTraintoday's education I doubt they already could update it if they tried 😮😢
my comes with a sock that I use to keep my part... warm for 5 dollars a month. and its even got wifi! It's called a router. lol. something like you pay for the modem but the other parts 5 dollars extra. dangle bits and all.
I know the feeling, in the UK, Shell Energy's new wi-fi 6 router is so locked down that you can't even change the default admin password. Talk about putting the needs of the ISP above the security of the user.
From the perspective of an ISP, 99% of all users can't figure it out, they can't even log into an SSID with a set password you give them, much less set their own and keep up with it.
Whether you want to believe it or not, those of us that can manage their own routers and Wifi are in the minority.
Tell the ISP you're running a VPN, you *require* a bridged modem, run your own router.
Same here, with shell energy except with their older ac router. Had to wipe it before it could work with the internet
Sorry, Shell Energy….as in SHELL ENERGY is an ISP?! Would literally rather go back to Dial up than fund those ghouls.
They stop you from changing the admin password?! That is not good news.
since when did shell do wifi ????
Since 2016 there's "Freie Routerwahl" (free choice of router) in Germany by law. The ISP has to provide you all the login data and has to allow using whatever router you want. It's great.
Same here in NL. The ISP has to provide all the relevant information, though they do not have to provide technical support.
As a german myself I was a bit surprised that he can't simply plug in his own device (I couldn't imagine using the crap router vodafone provided. That thing was basically a piece of e-waste).
As much as people like to bitch and moan about regulations in the EU, you guys get cool shit like that or Windows EU edition.
Wish we had that here in the states. I refuse to use an ISP router and let them have full agency over my LAN.
@@lyianx What do you mean? I live in Texas, and my dad has ALWAYS used his own routers, without even giving the ISP routers a chance lol. We haven't had a business-class connection in AT LEAST 10 years, and we've even switched ISPs in the last few years. Still able to use our own routers lol
This is a perfect reverse engineering of the box and what is done. Fair play mate.
Very satisfying video. I can hear the screams from the ISP all the way here.
Decades ago I made an IPcop router out of an old PC. I had some ISP problems and called their support and they went babbling about "click on the windows icon..." and trying to make me reboot my PC since that was their normal approach to all problems even if it was unrelated. I told them that I didn't run windows on that machine and that it didn't work for any of the other machines I had behind my router.
Uttering the word "router" made the supportdesk person go ballistic screaming that I need to remove it and that I was not allowed to use such periferals "and and and..."
Quite interesting how things develop over the years.
Ive always had a problem with the way ISPs force you to do things their way. It was satisfying to watch someone with your skills solve the problem
Thanks!
I was able to track down the settings for my previous ISP so that I could bypass their equipment. However, when my area started having trouble, they tried to blame me for the outage, even after I swapped back to their equipment with stock settings. I really miss having fibreoptic internet, but I refuse to be a scapegoat for support people that don't know what they're talking about.
My ISP was being non-compliant circa 2018 because I was using an aftermarket (Asus) xDSL modem/router, so in the end I plugged up a Siemens Speedstream 4200 they sent me in 2004 in bridge mode and said "there ya go, I'm using the hardware YOU supplied, now fix the issue at YOUR end!"
Suffice to say they were confused when trying to TR-069 the antiquated hardware, but they admitted defeat 👍
They even sent me out their latest modem at the time for free so they could troubleshoot easier in future 🤣
"Ive always had a problem with the way ISPs force you to do things their way." That statement there says more about you than than any company ...
@@lillerosin2915what the f ck are you on about m8?😂😂😂
That router looks like something you'd find in a Fallout game.
Just sitting in a network room of the Brotherhood of Steel.
it looks kinda like the maliwan chest from borderlands 2
Looks like something from Thunderbirds lol
It looks like a Corvega LMAO
I have very little clue what you just said but I love every minute of it. Amazing you figured it out. Wish I had this kind of capability
Thank you! The key is being very curious, then digging how far the rabbit hole goes. Like in the Matrix. 💪
After tons of works.
ISP: Okay we are sending you new one.
Since you mentioned AVM: yes they are very popular here, specifically because their routers are easy to use, but much higher quality than what your ISP might give you (in Germany it’s illegal to lock down the connection)
And thank god for that, i'm never gonna be using that Vodafone pos "router" ever again haha
Thanks to this when i switched contracts to O2, i was able to buy a 7530 in black on ebay for 50€, instead of having to pay for a provided one monthly, it's honestly the best fritzbox in it's own terms have ever used (I never liked the ones shown in the videos either tbh ahah)
What do you mean "lock down the connection"
@@seagie382the ISPs are not allowed to lock you to their provided router and need to be open to any router that should be physically compatible.
very cool @@BergischNRW
@@seagie382 Law states ISP need to provide some industry standard passive edge-of-premise-endpoint + the access credentials to allow consumers to install their own "router", and was a response to public campaigns by consumer/tech advocacy groups (like CCC) and companies like AVM. I guess from the government's POV the main point of this was to open up the market for more-than-bare-basics home network vendors like AVM more (which I guess is why they supported it) but I think the CCC folks had motivations more similar to Tomaž's.
It would be an awesome move to figure out what the ISP uses to log in to the original router and run a service that responds to them trying to enter your network with some kind of "access denied" message.
"Uh uh uh! You didn't say the magic word!"
Stop it lmfao 🤣
They don't care. It's just so you get firmware upgrades. It also probably means whenever you call support they can't pull any diagnostic information.
@@cartoonhead9222 And probably "Anonymous data for marketing purposes". Also don't forget having an mandatory Backdoor into your network which you have to trust a third party with maintaining is a security risk....especially for a business.
@@cartoonhead9222 except when they don't secure their communication and now your home network is open to being taken over by anyone who wants to try. most likely, burgulars who want to get into your smart security system.
Telling a German you're not gonna do what he tells you to. Subscribed
I wondered how you in particular got into my feed. When I realized you were from Slovenia, it all made sense. I've been listening to Siddharta all day.
Glad to have you on board! Also, great taste in music!
Speaking as an engineer in the ISP space-
I'm fairly surprised they didn't offer other a plain (non-router) ONT or have a bridge mode function built into the router, at least for a business customer. It's very normal for a fiber ISP to want to have control over the ONT device and to authenticate the customer based off of the serial number - you don't have the convenient authentication mechanisms with GPON that you get with DOCSIS and there has to be a way to verify you're providing service to a paying customer. The TR-069 support is also quite normal as it's how the provider is able to actually support home users and believe me when I say this is absolutely a requirement in this day and age. The really odd bit is them not providing a way to bypass all of this: business customers will generally not want to be forced into putting their equipment behind the NAT on a soho router. Though it sounded like there might be a 1918 IP on the WAN interface so maybe they're doing some sort of fucked up CGNAT that doesn't comply with the normal standards. Perhaps this was only used for communication between the router and the SFP?
I suspect they're a smaller provider and doing a number of fairly odd things here, at leastpartially in a misguided attempt to save money with regards to the router. I am very curious what would happen if they ever wanted shut you off for non-payment - maybe they can just de-auth that serial number but there's a decent chance they'd just be sort of stuck until someone realized they could just physically disconnect you.
I bet their business and enterprise tiers are different services. This still makes sense for mom&pop shops.
Oftentimes yes but it's going to cause enough friction that I wouldn't recommend it. Requiring the customer to use the provider ONT or modem is one thing and often not unreasonable. The router is a different deal to me entirely. @@FedjaHvastija
In my experience, here in Canada, this is fairly standard practice. ISPs, both facilities based and resellers (some literally just resell the bigger ISPs service but handle all billing/customer service/tech support, though most have the ISP do onsite support, others control some or all of the service and just use the larger ISP for last mile) either use DHCP/Static IP or PPPoE (if using PPPoE, the static IP is usually assigned via DHCP after authentication). Troubleshooting when PPPoE is involved is a pain in the butt.
As for equipment, the cable companies generally are easy to work with, just put their modem/gateway in bridge mode and connect it to the WAN port of your own router, configure for DHCP or static (business account only) as needed. Even when using IPTV from the cable companies (the main 1, as of earlier this year, there is only 1 cable company, Rogers, that covers the majority of Canada after they bought the 2nd largest, Shaw) works when using your own router on ethernet or wifi. Some people say the modem/gateway still broadcasts hidden SSIDs need for the IPTV, I can't find these in my setups. The except is when you have XGS-PON FTTx from Rogers, while it's still DHCP/Static thankfully, the modem/gateway (it's a Rogers Ignite branded Comcast Xfinity modem used on cable via RG-6 Coax or ethernet to a WAN port from the ONT/ONU) can't provide multi-gig when in bridge mode because it's RJ-45 WAN port is the only multi-gig port (it's used for multi-gig LAN when using Coax WAN), but IPTV works, however if you connect your router to the ONT/ONU (I think the only option is ethernet, no SFP option) then internet works but IPTv fails after a random period of time, suspicion is that the TV set top boxes stop working after a while if they can't talk to Rogers over the hidden wifi from the modem/gateway. I have yet to personally come across a customer with Rogers XGS-PON FTTx. Unlike Comcast in the US, Rogers' branded version of the Xfinity app doesn't run on anything other than your Android phone or iPhone, so you are forced to cast and can't use it on an Android smart TV or TV box. I've complained, even told them I'm willing to pay $2.00-$4.00/month per device to be able to use their app on a smartTV or Android TV box instead of renting one of their set top boxes.
However, the phone companies (at least the major one, Bell Canada), their current modem/gateway provided on their GPON service (most common in my area) has a "bug" that turns the wifi back on after a reboot, so even if you disable it and have your router connect via PPPoE passthrough (so it gets a Public IP) there is no way to avoid the modem/gateway from broadcasting WiFi. The previous modem/gateway modem did have an SFP adapter that was fairly compatible with many routers, but it's been discontinued. As for their IPTV, in my experience, I have not been able to get the boxes to work over ethernet, only wifi, when on the ISP modem/gateway, and they also require some convoluted IGMP and VLAN configuration which I have yet to properly figure out (some have).
Eventhough it's usually cheaper (marginally) and easier to go with Bell Canada to get faster uploads (Rogers cable internet maxes out at 50Mbps, but this is fine, even for me being in IT and working from home, at least most of the time), I usually discourage clients from going with Bell because they are even worse than the cable company to deal with, and it's very impractical to use your own router, especially if you get IPTV service from them (proper full service IPTV service is only legally available in Canada when bundled with internet service, it's slowly changing).
Unfortunately, bad customer education here in Canada has lead people to believe that they subscribe to wifi and that wifi is synonymous with internet, and that they need to use their ISP provided equipment (same concept as believing that they need to only get their car serviced by the manufacturer at the dealership or get their phone repaired only by the manufacturer, whether in or out of warranty for both situations). It makes my job harder, both interms of support and interms of convincing a customer to get their own router. Even when I do, if an ISP technician comes by to do work, then then to leave the modem not in bridge mode or remove the customer's own router all together, and then the customer calls me saying things aren't working right, and then I go in, and fix it, when they ask me what I did and explain thst the ISP tech messed things up, they get frustrated (usually with the ISP, not me).
We need governments to step in and regulate ISPs (more than they are) and prevent them from providing routers, modems only, even if providing IPTV, or at least providing separate modems and routers from mainstream manufactures (no small companies like Sagemcom, Technicolour, Hitron, Arris, SmartRG, etc., I want to see ISPs provide Ubiquiti, Asus, Netgear, TP-Link, Linksys, even Cisco. I want to be able to subscribe to a dumb pipe like it used to be.
@@FedjaHvastija The whole Fritz!box series are (fairly pricey) higher end consumer devices. The only businesses that really use stuff like that are those with consumer levels of IT sophistication but why waste resources on something more complex if all you want is to connect a bunch of notebooks to the Internet.
A lot of work. A whole lot of work. We all know what countless hours means when it comes to such...projects. Thanks a million for your time, effort and sharing all that work and many many hours with us. The very leat I can do is like and subscribe.
what does it mean? i'm confused
Hello! I had actually tested this specific SFP few months ago on my UDM Pro. Once connected to the WAN port, the UDM was going crazy. Its interface was all acting up and couldn't see the SFP. After some research, ends up it was the UDM's wan port negotiating only 1/10G speeds, so the 2.5G speed of this GPON SFP was driving the software crazy.
Where did you end up connecting it then? Did you use it on some switch and then used VLANS to route the traffic from the LAN port?
As a fiber optic technician in Italy i can say that here (and i actually think in all europe) the ISP is forced by law to give you a way to use your own router. I work for the company that manages the infrastructure, so we work for every ISP that uses it, we install mainly 3 types of devices: Direct PON (Fiber direct to modem/router), SFP (SFP Module in router), external ONT (External terminal that you connect to a router's WAN. I first and usually second case the ISP will provide an ONT to allow you to use your own router.
Anyway the ISP using FritzBoxes use 7530/7590 for 1gbps and 5530 for 2.5gbps
In the UK our fibre providers place an ONT inside the property. The fibre goes in 1 port and there is an ethernet port where you can attach their supplied router, or your own if you know your login details. It seems crazy that that you have a fibre going straight into an SFP that then plugs into your router where the fibre can get disturbed, or worse, unplugged from the SFP and for someone to look down the fibre 😎
I'm familiar with a number of small telephone cooperatives here in the US who have run fiber, and they do the same as the UK. Fiber to the outside of the building, and twisted pair into the building. Don't even need a log-in, just connect whatever router you want to the ethernet cable.
The downstream power at the customer is actually pretty low, -17dBm or so it typical (20microwatt). This is from going through the passive splitter (the P in gpon). The upstream output of the SFP module is 'hot', but it won't transmit unless it is hearing the OLT, so when you start unmating the connector, it stops. Still, I don't stare into fiber ends unless I know that it is safe. I have some very unsafe-to-stare-into links.
Yo can get fibre based ethernet cables.. so run that from the port to directly inside your home.
Same for NZ. Most ISPs let you bring your own router and identify your connection based on the ONT rather than the routers themselves
My ISP in the UK allows you to use your own router, and will give you either a locked down Nokia router, or a Nokia ONT if you want to bring your own gear. The rub is, they use PPPoE and a VLAN. The PPPoE details they provided, but not the VLAN ID, so it took me a while to work that out (the Nokia router had the VLAN ID visible, thankfully).
The other problem was PPPoE is complex enough that it just sinks a lot of domestic routers at gigabit speeds. Never mind, Mikrotik to the rescue :D
And I thought I had a cool solution when I convicted the ISP to turn my Frizbox into a pass-through mode.
Is this the orange or the blue ISP?
Nevermind. I saw that you explain this in your first YT video :)
I don't know where you are from, but at least here in Germany where the AVM devices are very popular in the consumer market, you have freedom of choice which modem/Router you want to use and you also have full access to the FritzBox and can set it to passthrough / modem mode yourself. So the FritzBox will just act as a modem if you want. I think there is nothing wrong with the AVM devices. They offer everything and much more than most home consumers need, are easy to set up and are of good quality and performance and have a good customer support.
Good job man! I too have hacked my last two different providers so that I can use only my equipment to connect to their network. It's a great feeling to get the crappy provider equipment out of the path.
Brilliant vid! Loved the investigation works that you did. I completely understand the feeling of doing anything and everything you can to get your ISP's grubby hands off of networking kit that sits inside your own house.
Thanks!
Here in NZ, you are provided with a basic ONT which you can plug your own router into.
Also, the companies that manage the fibre network are by law not allowed to be an ISP, which leaves a more free and open market for internet service provider's.
If I was forced to use a locked downed router, I would be very upset; Happy that you managed to find a work-around, although you shouldn't have to.
My ISP is government-owned which is a blessing and a curse. We're forced to use their devices, but the network is rock-solid and pricing acceptable.
@@tomazzamanI know you probably don't want to point out which isp it is, but I just wanted to chime in that I've never had this much trouble setting up my own router. Either a bridge mode/trunk with copying pppoe credentials, or just straight up replacing it and just properly configuring the ipoe has always worked for me.
Otoh, I know some friends have had lots of trouble with doing similar stuff with some other providers...
What? Then what's the point then?
@@everythingpony What's the point of what? If you are referring to the fibre networks, they sell contracts to service provider's to use their network.
So happy to see FS get some recognition here. I've been using their stuff for awhile now. Such great products and they have everything you can think off. Great prices, great customer support, and they sell direct to consumer. Glad to see them getting some praise
Agreed, have been a happy customer of theirs for years. All my fiber and copper cables are theirs.
@@tomazzamanah, so you’re just holding it for them?
@@reyariass😂😂
depends. some switches and wifi system are stupidly programmed, outdated und poorly documented. sfps are great and some 10g switches arealso great. hit and miss.
I do like their stuff and purchase from them all the time, but the reviews on their website are 100% bogus.
Wow! Excellent diagnostics and considerations. Thank you so much for sharing what you found out and how you went about it.
Heya , i have a question. My ISP requires the use of a ONR in which the fibre optic plugs into then into the router. I'm completely clueless on anything networking.
I usually run servers for my friends to play however , upon switching to this ISP , I found out that they do not allow port forwarding. I always thought that it's a router setting however no matter what I tried , i couldn't get the ports to be opened. I've disabled firewalls , ran the port forward in the router but to no avail.
i then googled that it's due to my WAN ip being a private IP . However , when i called my ISP , they said they will not assign my a public WAN ip due to security reasons. I'm stuck in a contract for the next 3 years. Is this something that I can change on my end?
So happy that I have the options of ISPs that let you bring your own router. The network in fibre areas basically just have a media converter device (NTD) that is the infrastructure boundary, and then the router just grabs an IP via DHCP. No PPPoE or anything anymore these days around here.
Incredible work ! Never get between a nerd and a problem - we will spend as many hours as it takes to resolve it 🤣
Yup, stubborness, curiosity and time. That's all it takes. 😅
😄That's funny.
Definitely.
Nerds rule!
Used to run a FritzBox 7490 (I think), they work pretty well from what I remember but I didn't have a ISP locked down model. I still have mine in the cupboard, had it running for something around a year ago and it was still being supported after 9 years.
Same, I bought in the aftermarket a few 7490 for my personal and family use and I've never had any issues with them. Support for WiFi and network stability is superb and powerlines actually are decently managed lol. The design isn't the best but I'm not really buying a modem for the looks tbh
Also a 7490 fan.
Tomaz, that was some really great troubleshooting there! I can only imagine how many "billable" hours it actually took you to get to were you are at the end of the video! I only just found your channel and since I'm a retired Network Admin from the US Air Force and US Army, you have definitely earned my SUB brother! Now I'm going to go watch your Router Build video! (Love your accent, LOL) Keep up the great videos and G-d bless you!
Thank you for the kind words, I'll do my best to make it educational and entertaining! Welcome aboard! 🫡
In terms of your ISP having a protocol that allows them inside your/their router, that isn't even the worst part. My ISP (and probably most or all) uses deep packet inspection on everything going in and out of your network. They see everything unless you run all your traffic through a VPN. They still know you are using a VPN but at least they can't see exactly what all the traffic is.
actually own router makes it harder to do, that and this is why some ISP's want or force their router.
why would VPN traffic be immune to deep packet inspection ?
@@laus9953 Because the traffic through the tunnel is encrypted. The ISP sees the packets that are carrying the tunnel, but can't decrypt the payloads. The best they can do is infer generally what type of traffic it could be by packet timing, such as a video stream vs. an online multiplayer game. But can't tell what the endpoints are or the specific data carried.
@@strehlow Our isp's will disconnect your internet if they can no longer decrypt the data.
* The ISP sees everything, unless it is encrytped. So if you use basically any modern website or programm this is not a problem, since everything is encrypted.
The same with VPNs: if you use them, they see everything unencrypted.
If a VPN is better for you depends on whether you use a lot of ancient (unencrypted) websites and who you trust more, the ISP or VPN.
Good to see fritzbox design literally hasn't changed in 20 years. I remember having a smaller one like that sans the "wings" (just modem)
The newer ones are looking quite fresh though.
It looks like something straight out of Futurama. I'm not sure whether to love it or hate it for that.
@@andybrice2711 It's a brand thing. For some reason AVM have almost captured the customer provided home router market in Germany, its almost a kind of fashion item for the i-think-i-know-more-than-you-about-computers-but-not-really-actuallt crowd (very much in sync with certain cultural traits :) )
The design actually changed and they are quite good looking now. But his ISP not only gave him an underpowered one, but also an outdated one
To their credit, this was 4 years ago.
What a crazy amount of effort, and requiring such advanced knowledge. Congrats on beating “the system” in the end!
Thank you!
I have had that same device for many years, bought it myself and absolutely love it. The modem(s) my ISP provided magically stopped working properly every couple of years, just after my 2 year contract expired. To get a replacement modem required taking another 2 year contract... what a coincidence!
Sadly, when we moved and I changed ISP, I couldn't get the Fritzbox to work with the provided settings (probably my own fault for not doing a full reset)... so I reconfigured it as a wireless repeater up the other end of the house and continued using it for several years.
Don't know what your ISP did to the unit they delivered to you, but that's not at all typical of the Fritzbox.
It is unfortunate that that particular model looks like a reject from an episode of 'The Jetsons'.
Great video, I learned a lot. I've been looking into this ever since I realized my ISP could remotely log in to the router and change a setting. Does not feel ok. I believe my ISP allows to use my own stuff, but if it's locked down like yours I'm going to war :)
Yup, had the same thoughts :)
There is a downside though, you implicitly waive the rights to any kind of support since they can't remotely check what's going on. But I prefer it that way.
@@tomazzamanYeah that makes sense. Luckily I'm pretty confident managing networks.
You have to trust your ISP anyway, so imo this isn't a huge issue. And for 99% of people, it's good for getting help.
I have two ISP. Both allow me to use my own router, and provide no support for my own. But, I have their device, so if there is a problem, I can plug it in for them to do some test or whatever. Then make the network work again for me to swap it out. One uses the MAC address as "security" and my router has the option to input a MAC so it works.
Good point, will do the same.@@boomergames8094
Glad you got it sorted out. Another thing to watch out for, is the wavelength FREQUENCY, because depending on your provider, they may be using CWDM or DWDM which is essentially a device that consolidates many optical signals into a single fiber, then when it gets to its destination, it splits them back out to the individual "channels'' or frequencies. Additionally, while most of those SFP's are fixed frequency, there are also some that are programmable and can change their frequency, (and they are expensive too compared to common SFP's) and may need to talk to your hardware to determine what frequency they need to be on, if they are preset to go with your equipment.
Thanks for the explanation. That I did not know!
@@tomazzaman You are welcome, how I know this I was helping one of the sales guys from one of the sister companies of the company I work for with a demo for a major telecommunication carrier in their lab and their main goal was to test compatibility of the various manufacturers SFP's, with the various devices they use in the field. The SFPs only work when everything is just right, and naturally we discovered far more ways they don't, lol! Our company made SFP's that were smart and if they were connected to a CWDM or DWDM, they would automatically adjust their frequency with the opposite end and establish communications. This meant the telecommunications carrier didn't have to stock every single fixed-frequency SFP's to go with those optical frequency splitters which would save them a load of money and make implementation tremendously easier because there are literally hundreds of frequencies they operate on.
this is awesome. Love seeing someone get around ISPs stupid restrictions.
I understood about half of this but it was 100% interesting. Glad you won!
the lengths people go to when they really want something. amazing work!
Thank you!
It shows you how close we are to that communism 2.0 that is called the "Great Reset".
These last 3 years we had to fight to keep our jobs for not being vaccinated by a poisonous COVID vaccine. Remember?
So yes, people have to fight for a thing called freedom these days.
Tomaz, outstanding content and production quality. I'm amazed that you have just ~2.2K subscribers as of this writing. You have one more in me now and I'm sure you and the channel will do great things! You already are. Nice work!
Thank you for the kind words. These definitely fuel my creativity and motivation! Welcome aboard!
Thats Awesome. How do you code the fibrestore sfp with a different serial number ? As in how do you ssh into it?
Default IP: 192.168.1.10/24
User/pass: ONTUSER/7sp!lwUBz1
Serial number command: set_serial_number 12345678
Thanks to your research I understand more than ever about the sfp module internals. Many thanks!
You are welcome!
Hi from France ! I'm discovering your channel with this video, and I gotta say : WOAW.
This is explained clearly, packed with interesting stuff, and the technical side is also very interesting to me. Keep up, I love it and I'm subscribing !
Thank you! Comments like your make my day and push me to try and make every video better than the last. I don't always succeed, but the motivation and will are there! Have a good day yourself!
Hi from Switzerland, this is exactly the content I am looking for on youtube. First time I saw you today, I immediately subscribed! keep up the good work, the precise description of the steps, the thought process and the links to the products shown in the video. C U soon!
Thanks! And welcome on board!
Now that is dedication to solving a problem and maintaining your own independence! I love it! Respect
how did you find out this gpon module had an SoC you could ssh into?
Oh man. What a crazy amount of work you put into this. Great job. Thanks for sharing what you learned through this process. I secretly love when stuff breaks or does not work. It's sometimes the only time where we dig in and learn new things.
Yup. If only I was capable of letting it go hahah. Thanks! :)
"Hideous"?!
That's classic 1950s rocketship aesthetics.
Yep, can't deny that :D
Here in NL we have free choice of router and/or modem. The ISPs have to provide all information necessary to replace their systems if you want to. If you have fiber you're even allowed to change your ONT out for one you get yourself, or for a router with a fiber connection.
I wish that was the case here in the UK. I've switched providers several times as only new customers, in my experience at least, are given the best deals. When I sign up, there's never an option where I can say I wish to use my own router.
@@bernardm231252% of the population voted to revoke these and many other consumer rights.
Is it possible to use your own? I hate this vodaphone crap one, City Fibre said its faulty but vodaphone are very reluctant to exchange it. I could change suppliers though.
I'm from Germany and my provider gave me an own device from them, but now I also have a FritBox, and I'm so happy to could configure much more (It's still from the provider but with much more capability).
What I can recommend is a proper Rack-Mount! For Fritz boxes are some to find and are beautifully than only a plate where it stands on. :)
I've been looking for ages to get rid of my ISP-provided Nokia ONT, thanks to your video I finally have a reference for an SFP module that might actually work! Thanks!
You are welcome!
I have the same situation with a Nokia ONT, however I need a 10Gb FSP+ module for my router. Then I need to figure out to replicate the serial nu,ber of the Nokia ONT port, which isn't easy, since it's a converter device, not a router. Any ideas?
@@kosbos1985 you should be able to get the serial number from your ISP if you ask nicely. It might also be printed on the device itself. For example my ISP added a sticker with the S/N on my ONT. There might be other ways to retrieve the S/N but I guess they would require hardware. Then again I'm no expert here, maybe someone with more experience could help here.
Not a big fan of tech ytubers, but definitely earned a follow for this video. Love the energy and character here. Great video man!
Thank you! 🙌
So I work for an isp and I'm familiar with aspects of this, but it seems like a lot of overhead for an operation system To have an ip address between the SFP port and the SFP module? Like this is giving the home 1 extra hop to the Internet than it needs? Plus you're introducing more logic to the routers processor than it needs? Or is this a case where that overhead is negligible? Or... maybe I'm not understanding something correctly?
I've had ISPs that at least had the decency to provide a 'bypass' mode where their device would then act like a transparent pipe to your router behind it. I've also had ISPs who insisted that you use their device even when their device is defective and drops your connection every hour on the hour for a few seconds for ~reasons~. In the latter case it was also a VOIP phone terminal and they wouldn't tell me the ports or protocols needed to pass the traffic to the phone would work if I put that behind my own router, so I had to take matters in to my own hands.
I had one ISP where their (required) modem would need to be factory reset & configured into their network every couple weeks, to the point where eventually a technician gave me a specific URL to bookmark to do it myself whenever needed.
My Cable Router is like this. There is a bypass, but I also get my TV through it using an encrypted VPN. The Router oversees local key management (Renewing, requesting, and transmitting to local devices) I am required to have it available for software updates as well (Failing to do so will result in immediate termination) I am also required to have it available for diagnostics at random times. So, I can bypass I can't eliminate it entirely.
My ISP did offer to put my Fritzbox into "bridge" mode (same as your bypass), but I still didn't like it. Just because my own ~reasons~ 🤣
The FritzBox offers a bypass option and to use it like a fiber modem. There is no need for all this fuss.
@@silentwater79 Bridge mode, sure, but he didn't say there was a need for all the fuss... it is what he wanted & many of us can see why.
Would they not put it in bridge mode for you? Or put your main ubnt router in DMZ of their router? Anyway, good work!
They did put it in bridge mode. Still hated the fact I need to have a device in my network stack that doesn't need to be there.
I work tech support for various ISPs across America and I've gotta say that while I understand why this isn't desired for most, I'd love it if it was an officially supported option for the tech savvy. I've always been of the opinion that you should always own your network or at least have the option to own it all.
Yep, exactly. I have nothing against it. Just wish it was optional and not forced upon me.
Absolutely brilliant! I am very glad that your hard work paid off.
Thank you!
Hi from Portugal. Around these shores ISPs use a single device that contains Wi-Fi, routing and ONT. No SFP modules here. They all use cloud connected stuff and are fully remote managed. You can use other equipment on some ISPs, but that's not allowed on others. I, for peace of mind, just put their stuff in bridge mode, and use my own OPNSense box.
Bem jogado.
Until I found this solution, I used the same, bridge mode + OPNsense.
How did you get the login details for the sfp's telnet? I talked to FS and they just sent me a screenshot with the sample information from the manual, which obviously didn't work.
SSH to IP: 192.168.1.10/24
user/pass: ONTUSER/7sp!lwUBz1
then change serial: # set_serial_number 12345678
Cool project!
I absolutely get where you're coming from. The biggest hope, IF fiber ever reaches me, is that I can just plug it into my firewall. I am 120% sure my ISP won't want that either but it's good to know that there's a chance.
The fact that an ISP kan remotely manage their CPE is completely normal. Otherwise they would have no way of supporting and troubleshooting for customers.I doubt that ISPs hate, whan customers replace their supplied CPE with another router. As long as the customer is fully aware, that they are completely on their own by that point.And don't expect the ISP, to support aftermarket routers or firewalls.
Customers should not be forced to use such features.
Yes, because the troubleshooting from your ISP is going to do you any good... like enabling 802.11b... who in their right mind would do that?
@@sjoervanderploeg4340 People who say i can't use my prehistoric ultracheap Tuya smart switches. The same who wants to split 2.4 and 5GHz because the device say it should be connected to 2.4GHz. The customer bought always correct functioning hardware. It's always the problem of the ISP in the customer opinion. Same when the old laptop doesn't see the wifi6 network. In their opinion the provider should fix. And this customers say off course is not the manufacturer of the WLAN card. The bought a "good" system.. Because this customers say: it works just once before....
Totally agree. You need to know what you do and it's fun to do. But when you got problems place your ISP router back. But most don't want to do it because they know 100% sure there is a problem by the provider. And when a engineer arrived and find a problem in the customer setup they are angry about they need to pay the bill of the visit of the engineer.
@sjoervanderploeg4340 Well, the thing is, the users who can troubleshoot on their own are likely in the vast minority.
The ISPs thus cater to the majority of their customer base, who will generally not care about it beyond "Is the wifi working? Yes/No"
I have a Fritzbox DSL router and I love it. I have played with other boxes (ASUS, Linksys) and installed DD-WRT on all of them but the AVM I have kept stock. It has everything I need and more. Yes, the Fritz is a rather closed system and that does concern me a little about the security but since it is not so common (outside of Europe).
The box you got there is quite an old model, I have a similar box for an upstairs AP but it is gone now (no Wifi 6). I am waiting for fibre, I literally see the cable 100 metres down the road waiting to be installed.
For context I have 30 years of Network experience.
Yeah, I does the job for most people and I do have it in my drawer as a backup (never needed it though). I just wasn't too keen on having a locked/closed system in my house. Just out of principle I guess. Good luck with the fibre, I hope it comes soon - it is a game changer (I got a big family, so you might imagine we put the extra bandwidth to good use 😅)
AVM are still releasing firmware / security updates for very old kit.
@@tomazzaman Agreed! Hell, I live in a (small) German town and I am very angry currently, because the village I used to live in now has fibre to the home, while the town will most likely not get it for a while! Sure I am by myself (don't have kids or a girlfriend - no, never a wife! I am not getting married - PERIOD!), still I'd love some more speed! Would speed up downloading larger games and images for the Raspberry Pi5 (took a while to get the Batocera image for the Raspi, it's a 470 or so GB file after all)
Thankyou so much! You answered a very longstanding question I have had. I didnt know it was possible to replace these horrid huawei devices.
I'm from Germany and as far as I know it is usually possible to replace your "box" with something different. Especially with the "FritzBox" , it means they have to make part of the sources public because they are based on Linux. There is this system that is made from the original OS (somehow hacked) but if you can run OpenWrt on the fritz box then I think you may get a nice system.
I was in believe it is possible by default to disable the "TR__" management interface somewhere in the menu, but this can change.
The FritzBox is allowed to exist untouched in our home but because it has enough options to make it virtually "invisible" if you want. I think the ISP anyway could sniff your traffic and I think doing it in the fritz box is much more easier to detect than somewhere else. Because a lot of people "root" their fritz box they could potentially detect unusual things. Also they are different companies. Maybe in the firmware of the glass fiber network cards would be a good place to place something.
In the USA, we have a few ISP's that don't allow you to select your routers. It's difficult. My ISP allows me to own my own modem (non-router) as long as it's on their compatible list... Then I can choose whatever router I please.
I would love to see a video on the procedure to ssh into the new GPON module and set the serial number or just the commands needed, thanks great video.
Here you go:
$ ssh ONTUSER@ip-of-the-SFP-moule
password: "7sp!lwUBz1" (no quotes)
then run the following command:
$ set_serial_number 12345678 (change numbers to your serial)
What did you get after replacing it?
Props on getting it all working. I guess I'm really spoiled. My ISP here in the US (Alaska) is configured in such a way where I plug in my router in to my ONT with DHCP configured...and I'm good.
I'd make sure you've got a couple of spares of that SFP module. They have a habit of burning out, and I've seen it several times in data centres where a dead or faulty SFP has taken out massive networks or network segments.
Yeah, but pretty rare.....
Would it help if you setup a water drip on it ....😂😂😂😂😂 , IYKYK.
@@dnatech4477 i had an sfp blow and IC before, had to get the bell tech to come out, when he pulled the sfp out of the modem, it came apart revealing the blown up IC on the board. the metal casing was stuck inside the sfp port, had to replace the modem.
Yes, but rare^^^@@Dataanti
Now we need to get this to work on the ATT modems in the USA
Send one over, I'll see what I can do 😂
If you had the BGW210 (iirc) and the old ONT setup you could actually bypass the BGW by rooting it, extracting a few files, and running them on your own device. I did this and used my own router directly for years until I moved and AT&T switched to the new BGW320
ATT Fiber does this crap as well using EAPoL/EAP-TLS x509 device certs built into their routers. It should be illegal, but … Freedom! (For corps to do what they want). Luckily, at least for gigabit and below (older GPON) you can extract these certs and run this on your own router with wpa_supplicant to handle this device authentication.
@@antikommunistischaktion I can't wait for someone to figure out a way to bypass the BGW320. I have the BGW210, and I'm using pfSense to make the handshake and bypass the unit. Unfortunately, this unit maxes out at 1Gbps, so if I want one of the faster services, I need the BGW320.
The other easier way is to use a Gigabit Media Converter (it's super cheap, like the TP Link MC220L). You plug your sfp port in it, you connect the device to the WLAN port of your router with a regular RJ45 cable, and you assign the appropriate VLAN number in the Router for the WAN Port (it pretty to find it online) on the IPTV/VoIP. - It worked seamlessly for me many years ago.
It works with any "regular" routers (with which you can have more configuration options of course). I'm sure some ISP have weird things going on, but for the price of the Media Converter (20 bucks max), It's worth trying this first
I like ths fritz box, was there a particular problem? or just looks?
ok, understand it now
Just looks. I'm vain like that. 😂
😅. Na, but its cool you can actually reduce it down to that tiny module or n your switch
And that is how it's done! Outstanding job, not only because of your working result but because I would have reasoned the same process and made it work as I did on all ISPs I've ever had since the 90's. Fortunately there's no need for that anymore as my current fibre provider gives full access as standard with great overhead on top of the subscribed speed - so for the first time ever I decided to not waste time on breaking in already open doors and be happy with an honest, full service as is. Obviously yours was a tricky solution and all the best to you for solving the issue, but what matters is your mindset and determination to get to the bottom of the issue and get the full service you are paying for. That's litterally how the world moves forward, so do keep that mindset and you'll solve any problem that gets in it's way. Thank you for that - and the great video.
Thank you for the kind words. I'm not like that on purpose, it's just when my brain decides to get to the bottom of something, then I literally have problems falling asleep because I can't stop thinking about it. It's a blessing and a curse! 😅
Also need to state that he had the funds to buy many components that ended up being dead ends. If I had the space and a few thousand dollars more per year income, I'd put together my own electronics bench and putchase components for experimentation. A nerd is great, but a well funded nerd is better!
I got a bulbous nightmare modem from AT&T that’s been a pain to integrate into my homelab. What happened to the black boxy ones with mounting holes?? They were fine?? Now I’m stuck with a fat white batard that makes the PS5 look like high art.
ATT routers are limited and you need to disable their dns redirects via their website. I have not done it yet, but generally, you turn everything off and set a real router as the dmz or forward all ports. Dual nat. Then you can control your internal dns and use stuff like pfsense. I'll probably give this kind of thing a try at some point, hopefully someone else figures out all the details for replacing the att router entirely and it will be easy for anyone to do. People figured out how to use your own router on google fiber real fast so back when i had that, i used my own router for google fiber.
Thank you for the video.
Stumbled upon this channel thanks to the CZcams algorithm. As someone who has hacked/soft-modded many devices in the past I do know very well how much effort it takes. But I would have probably tried to do the same thing as you did in your situation. I despise ISP supplied routers. These things are made to be easily managed... by the ISP, not the customer. You're lucky if they allow you to change the basic settings.
Fortunately, my ISP supplies a GPON gateway running in bridge mode. It simply hands out a public IP with no hacking required. But it would be fun to try to get rid of that device as well...
This is an amazing video. Thank you for your hard work. Happy New Year!
Thank you! Happy New Year to you as well!
I admire your perseverance, I'm much the same. But I actually like the Fritzbox industrial design and find their user interface to be excellent. I have a similar model that I use only as a wireless AP because the signal strength is superb.
Yep, interestingly enough, while I had it as my primary router, I had no issues with wifi signal in my 200sqm house.
Awesome video, and the fact that you were cautious about not damaging the ISP equipment on the other side, shows how awesome knowledgeable you are about this. Great stuff! Greetings from Porto!
Thank you mate! Much love from Slovenia! ♥️
Well done, Tomaž! Merry Christmas
Do you know if there is an XGS-PON model available? Same scenario, but multi-gigabit speeds.
No idea, maybe check the fs.com website?
I had noticed SFP ports seem to have their own IP addresses, but hadn't considered using SSH to get into them.
luckly i live in the netherlands where there are forced to open up the internet so i can use my own pfsense router
Please do a more detailed version of how you managed to connect the SFP module to the FRITZ!Box, I bought the same module for my FRITZ!Box 5590 but it does not recognize it
Great work, I'd like to get rid of my router too (Portugal). But I just went the easy route (pun intended): I connected my desired router to the ISP router and everything goes through my main router before hitting the ISP one. The only issue is with IPTV, I periodically have to turn on/off IGMP Snooping v3.
Why isn't connecting your router to the ISP's enough for you? (Genuine Question)
In the uk virgin media you are forced to put there router into modem mode to use your own router its impossible to use a 3rd party router without using it in modem mode because of the way how they activate the router on the docsis cable line so even if u used a different official virgin media router if it isnt activated on your line it wont work maybe u could spoof a different router with the same mac address etc idk
You can always add your own router you control after the ISP router, and all your devices attach to your router. Not as elegant, but this does t require reverse envineering the ISP router and doesn't violate any of the terms and conditions.
Some activities like online gaming balk at the double NAT or added difficulty opening inbound channels. But it works fine for most people, and this is basically what I do. I left my one IoT device (the photovoltaic panel monitor) on the ISP's router, and have everything else behind mine. That way the company monitoring the solar array can't see into my network.
Sick video, which company is your ISP? As a slovenian aswell, im using telemach and I didn't really have this problem
Telekom.
@@tomazzaman Ah pove velik
amazing work man ! i just found your channel ! great job Tomaz !
Thanks a lot!
i would have never imagined that those transceiver modules would have their own operating system, how bizarre
Same. They're easy to tell apart though. The ones with SoC have a much bigger "outer" part, the one that sticks out of the switch when plugged in.
ISPs locking you to thier shit routers should be ilegal. Here in Sweden you can use whatever you want. When you get Fiber you usually get a Fiber converter that just is a like a switch. Fiber in. Ethernet out. Then you connect whatever router you want. Many ISPs give you a router but you dont have to use it.
Agreed. I mean, I understand the majority of customers just needs it to work, but I still hate it that power users are forced to use this stuff.
With my old isp, if you took their equipment you never saw anywhere near your advertised suggested speeds and the router they generally gave was called the trash can due to its shape( and better off used as one). One day I had enough and bought the same exact modem and a decent router and like magic, I suddenly a 2-3x uplift in performance(whatever that was worth with dsl). This also saved money both in yearly equipment costs and randomly per month 5-10$ suddenly dissapeared off the energy bill.
Any reason why you weren’t safe behind a security gateway connected to the isp device?
We can just tag vlan 4 for tv and 6 for internet on the wan port and have our own router. we can even replace the XGS-PON receiver with something else if we want to but the SFP modules are really expensive (like 200+ and not known if they work or not).
Unfortunately, for a reason unknown to me, my ISP doesn't disclose their VLANs. I had to look for them on my own. You're lucky to have a very flexible ISP!
At least in Germany it is a law to enable users to have theyre own router.
I use a Sophos SG115 as my FW with UTM9 only the ONT is still from the ISP.
As someone who previously worked for a service provider I tried to help people set up their own routers all the time, but it can be such a pain since our side we did things like RADIUS and provisioning via the SN/MAC. Thankfully in the US it's very common to have an ONT, gl replacing that, so I could almost always get whatever router they wanted working with our system. ISPs really like having their own equipment though since it allows them to do all sorts of helpful things, but also so they can try to value add with services like being able to fix an issue by going to their site and auto-resolving it. Thankfully in the US there's a lot of laws in place that allows the consumer to use their own equipment.
Yeah, I completely understand why ISPs very much prefer using their own equipment and I support that. What I hate is that I was *forced* into it and not given a choice.
When my service was upgraded to a much higher data rate from what I was given a new router. I don't like that the built-in web server lets me do so little compared to the previous one I used. The new one forces you to go to the ISPs own website to configure advanced features such as port forwarding and setting up any firewall rules. It also has a fan that runs all the time even when the box isn't passing any traffic.
Awesome, congratulations - I like this spirit of going against what someone tells you it isn't possible!
You also managed to do a short but informative video!
Greetings from Switzerland
Thank you! Greetings from Slovenia! 🙌
You could have avoided the need to buy a new SFP module by installing the UDM Boot Script which allows you to have custom scripts run on startup.
Yeah, but then I'd need to make sure the device with the Boot Script was always online, properly configured, etc. Easier with SFP module, just works. Always.
Also, recent major version UnifiOS releases have changed a lot of things, including breaking older versions of boot scripts and services.
Wouldn't it have been better to use your ISP router as a DMZ gateway and put it behind your own router of which you could fully control?
Maybe if you want to waste power. With average german energy cost it's ~3.24 euros per watt per year to run something 24/7/365.
Wow that's 0.37/kw/hr! Here in the USA I pay. 0.11-0.13/kw/hr
Very nice! I have done the same on ATT fiber bypassing the BGW-320 with the built in ONT. I had 2 options, get my own ONT, or my own SFP module, and I opted for my own ONT. I did have to have ATT upgrade my connection from GPON to XGS-PON but it was 100% worth it because it future proofed my setup and I had the option of getting 5gbps f/d.
Damn, 5gbps is next level. You're living the the future! :D
Honestly one of the biggest pet peeves when dealing with ISPs is their crappy proprietary boxes. It makes me love the ISPs that just give you an ethernet only box because they only worry about giving you the connection and you get full control of your homes network with whatever router or switch you want.