This folder contains everything you need to unlock a BT Homehub V2 Type A ========================================================================= The first thing you need

to know is the version of software on the router. This procedure is know to work with many versions less than 8.1.H.J - it may be that BT/Thomson may disable this method in the future. The version is shown on the web interface of the router. The basic procedure is to get a Linux command line prompt on the router, then to pivot-root off the main filesystem onto a ram based filesystem, then to overwri te portions of the flash with new firmware. What does the unlocked firmware do? =================================== 1. It allows you to use the router with any ADSL internet supplier. 2. It enables telnet access to the Thomson CLI for advanced configuration (via 1 92.168.1.254:23) 3. It enables ftp access to the /dl folder n the router. 4. It enables telnet access to linux command prompt. 5. It creates ~6mbytes of usable rw filesystem, and inserts 3 scripts which can be used to run extra stuff at startup. (this replaces the previously ro \extfs partition). Step 1: get a linux command prompt ================================== To get a linux command prompt, we use a squashfs filesystem on a USB stick conta ining a link to the root of the main filesystem. The router exposes the USB sti ck as a samba (CIFS) file share, and hence we can change writable parts. You will need a usb stick (small old one). We will overwrite everything on the stick! DiskImage_1_6_WinAll.exe Insert your stick into your windows machine. Run DiskImage as administrator. Select the physical disk representing the stick. BE CAREFUL - YOU COULD DESTROY YOUR WINDOWS HD! Select 'sysroot.sqsh' hit start. It should complete very quickly. Detach from you normal internet connection, and ensure your machine will DHCP fr om wire ethernet. Cable your ethernet to the BT Homehub V2 Type A. Check your router version by pointing your internet browser at http://192.168.1. 254 and look at the bottom of the screen. Insert the USB stick into the Homehub In Windows Explorer, go to \\192.168.1.253 You should get 'Disk_a' appear. Go to \\192.168.1.254\Disk_a\sys\rw\dl\ paste in utelnetd browse to \\192.168.1.254\Disk_a\sys\rw\etc\ rename smb.conf to _smb.conf; copy and rename the copy back to smd.conf edit smb.conf (I use EditPadLite) add root preexec = /rw/dl/utelnetd -p 4002 -l /bin/sh -d to the end of the file.

Change [Disk_a] to [Disk_yyy] browse to \\192.168.1.253\Disk_yyy now the router will have launched utelnetd in the background on port 4002 telnet to 192.168.1.253 port 4002 (I use ttermpro, but telnet from windows comma nd line will work fine 'telnet 192.168.1.253 4002'). You will have a linus command prompt now.

Step 2: Changing the firmware ============================= Take another USB stick, and copy the v2reflash folder onto it. If you have 8.1.H.J, copy 8.1.h.j.rootfs.btsimonhV1.sq into the folder on the st ick If you have any other version, copy 8.1.h.j.allfrom40000.btsimonhV1.bin into the folder on the stick remove the first stick, insert the second. at the linux prompt type mount to see the mounts. you should see /dev/sda1 on /var/usbmount/sda1 type vfat (rw,sync,noatime,nodiratime,fmask=0000 ,dmask=0000) in linux, type cd /var/usbmount/sda1/v2reflash then ls -l you should see all the files from the folder, including your chosen binary image : type ./startpivot this will create a new root directory, and finally pivot-root onto it. Telnet will disconnect - this is normal! from your windows machine, telnet to 192.168.1.253 4003 at the new prompt, type unmount this will unmount all the remaining mount points. if you are flashing 8.1.h.j.rootfs.btsimonhV1.sq then type flash_rootfsnew it takes 30 seconds or so then type

flash_createextended if you are flashing 8.1.h.j.allfrom40000.btsimonhV1.bin then type flash_allfrom40000 Examining your new firmware: ============================ use 'mount' to understand the mounted filsystems. use 'cat /proc/mtd' to see the mt partitions available. Be aware that the parti tion 'extfs' is a virtual mtd block within 'extended', and we've used the whole of 'extended' for jffs2 now on the /extfs mount point, so don't mess with the 'e xtfs' mtd entry!. /rw is a small mounted jffs2 filesystem /extfs is now a ~6Mbyte jffs2 filesystem /extfs/etc contains 3 scripts which can be used to run things at boot. /extfs/etc/startup.sh is run at the time /extfs is mounted. /extfs/etc/first.sh is run by /etc/rc.1/S01first - the first thing run after rcS /extfs/etc/finally.sh is run by /etc/rc.1/S99finally - the last thing run during startup /extfs/usr/bin is in the path... Of note is if /extfs/archive exists, linuxappl will be launched referencing this rather than the /archive location (see /etc/init.d/linuxappl script). Be caref ul, as so far all I've managed to do is get a dead router, only recoverable by j tag. Also of note is that /dl/ gets a file written to it called usbpresent or usbabse nt. Test this works for you, and you could use this to boot with or without mod ifications as required (to avoid the above 'dead router' scenario). Modifying the new firmware: =========================== If the scripts above are not enough to do what you want to do, then x86 linux to ols are provided to modify the squashfs; x86LinuxTools\btv2squashfs.zip contains source and linux x86 executables to unsq uash and resquash the fs x86LinuxTools\thomunpack.zip contains source for utilities to open and re-wrap t he thomson archive (web gui, config, etc). Only do this on a linux filesystem a s the thomson is case sensitive... Credits: ======== Thanks goes to: psidoc at www.psidoc.com for unlocking the firmware surrealiz3 at forums.modem-help.co.uk for getting telnet access to linux without jtag (inspired) sleepdeprived at www.psidoc.com for progressing the work on the HH V2 m5ajp at www.psidoc.com for the thomson archive unpack/repack source code alex at forums.modem-help.co.uk for his support and advice and a host of others without whom we'd not have got this far this quickly.