PLDT Boosteven R281 (Band Locking)

[oblivion85]

Add ko lang tong app na "MobaXterm" pang Windows. Meron din cguro pang Linux neto.
Mas madali nyo maeedit mga files sa modem nyo via ssh or telnet sa 192.168.1.1

View attachment 1619665

vim all the way! ehehe.

 

[kulapow10101]

vim all the way! ehehe.

hehe, Mobax all the way

 

[gallium8]

I did some research on openwrt on 192.168.1.1
So what is known at the moment:
Router R281 consists of two devices:
1.Router on a MediaTek MT7621A chip (available at 192.168.1.1)
2. LTE modem on the Marvell pxa1826 chip (it was previously available at 192.168.8.1 when connected via USB via RNDIS connection)

Router and modem have two independent firmware based on different OpenWRT
At the moment, we only have access to the firmware of the router. This is P28PLDT_AP_R281_V004.2 firmware based on Openwrt version 15.05 (chaos calmer) for MT7621
You do not have permission to view the full content of this post. Log in or register now.
PLDT adds various opkg packages that are unavailable in the standard openwrt repository. These packages allow some access and information to be obtained from the Marvel lte modem, which is plugged into the router as an RNDIS USB device. In the router, this modem use eth1 interface

To disable the ota, fota, tr069 services, the method of changing the /etc/init.d/services.init file works. Thanks L E N A R

We can also customize opkg and install any other packages like UI luci, htop, tftp and many more

If you really want to, you can build a new openwrt firmware and reflash the router, but there is not much point in this.

We can send AT commands to the lte modem this allows band lock, cell lock, disable and enable bands.

However, we do not have direct access to the marvel lte modem

LTE Marvel modem has the address 192.168.8.1 however after updating to P28M26HAPLDT_CP_R281_V002.2 is no longer available, has only one open port 53 (DNS)

The lte modem uses a different openwrt firmware based on version 14.07 (Barrier Bracker) for the PXA1826
This firmware has its own additional modules for modem control. In addition, the tr069 and ota services are running there. It is also possible that automatic updates are configured there (fota service)

Therefore, now we need to focus on getting access to the lte modem via 192.168.8.1, otherwise there is a possibility that the modem will be updated in the near future and we will lose the ability to execute AT commands from the router, which means that again goodbye band locking
Having gained access to 192.168.8.1, it will be possible to openline and permanently disable automatic updates and remote control
Probably worth investigating all additional packages that are installed in 192.168.1.1 and through some of them e
there is a possibility to get access to the lte modem or disable the firewall on the modem

When my R281 is still in software version 4.0, baseband version 2.1, I disabled tr069 and ota thru the /etc/config directory, I even change the username and password inside the tr069 file, I also comment out the tr069 and ota inside services.init. My access then was thru 192.168.8.1(thanks to EugeneKey), but still my modem was updated to software version 4.1, baseband version 2.2. Why was it updated? maybe because I only disabled the baseband update, but when the software was updated it also updates the baseband version. After the update the settings that I made in tr069 was unchanged. This could mean that we may need to have access to services.init on both router(192.168.1.1) and the modem(192.168.8.1) to completely disable the updates.
Right now I'm still on software version 4.1, baseband version 2.2, since I now have ssh access to 192.168.1.1(thanks to Lenar, yes your ssh access method works in software version 4.1), I again disabled tr069 and ota thru services.init. As of now my modem is still in software version 4.1. I now have a backup of my firmware, thru 192.168.1.1 but this could only be the router backup and not the modem backup.

 

[H4wk3ye]

Edit na lahat ng kayang i edit walang hiyang PLDT ayaw niya ipagamit product niya.

 

[kulapow10101]

haha. Salamat sa thread na ito at sa mga masters . Sana gumana ang mga formula at hindi na magupdate pa si R281. Sarap magownload lalo na sa madalling araw. Nakakapanood narin ng 4K videos sa YøùTùbé ng walang buffering.

 

[Xpmove12]

Edit na lahat ng kayang i edit walang hiyang PLDT ayaw niya ipagamit product niya.

View attachment 1619875View attachment 1619876View attachment 1619877

Uu nga Lods, Dapat hinahayaan nalang Nila, meron na Clang 5G at Fiber. Yung 4GLte pa pinag-iinitan nila, Lalakas lang naman Lte naka lockband pag malapit sa Cellsite. Yung medyo malalau. Na wala antenna, Mabagal pa rin kahit naka bandlocking

Ok yung pldt fiberlines na pang Goverment, yung kulay Black na Box. Inde masyado Mataas Download Speed pero malakas ang Upload Speed
Plan 1299 +200php Speedboost hidden charged

 

[ganglenn21]

 

[L E N A R]

Edit na lahat ng kayang i edit walang hiyang PLDT ayaw niya ipagamit product niya.

View attachment 1619875View attachment 1619876View attachment 1619877

damay nyo na rin ito
/etc/default.prop

 

[EugeneKey]

When my R281 is still in software version 4.0, baseband version 2.1, I disabled tr069 and ota thru the /etc/config directory, I even change the username and password inside the tr069 file, I also comment out the tr069 and ota inside services.init. My access then was thru 192.168.8.1(thanks to EugeneKey), but still my modem was updated to software version 4.1, baseband version 2.2.

This is actually good news.
This indicates that the software (router) and baseband (lte modem) firmware update comes from openwrt on router (192.168.1.1)
Now, thanks to L E N A R, we have full ssh access to 192.168.1.1, we can disable tr069, ota and fota services and modem and router will no longer be updated.

To disable OTA, FOTA, TR069 edit /etc/init.d/services.init

comment 3 strings just add # or remove it:

#start_instance 0 "ota" "${PATH_UBIN}"
#start_instance 1 "tr069" "${PATH_UBIN}"**
#add_auto_fota_task**

reboot

check crontab:
cat /etc/crontabs/root
you shouldn't see this line: 0,30 0,1,2 * * * ubus call ota fota_upgrade_trigger_new
also check running process via top or ps you shouldn't see running tr069 or ota service

About Openline
This is the AT command to make Openline - AT+CLCK="PN",0,123456,16
I don't have a SIM card to check, but I got an OK response
I don't know how to send this command via ubus but we can send this command directly to lte router:

echo 'AT+CLCK="PN",0,123456,16' > /dev/ttyACM0
reboot

 

[H4wk3ye]

Ulitin ko mamaya parang may mali ako LOL

 

[Toa]

This is actually good news.
This indicates that the software (router) and baseband (lte modem) firmware update comes from openwrt on router (192.168.1.1)
Now, thanks to L E N A R, we have full ssh access to 192.168.1.1, we can disable tr069, ota and fota services and modem and router will no longer be updated.

To disable OTA, FOTA, TR069 edit /etc/init.d/services.init

comment 3 strings just add # or remove it:

#start_instance 0 "ota" "${PATH_UBIN}"
#start_instance 1 "tr069" "${PATH_UBIN}"**
#add_auto_fota_task**

reboot

check crontab:
cat /etc/crontabs/root
you shouldn't see this line: 0,30 0,1,2 * * * ubus call ota fota_upgrade_trigger_new
also check running process via top or ps you shouldn't see running tr069 or ota service

About Openline
This is the AT command to make Openline - AT+CLCK="PN",0,123456,16
I don't have a SIM card to check, but I got an OK response
I don't know how to send this command via ubus but we can send this command directly to lte router:

echo 'AT+CLCK="PN",0,123456,16' > /dev/ttyACM0
reboot

oks na ba yan paps? sa openline naman yung echo command walang return ng ok sakin. triny ko din sa ubus tsaka nginx error lang parehas

 

[kulapow10101]

This is actually good news.
This indicates that the software (router) and baseband (lte modem) firmware update comes from openwrt on router (192.168.1.1)
Now, thanks to L E N A R, we have full ssh access to 192.168.1.1, we can disable tr069, ota and fota services and modem and router will no longer be updated.

To disable OTA, FOTA, TR069 edit /etc/init.d/services.init

comment 3 strings just add # or remove it:

#start_instance 0 "ota" "${PATH_UBIN}"
#start_instance 1 "tr069" "${PATH_UBIN}"**
#add_auto_fota_task**

reboot

check crontab:
cat /etc/crontabs/root
you shouldn't see this line: 0,30 0,1,2 * * * ubus call ota fota_upgrade_trigger_new
also check running process via top or ps you shouldn't see running tr069 or ota service

About Openline
This is the AT command to make Openline - AT+CLCK="PN",0,123456,16
I don't have a SIM card to check, but I got an OK response
I don't know how to send this command via ubus but we can send this command directly to lte router:

echo 'AT+CLCK="PN",0,123456,16' > /dev/ttyACM0
reboot

Salamt lods, pero yung code pang Openline, di sya working. I tried it on Globe sim, pero "Invalid Sim" nakalagay.

 

[Toa]

Salamt lods, pero yung code pang Openline, di sya working. I tried it on Globe sim, pero "Invalid Sim" nakalagay.

View attachment 1620117

andun talaga sa kabila yung control ng mep. pa try naman neto lods AT*MRD_MEP=D

 

[EugeneKey]

View attachment 1620112
oks na ba yan paps? sa openline naman yung echo command walang return ng ok sakin. triny ko din sa ubus tsaka nginx error lang parehas

With echo you cannot get any answer, "echo >" just send command to device, but cannot get answer.
Ubus and nginx get error, since command have ""
You should insert locked simcard, send this command via echo and then reboot device. And then check is it work or not.
If you still need to get answer from modem, you can install minicom via opkg, and use it to connect to ttyACM0 as serial port. Instruction how to do this you can find in internet.

 

[sanson]

thanks bossing working sa r281 ko. Sana d i upload sa YøùTùbé ng d maupdate ni Smart.

 

[kulapow10101]

andun talaga sa kabila yung control ng mep. pa try naman neto lods AT*MRD_MEP=D

San yun kabila lods? Pang openline din ba yang command na yan?

 

[H4wk3ye]

Thanks Master EugeneKey at Master LENAR.

 

[sherree]

Ulitin ko mamaya parang may mali ako LOL

View attachment 1620098View attachment 1620103

Ganito din akin pag tapos ko edit. May nahanap ka solution sir?salamat

 

[Isot0p3]

Sana po may makapag post ng mga steps po pano yung sa telnet/ pag disable auto update. Pra saming mga slow.

 

[nasb]

try mo nga to H4wk3ye
baka may makita kang kakaiba

boss pwede pa-repost to? salamat