User comments on ISPs
  >> EE (Everything Everywhere) and Orange


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread
Standard User XRaySpeX
(eat-sleep-adslguide) Sat 01-Feb-14 01:00:00
Print Post

Does BrightBox Remember your Credentials after Factory Reset


[link to this post]
 
It has been suggested here: http://forums.thinkbroadband.com/freeserve/t/4297744... that the BrightBox remembers the original user's ISP Username and Password even after a Factory Reset, so that it would be unwise to sell it on when no longer needed, e.g. on eBay. Indeed the contention is that the user's ISP Username and Password are 'baked' into the device.

Well, I have carried what I believe are exhaustive tests using 2 BrightBox 1's, one an older Orange-badged BrightBox 1 that I have been using for years and the other a brand-new EE-badged BrightBox 1 that had never connected to the Net from here. Both: Runtime Code Version: v0.09.94.0006-OT (Fri Sep 21 03:00:26 2012).

I carried out numerous Factory Resets, both hard and soft, after setting my credentials in the BrightBox. As long as the BrightBox remains unconnected to the user's BB line, as it would be in someone else's home, then the only credentials you can see are the factory settings of ISP Username = readytoconnect@fs and ISP Password = mistyview. Once it is connected to the BB line, within a few seconds the Remote Configuration (TR-069) by EE, recognising the line, will reinstate the user's credentials. This, I believe, is what's happening to the posters in the other thread finding their credentials returning.

Once the BrightBox has been Factory Reset, the only ways to get the user's credential back is either Restore settings from a saved backup or setting them manually or connecting for a few seconds to an EE BB line and allow Remote Configuration to do its thing. Otherwise the factory settings of readytoconnect@fs / mistyview remain. Should a future buyer of a Factory Reset BrightBox ever connect it to his BB line then either:
  • If he is not on EE BB, it will sync but nothing will change and it won't connect cuz the ISP Username can only end in '@fs', or
  • If he is on EE BB, it will connect to EE who will Remote Configure the new owner's credentials based on the new owner's phone no.
Logically, the original suggestion of the user's credentials being 'baked' into the BrightBox can only be true if EE were to hard-code them before the BrightBox is dispatched. Then nobody but the original user would be able to use it. But this is refuted by the constant return of readytoconnect@fs / mistyview when Factory Reset.

There were some interesting differences of behaviour between the 2 BrightBoxes when subjected to the http://192.168.1.1/cgi/cgi_wan_eth.js script (ISP user credentials) discovered by ScottHelme :
  • On the new router the ISP user credentials were always the readytoconnect@fs / mistyview pair regardless of whether it was factory or user settings.
  • On the old router the ISP user credentials were only the readytoconnect@fs / mistyview pair when it was factory reset but,
  • On the old router the ISP user credentials were both empty when it was user set, surprisingly.
Also the script also always showed the MTU = 1492 even when I had set it to 1500 as usual.

Mind you this script behaviour may only hold for ADSL not Fibre. Its name implies it is for Ethernet WAN whereas for ADSL you'd want DSL WAN. A Fibre EE user has confirmed that the script does return his true credentials.

Note: The above script does not run under IE; I used FireFox.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User vimto_girl
(member) Sat 01-Feb-14 06:08:44
Print Post

Re: Does BrightBox Remember your Credentials after Factory R


[re: XRaySpeX] [link to this post]
 
The 'readytoconnect' login authenticates an internal session, it's the ACS credentials which are 'baked' and paired to the broadband account settings.

Edited by vimto_girl (Sat 01-Feb-14 06:09:14)

Standard User XRaySpeX
(eat-sleep-adslguide) Sat 01-Feb-14 10:43:48
Print Post

Re: Does BrightBox Remember your Credentials after Factory R


[re: vimto_girl] [link to this post]
 
ACS?
In reply to a post by vimto_girl:
the ACS credentials which are 'baked' and paired to the broadband account settings.
So, if they are paired then the next owner of the router, if an EE user, will connect to EE as the original owner? Isn't the phone # checked at all?

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC


Register (or login) on our website and you will not see this ad.

Standard User ScottHelme
(newbie) Sat 01-Feb-14 14:05:03
Print Post

Re: Does BrightBox Remember your Credentials after Factory R


[re: XRaySpeX] [link to this post]
 
Hi Ray,

After some further investigation it would seem that you are correct.

If you disconnect the BrightBox from the modem and *then* perform the factory reset, it will indeed revert to the generic credentials. The config update performed via TR-069 happens so quickly that by the time the web UI is responsive, or I can access the device via the serial port, the credentials have already been retrieved. This is what was giving the impression that they were pre-existing upon device boot.

The only way to safely prepare the BrightBox for sale would be to disconnect all network cables from the device, factory reset and then not connect it to the network again prior to sale so it doesn't update with your credentials.

I'm curious at this point about what EE use to update the devices via TR-069. When supplying me with the firmware patch to update my router for testing, the only information they asked me for was the serial number of the device. Given that I can flash a new serial to the device over the serial port, I hope there's more to it than that.

Scott.

------------------------------------------------------
Catch me on my blog https://scotthelme.co.uk
Standard User XRaySpeX
(eat-sleep-adslguide) Sat 01-Feb-14 14:09:49
Print Post

Re: Does BrightBox Remember your Creds after Factory Reset?


[re: ScottHelme] [link to this post]
 
Thanks smile. And for all your help.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User Oliver341
(eat-sleep-adslguide) Sat 01-Feb-14 14:10:52
Print Post

Re: Does BrightBox Remember your Credentials after Factory R


[re: ScottHelme] [link to this post]
 
In reply to a post by ScottHelme:
The config update performed via TR-069 happens so quickly that by the time the web UI is responsive, or I can access the device via the serial port, the credentials have already been retrieved. This is what was giving the impression that they were pre-existing upon device boot.

Previously you said:

In reply to a post by ScottHelme:
If I put in a wrong password, then factory reset with the long button hold, the password comes back along with resetting all other settings like WiFi SSIDs etc... My router isn't connected to the web, just my test machine so there is no communication externally.

So the router must in fact have been connected to the web?

Oliver.
Standard User ScottHelme
(newbie) Sat 01-Feb-14 14:23:21
Print Post

Re: Does BrightBox Remember your Credentials after Factory R


[re: Oliver341] [link to this post]
 
Hi Oli,

Yes you are indeed correct. Sometimes it's best not to do these kind of things late at night with a beer and a snakes nest of wires down the back of your desk wink It seems I was mistaken.

The router must have been getting network connectivity from somewhere or been connected to the modem still. By the time I could access the device, it had already updated and appeared to have retained the credentials, hence my concern. I would edit the post, but I think everyone is now aware that there isn't a problem so it can stay as it is.

Scott.

------------------------------------------------------
Catch me on my blog https://scotthelme.co.uk
Standard User XRaySpeX
(eat-sleep-adslguide) Sat 01-Feb-14 14:32:28
Print Post

Re: Does BrightBox Remember your Credentials after Factory R


[re: ScottHelme] [link to this post]
 
Still harping on that quote of yours. Why do you say:
In reply to a post by ScottHelme:
factory reset with the long button hold
Shouldn't it just be for 8-10 secs? Doesn't a long hold trigger a firmware flash? Or was that in conjunction with a Power ON?

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User ScottHelme
(newbie) Sat 01-Feb-14 14:38:35
Print Post

Re: Does BrightBox Remember your Credentials after Factory R


[re: XRaySpeX] [link to this post]
 
I was under the impression you just hold for 30 seconds and then the LED lights for the network ports do the 'Knight Rider' thing once you release. When the device boots, it's a clean config (or update via TR-069 if you have connectivity).

------------------------------------------------------
Catch me on my blog https://scotthelme.co.uk
Standard User ScottHelme
(newbie) Sat 01-Feb-14 14:39:14
Print Post

Re: Does BrightBox Remember your Credentials after Factory R


[re: XRaySpeX] [link to this post]
 
Isn't 8-10 seconds just to force a reboot?

------------------------------------------------------
Catch me on my blog https://scotthelme.co.uk
Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread

Jump to