That's interesting. Thanks for posting it, Chris!
I wonder what chipset is in this device?
Earlier ECI models in the B-Focus range have been based on the Texas Instruments AR7 SoC which has a MIP32 core. That CPU family was sold by TI to Infineon who then spun-off it off as a separate company, Lantiq.
The CPU in the BT HomeHub3 is a Lantiq XWAY ARX-168, which is also from the AR7 family. But the ARX-168 is only an ADSL2+ solution.
If the ECI is running on a Lantiq CPU, then it would be from the ARX-200 family of VDSL2 single chip solutions.
Are there any signs on the PCB for JTAG or UART? If not, the NAND flash IC could be lifted from the PCB with a hot air rework gun.
If the B-Focus does have a MIPS core, then it is almost certainly running MIPS Linux for which British Telecom and ECI are obliged to supply source code in accordance with the conditions granted under the GNU General Public License. 
There is sub-standard security in the ECI ONT for FTTP. . Hopefully the ECI unit shipped for FTTC by BT Openreach doesn't have the same flaw:
habrahabr.ru discovered that a secure shell service is exposed on the WAN-side of the B-FOCuS O-4F2P device with a default username and password configured for every unit.
From those screenshots at , we can also see that the device is running MIPS Linux (kernel version 18.104.22.168). Making it even more likely that the ECI unit shipped by British Telecom is running MIPS Linux, too.
P.S. If you find a spare ECI B-Focus to hack, please give me a shout!
Edited by asbokid (Tue 06-Dec-11 02:36:56)