WARNING AND DISCLAIMER
|
Use of information on this and related pages can cause irreparable
harm to your Alcatel device! There is the possibility of
corruption of the firmware, or even physical damage to the device.
THIS INFORMATION AND/OR SOFTWARE IS PROVIDED BY THE AUTHOR OF THIS
ARCHIVE ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED . IN NO EVENT SHALL
THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES ; LOSS OF USE, DATA, OR
PROFITS ; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE .
Use of this information may void your waranty. Changing the
configuration of your device may be in violation of your contract with
your service provider.
Proceed with caution.
|
The SDSC Advisory and related information
|
Here is an
executive summary of the
vulnerabilities we reported.
SDSC released a
security advisory related to the Alcatel Speed Touch
Home DSL modem on
10 April 2001. Here is the original
text version.
This was followed by a
CERT
Advisory later the same day.
Here is a
FAQ with answers to some of the questions
we've been asked.
|
Information about the Alcatel Speed Touch Home DSL modem
|
-
Patches and tools developed by Tsutomu
Shimomura to manipulate the Alcatel firmware. This includes
software to unpack and re-pack the firmware into a useable
form, an example list of which bytes to patch, and a tool for
applying patches to close the reported vulnerabilities. We do not
recommend that anyone actually apply these patches, rather one
should ask their service provider for a fix.
- A
tool
to determine the "EXPERT" mode password for an Alcatel Speed
Touch. NOTE: This applies to the specific firmware version
cited in the original advisory. It is not expected to work
with any newer firmware. Alcatel provided newer firmware to
its customers in late 2001.
- An
"nmap" of a Speed Touch Home
- the internals of a Speed Touch Home, as a
thumbnail, or
large
- the internals of a 1000 ADSL, as a
thumbnail, or
large
- Instructions for possibly recovering a
corrupted Speed Touch Home
- Some line profiles, as used by SBC-ASI.
- Example of a carrier signal-noise
graph.
|
Hints for Speed Touch power users, coming soon!!
|
|