May 6, 2009

Breaking the ISP shackles on Huawei SmartAX MT 882

Filed under: Blog — krkhan @ 10:56 am

What does an ISP do when it needs to sell a customized router? Well, if they’re smart, they go for a Chinese product; re-brand it as their own, slap stupid restrictions on it and then shove the whole thing down the customers’ throats.

Last year, when I came to Saudi Arabia on vacation, I got ADSL installed on my phone-line. As mentioned above, a Huawei SmartAX MT 882 was provided by the ISP. Interestingly, it came not only with a re-branded appearance, but also with a customized firmware which purged all Huawei logos and references from the administration interface. As a side note, switching from a Linksys WAG200G (which I had back in Pakistan) to the Huawei thing was more or less like transitioning from GIMP/Photoshop to MS Paint. For example, even though I had UPnP enabled on the goddamned Chinese weapon, it never worked. Leaving me no alternative but to forward the ports manually.

Back to the topic, the device worked halfway decently. That is, until I came back during these vacations and bought the ADSL service from a different ISP. As soon as I popped up the configuration interface to type in the ADSL credentials, I was hit with this:

Huawei SmartAX MT882 Configuration Interface

See any issues? The username is already tied to the older ISP. My new username is something like “[a-number-I-can't-remember]“. The configuration interface only allows me to type in the [number-I-can't-remember] part, effectively allowing usernames only of the format: “[a-number-I-can't-remember]“. Because of the old ISP’s stupid attempt at monopolizing sales, I apparently needed to buy another router to work with the new username.

Hell, no. If I had actually went ahead and bought another router for this reason alone, I might’ve as well stopped calling myself a geek. Looking for a fix, the first thought that naturally occurred to me was to try and flash the firmware. Again, firmware flashing for such crippled devices isn’t any less of a b**** either. Curiously, I opened up the source of the interface webpage. Apart from a total mess of tag-soup the likes of which I had only ever seen in FrontPage websites, I spotted this:

<input type="hidden" size="30" maxlength="63" name="pppuser" value="">
<input type="text" name="pppuser_prefix" size="20" maxlength="35" value="51252403762">
@<input type="text" name="rate" size="5" maxlength="15" value="1024">

Er.. a hidden input field that basically contains the whole username. What for? I had and still have no idea. Nevertheless, it gave me a clue that the "" part is not hard-coded in the customized firmware. That is, if I could only manage to somehow input the new username unmodified in the router, it should still work.


  • Backup the router configuration.
  • Open it in a text editor.
  • Search for the username.
  • Change it.
  • Save the file and “restore” it through the administrative interface.
  • Restart the device, and stick a middle finger to the monopolizing ISP’s.
  • Pat yourself on the back for being the William Wallace of home internet gateways.
Tags: , , , , , , , , , , , , ,