VRV9517 infodump

readme.md

Skinny/Spark/Arcadyan VRV9517/Experia Box V10a infodump

This is a guide/general infodump of things I've found while poking through the VRV9517 modem, as supplied by Spark/Skinny in New Zealand, and maybe also under other names in different countries. What you see here is the extent of what I've found, mostly concentrated on decrypting the exported config file.

Included third-party software

• Samba
• MiniUPnP
• MiniDLNA
• vsftpd

Decrypting exported config

I have created a Python script you can find here, which easily decrypts the exported config file to a .tar.gz archive. You will need the original WiFi password, which can be found on the back on the removable card that comes with the router. It requires OpenSSL to be installed. It appears most of the configuration is stored in the '.gblcfg' file, and most of the other files are dynamically generated from this.

Obtaining the firmware

The config file mentioned above contains the URL for the auto-update feature. For Skinny devices this is currently https://www.bigpipe.co.nz/assets/firmware/skinny/version.txt, which links to the latest version. Unfortunately the main image seems to be encrypted or obfuscated somehow, and I haven't had the time to go through and reverse engineer it.

Serial/SSH/Telnet

It has a Telnet server onboard that can be enabled but unfortunately requires a root password, which I don't know. Serial port can probably also be found by probing around on the board but I would imagine the same situation would occur.

Yep, there was a lot of ASUS stuff mentioned in the firmware which I thought interesting.
Lol, that article you linked above linked to another article which described what I had found. I did manage to get Telnet access (though by changing it in config then reuploading it), but if I recall correctly the Skinny router I was using had its root password set, and by that point it had begun sucking up my time. But I digress.
Try going to the /system_backup.htm page.

There's another firmware metadata file here: https://www.bigpipe.co.nz/assets/firmware/bigpipe/version.txt

Thanks. I opened the device, hooked up a serial console. I am getting some early boot stuff, like has the typical CFE (common firmware environment) HELO message and its and other 4-char messages. But it does not seem to allow itself to be interrupted, nor does it ever start to produce any proper CFE or linux text. Just a whole bunch of NULL characters.

You do not have any tips on how to apply this firmware to this completely locked device, do you?
Anyway, if no VLAN capabilities, it may not be all that useful. Pity. I have 3 of these devices for grabs, and another 2 will soon become available when they hook my neighbourhood up to fiber, and they are good WiFi transmitters, a pity to leave unused.

No, sorry. Mine allows you to upgrade with an uploaded firmware file using the Administration > Firmware Upgrade tab.

Hi

Are there any options to enable wireless bridging ? I got 2 of these. Would be useful to be able to link them up to extend range. Thanks

@fylim Did you figure this out? Or even how to extend range by having them connected via ethernet

@fylim Did you figure this out? Or even how to extend range by having them connected via ethernet

ethernet is easy hook up the fiber port of 2nd vrv9517 with a internet containing Ethernet, update WAN settings to automatic IP and disable DHCP in 2nd vrv9517, or set a different ip range for the 2nd vrv9517 , can do this with multiple vrv9517 , first one will be main , others will be extensions.

I dont know how to do wireless bridge on these.