Hg658b: Firmware

This paper argues that the HG658b firmware is not merely software, but a of telecom history, revealing how security, obsolescence, and corporate indifference intersect.

1. Introduction: The Router That Refused to Die The Huawei HG658b is not a celebrated piece of technology. Released in the early 2010s, it was a mundane ADSL2+/VDSL gateway—a plastic rectangle issued by ISPs like Vodafone Germany, TalkTalk, and T-Com. To most, it is e-waste. To a firmware reverse engineer, it is a chimera : a bizarre hybrid of a 2008 Linux 2.6 kernel, proprietary Broadcom traffic management, and a web interface that feels like Windows 95.

The firmware uses RSA-1024 signatures. However, the public key is stored in plaintext in the mtdblock3 partition. Worse, the verification routine ignores the signature if the filename contains "debug". Therefore, any firmware renamed debug.bin flashes successfully. This isn't a flaw—it's a deliberate allowance for field repair technicians, repurposed by hobbyists to install OpenWrt (the HG658b now runs OpenWrt 23.05 unofficially).