ATT Uverse RG Bypass (0.2 BTC)
-
@aus why did you take down the pfatt github repo?
-
I was wondering the same thing. I was getting ready to do it when I couldnt find the repo anymore. :(
-
Lets hope someone who still has the recent scripts can make them available.
-
@ikkuranus
I came here wondering the same thing. Was just about to try it.. It looks like there's a clone here, but is outdated according to the internet archive..Edit: Maybe just use this repo
https://github.com/0xC0ncord/pfatt -
It turns out that I have a clone from 04/19/2020 so looks like I am good to go. I would like to know what happen though...
-
@GPz1100 Do you need the scripts?
-
@AiC0315 I need them too please
-
@hfrazier since this was a public repo, do we know which is the new parent where future work should go? If he deleted/made private, there should have been a split and all the forks should have gotten reparented.
edit: looks like MonkWho is the new parent repo, based on the graph. Here's all the most recent updates for anyone who needs them https://github.com/MonkWho/pfatt/network
-
@andrewpdupuis Ah, thanks! I had found that repo just wasn't sure if it was the latest.
-
This post is deleted! -
@hfrazier Looks like the latest fork from that is found at https://github.com/neclimdul/pfatt
-
Does anyone have the zip of https://github.com/aus/pfatt/tree/supplicant ?
-
I decided to check if there were any changes to pfatt last week and found out that original is now gone and my fork became a new parent. No idea how or why.
I will maintain it to the best of my abilities. I pulled some requests and done some commits to clean things up. Screwed up a little when I was uploading the supplicant branch but got it all fixed up now. I also separated OPNsense specific script into it's own file for clarity. So currently https://github.com/MonkWho/pfatt contains the latest files.
@GPz1100 said in ATT Uverse RG Bypass (0.2 BTC):
Does anyone have the zip of https://github.com/aus/pfatt/tree/supplicant ?
A copy of it is here - https://github.com/MonkWho/pfatt/tree/supplicant. It contains most recent files. Unfortunatly this branch was not there when I originally created my fork so I had to semi-manually recreate it from a backup I had locally.
-
@MonkWho I just want to say thank you for carrying the torch. I just recently discovered this whole workaround thing - was getting discouraged trying to find a way to build the netgraph for my SG3100 - then found out it is included with pfsense now. Except on 2.4.5, the ng_etf package is missing! lol
https://redmine.pfsense.org/issues/10463
So now I must wait until 2.4.5-p1 release to be able to set this all up. Anyways, thank you for carrying on the work @aus started.
-
@glio Maybe I am missing something, I am running 2.4.5 with the supplicant bypass. I did install it on an earlier version.
-
@AiC0315 The EAP proxy is not available without ng_etf being present. I've not previously set up this stuff on earlier versions so maybe that's the difference.
-
I've heard people being able to use the supplicant mode without netgraph if they used a switch or bypass switch between pfSense and the ONT. Can anyone confirm and what model switch did you use?
I tried this on my new physical firewall with a DGS-1005G and had no luck. Any one?
-
So based on what I'm reading over the past 2+ years pfsense still requires netgraph in order to work with the 802.1x certificates?
Also of note, someone on Reddit found a downgrade loophole for the BGW210-700 which allows root access. So you can extract the 802.1x certificates and disable the auto-updates to the gateway.
Reddit post:
https://www.reddit.com/r/ATT/comments/g59rwm/bgw210700_root_exploitbypass/Pastebin with steps to perform:
https://pastebin.com/SUGLTfv4 -
This post is deleted! -
Is this expected behavior?
Running the netgraph bypass as documented at https://github.com/MonkWho/pfatt . No LANs have been routed to ngeth0 just yet.
I get about about one packet every two-three minutes from the RG: tcpdump -ei em4
10:06:30.887851 f8:2d:c0:yy:yy:yy (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 424: vlan 0, p 3, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from f8:2d:c0:yy:yy:yy (oui Unknown), length 378And I get about 100 per minute from the ONT: tcpdump -ei em5
09:59:03.144906 a0:f3:e4:59:27:94 (oui Unknown) > f8:2d:c0:yy:yy:yy (oui Unknown), ethertype 802.1Q (0x8100), length 60: vlan 0, p 0, ethertype IPv4, 162-224-176-1.lightspeed.stlsmo.sbcglobal.net > zzz-zzz-179-129.lightspeed.stlsmo.sbcglobal.net: ICMP echo reply, id 30739, seq 4885, length 8- $RG_IF = em4
- $ONT_IF = em5
- f8:2d:c0:yy:yy:yy / zzz-zzz-179-129.lightspeed.stlsmo.sbcglobal.net = my RG
- a0:f3:e4:59:27:94 / 162-224-176-1.lightspeed.stlsmo.sbcglobal.net = ATT
