I was playing around with putty on our old HomeHub 4 (replaced with the HomeHub 5 - 16mbs down, 0.7mbs up). I noticed that there was an SSH server running on it, and I was wondering if anyone knows the username/password combo, potentially from previous experiences with BT kit. I'm interested as I want to see if I can drop OpenWRT on it. If no-one knows the username/password, does anyone have a copy of the firmware I can pull apart to try to identify and hardcoded passwords ,glaring vulnerabilities or even hust to find the username to try to brute force the password (slowly). I've tried to listen to the port whilst the box boots (WAN port and GigE port), but I cant find any obvious HTTP or FTP servers that it could be pulling the firmware image off. I'm going to have to resort to pulling firmware off the NAND flash chip, the Samsumg K9F1G08UOD in an fbga package. http://www.tech-blog.pl/wordpress/wp-content/uploads/2013/10/k9f1g08u0d_00.pdf . I'd rater not have to do this, as I'd have to buy a new soldering iron, solder and so on. Fortunatley there are programming pads on the board, so I'm not going to have to play desolder-the-fbga-without-incinerating-the-chip. It also uses some weired bidirectional address-data bus to output data onto a raw data bus, not some nice I2C or SPI., I'm sure it makes sense to some, but not to me. I'm also not sure how fast it outputs, and whether I could use a simple Arduino to dump the data. There are no JTAG or UART interfaces I can find either.