Gandi69
ULTIMATE Member
Ok so here is quick guide for what is needed to unlock some much needed features in your ZTE MF286D that other firmware versions have but H3G decide to lock out for whatever reason
Caveat:
I'm not saying this will 100% work for you but it did for me and my ZTE286D is a "Three" branded unit but naturally I hold no responsibility if you end up bricking your device so only follow this if you are confident about the work involved. This work also invalidates any warranty you have as you need to break warranty seals to open it up.
First off make sure you have a few things to hand here to do this job:
Plastic spudgers (for mobile phone repairs are good)
Small cross head screwdriver
Soldering iron
4 steel pins (I used staple wire) but anything study will do even paperclips which ive used in the past on OpenWRT project.
PL2303 cable to usb
USB flash drive (at least 500mb to be safe)
Putty terminal software
TFTPx64 software
LAN cable
Windows based laptop or PC (you could use linux/mac but I wont cover that here)
Elisa Firmware for ZTE MF286D downloaded - link: https://mega.nz/file/vVwUkZCY#NM_XrNSVXyefKcco-d5LPcyB-_xQ2315uPau2rpec9I
Get the casing off your ZTE MF286D open using your plastic spudger tools and cross head screwdriver, the back white plastic piece pops off the other is held in with screws. Same goes for the internal board, also held in with screws. Remove board from blue casing.
Solder on your GPIO pins, 4 of them are needed and they are up near the top of the board in a line all with holes filled with solder. From the top they are 3.3v, RX, TX and Ground (RX, TX maybe be the other way round but at this stage it doesnt matter).
A small tipped soldering iron really helps here as you can heat up the holes as they are blocked with solder from the factory and you can slip in your metal pins and let the solder harder when removing the heat and it makes a nice solid connection.
Connect the Pl2303 cable to your PC/laptop via usb and look in device manager to find its COM port reference - usually COM3 or COM4. Some PL2303 cables require an old driver from 2006/8 to work so be aware of this, the supplier of the cable should provide this to you.
Open Putty and select serial, then enter COM3/4 or whatever your PL2303 is in the serial line and set the board rate at 115200. Select "Open" and the black console window will appear but be blank/empty for now.
Plug in your ZTE board to power, being careful as its unsheilded and free from its plastic housing but dont power it on just yet.
Connect your GPIO pins to your Pl2303 cable, I didnt bother with power 3.3v (red) but did connect white, green and black (black being the bottom most pin and the ground pin). You may need to swap green and white over to get a feed in putty (those pins being RX and TX)
Fire up the ZTE board using the onboard power switch. If everything is connected properly, your wiring good and the soldering in order you should see the uboot console doing its thing and then it'll boot the kernel for the OS. Pressing Enter will let you into a password-free console session once booted.
Now plug in your flash drive to the ZTE usb port (flash drive has to be pre formatted with FAT or NTFS formatting, I used NTFS)
now for reference this forum and its users are great so take a look, as it helped me a lot and we will take some of the info from there:
Make a backup of your partitions so you can restore if things go wrong.
mkdir /tmp/usb_disk
mount /dev/sda1 /tmp/usb_disk
cat /dev/mtd0 > /tmp/usb_disk/mtd0.bin
I also did to be safe:
cat /dev/mtd8 > /tmp/usb_disk/mtd8.bin
cat /dev/mtd9 > /tmp/usb_disk/mtd9.bin
Now to get where you need to for the upgrade power the zte board off and then on again and in the putty console window you'll see an option to cancel the kernel boot process in uboot by pressing escape, you have to be fast to catch this though so if you miss it power off and then try again.
Now you should be at a uboot menu and this is where we need to be and where the things I did differ slightly to the very helpful guide on the link a few lines above.
I ran this command in uboot console to erase the NAND memory on the ZTE:
nand erase 0x1800000 0x1d00000
Now, after doing this, if you reboot your ZTE it shouldn't boot at all as there is no OS for it to boot into however it should begin to look for a TFTP boot server (ip 192.0.0.1, subnet 255.0.0.0) as a fall back as this is properly how they flash them at the factory.
Power the ZTE off again here.
Now what you need to do is download a TFTP program (TFTP64 is my choice) and disable any wifi on your PC/laptop. Set the ethernet port of your laptop/pc to the ipv4 address above (192.0.0.1, subnet 255.0.0.0).
Connect a LAN cable to port 1 on the ZTE and to the ethernet port on your pc/laptop.
Find your Elisa firmware download folder and in the various subdirectories (there are many but from memory mine was in "..\UPDATE\3.Download_Filen") but if you search you will find a file called "root_uImage" and its 37888kb in size.
**NB** A user below stated that they ran into problems with this file and used a root_UImage from /Bin/UPDATE/ instead so I would recommend you use the file in the latter location**
You are best off copying or moving this to a new empty folder somewhere on your PC/laptop.
Fire up TFTPx64 and point it the folder where you just moved your root_uImage file to, then set the server interface in TFTPx64 to the LAN card your just set with the ip of 192.0.0.1.
Power on the ZTE.
All being well after a few seconds it should then find this firmware file on your TFTP server, download it and flash it to the onboard memory.
Now please be aware, you may have to quickly go into TFTPx64 after you've booted the ZTE device to reselect the LAN interface as the ethernet ports going up and down during the ZTE power on process can throw things off a little - alternatively rig up a network hub/switch to mitigate this however with a swift hand its easy to sort this out. This kind of thing is fairly commonplace when flashing routers/devices.
Once the flash process is done I found then entering the command "bootipq" at the uboot prompt in putty made the ZTE boot. It will still be using the H3G "look" but with all the features unlocked, though you may be able to just power off and on to do the same thing.
All being well, it should come up normally and the admin password will be as per factory but with all the "better" Elisa firmware style features unlocked.
To restore to factory spec you'd need to copy the mtd9.bin file from your flash drive to your PC/laptop folder location and rename it "root_uImage" and follow the TFTP steps again.
Caveat:
I'm not saying this will 100% work for you but it did for me and my ZTE286D is a "Three" branded unit but naturally I hold no responsibility if you end up bricking your device so only follow this if you are confident about the work involved. This work also invalidates any warranty you have as you need to break warranty seals to open it up.
First off make sure you have a few things to hand here to do this job:
Plastic spudgers (for mobile phone repairs are good)
Small cross head screwdriver
Soldering iron
4 steel pins (I used staple wire) but anything study will do even paperclips which ive used in the past on OpenWRT project.
PL2303 cable to usb
USB flash drive (at least 500mb to be safe)
Putty terminal software
TFTPx64 software
LAN cable
Windows based laptop or PC (you could use linux/mac but I wont cover that here)
Elisa Firmware for ZTE MF286D downloaded - link: https://mega.nz/file/vVwUkZCY#NM_XrNSVXyefKcco-d5LPcyB-_xQ2315uPau2rpec9I
Get the casing off your ZTE MF286D open using your plastic spudger tools and cross head screwdriver, the back white plastic piece pops off the other is held in with screws. Same goes for the internal board, also held in with screws. Remove board from blue casing.
Solder on your GPIO pins, 4 of them are needed and they are up near the top of the board in a line all with holes filled with solder. From the top they are 3.3v, RX, TX and Ground (RX, TX maybe be the other way round but at this stage it doesnt matter).
A small tipped soldering iron really helps here as you can heat up the holes as they are blocked with solder from the factory and you can slip in your metal pins and let the solder harder when removing the heat and it makes a nice solid connection.
Connect the Pl2303 cable to your PC/laptop via usb and look in device manager to find its COM port reference - usually COM3 or COM4. Some PL2303 cables require an old driver from 2006/8 to work so be aware of this, the supplier of the cable should provide this to you.
Open Putty and select serial, then enter COM3/4 or whatever your PL2303 is in the serial line and set the board rate at 115200. Select "Open" and the black console window will appear but be blank/empty for now.
Plug in your ZTE board to power, being careful as its unsheilded and free from its plastic housing but dont power it on just yet.
Connect your GPIO pins to your Pl2303 cable, I didnt bother with power 3.3v (red) but did connect white, green and black (black being the bottom most pin and the ground pin). You may need to swap green and white over to get a feed in putty (those pins being RX and TX)
Fire up the ZTE board using the onboard power switch. If everything is connected properly, your wiring good and the soldering in order you should see the uboot console doing its thing and then it'll boot the kernel for the OS. Pressing Enter will let you into a password-free console session once booted.
Now plug in your flash drive to the ZTE usb port (flash drive has to be pre formatted with FAT or NTFS formatting, I used NTFS)
now for reference this forum and its users are great so take a look, as it helped me a lot and we will take some of the info from there:
ZTE MF286 zmiana FW (Strona 7) — Sprzęt / Hardware — eko.one.pl
ZTE MF286 zmiana FW (Strona 7) — Sprzęt / Hardware — eko.one.pl — OpenWrt, Linux, USB, notebooki i inne ciekawe rzeczy
eko.one.pl
Make a backup of your partitions so you can restore if things go wrong.
mkdir /tmp/usb_disk
mount /dev/sda1 /tmp/usb_disk
cat /dev/mtd0 > /tmp/usb_disk/mtd0.bin
I also did to be safe:
cat /dev/mtd8 > /tmp/usb_disk/mtd8.bin
cat /dev/mtd9 > /tmp/usb_disk/mtd9.bin
Now to get where you need to for the upgrade power the zte board off and then on again and in the putty console window you'll see an option to cancel the kernel boot process in uboot by pressing escape, you have to be fast to catch this though so if you miss it power off and then try again.
Now you should be at a uboot menu and this is where we need to be and where the things I did differ slightly to the very helpful guide on the link a few lines above.
I ran this command in uboot console to erase the NAND memory on the ZTE:
nand erase 0x1800000 0x1d00000
Now, after doing this, if you reboot your ZTE it shouldn't boot at all as there is no OS for it to boot into however it should begin to look for a TFTP boot server (ip 192.0.0.1, subnet 255.0.0.0) as a fall back as this is properly how they flash them at the factory.
Power the ZTE off again here.
Now what you need to do is download a TFTP program (TFTP64 is my choice) and disable any wifi on your PC/laptop. Set the ethernet port of your laptop/pc to the ipv4 address above (192.0.0.1, subnet 255.0.0.0).
Connect a LAN cable to port 1 on the ZTE and to the ethernet port on your pc/laptop.
Find your Elisa firmware download folder and in the various subdirectories (there are many but from memory mine was in "..\UPDATE\3.Download_Filen") but if you search you will find a file called "root_uImage" and its 37888kb in size.
**NB** A user below stated that they ran into problems with this file and used a root_UImage from /Bin/UPDATE/ instead so I would recommend you use the file in the latter location**
You are best off copying or moving this to a new empty folder somewhere on your PC/laptop.
Fire up TFTPx64 and point it the folder where you just moved your root_uImage file to, then set the server interface in TFTPx64 to the LAN card your just set with the ip of 192.0.0.1.
Power on the ZTE.
All being well after a few seconds it should then find this firmware file on your TFTP server, download it and flash it to the onboard memory.
Now please be aware, you may have to quickly go into TFTPx64 after you've booted the ZTE device to reselect the LAN interface as the ethernet ports going up and down during the ZTE power on process can throw things off a little - alternatively rig up a network hub/switch to mitigate this however with a swift hand its easy to sort this out. This kind of thing is fairly commonplace when flashing routers/devices.
Once the flash process is done I found then entering the command "bootipq" at the uboot prompt in putty made the ZTE boot. It will still be using the H3G "look" but with all the features unlocked, though you may be able to just power off and on to do the same thing.
All being well, it should come up normally and the admin password will be as per factory but with all the "better" Elisa firmware style features unlocked.
To restore to factory spec you'd need to copy the mtd9.bin file from your flash drive to your PC/laptop folder location and rename it "root_uImage" and follow the TFTP steps again.
Attachments
Last edited:
