Recover password from Actiontec Router/Modems

I have an Actiontec GT701 router for my Qwest DSL internet, and in the web-interface it masks the PPP password. Now I want to use the actiontec as a bridge and run PPPoE on my Buffalo WHR-G125 running Tomato, and I can’t find my PPP password anywhere. Here’s how I recovered my password:

Login to the modem using telnet. Typically this is going to be ‘telnet 192.168.0.1′ from a command line. Use the same username and password that you use to login to the web interface.

Now run the ‘ps’ command and look for the line containing pppd:


# ps
...
123 admin 2376 S /usr/sbin/pppd plugin pppoa 0.32 user YOURUSERNAME pas
...


Sadly the busybox ps won’t display a longer line, so the password is cut off. However now we have the PID – the first number on the line, 123 in the example.

To get the full pppd command line we can look in /proc:

# cat /proc/123/cmdline

Replace 123 with the PID you find in the previous step. The spaces are missing, but it should be pretty easy to parse out your password.

I was unable to find my password in any of the config files – I’d be curious to know if anyone found where it’s stored. It doesn’t help that there is no editor installed.

As an aside OpenWRT has experimental support for the Actiontec GT701-WG, which I think is nearly identical to the GT701. This might be a better option than bridging to another router…