Disable TR-069 on FritzBox 3490

I recently had to urgently replace my dead router with a FritzBox 3490 I had lying around.
After the initial mandatory firmaware upgrade, password changes, shutting down of useless services
and setting up the wireless networks I had one last closer look at the state of this kit.
I noticed that a port was still open on the internet; one for TR-069 remote configuration.
The suggested port is 7547 though I seem to remember it was listening on another one above 9000 (!)
Regardless, I wasn’t happy with that so looked at how to disabled it.

There was not option in the UI to turn this off and a google search seemed to confirm this.

My first idea was to try and gain cli access as it could also allow more options for me.
That seemed not so trivial because the telnet service apparently disabled
and cannot be re-enabled anymore like it used to be using a dial command.

So gave this up since this router is supposed to be a temporary solution anyway.
Another option was to look at the configuration backup format and see what was there.
Luckily this is fairly human friendly.

tr069cfg {
        enabled = yes;
        litemode = no;
        tr181_support = no;
        dhcp43_support = yes;
        igd {

So I changed this enabled key to no but that would change the checksum
and wasn’t likely to succeed but maybe I could get a useful error message out of this.

As expected it failed so I googled fritzbox along with the error message the specified file is not a valid import file
and found this post https://superuser.com/questions/983613/fritzbox-7490-how-to-upload-modified-configuration-file
where someone shared a script to compute the checksum.
I wasn’t expecting that much! Just knowing which algo was used would have been a nice start. ;)

The rest is then trivial and detailed in the next section below.
Now this is a little more secure and will buy me more time to setup the new router.

Steps to disable TR-069

• Make a backup (and keep it incase you do something wrong)

• Copy it to a new file and search for tr069cfg; change enabled = no in that section

• Compute the new checksum

  > perl fritzcrc32.pl fritzbox-notr069.export
  Section **** CFGFILE:ar7.cfg
  Section **** CFGFILE:wlan.cfg
  Section **** CFGFILE:voip.cfg
  Section **** CFGFILE:usb.cfg
  Section **** CFGFILE:tr069.cfg
  Section **** BINFILE:fx_cg
  Section **** BINFILE:fx_conf
  Section **** BINFILE:fx_def
  Section **** BINFILE:fx_lcr
  Section **** BINFILE:telefon_misc
  Section **** BINFILE:phonebook
  Section **** BINFILE:calllog
  Section **** BINFILE:fonctrl
  Section **** BINFILE:tamconf
  Section **** CFGFILE:vpn.cfg
  Section **** CFGFILE:user.cfg
  Section **** CFGFILE:userstat.cfg
  Section **** BINFILE:umts.cfg
  Section **** BINFILE:configd
  Section **** CFGFILE:avmnexus.cfg
  FRITZ!Box 3490 with firmware x.y.z
  Found new checksum: 30A74169
  Checksum embedded in file is 3A36B8E0
  

• Update the checksum at the end with the computed value and check it is now correct

  > perl fritzcrc32.pl fritzbox-notr069.export
  Section **** CFGFILE:ar7.cfg
  Section **** CFGFILE:wlan.cfg
  Section **** CFGFILE:voip.cfg
  Section **** CFGFILE:usb.cfg
  Section **** CFGFILE:tr069.cfg
  Section **** BINFILE:fx_cg
  Section **** BINFILE:fx_conf
  Section **** BINFILE:fx_def
  Section **** BINFILE:fx_lcr
  Section **** BINFILE:telefon_misc
  Section **** BINFILE:phonebook
  Section **** BINFILE:calllog
  Section **** BINFILE:fonctrl
  Section **** BINFILE:tamconf
  Section **** CFGFILE:vpn.cfg
  Section **** CFGFILE:user.cfg
  Section **** CFGFILE:userstat.cfg
  Section **** BINFILE:umts.cfg
  Section **** BINFILE:configd
  Section **** CFGFILE:avmnexus.cfg
  FRITZ!Box 3490 with firmware x.y.z
  Checksum is OK: 30A74169
  

• Restore the backup using the same encryption password (we didn’t change any encrypted data)

You can confirm the service is down from Diagnosis page (no open port) and with nmap