Firmware Update - Huawei Hg659

Here’s an interesting, slightly cautionary tale about the firmware update saga—something that flew under the radar for most home users but became a quiet headache for many.

Back in the mid-to-late 2010s, the HG659 was the default router for numerous ISPs across Australia (Telstra, Optus, TPG, iiNet, etc.), New Zealand (Spark, 2degrees), and parts of Europe. It was a solid dual-band VDSL/ADSL gateway with a built-in vectoring DSL chipset—cheap for ISPs, reasonably capable for users.

Want a specific part of the story deepened—like the exact short-pin recovery method, or how to check if your current ISP router has a similar hidden recovery mode?

The technical root? The HG659 had (active/backup), but the update script incorrectly flagged the backup partition as active before verifying the new image. A power cycle during the reboot triggered a bootloader panic. Worse, the router had no TFTP recovery mode enabled in the bootloader—a feature present in many other Huawei routers but deliberately disabled for ISP-locked units. The Silent ISP Response Most ISPs initially blamed users for unplugging during the update. But internal logs later showed the failure happened after the update completed but before the final boot handshake. One Australian ISP quietly replaced over 15,000 units in 6 months, but never issued a recall notice. Instead, they pushed a "mandatory replacement" campaign for any customer reporting intermittent drops—hiding the real cause. The Underground Fix A reverse engineer on GitHub found that the HG659’s bootloader could be forced into a hidden emergency mode by shorting two pins on the SPI flash chip during power-on (GPIO pin strapping). With a soldering iron and a USB-SPI programmer, power users could flash a clean firmware from Huawei’s Chinese domestic version of the same hardware (HG659c). That firmware actually unlocked extra features : proper bridge mode, IPTV VLAN tags, and even a hidden Telnet root shell.

Here’s where it gets interesting—and frustrating. Around mid-2018, ISPs started pushing a remote firmware update (over TR-069) to address a minor security vulnerability. The update was supposed to be routine. But something went wrong with the image signing or flash partition layout. Within days, forums like Whirlpool (AU) and Geekzone (NZ) lit up with hundreds of users reporting their HG659s turned into paperweights —solid red power light, no Ethernet response, Wi-Fi dead.