Internet Security Blog - Hackology

[Tutorial] Root PTCL Charji Wingle – Port Forwarding

This tutorial will show you how to root your PTCL Charji Wingle R660 A to unlock all locked out features by the service provider in this case, PTCL.Which will also enable the most wanted Port Forwarding on PTCL Charji / EVDO devices.

Rooting PTCL Charji Wingle unlocks Features

A question we all have , what do we achieve after we root our internet device ? . Well, rooting allows you to access :-

  1. Root (Admin) access of the Charji Evo (MiFi) Device which means you can do literally anything
  2. Flash a new firmware if you get hold of one or know how to customize your own and run it
  3. Enable Port Forwarding / Virtual Servers on the device
  4. Enable NAT on Charji Evo
  5. Enable Security Tab
  6. SNMP monitoring
  7. Use Data Sims of any other network
  8. Change branding of the admin panel of the device to anything you like , do not like the PTCL logo everywhere ? well you can change it
  9. Experience
  10. Opens a door for future experimenting

Telnet into PTCL Charji Wingle

Connect to your Charji device and telnet to the router IP (generally, once prompted with login you can enter admin as Username and Password

although we were logged in but currently the above credentials are mapped to mdm9625 user account which is not part of root group. The Linux flavour being run is OpenEmbedded Linux LNX.LE.4.1-41009-9×35 which supports Qualcomm chipset as found on most PTCL Internet devices

so mdm9625 has just access to /home/admin , and that is also No Write Access, root user has no known default password so can not login through telnet in the first go now lets go ahead and root the shit of this device

[Tutorial] Root PTCL Charji Device and unlock all features


  1. We need to turn our PTCL Charji Device in to Download Mode which allow us to proceed with our rooting, Download Firmware of D-Link DWM-222 4G USB Adapter.
  2. Extract the above downloaded file and you will find a file dl.exe (it might be in Temp Folder)

  3. Connect your PTCL Charji Device through USB and run dl.exe, your PTCL device will now be in download mode and ready to obey our commands
  4. While the device still connected run adb devices and you will see your connected PTCL Charji Device
  5. Next, type in adb shell, this will open up ADB Shell on PTCL device
  6. Enter passwd, you will be prompted to enter a new password. This password will be of root user so do not forget this while entering a good one
  7. Exit the Shell (Close Terminal)
  8. Press and Hold the Power and turn on the PTCL Device, connect to it and again $>telnet
  9. Enter your device login admin/admin (if you have changed your router page password you will need to enter this here)
  10. Once logged in type su, which will prompt to enter password. This is the password for your root account. enter the password you kept in Step 6, viola .
    Note: You can directly login as root user aswell , telnet to and enter username root and password which you kept in step 6
  11. Now you have root rights (you own the device now literally)

Enable NAT/DMZ (Port Forwarding) on PTCL Charji Device

If you reading this means you have successfully rooted your device now just ahead and unlock our favourite port forwarding,we can achieve that using two methods, I will list both

Method 1 – This method involves entering port and ip for forwarding while in the terminal

  1. Navigate to /etc/ and open mobileap_cfg.xml

  2. Edit mobileap_cfg.xml and add your local IP and the port you want external traffic to route too , you can add as many internal IPs and Ports as you wish by just copying and pasting everything starting from <PortForward> … </PortForward> and change the values which you will only have VI editor to make your changes from within the terminal
  3. That’s all for this method showing how to enable Port Forwarding on PTCL Charji Devices

Method 2 – This method will enable the Security page in PTCL Charji Web interface and we will be able to do port forwarding etc from there.

  1. Telnet to and login with your root credentials
  2. Navigate to /WEBSERVER/www/
  3. Edit menu.js
  4. Add the following code into menu.js
           ["Security", "navi-security", "sec_firewall.asp",
    ["Firewall", "sec_firewall.asp"]
    ,["NAT", "net_nat.asp"]
    ,["DMZ", "net_dmz.asp"]
  5. You can consult the image below for guidance or see the complete code of menu.js
  6. Save it and Reboot, adding the above code will give you a new “Security Tab” on your Charji router web page
  7. Rest is simple (after all that is why you came here) to do Port Forwarding just go to NAT under your newly enabled Security TAB and add the local IP and port you want your external traffic of that port to route too
  8. That is it , Enjoy your Rooted PTCL EVO Device with Port Forwarding enabled.

Enable Wizard Mode on your PTCL Charji / EVO Device

Using the menu.js file you can enable the Wizard Mode option which allows you to adjust main PTCL configuration (be advised if you mess this up you may lose device connectivity). Just like the System code we added above for Wizard Tab you have to add :

["Wizard", "navi-wizard", "wizard.asp",

Or you can Copy the complete Menu.js Code

That is for all for this and thanks alot to TimeMatcher for making this post possible. If you have some more tips to make it better or want to share your experience or query drop those in the comments below.


  • This Tutorial was made using a PTCL Charji Wingle R660 A device manufactured by GadgeIT but it is same for all Qualcomm chipsets which are mostly used by PTCL. PTCL Wingle / Cloud / EVO / Charji all devices uses the same chipsets
  • GadgeIT is a strange business, while doing my PTCL Charji Cloud R600A post i tried finding them and ended up contacting one of their tech guys and strangely they have one messed up website which doesn’t even have all updated info but if you want to head over , its called Swift Biz Solutions
  • For Android OS Devices (like EVO TAB) you will need busybox to go through the rooting, that can be flashed from adb aswell



This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Wise

Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
Utopia p2p Ecosystem

Discover more from Internet Security Blog - Hackology

Subscribe now to keep reading and get access to the full archive.

Continue reading