How to unlock O2 ST780WL

Firstly you need to construct your JTAG device which you will use to connect your ST780WL router to a
computer with a parallel port.

When making your JTAG device make sure you got the correct resistors and that you attach the resistors to the
part of JTAG where the JTAG connects to router and not where the JTAG parallel port is. This way more of the
signal gets through, and you are more likely to have a working JTAG.
This is the sort of resistors that you need to use:

After you get your JTAG device made & ready you need to download some tools.
http://download.modem-help.co.uk/utilities/JTAG/Alcatel/
http://tftpd32.jounin.net/tftpd32_download.html > download this one tftpd32.328.zip (442 kB) (AK edit: also
this site)
http://rapidshare.com/files/164693140/firmware_UK_gen_ST780WL_en_6-2-T-3.zip > UK generic firmware
ST780WL (AK edit: also this site)
Download and extract Alcatel_5x6_585_608_780wl_v1.1.2.7z to a friendly named folder like flashrouter, then
go to /flashrouter/Binaries
Copy giveio.sys to c:\windows\system32\drivers\
Start loaddrv.exe - c:\windows\system32\drivers\giveio.sys install, start
Rename stjtag_v1.1.exe to STJTAG.exe (this is for simplicity sake)
Open CMD
First command tests whether your JTAG device/cable actually works.
Note:Make sure you connect your device to the router (either soldering the right bits or other by other means)
and to the parallel port on your computer. Parallel port settings ECP port, windows settings try not to use
interrupt, legacy plug and play disabled.
Type the command in to the cmd prompt but do not press enter, power on the router and hit enter to run the
following command. It should work right away.
STJTAG probeonly
If you see something that looks like picture probeonly-good.jpg, then your JTAG cable/device works:

STJTAG -backup:CFE /silent

Rename the saved CFE.BIN-longname (the name of the file will be long and complicated relating to time and
date) file to CFE.BIN , now open this file (CFE.BIN) with a hex editor located at /flashrouter/Hex Editor
Now scroll down to 20100 to 202FF addresses and highlight them so it looks like in picture locked-hi.jpg ,
next open st780wl-reflash.bin in the same hex editor located at flashrouter/Dumps/ST780WL:

Select the entire content of st780wl-reflash.bin like in picture unlocked-hi.jpg, now go to Edit > Copy,
change tabs to CFE.BIN Edit > Paste.

Hopefully you pasted the right bit on to the right part and your thing should look like picture done-red.jpg:

Now you have to save the file as CFE.BIN and flash it back to the router using the following command.
STJTAG -flash:CFE /silent
Now the router can either be nice and work just like it should but unlocked, or it can misbehave and need some
more tinkering.
Im guessing its not giving out IPs and acting all weird.
You now need to make sure you have the TFTP server you downloaded earlier extracted somewhere, and then
extract the firmware_UK_gen_ST780WL_en_6-2-T-3.zip to the same folder so you have TFTP and firmware
file in the same folder. Disconnect your computer from the working LAN/ROUTER and connect it via Ethernet to
the ST780WL directly, configure your computers Ethernet adaptor to these IP settings:
IP: 10.0.0.1
Subnet: 255.0.0.0
Default gateway: 10.0.0.138
Now configure the TFTP server,
Make sure the server interface is set to 10.0.0.1, select the DHCP server tab and configure it like so:

Current Directory > this is where ever you extracted the tftp server to.
Server interface > this should be 10.0.0.1 if you were paying attention.
DHCP Server
IP pool starting address: 10.0.0.138
Size of pool : 1
Boot file: 780WL_UK_62T3.bin
NOTE: the above will only work if you downloaded the same firmware and copied the 780WL_UK_62T3.bin file
to the same location where your TFTP server is, change the Boot file accordingly to the firmware you will be
using.
Wins/DNS server: leave default
Default router: leave default
Mask: 255.0.0.0
Domain name: leave blank
Now click on Save.
Next we need to initiate bootp mode on the router.
Power off the router. Press & hold the reset button, while holding the reset button power on the router and
continue holding the reset button for 15 seconds until bootp initiates and you see activity on your TFTP server.
It should be relatively quick.
Thats about it, you should now have a fully unlocked router.
Please do everything at your own risk, this is for educational purposes only.
Thank you, kanenas3, Alex Kemp, revs per min and other people who could be responsible for this.
By OMEN 17-11-2008