How does the TR 064 protocol work?

1. Requests are sent in XML-format via http-get.
2. First request is to get some basic information (no authentication) and a so-called nonce ("challenge")
3. Some of this basic static information as well as your username and password are MD5-hashed. This generates a "secret code", from which the password cannot easily be learnt. This only happens once (as long as you keep your µC powered).
4. It uses this "secret", adds the nonce and hashes it again ("auth code"). From this the secret cannot easily be learnt.
5. It sends an actual request with this double-hashed code. In the request, there is the info you wanted (hopefully :P) and a new nonce.
6. Repeat from 3 for any further requests. This happens, as the code can be intercepted (http is not encrypted). Like this, it is hard to learn the secret and you need it to generate a unique code for each request (as the nonce is always different).

For more, consult the manuals with the definition and description.

An illustration of this is given on this website (just replace the _ in the URL accordingly) (if you trust me enough (of change passwords in-between)).