Nokia G-2425G-A - Unlock/Root ~ Step by Step detailed guide

Disclaimer : I'm not responsible if you brick your router in-between the process.

1. Open 192.168.1.1 in any browser
default username password both is admin

2. Go to Maintenance->backup and restore->export config file on your desktop
it will be saved as config.cfg

3. Download & install python on your pc
also download this file(python script) on your desktop


4. Open cmd
type
python C:\Users\XXXXX\Desktop\Nokia-router-cfg-tool.py (replace xxxxx with your windows user)

(4b) now lets decrypt your cfg file first
type
python nokia-router-cfg-tool.py -d OYdLWUVDdKQTPaCIeTqniA==
(4c) now unpack you cfg file to xml
type
python nokia-router-cfg-tool.py -u config.cfg

5. A new file is created on your desktop .xml format
right click & select edit.

(5a) press control+f and type TelnetSshAccount in searchbox then hit enter

now change the values same as below

<TelnetSshAccount. n="TelnetSshAccount" t="staticObject">
<Enable rw="RW" t="boolean" v="True"></Enable>
<UserName ml="64" rw="RW" t="string" v="admin"></UserName>
<Password ml="64" rw="RW" t="string" v="OYdLWUVDdKQTPaCIeTqniA==" ealgo="ab"></Password>

press control s to save the file & close it

6. Go back to cmd & check for repack command to encrypt the edited xml file back to cfg
it will look like this something like this :
type
python nokia-router-cfg-tool.py -ple config-XXXXXXX-XXXXXX.xml 0x4924ea42

(6a) a new cfg file will be created on your desktop.

7. Now go back to router login page 192.168.1.1
(7a) go to Maintenance->backup and restore & click "select" then browse newly created cfg file from your desktop then click import
wait for the router to reboot itself.

8. Now login again 192.168.1.1
Go to Security->Access control and allow both telent & ssh(Wan & Lan)

9. Download MobaXterm_Portable_v21.5 link below

10. Open Mobaxterm & click on Start local terminal
type
telnet 192.168.1.1
user: admin
password: admin

11. After that lets first copy this in your clipboard: '; /bin/sh; #
(11a) go back to mobaxterm
type
enable

type
shell

it will ask for password2, press shift+insert button on your keyboard and hit enter
BOOM now you've root access

(11b) to take the current backup of airtel settings
type
cfgcli dump

type
ritool dump
& save the file by going terminal->save terminal text.

(11c) now to unlock settings
type
ritool set OperatorID ALCL

12. Go back your router login on your browser 192.168.1.1 and BOOOOOOM everything is unlocked, you'll see changes right away

Important : If you plan to stick with everything unlocked using airtel fiber then let it as it is.
Important: If you plan to use this router with any other fiber connection just do a factory reset.
Doing a factory reset will erase, reset & unlock everything. The default router login address will change to 192.168.1.254 with username AdminGPON and password as ALC#FGU

I've personally myself tested this whole process & successfully unlocked 3 routers.

I wish you all good health.
 
G

gmaster

Messages
14
Location
Kolkata
ISP
Airtel
After careful study of both the airtel-locked configuration and factory default alcatel-unlocked configuration, the following things I have learnt -

1) We can't unlock the WebGUI settings by importing the unlocked config, nor by changing "ProvisioningCode" from "BRTI" to "ALCL" (or anything else for that matter)

2) Passwords are salted and hashed and then stored in the configuration file as Base64 encoded string. Though you can decode the Base64 string easily, you can't decode the actual password without knowing the hashing algorithm and the salt.

3) Even if you manage to decode the passwords, you can't go further as the password for shell is not mentioned anywhere in the config. Yes there are separate entries for 'TelnetAccount' and 'TelnetSshAccount'. But these will mislead you as TelnetAccount is the default Telnet Account and 'TelnetSshAccount' is the user defined Telnet Account (not the SSH Account)!!

I have tried every password available in the forum but couldn't make it. That shell password is a dead end in this new firmware. Probably the only way to get that password is to dump and unpack the firmware (if possible) and search. I am no tech guy and I don't have such expertise. Waiting for help.
 
C

Chip

Messages
849
Location
Pune
ISP
FTTH: Airtel, TPBB, BSNL
LTE: Airtel, Jio, Vi
So guys, as things stand currently there's simply no way to gain admin/root privileges and break the lock on the ONT?
 
igloo

igloo

Not just Internet.
Messages
4,233
Location
New Delhi
ISP
Airtel Fiber
Hathway Docsis
one get same ipv6 everytime though ipv6 prefix may vary.
Also can anyone with working voip on unlocked router can get me digimap value from voice settings under application tab.
mine current one is (#x.T|x.T|1224x.#|1225#)
which is not sounding like regular dial tone.
I'll recommend everyone to disable off TR-069
 
BEAST_12333

BEAST_12333

Messages
1
Location
RAJASTHAN
ISP
AIRTEL
i want to unlock the router to change the dns to my pihole which i was able to change before now it forward all request to its airtel dns. stuck in the password for telnet .. guys please help software version 3FE49362IJHK46
 


C

Chip

Messages
849
Location
Pune
ISP
FTTH: Airtel, TPBB, BSNL
LTE: Airtel, Jio, Vi
@BEAST_12333 @sajeesh if you have Nokia HK46 firmware then you're out of luck. It overwrites the config. There's no way yet to break the encryption in this version.
 
R

routerHacker

Messages
3
Location
Salem
ISP
BSNL
Hi Team,
I had successfully unlock and reset my Nokia 2425g router and changed the Operator to ALCL.
But my problem is SSID name change to ALHN-D15E and I dont know the default password to login.

Please help me to know default password for ALHN wifi routers
 
R

routerHacker

Messages
3
Location
Salem
ISP
BSNL
Hi Team,
I had successfully unlock and reset my Nokia 2425g router and changed the Operator to ALCL.
But my problem is SSID name change to ALHN-D15E and I dont know the default password to login.

Please help me to know default password for ALHN wifi routers
 
R

routerHacker

Messages
3
Location
Salem
ISP
BSNL
@gmaster. Thanks for your prompt reply.
But I my case, could you please suggest how can I find the WPS pin, because default username and password is not mentioned in my router backside.

Please help me.