Nokia G-2425G-A - Unlock/Root ~ Step by Step detailed guide

Disclaimer : I'm not responsible if you brick your router in-between the process.

1. Open 192.168.1.1 in any browser
default username password both is admin

2. Go to Maintenance->backup and restore->export config file on your desktop
it will be saved as config.cfg

3. Download & install python on your pc
also download this file(python script) on your desktop


4. Open cmd
type
python C:\Users\XXXXX\Desktop\Nokia-router-cfg-tool.py (replace xxxxx with your windows user)

(4b) now lets decrypt your cfg file first
type
python nokia-router-cfg-tool.py -d OYdLWUVDdKQTPaCIeTqniA==
(4c) now unpack you cfg file to xml
type
python nokia-router-cfg-tool.py -u config.cfg

5. A new file is created on your desktop .xml format
right click & select edit.

(5a) press control+f and type TelnetSshAccount in searchbox then hit enter

now change the values same as below

<TelnetSshAccount. n="TelnetSshAccount" t="staticObject">
<Enable rw="RW" t="boolean" v="True"></Enable>
<UserName ml="64" rw="RW" t="string" v="admin"></UserName>
<Password ml="64" rw="RW" t="string" v="OYdLWUVDdKQTPaCIeTqniA==" ealgo="ab"></Password>

press control s to save the file & close it

6. Go back to cmd & check for repack command to encrypt the edited xml file back to cfg
it will look like this something like this :
type
python nokia-router-cfg-tool.py -ple config-XXXXXXX-XXXXXX.xml 0x4924ea42

(6a) a new cfg file will be created on your desktop.

7. Now go back to router login page 192.168.1.1
(7a) go to Maintenance->backup and restore & click "select" then browse newly created cfg file from your desktop then click import
wait for the router to reboot itself.

8. Now login again 192.168.1.1
Go to Security->Access control and allow both telent & ssh(Wan & Lan)

9. Download MobaXterm_Portable_v21.5 link below

10. Open Mobaxterm & click on Start local terminal
type
telnet 192.168.1.1
user: admin
password: admin

11. After that lets first copy this in your clipboard: '; /bin/sh; #
(11a) go back to mobaxterm
type
enable

type
shell

it will ask for password2, press shift+insert button on your keyboard and hit enter
BOOM now you've root access

(11b) to take the current backup of airtel settings
type
cfgcli dump

type
ritool dump
& save the file by going terminal->save terminal text.

(11c) now to unlock settings
type
ritool set OperatorID ALCL

12. Go back your router login on your browser 192.168.1.1 and BOOOOOOM everything is unlocked, you'll see changes right away

Important : If you plan to stick with everything unlocked using airtel fiber then let it as it is.
Important: If you plan to use this router with any other fiber connection just do a factory reset.
Doing a factory reset will erase, reset & unlock everything. The default router login address will change to 192.168.1.254 with username AdminGPON and password as ALC#FGU

I've personally myself tested this whole process & successfully unlocked 3 routers.

I wish you all good health.
 
H

hyde

Newbie
Messages
40
Location
NA
ISP
Airtel Xstream / Jio Fiber
Same here.
Please do share details how to unlock 3FE49362IJHK46.
Today I got my broadband installed (jio to airtel) and now a bit disappointed due to locked setting.
 
arunm04

arunm04

Messages
1
Location
Bengaluru
ISP
Gnet
By mistake, I was set wrong operatorid using ritool in Nokia g2425g model Now I am not able login as a admin. But I'm login with blank username and password. But not getting option for access control. Can anyone help me on it?
 
N

nionindia

Messages
6
Location
INDIA
ISP
Airtel
Hello friends,

while decrypting certain cfg files. i get the below error. any solution for this?


-> little endian CPU detected
-> fw_magic = 0xffffffff
Traceback (most recent call last):
File "F:\FIRMWARES ONT\Nokia\nokia-router-cfg-tool.py", line 137, in <module>
xml_data = zlib.decompress(compressed)
zlib.error: Error -3 while decompressing data: incorrect header check
 
ajaikumarnadar

ajaikumarnadar

Messages
2
Location
None
ISP
Local ISP
Thanks it worked.. do you know how to make it work in EPON mode ? Saw some option in ritool onumode 003 but unable to modify it.. something stops us.. even after being a root user..

Hi @alexb, any progress made in ability to switch between epon/GPON modes ?
 
Last edited:
N

nionindia

Messages
6
Location
INDIA
ISP
Airtel
@nionindia, Can you share you Software Version? Is it ending in HK46? I'm looking into ways to crack the configuration file in which the script gives this error, if you could share yours I'd be happy to help you

Before you share the configuration, please do reset your router, then download your configuration from the Web UI

Cheers!
Please find the software version and the config file attached

Device Name
G-2425G-A
Vendor
Nokia
Serial Number
XXXXXXXXXX
Hardware Version
3FE48299DBAA
Boot Version
U-Boot-Dec-31-2016--12:00:00
Software Version
3FE49362HJIJ95

The above link is the config file attachment for NOKIA 2425G-A which i am trying to decrypt and getting an error msg for zlib decompression.
 
Last edited:
N

nionindia

Messages
6
Location
INDIA
ISP
Airtel
@partyship the file you shared gets uploaded but the password does not works in telnet or SSH login. would you be able to share the xml file so that i can edit and enable the ONTUSER and send it back to you. also if you could share me the method you used to decompress the file would be great.
 
N

nionindia

Messages
6
Location
INDIA
ISP
Airtel
@partyship

This method and password worked


https://paste.c-net.org/BeganMoaning
Password: [SerialNumber]

Do try this as well, Airtel may be rewriting the configuration file for Telnet/SSH values. Did you login via SSH without plugging in the Fiber Cable so that TR069 communication does not take place?

If you are able to login before the Fiber Cable plugs in and not after, Airtel is probably rewriting the config values via TR069, [I'll need to research more in this case]

Maybe try to SSH with this password 3SbVWOPcwO1PtOTi4KkNPg== for the previous configuration file. If this password works, password for this version needs to be in plaintext (without any encoding) in the configuration file.

I edited these on the XML File before. The one above has nothing edited, I'll compile it as is, do remember that the password (at least in the older versions) needed to be in Base64. (I'm not sure for this version)

LimitAccount_ONTUSER
X_ASB_COM_ONTLOCK
TelnetSshAccount


FYI, It'll probably be tomorrow while I compile it and send it back to you. Hence, please don't wait for it tonight. I'll try tonight, but no promises for tonight. For the decompress process, I'll share with everyone once I'm sure it works on all devices :)


This method worked and i gained root access and factory resseted the device