Unlock G-2425G-A router running on latest firmware

Note: Tested for Nokia router G-2425G-A running on firmware 3FE49362JJIJ50.

Use this script to decrypt your configuration file. This script has been updated for latest firmware (3FE49362JJIJ50).


Source

All the steps to decrypt the config files has been already discussed in other posts as well, kindly follow them.

1) After decrypting the config file, open the generated xml file in a text editor.
2) Search for TelnetSshAccount section and write username as ONTUSER and password as "anyrandompassword" (remember this password for future).
3) Enable ONTUSER to drop into busybox instead of vtysh by setting LimitAccount_ONTUSER to false. Go to LimitAccount_ONTUSER section and change that option to FALSE.
4) Encrypt the config file again using the same script and import in your router (remember to enable telnet in Security --> Access Control --> LAN).
5) Now use any tool to access telnet, I have used windows powershell (you can enable telnet in windows additional features).
6) In Windows PowerShell write; telnet --> o --> 192.168.1.1

Username: ONTUSER
Password: your password from STEP 2

7) Now in shell write ---> ritool set OperatorID ALCL

After this step you have enabled root access. Login to your router to check everything has been unlocked.

Now hard reset from back of the router is recommended to enable editing any WAN settings but before that remember to take a backup of your configuration and wan settings.

8) After hardreset the router's gateway will default to 192.168.1.254 and username and password will change to AdminGPON and ALC#FGU respectively.

 

[albonycal]

The only downsides are, that you won't get automatic firmware upgrades. You can manually flash but airtel has added authentication to the firmware download URL

 

[Rehan ahmad]

You can setup tr-069 for automatic firmware update (if you really want).

Network --> tr-069

Enable periodic inform
Url: http://tms.airtelbroadband.in:8103
Username: airtelacs
Password: airtelacs
Connect request username: admin
Connect request password: admin

 

[Rehan ahmad]

But even with this authentication I can't download firmware manually (it was possible before), let me know if you know any method to download the firmware manually.

 

[albonycal]

The TR069 in the webpannel is only for the "periodic inform" and not actual remote control. There are parameters in the config for that with hardcoded ACS IP. Also I don't want TR069. Also, as the TR069 implementation used by airtel doesn't use encryption so it could be possible to use tcpdump to get the username and password for the firmware.

 

[albonycal]

Can you enable bridge mode now? without asking airtel? has anyone tested this?

 

---

[Rajneesh Rana]

Tried this and able to view all settings but still not able to enable/disable wan or delete existing WAN connections.

 

[Rehan ahmad]

@albonycal yes you can enable bridge mode now without asking airtel to enable it from backend, I have tested it already.

 

[Rehan ahmad]

@Rajneesh Rana you need to hard reset your router to enable wan editing. Remember to backup your PPPOE configuration before resetting your router.

 

[albonycal]

just download the config file from the web interface, You can get both the PPPOE and VOIP config (if you have that)

 

[MZRecords]

@Rehan ahmad your method is good, but it has issues.

Firstly, While running it on Python 3.11 because line 55 from Crypto.Cipher import AES is a module which was abandoned in newer Python builds. I might suggest using a website like https://ont-lab.tripleoxygen.net/nokia/configs for decrypting and encrypting of config file, I know it doesn't show our firmware in the dropdown menu but it still gets the job done.

Secondly, If we hard reset after unlocking we lose VoIP settings to get VoIP working again we need to reconfigure Voice Settings which is under Application in the WebGUI. One has to manually save those settings if they want VoIP back and working. Voice Settings has a field which states "AuthPassword" luckily I knew the password for it which was "Huawei@1" and I got it back working.

 

[Rehan ahmad]

@MZRecords Thanks for pointing it out, installing pycryptodome instead of pycrypto is recommended as pycrypto is not safe (also recommended here in stackoverflow: https://stackoverflow.com/questions/19623267/importerror-no-module-named-crypto-cipher).
I haven't tested that link method, but if it's working i guess that's better way to go with it.

Also backing up your config file before hard reset can save your credentials that can be imported later on (you can also pick them up from decrypted config file).

 

[Rajneesh Rana]

@Rehan ahmad Yes tried hard reset and then it gave option to edit wan and also to enable bridge mode.
But on enabling bridge mode it again has same issue of no LAN connection on port and thus not able to use it to dial PPPoe connection

 

[albonycal]

Try with port 4

 

[Rajneesh Rana]

@albonycal yes used the same port.
had tried enabling bridge on3,4 and then adding all ports to bridge.
After that had to hard reset as ONT was not accessible.

Things learnt in this process
1. for import the ONT does not import settings always and have to retry few times.
2. On import it's best to rename new config to config.cfg. For me other file name did not import at all
3. Backup/original config works even after unlocking. Used it to restore connection after hard reset as ONT will not get the settings automatically from Airtel