Nokia/Alcatel-Lucent router backup configuration tool

edited

@espetoet você faz o login via ssh e não telnet.

Thanks for the answer. already done so much by telnet or ssh but not login.

If I send you the configuration file, you could see if I'm doing something wrong. or forgetting to activate something.

https://drive.google.com/file/d/163F4zYBfPb8_RlUQl3hPcvNhZ2zUkIJ6/view?usp=sharing

@Ahir7 you enable by setting true in config file.

i am trying my password admin but can't login , i have edited the cfg file

I got a G-140W-H here, hardware version 3FE48054BDAA, software version 3FE48077CGCB30, boot version U-Boot Mar-31-2020--23:07:20. This is for a brazilian ISP called "Oi". They block A LOT of ports, and don't give the option to bridge the router. They provide a very limited "userAdmin" user, and they have changed the AdminGPON user default password. No one has it. I was trying an easier way to get AdminGPON access, other than dumping the firmware with JTAG cable, wich I don't have. One way would be backing up the firmware from web interface, but this userAdmin user does not have access to firmware page. Does anyone here know of a hardcoded password for this model, or knows a way to dump the firmware from web interface with this "userAdmin" unprivilleged user? BTW, changing html at runtime vi browser debug console does not work to change configurations at this model. Web interface complains about user privilleges for any changes at the "WAN" tab.

@joaodalvi did you find the password for AdminGPON ? I have a G-140W-C and ALC#FGU doesn't work for me either

@thedroidgeek @Ahir7 Can yo guys please guide me how to get config file. I cannot find backup and restore page, When I try ip/usb.cgi?backup I get blank page. Please guide me to get blank screen.

@thedroidgeek @Ahir7 Can yo guys please guide me how to get config file. I cannot find backup and restore page, When I try ip/usb.cgi?backup I get blank page. Please guide me to get blank screen.

Go to ont login page , the go to back up and restore you will get the option there

@Ahir7 you enable by setting true in config file.

Bro did you managed to get the shell access?

I have a Nokia GPON with Model Number: "G-2425G-A" and Hardware Version "3FE48299DBAA". Most of the settings have been disabled by Airtel when I login using "admin" user id. Is it possible to somehow enable the greyed out setting options?

Hello bro did you managed to get the SSH access it g2425g?

Can anyone help me to use the encrypt or decrypt command? I am unable to use these although cfg to xml and xml to cfg works.

@thedroidgeek Thanks man. Great work!
I was able to get ssh access but i am not able to get root. I am just trying to edit my DNS servers which is locked by my ISP. I tried unpacking the config file, changing the dns and repacked and uploaded it. But the dns settings won't change.
Can someone help me bypass this?

Thanks.

Please help

@thedroidgeek @Ahir7 Can yo guys please guide me how to get config file. I cannot find backup and restore page, When I try ip/usb.cgi?backup I get blank page. Please guide me to get blank screen.

Go to ont login page , the go to back up and restore you will get the option there

I cannot find back and restore page on ont admin console. I hope it is disabled by ISP

Is there any alternative. to get config file?

@thedroidgeek @Ahir7 Can yo guys please guide me how to get config file. I cannot find backup and restore page, When I try ip/usb.cgi?backup I get blank page. Please guide me to get blank screen.

Go to ont login page , the go to back up and restore you will get the option there

I cannot find back and restore page on ont admin console. I hope it is disabled by ISP

Is there any alternative. to get config file?

What is the model of the nokia ont?

@thedroidgeek @Ahir7 Can yo guys please guide me how to get config file. I cannot find backup and restore page, When I try ip/usb.cgi?backup I get blank page. Please guide me to get blank screen.

Go to ont login page , the go to back up and restore you will get the option there

I cannot find back and restore page on ont admin console. I hope it is disabled by ISP

You may need to login as AdminGPON (try password ALC#FGU) to be able to see/use the Backup and Restore page.

@mlongmailai , I've got a Nokia Fastmile and the 'userAdmin' account on the bottom of the router doesn't show the Backup/Restore page. But I've found an access control vulnerability which allows you to escalate to full admin and see the Backup/Restore page.

From there I'm able to use this tool.

Writeup here: https://eddiez.me/hacking-the-nokia-fastmile/

@thedroidgeek @Ahir7 Can yo guys please guide me how to get config file. I cannot find backup and restore page, When I try ip/usb.cgi?backup I get blank page. Please guide me to get blank screen.

Go to ont login page , the go to back up and restore you will get the option there

I cannot find back and restore page on ont admin console. I hope it is disabled by ISP

You may need to login as AdminGPON (try password ALC#FGU) to be able to see/use the Backup and Restore page.

The user ID and password is not working

@thedroidgeek @Ahir7 Can yo guys please guide me how to get config file. I cannot find backup and restore page, When I try ip/usb.cgi?backup I get blank page. Please guide me to get blank screen.

Go to ont login page , the go to back up and restore you will get the option there

I cannot find back and restore page on ont admin console. I hope it is disabled by ISP
Is there any alternative. to get config file?

What is the model of the nokia ont?

@mlongmailai , I've got a Nokia Fastmile and the 'userAdmin' account on the bottom of the router doesn't show the Backup/Restore page. But I've found an access control vulnerability which allows you to escalate to full admin and see the Backup/Restore page.

From there I'm able to use this tool.

Writeup here: https://eddiez.me/hacking-the-nokia-fastmile/

I could not able to download the tool

I have enabled the SSH access. Now, how can we configure the WebGUI to add additional wan profiles?

i've found this on the internet and i was able unlock the router

but i forgot dump my these files, i can't go back to the previous settings.....its been permanently unlocked

and also i tried to insert My BSNL(ISP) fibre cable into the router and red light LOS still there
I've also noticed that in optics status
the RX power is around -29 dbm and TX power is infinite

so after unlocking it still useless like it was before.

Hello, I just bought this Nokia router on the internet, mine comes from Sweden and I am currently in Italy. The router does not pick up the 5g or 4g network at all and I think this is due to the fact that it was working on the Telia network and now I have inserted a Vodafone sim card in Italy.
I hope it is possible to unlock the modem to other networks?
Thank you for your help

Hello, I have Nokia G-2425G-A, and I get this error:
-> little endian CPU detected -> fw_magic = 0xffffffff Traceback (most recent call last): File "C:\Users\Naplifayaie\Downloads\nokia-router-cfg-tool.py", line 137, in <module> xml_data = zlib.decompress(compressed) zlib.error: Error -3 while decompressing data: incorrect header check

edited

I'm getting the same error as @Naplifye

-> little endian CPU detected
-> fw_magic = 0xffffffff
Traceback (most recent call last):
  File "C:\Users\:)\router\nokia-router-cfg-tool.py", line 137, in <module>
    xml_data = zlib.decompress(compressed)
zlib.error: Error -3 while decompressing data: incorrect header check

i've found this on the internet and i was able unlock the router

but i forgot dump my these files, i can't go back to the previous settings.....its been permanently unlocked

and also i tried to insert My BSNL(ISP) fibre cable into the router and red light LOS still there I've also noticed that in optics status the RX power is around -29 dbm and TX power is infinite

so after unlocking it still useless like it was before.

what do you mean useless as before? BSNL ftth works after unlocking the webUI

i've found this on the internet and i was able unlock the router

but i forgot dump my these files, i can't go back to the previous settings.....its been permanently unlocked
and also i tried to insert My BSNL(ISP) fibre cable into the router and red light LOS still there I've also noticed that in optics status the RX power is around -29 dbm and TX power is infinite
so after unlocking it still useless like it was before.

what do you mean useless as before? BSNL ftth works after unlocking the webUI

No.......i found out that BSNL uses EPON technology for its Fibre optics........and this router supports only GPON......so the red light LOS is gonna be there if you're using BSNL.

Hello @thedroidgeek Thankyou for the detailed instruction , although this is the first time ive used python and still able get to root user succesfully on G-140w-F & G-140w-C . now what i want is to Modify the default configuration of the ONT ( that means if we hard reset the ONT it will restore our modified configuration). Thanks Again for the Guide below are the available cmds.

Are you able to do so? Can you please share the steps in achieving this? is it possible to change the WebUI, because I want to hide some of the features of the Router.

Hi, I'm getting this error when I run this script

-> little endian CPU detected
-> fw_magic = 0xffffffff
Traceback (most recent call last):
  File "/Users/shapathneupane/Desktop/nokia-router-cfg-tool.py", line 137, in <module>
    xml_data = zlib.decompress(compressed)
zlib.error: Error -3 while decompressing data: incorrect header check

It seems like the configuration file is no longer static as you described in the blog post. When I checked the cfg file on the hex viewer, and all the hex changes even after one small change made via the configuration file.

I changed the IP range on my router (via web) from to 250 to 252, and downloaded the config file on each of the change, when I view it in the hex viewer, most things changes other than a few bytes of data and a persistent FF FF FF FF FF on the beginning of the second line. This is where the checksum is extracted on the script above.

What would be the best way to read the configuration file as text and re-upload it back? It would be great if you could share me some of your thoughts

Here are the three configuration files zipped up: https://paste.c-net.org/EmployeeSweater

Screen.Recording.2022-07-27.at.7.14.05.PM.mov

Hello my friends, is everything alright?

Recently i've been hacked, and i can't find anything about this router. I'm using a Nokia G-240W-C, and i can't find a firmware for it. I'm sorry for being dumb and ask you this, but with this can i protect my router of being invaded?

Is there a way to disable IPv6 DHCP via config file? I can't find a way to do so on the GUI, even when setting the flag to false, it looks like it is still taking effect.

i've found this on the internet and i was able unlock the router

but i forgot dump my these files, i can't go back to the previous settings.....its been permanently unlocked
and also i tried to insert My BSNL(ISP) fibre cable into the router and red light LOS still there I've also noticed that in optics status the RX power is around -29 dbm and TX power is infinite
so after unlocking it still useless like it was before.

what do you mean useless as before? BSNL ftth works after unlocking the webUI

Hey,
BSNL connection working fine for you after unlocking the Nokia router ? Can u share the screenshot of the configuration done in web panel.. i need it for my router configuration... Please text me on telegram @ajaikumarnadar