Extract mfg.dat and AT&T root certs from BGW210 or NVG599
This script assumes it is being run on a Windows PC with the mfg_dat_decode.exe program. It will exploit the gateway and download the certs as well run the mfg_dat_decode.exe to save the EAP-TLS credentials into a local folder. The local folder will be named <ModelNumber>_<SerialNumber> and will exist in the same directory as the script.
If you include "--install_backdoor=y" as a command argument then it will install a telnet backdoor on port 28 that will persist with reboots and firmware upgrades.
- Downgrade your Gateway
- BGW210-700 to version 1.0.29
- NVG599 to version 9.2.2h0d83 OR upgrade to version 9.2.2h0d79
- Install Python3 if you don't already have it
- Install python dependencies
- pip install requests
- pip install bs4
- pip install wget
- Run
python extract_mfg.py --access_code="XXXXXXXX" --install_backdoor=y
- Streiw: BGW210 Exploit Instructions
- devicelocksmith: EAP-TLS credentials decoder and the method to extract mfg.dat
- earlz: Commands that can be run on the Arris gateways
- nomotion: Exploits discovered on Arris gateways