[FEATURE] ZTE F670L FV9 Support
zainarbani opened this issue · 17 comments
Description of new feature
I would like the ZTE F670L v9 router to be supported
Describe alternatives you've considered
I have tried using examples/decode.py config.bin config.xml but I get the following error
< AssertionError on "zcu.zte.read_header(infile)" >
Additional context
Im not sure how this works but similiar utility tools check for this headers
Attach config.bin for your device
I can send it if needed, also got telnet access.
Using 'Felis-Sapiens' script get the following error:
python test.py config.bin conf.xml
first version header magic: 0x99999999, 0x44444444, 0x55555555, 0xAAAAAAAA
second version header offset: 0x14
third version header offset: 0x40000000
ERROR: failed to read the third version header
Traceback (most recent call last):
File "C:\Users\zain\Downloads\Compressed\test.py", line 195, in
main()
File "C:\Users\zain\Downloads\Compressed\test.py", line 192, in main
read_config(args.infile, args.outfile, args.key)
File "C:\Users\zain\Downloads\Compressed\test.py", line 101, in read_config
ver_header_3 = struct.unpack('>2H5I', ver_header_3)
struct.error: unpack requires a buffer of 24 bytes
Another way using telnet access:
https://github.com/zainarbani/ztelnet
Tested on ZTE F670L FV9
Another way using telnet access:
https://github.com/zainarbani/ztelnetTested on ZTE F670L FV9
Hi, what is the exact procedure you followed with this tool. I have a ZTE F660 v9 router, but this tool is not working for that.
Another way using telnet access:
https://github.com/zainarbani/ztelnet
Tested on ZTE F670L FV9Hi, what is the exact procedure you followed with this tool. I have a ZTE F660 v9 router, but this tool is not working for that.
You got telnet access?
Another way using telnet access:
https://github.com/zainarbani/ztelnet
Tested on ZTE F670L FV9Hi, what is the exact procedure you followed with this tool. I have a ZTE F660 v9 router, but this tool is not working for that.
You got telnet access?
I mean the tool you have mentioned above (ztelnet). It's failing 😐. So no telnet access. I asked for the procedure you followed with that tool.
Another way using telnet access:
https://github.com/zainarbani/ztelnet
Tested on ZTE F670L FV9Hi, what is the exact procedure you followed with this tool. I have a ZTE F660 v9 router, but this tool is not working for that.
You got telnet access?
I mean the tool you have mentioned above (ztelnet). It's failing 😐. So no telnet access. I asked for the procedure you followed with that tool.
Not sure, failing like what?
send log
output should be like this if your router supported
output should be like this if your router supported
Ah then it is not supported.
to enable telnet you can use this python project
https://github.com/douniwan5788/zte_modem_tools
Just so you know and for future reference, is possible to encrypt/decrypt the config.bin for F670L router.
As commented by @zhanshi123 in #66
Your key will be the ONT serial number (ZTEGXXXXXXXX - get only last 8 hex characters in uppercase) + MAC address of your ONT (from right to left).
But rather than using the scripts from this repo —at least until payload type 6 gets supported— using the scripts from @ludufre's fork.
to add to @macydnah and @zhanshi123 The key is Last 6 hex characters in uppercase + MAC Address From Right To Left in lowercase
Example:
Serial No: XXXXXX-ZTEGCF28772B => CF4EF6F7
Mac Address: 08:F6:06:D4:38:F4 => f438d406f608
Key: CF4EF6F7f438d406f608
It take me hours to notice that the the mac address supposed to be lowercase, just in case people have the same problem with me
Author
version:3.1
CheckLoginAuth.gch WebRecv Fail!
SendSq.gch WebRecv Fail!
Enter 192.168.1.1 Telnet FactoryMode Fail!
to add to @macydnah and @zhanshi123 The key is Last 6 hex characters in uppercase + MAC Address From Right To Left in lowercase
Example: Serial No: XXXXXX-ZTEGCF28772B => CF4EF6F7 Mac Address: 08:F6:06:D4:38:F4 => f438d406f608 Key: CF4EF6F7f438d406f608
It take me hours to notice that the the mac address supposed to be lowercase, just in case people have the same problem with me
Serial No: XXXXXX-ZTEGCF28772B => CF4EF6F7
Bro how did you convert CF28772B => CF4EF6F7 I just cant understand that....
to add to @macydnah and @zhanshi123 The key is Last 6 hex characters in uppercase + MAC Address From Right To Left in lowercase
Example: Serial No: XXXXXX-ZTEGCF28772B => CF4EF6F7 Mac Address: 08:F6:06:D4:38:F4 => f438d406f608 Key: CF4EF6F7f438d406f608
It take me hours to notice that the the mac address supposed to be lowercase, just in case people have the same problem with meSerial No: XXXXXX-ZTEGCF28772B => CF4EF6F7
Bro how did you convert CF28772B => CF4EF6F7 I just cant understand that....
Try this:
https://gist.github.com/zainarbani/723d1387bec9e1559de7a1029d08aa91
python decrypt.py config.bin config.xml --sn ZTEXXXXXXXX --mac xx:xx:xx:xx:xx:xx
Just put your actual MAC/SN,
This is the same code, just standalone decryptor.
to add to @macydnah and @zhanshi123 The key is Last 6 hex characters in uppercase + MAC Address From Right To Left in lowercase
Example: Serial No: XXXXXX-ZTEGCF28772B => CF4EF6F7 Mac Address: 08:F6:06:D4:38:F4 => f438d406f608 Key: CF4EF6F7f438d406f608
It take me hours to notice that the the mac address supposed to be lowercase, just in case people have the same problem with meSerial No: XXXXXX-ZTEGCF28772B => CF4EF6F7
Bro how did you convert CF28772B => CF4EF6F7 I just cant understand that....Try this: https://gist.github.com/zainarbani/723d1387bec9e1559de7a1029d08aa91
python decrypt.py config.bin config.xml --sn ZTEXXXXXXXX --mac xx:xx:xx:xx:xx:xxJust put your actual MAC/SN, This is the same code, just standalone decryptor.
Thanks bro, It's working for me. Can you provide a tool to reencode?