GithubHelp home page GithubHelp logo

zte_modem_tools's Introduction

ENV

python3 -m venv .venv
source ./.venv/bin/activate
pip install -r requirements.txt

zte_factroymode.py

open telnet(use embed user/pass to 192.168.1.1 80):

python3 zte_factroymode.py telnet

or custom args

python3 zte_factroymode.py --user CUAdmin --pass CUAdmin --ip 192.168.1.1 --port 80 telnet open

$ python3 ./zte_factroymode.py -h
usage: zte_factroymode [-h] [--user USER [USER ...]] [--pass PASS [PASS ...]] [--ip IP] [--port PORT] {telnet,serial} ...

options:
  -h, --help            show this help message and exit
  --user USER [USER ...], -u USER [USER ...]
                        factorymode auth username (default: ['factorymode', 'CMCCAdmin', 'CUAdmin', 'telecomadmin', 'cqadmin', 'user', 'admin', 'cuadmin', 'lnadmin', 'useradmin'])
  --pass PASS [PASS ...], -p PASS [PASS ...]
                        factorymode auth password (default: ['nE%jA@5b', 'aDm8H%MdA', 'CUAdmin', 'nE7jA%5m', 'cqunicom', '1620@CTCC', '1620@CUcc', 'admintelecom', 'cuadmin', 'lnadmin'])
  --ip IP               route ip (default: 192.168.1.1)
  --port PORT           router http port (default: 80)

subcommands:
  valid subcommands

  {telnet,serial}       supported commands
    telnet              control telnet services on/off
    serial              control /proc/serial on/off

https://github.com/douniwan5788/zte_modem_tools

zte_hardcode_dump.py

decrypt /etc/hardcodefile

./zte_hardcode_dump.py test/hardcode test/hardcodefile/*

$ python3 ./zte_hardcode_dump.py -h
usage: zte_hardcode_dump [-h] hardcode hardcodefile [hardcodefile ...]

positional arguments:
  hardcode      the /etc/hardcode file which contains root key
  hardcodefile  config files under /etc/hardcodefile

options:
  -h, --help    show this help message and exit

https://github.com/douniwan5788/zte_modem_tools

zte_modem_tools's People

Contributors

douniwan5788 avatar stich86 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

qbmeoviv43 resnou 52-rem eastexxiao 253195877 cced1900 daiyeqi songdn qiuzhch catchfishday koremolovelovechu zongmingye sbhnet kuaner tsirtv xujianjie1213 dqylyln hoogyuan jamescube sakunoo chghs liuhe36 muyangren907 kunude dy1989nuaa wolvth atlantis414 wingwii iii80 kodibitqiu icy37785 hazaki520 nauj42 skyhsiao cnjerry828 0987363 nikiz24 kefengteng amonhuz ldy8182 xyz9836 qfpr jefferymvp okcy1016 x-laser izhaohui dongyang1993 stich86 onemade iseeyo mikewang000000 guigui-w 52znn hhjlkk zhengwenxiao excelwang xingyu2016 soumxh flandreunx kj54321 chicohan mrsgagahahdf magicalyu nahumcn yinstall 931122 initialjie loganhaiz oceanzhang860411 knooow tangwulin heycms kaedeair chen2021-web dhashd picaqqq charlie-king nguyenvanquoctrung tyshadow0 langit7 eqsun aliacy31s merul02 yinxinliang myfid micahfy chengz996 weizai666 killme56k tanzhirong888 cao-junqi meixabc xavieralpha gag068 mwftts ksksbaicai brosahay imoize trdyun uuie

zte_modem_tools's Issues

How to use

hello im very interest with your program, can you explain how to use your prongram?

issue on ver 12a

hello sir

this script only work on 16b version in router and

not work on 12a and ver17.

i treied manually using combination of user and password given in the readme.md

but no success.. may be need change something in script for these upper given versions

Compiled exe release request

Hi, I tired to compile the zte_factroymode.py into a windows executive file but for the love of God I couldn't figure out if the compiles was successful or not. Maybe you could release a executable version as well?

BTW your python version of the factorymode.exe is actually much better than the original one, It works with the newer firmware version of ONTs released.

F6605R - V3.0.10P3N2 Does generate user/pwd but no telnet

So I've tested the script against the F6605R and it runs successfully, but the telnet port remains filtered.
The requests go without issues/exceptions and it generates the user/pwd for telnet session...

Upon start apparently it stops telnetd on LAN side, from this log:
upgradetest gdefconf <1970-01-01 00:01:26>Stop lan telnetd success <1970-01-01 00:01:26>Td has been set mode<2> <1970-01-01 00:01:30>[Telnet Login],IP<192.168.1.101>,Mode<2>.

I have dumped the whole SPI NAND, but it's too complicated being encrypted.. Is there any chance to enable Telnet or SSH on this?

NAND Dump: https://mega.nz/file/OqJy2BiS#FJrn0dSgHOYml4fEExATbYP2usFc9wxCY4g0te71r8g

image
image

requests for arch linux distrubition

i"m using manjaro. i have installed python-pycryptodome and pyinstaller and i find that python-requests package is already installed.

this is what i get:
python3 zte_factroymode.py telnet Traceback (most recent call last): File "/home/pc/Downloads/zte_modem_tools-main/zte_factroymode.py", line 3, in <module> import requests ModuleNotFoundError: No module named 'requests'

Suppose to work on ZTE GPON ONT?

Hi,

Is this tool supposed to work on F6XX GPON FTTH ONT?

Decompile httpd daemon there are reference to factorymode/nE%jA@5b but the tool always give bad username/creds.

May be wrong AES key? Looking at the code the AES encode/decode should be done after entering username and password

Any idea?

Thx

Not working for ver -- F670LV9.0 V9.0.10P18N2B

Hi
The script is not working for ver -- F670LV9.0 V9.0.10P18N2B.
It was working earlier.
It is not able to open telnet port on the router.

> python3 zte_factroymode.py --user admin --pass admin --ip 192.168.1.1 --port 80 telnet open
trying  user:"admin" pass:"admin" 
reset facTelnetSteps:
reset OK!

facStep 1:
OK!

facStep 2:
OK!

facStep 3:
OK!

facStep 4:
OK!

b'FactoryMode.gch\x00'
facStep 5:
OK!

b'FactoryModeAuth.gch?user=o3993Xrk&pass=w0vw9F53\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
done

> telnet 192.168.1.1
Trying 192.168.1.1...
telnet: Unable to connect to remote host: Connection timed out

> nmap -v 192.168.1.1
Starting Nmap 7.80 ( https://nmap.org ) at 2023-11-23 13:00 IST
Initiating Ping Scan at 13:00
Scanning 192.168.1.1 [2 ports]
Completed Ping Scan at 13:00, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:00
Completed Parallel DNS resolution of 1 host. at 13:00, 0.00s elapsed
Initiating Connect Scan at 13:00
Scanning 192.168.1.1 (192.168.1.1) [1000 ports]
Discovered open port 80/tcp on 192.168.1.1
Discovered open port 53/tcp on 192.168.1.1
Discovered open port 443/tcp on 192.168.1.1
Completed Connect Scan at 13:00, 1.20s elapsed (1000 total ports)
Nmap scan report for 192.168.1.1 (192.168.1.1)
Host is up (0.0057s latency).
Not shown: 996 closed ports
PORT    STATE    SERVICE
23/tcp  filtered telnet
53/tcp  open     domain
80/tcp  open     http
443/tcp open     https

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds

nmap shows port 23 as filtered.
Am i doing something wrong here ?

提示已经开通,但是确没有开通

日志输出:
python3 zte_factroymode.py --user CUAdmin --pass cuadminXXXX --ip 192.168.1.1 --port 80 telnet open
trying user:"CUAdmin" pass:"cuadminXXXX"
reset facTelnetSteps:
reset OK!

facStep 1:
OK!

facStep 2:
OK!

facStep 3:
OK!

facStep 4:
OK!

b'FactoryMode.gch\x00Uk\xbf-\xf4\x0bv\x91\xa6Z\xca\xfa.\xb5h\x01'
facStep 5:
OK!

b'FactoryModeAuth.gch?user=2zRb0q04&pass=4eh894zH\x00'
done

然后再pwershll下执行 telnet 192.168.1.1 还是无法连接上光猫

f663 succeeded

zte f663vn3a successfully opened telnet. my password includes $, so I need to use \ to escape it.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.