Nokia G-2425G-A - Unlock/Root ~ Step by Step detailed guide

  • Thread starter Thread starter Maxx_369
  • Start date Start date
  • Featured
  • Replies Replies 256
  • Views Views 164,755
Disclaimer : I'm not responsible if you brick your router in-between the process.

1. Open 192.168.1.1 in any browser
default username password both is admin

2. Go to Maintenance->backup and restore->export config file on your desktop
it will be saved as config.cfg

3. Download & install python on your pc
also download this file(python script) on your desktop

Source

4. Open cmd
type
python C:\Users\XXXXX\Desktop\Nokia-router-cfg-tool.py (replace xxxxx with your windows user)

(4b) now lets decrypt your cfg file first
type
python nokia-router-cfg-tool.py -d OYdLWUVDdKQTPaCIeTqniA==
(4c) now unpack you cfg file to xml
type
python nokia-router-cfg-tool.py -u config.cfg

5. A new file is created on your desktop .xml format
right click & select edit.

(5a) press control+f and type TelnetSshAccount in searchbox then hit enter

now change the values same as below

<TelnetSshAccount. n="TelnetSshAccount" t="staticObject">
<Enable rw="RW" t="boolean" v="True"></Enable>
<UserName ml="64" rw="RW" t="string" v="admin"></UserName>
<Password ml="64" rw="RW" t="string" v="OYdLWUVDdKQTPaCIeTqniA==" ealgo="ab"></Password>

press control s to save the file & close it

6. Go back to cmd & check for repack command to encrypt the edited xml file back to cfg
it will look like this something like this :
type
python nokia-router-cfg-tool.py -ple config-XXXXXXX-XXXXXX.xml 0x4924ea42

(6a) a new cfg file will be created on your desktop.

7. Now go back to router login page 192.168.1.1
(7a) go to Maintenance->backup and restore & click "select" then browse newly created cfg file from your desktop then click import
wait for the router to reboot itself.

8. Now login again 192.168.1.1
Go to Security->Access control and allow both telent & ssh(Wan & Lan)

9. Download MobaXterm_Portable_v21.5 link below

10. Open Mobaxterm & click on Start local terminal
type
telnet 192.168.1.1
user: admin
password: admin

11. After that lets first copy this in your clipboard: '; /bin/sh; #
(11a) go back to mobaxterm
type
enable

type
shell

it will ask for password2, press shift+insert button on your keyboard and hit enter
BOOM now you've root access

(11b) to take the current backup of airtel settings
type
cfgcli dump

type
ritool dump
& save the file by going terminal->save terminal text.

(11c) now to unlock settings
type
ritool set OperatorID ALCL

12. Go back your router login on your browser 192.168.1.1 and BOOOOOOM everything is unlocked, you'll see changes right away

Important : If you plan to stick with everything unlocked using airtel fiber then let it as it is.
Important: If you plan to use this router with any other fiber connection just do a factory reset.
Doing a factory reset will erase, reset & unlock everything. The default router login address will change to 192.168.1.254 with username AdminGPON and password as ALC#FGU

I've personally myself tested this whole process & successfully unlocked 3 routers.

I wish you all good health.
 
@Maxx_369 Please Help me. I'm getting the below error and not able to solve.
-> little endian CPU detected
-> fw_magic = 0xffffffff
Traceback (most recent call last):
File "C:\Users\Laptop-Acer\Desktop\Nokia-router-cfg-tool.py", line 137, in <module>
xml_data = zlib.decompress(compressed)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
zlib.error: Error -3 while decompressing data: incorrect header check

My device details are mentioned below
Device Name G-2425G-A
Vendor Nokia
Serial Number ALCLB2A5D3D0
Hardware Version 3FE48299DEAA
Boot Version U-Boot-Dec-31-2016--12:00:00
Software Version 3FE49362JJIJ50
 
Hey @nishantt6969 , i managed to change the serial number and other properties of the router to be able to connect but somehow it's not connecting yet.. i think i need to set service name.. which i am not able to figure out..
 
My router is unlocked and on an older firmware , can someone share the latest unlocked firmware so I can update to it as idk since past month i am getting very bad network after they patched the pppoe not timing out after a month bug.
 
I unlocked the router with the above steps.
Now, unable to connect to other ISP as there is LOS red light when I plugin other ISP optical fibre. Please help in configuring
 
@dkdhanda8 even if you upgrade it'll remain unlocked. But the SSH access using command injection is patched
 


I unlocked my Nokia G-2425G-A router FINALLY!! with a few different approach not described in this post specifically. My current software version is: [3FE49362JJIJ50]. If anyone need help regarding this, just lemme know.
 
I've used the code from this GitHub page
Source

Change the password for ONTUSER by setting ONTUSER as the username in TelnetSshAccount section, and whatever password you want, and then enabling ONTUSER to drop into busybox instead of vtysh by setting LimitAccount_ONTUSER to false
if you are getting invalid config when importing, make sure you are using the exact commandline the script tells you to use when you unpacked (important, because it contains the key to encrypt with)
otherwise, you can try just naming it config.cfg

I will write a post here soon with all the steps if anyone need more help can follow that.
 
Can this script be used to decrypt the config file of the new ..50 firmware?
I thought it didn't work with the new one
 
It's an updated script, I just decrypted my config file running on firmware 3FE49362JJIJ50 (latest one).
 
and the ONTUSER isn't used by anything right? so it's safe to change its password
 
Yes, I have tested it thoroughly and I have access to internet also so at my end there are no issues until now.
 
Thanks! I have root access to my ONT now. And also, it's completely "airtel free" running the ALCL profile, and then I did hard reset to remove any uneccesary airtel config and manually added the things that are required 🙂
 
You're welcome 🙂 I was trying to do this from months and finally I'm no longer locked by Airtel.
Also I've tested one bug where prepaid user can access internet without recharge, I'll have to check it out further.
 

Top