Unlock G-2425G-A router running on latest firmware

Note: Tested for Nokia router G-2425G-A running on firmware 3FE49362JJIJ50.

Use this script to decrypt your configuration file. This script has been updated for latest firmware (3FE49362JJIJ50).


Source

All the steps to decrypt the config files has been already discussed in other posts as well, kindly follow them.

1) After decrypting the config file, open the generated xml file in a text editor.
2) Search for TelnetSshAccount section and write username as ONTUSER and password as "anyrandompassword" (remember this password for future).
3) Enable ONTUSER to drop into busybox instead of vtysh by setting LimitAccount_ONTUSER to false. Go to LimitAccount_ONTUSER section and change that option to FALSE.
4) Encrypt the config file again using the same script and import in your router (remember to enable telnet in Security --> Access Control --> LAN).
5) Now use any tool to access telnet, I have used windows powershell (you can enable telnet in windows additional features).
6) In Windows PowerShell write; telnet --> o --> 192.168.1.1

Username: ONTUSER
Password: your password from STEP 2

7) Now in shell write ---> ritool set OperatorID ALCL

After this step you have enabled root access. Login to your router to check everything has been unlocked.

Now hard reset from back of the router is recommended to enable editing any WAN settings but before that remember to take a backup of your configuration and wan settings.

8) After hardreset the router's gateway will default to 192.168.1.254 and username and password will change to AdminGPON and ALC#FGU respectively.

 

[Hitori_Abhito7]

@sk7411 How did you dial up using static ip?

 

[tr1k0N4]

Bro @sahilkr24

I want to know if unlocking this airtel router will allow me to connect to lan 4 in bridge mode without the vlan 100 tagging?

Unfortunately, that's just not possible on this Nokia ONT. I just took a look and there are no other settings related to bridge mode apart from the ones found on the LAN page, even after unlocking the router. So, you're out of luck here.

Secondly, when you say this:

with my testing i figured out that even if pppoe is not successful, TP-Link will still use secondary connection for internet.

Are you speaking from practical experience or are these merely some nuggets of info you gleaned from the internet? If you actually made it work, mind sharing the setup you used, and the steps involved?

Thanks and cheers, pal!

 

[sk7411]

@Hitori_Abhito7 , I tried using static ip under WAN settings in my Asus router . I even tried setting VID to 100 in the IPTV settings but the network cable is unplugged still showed up.

When i used the XZ000 G3v1 , i set the VLAN tag mode to 100 with Pri to 0 . Disabled the dhcp and connected LAN to my pc with the given static ip, it still did not work though

 

[sahilkr24]

Are you speaking from practical experience or are these merely some nuggets of info you gleaned from the internet? If you actually made it work, mind sharing the setup you used, and the steps involved?

@tr1k0N4 I have tried this myself, I accidentally discovered this when I was trying to get pppoe to run. So I did the setup on TP-Link with my airtel username and password and set secondary connection as Dynamic IP.
I had not enabled bridge mode in my airtel router yet so I fully expected to internet to stop working but surprisingly it continued to work, which was odd so I looked up in the airtel router > home networking and sure, there was my tp link router assinged an ip via dhcp.
I thought this was fluke so I plugged my lan cable into my bsnl modem and it got ip from that too.
I did some research after this and figured out that tp link would try to connect via both primary and secondary connections and there are mutually exclusive.
For the secondary connection you are limited to DynamicIP or StaticIP only.
Only IP and subnet values are accepted so I think if your primary connection is up, it tries to use the same gateway, but when it's down it uses the gateway that was assigned via dhcp from parent router, so internet works. It's a very crude way of getting backup internet without have to go in router and change connection type. But since airtel vlan tagging is preventing this from happing I think I'm left with either bricking the airtel router so they give me a new one, or getting a tp link tlr605 and cry with double nat.

I have attached the sceenshot and model details:

Source

 

[sahilkr24]

Brother @tr1k0N4, my suspicions were correct. The secondary connection thingy does work, in fact I'm writing this message over that same secondary connection. When I realised that there is no way to strip VLAN tag while bridging from airtel Nokia router, I turned my attention to the other way around.

The secondary connection in dynamic mode wasn't getting a IP from dhcp because it carried a VLAN100 tag, and both nokia or Syrotech or any small home router won't have settings to deal with vlan tagged packages asking for an ip.

In order to get around this, I decided to install open wrt on my archer c6 v2 and then after 4 hrs of trial and resets I was finally able to create and route a custom vlan interface that looked for vlan100 packets and assigned ips to them. This archer a6 has a pretty rudimentary double nat connection to bsnl syrotech for internet. I could make it bridged later on.

The configuration is in such a way that if a device requests an ip without vlan tag, it gets assinged an ip in 10.0.0.0/24 subnet, where as when a vlan 100 tag appears they are assigned ips in 10.0.1.0/24. I added entries in ARP table so that these subnets and communicate within themselves, tho I don't think I will ever plug anything there.

So my current setup is either I plug into

• Nokia router LAN 4 and get pppoe connection to airtel (no double nat + ipv6 + tp ddns + openvpn goodness)
• TP-Link Archer C6 LAN 4 and get dynamic ip (with double/triple nat) [the aim here was mostly to make it so simple that my parents can also switch cables, in events of airtel having connectivity issues which are rare in my area]

Source

 

[tr1k0N4]

Brother, @sahilkr24, kudos on the achievement of your current setup!
And yes, the moment you installed openwrt on your Archer A6/C6, half of your issues would have disappeared right then and there.

 

[harman22]

i have two Nokia locked modems ,one was unlocked with same method ,but other showing login incorrect in telnet. i tried admin ,admin - admin:admin# , ontuser , too ,,any solution for this .nokia modem is on I03 firmware

 

[sidyr20]

Can anyone help me? I tried following the steps exactly and generated 'cfg' file using the script, but when I am tryign to upload it, I facing an error 'Upload failed: Invalid File'

• I have changed the telnet->LAN->'Allow' in router settings.
• Changed both TelnetSshAccount and LimitAccount_ONTUSER settings:

<TelnetSshAccount. n="TelnetSshAccount" t="staticObject">
<Enable rw="RW" t="boolean" v="True"></Enable>
<UserName ml="64" rw="RW" t="string" v="ONTUSER"></UserName>
<Password ml="64" rw="RW" t="string" v="MyPassword" ealgo="ab"></Password>
</TelnetSshAccount.>

<LimitAccount_ONTUSER rw="RW" t="boolean" v="false"></LimitAccount_ONTUSER>

• I have used the command that got diplayed on the CLI to encrypt the 'cfg; file'

python3 nokia_tool.py -pleS23l7nZm47XyMGs6y6oJpN9CR4nbfIZHJ4VRwp7HcdV6o2YvUmeNYFlz08Otwz78 config-30042024-223328.xml 0xffffffff

 

[tr1k0N4]

Brdr, are you renaming your file as config.cfg before uploading?

 

[harman22]

@ravi172003 bro wt u use as telnet password on j54 firmware ,,as it is showing me incorrect password everytime