Unlock G-2425G-A router running on latest firmware

Note: Tested for Nokia router G-2425G-A running on firmware 3FE49362JJIJ50.

Use this script to decrypt your configuration file. This script has been updated for latest firmware (3FE49362JJIJ50).


Source

All the steps to decrypt the config files has been already discussed in other posts as well, kindly follow them.

1) After decrypting the config file, open the generated xml file in a text editor.
2) Search for TelnetSshAccount section and write username as ONTUSER and password as "anyrandompassword" (remember this password for future).
3) Enable ONTUSER to drop into busybox instead of vtysh by setting LimitAccount_ONTUSER to false. Go to LimitAccount_ONTUSER section and change that option to FALSE.
4) Encrypt the config file again using the same script and import in your router (remember to enable telnet in Security --> Access Control --> LAN).
5) Now use any tool to access telnet, I have used windows powershell (you can enable telnet in windows additional features).
6) In Windows PowerShell write; telnet --> o --> 192.168.1.1

Username: ONTUSER
Password: your password from STEP 2

7) Now in shell write ---> ritool set OperatorID ALCL

After this step you have enabled root access. Login to your router to check everything has been unlocked.

Now hard reset from back of the router is recommended to enable editing any WAN settings but before that remember to take a backup of your configuration and wan settings.

8) After hardreset the router's gateway will default to 192.168.1.254 and username and password will change to AdminGPON and ALC#FGU respectively.

 

[user848654]

@Rehan ahmad your method is good, but it has issues.

Firstly, While running it on Python 3.11 because line 55 from Crypto.Cipher import AES is a module which was abandoned in newer Python builds. I might suggest using a website like https://ont-lab.tripleoxygen.net/nokia/configs for decrypting and encrypting of config file, I know it doesn't show our firmware in the dropdown menu but it still gets the job done.

Secondly, If we hard reset after unlocking we lose VoIP settings to get VoIP working again we need to reconfigure Voice Settings which is under Application in the WebGUI. One has to manually save those settings if they want VoIP back and working. Voice Settings has a field which states "AuthPassword" luckily I knew the password for it which was "Huawei@1" and I got it back working.

 

[Rehan ahmad]

@MZRecords Thanks for pointing it out, installing pycryptodome instead of pycrypto is recommended as pycrypto is not safe (also recommended here in stackoverflow: https://stackoverflow.com/questions/19623267/importerror-no-module-named-crypto-cipher).
I haven't tested that link method, but if it's working i guess that's better way to go with it.

Also backing up your config file before hard reset can save your credentials that can be imported later on (you can also pick them up from decrypted config file).

 

[Rajneesh Rana]

@Rehan ahmad Yes tried hard reset and then it gave option to edit wan and also to enable bridge mode.
But on enabling bridge mode it again has same issue of no LAN connection on port and thus not able to use it to dial PPPoe connection

 

[albonycal]

Try with port 4

 

[Rajneesh Rana]

@albonycal yes used the same port.
had tried enabling bridge on3,4 and then adding all ports to bridge.
After that had to hard reset as ONT was not accessible.

Things learnt in this process
1. for import the ONT does not import settings always and have to retry few times.
2. On import it's best to rename new config to config.cfg. For me other file name did not import at all
3. Backup/original config works even after unlocking. Used it to restore connection after hard reset as ONT will not get the settings automatically from Airtel

 

[albonycal]

If you use original config, it will get locked again. After you unlock it and hard reset. Put the PPPOE config + VLAN manually don't reimport the OG config

 

[Rajneesh Rana]

Sure, will keep that in mind.
Have both original and updated config files available now.

What about the issue of no link on bridged ports?

 

[albonycal]

I haven't tried using bridge mode yet, I don't have another router. Make sure the ONT is fully unlocked and then try enabling bridge mode again (port 4)

 

[Rehan ahmad]

I have tested bridge mode multiple times on port 4 it was working for me. On your second router make sure the pppoe credentials and VLAN ID is correct.

While on bridge mode your second router will not be able to connect via local network, you need to input pppoe configs in your second router with the correct vlan id that will authenticate your second router from Airtel's backend and assign you a new ip.

For me configs are like this.
Vlan ID: 100
Username: [email protected]
Password: account number

 

[Rajneesh Rana]

On port 4 it would show a LAN connection if bridge mode is correctly enabled?

I am trying to use it with pfsense.