I started afresh with firmware 1.016t, reset it to factory default and backed up the conf file.
This new conf file decrypted ok, I then enabled telnet by changing the following line:
<X_ServiceManage TelnetEnable="
1" TelnetPort="23" KeyEquipMode="0" ConsoleEnable="" UseNewConfig="0" CircleTestDevice=""
The modified file encrypted without any problems and restored ok to the HG635, testing showed telnet was enabled. Login: admin / admin
I've now got the HG635 connected to the internet and so far "shields up" shows port 23 to be stealthed.
I'll leave it running for a week to be sure port 23 doesn't become open to the world. Once I confident the port stays stealth I'll upload my modified conf file for others to use.
Thanks again Ayosi for this decryption / encryption tool.