Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: Ayosi on June 09, 2015, 05:10:08 PM
-
I wrote a Python program to decrypt and encrypt the configuration file.
To decrypt a configuration file use:
python hg635_configtool.py decrypt input_file output_file
To encrypt a configuration file use:
python hg635_configtool.py encrypt input_file output_file
You can download it http://pastebin.com/JbZjygY3 (http://pastebin.com/JbZjygY3)
I don't have a HG635 router to test this so use it at your own risk...
-
Thank you for providing that tool. I don't have a Huawei HG635, either, so I am unable to try it out.
-
Absolutely brilliant! :yay: :yay:
I've decrypted a couple of HG635 conf files and it works perfectly, I can see where telnet is disabled.
I've yet to encrypt a file and restore it -- hopefully tomorrow.
Thanks so much for providing this tool.
-
Seconded -- amazing. :yay: Like npr I have yet to try the reverse step. I looks easy to enable telnet and it will be interesting to see if the previous telnet enabled security issues reoccur when the change is made this way. If they do we will need to understand the firewall setup instructions
-
I have a few HG635 config files from when I was running it and two decrypt OK but two others come up with Bad config file ... exiting these are from the very first backup when I initially got me HG635 from TT. Interestingly I can only find Telnet being active in my config files which do decrypt unless I'm looking in the wrong place.
Stuart
-
I started afresh with firmware 1.016t, reset it to factory default and backed up the conf file.
This new conf file decrypted ok, I then enabled telnet by changing the following line:
<X_ServiceManage TelnetEnable="1" TelnetPort="23" KeyEquipMode="0" ConsoleEnable="" UseNewConfig="0" CircleTestDevice=""
The modified file encrypted without any problems and restored ok to the HG635, testing showed telnet was enabled. Login: admin / admin
I've now got the HG635 connected to the internet and so far "shields up" shows port 23 to be stealthed.
I'll leave it running for a week to be sure port 23 doesn't become open to the world. Once I confident the port stays stealth I'll upload my modified conf file for others to use.
Thanks again Ayosi for this decryption / encryption tool. :clap:
-
Also a complete success here and nice to have the telnet login admin/admin. Many thanks for this Ayosi. I will keep an eye on Shields up as previously things did not go wrong straight away.
Out of interest how did you go about the task working out how to do it. I am sure it is beyond me but I would be interested to have a rough idea
-
Thanks.....I decrypted my conf file, edited the CLI username and encrypted and restored the config.
No problems.
Ian
-
One thing about this, it would also be good if we could change the passwords. So does anyone know how to generate the hashed passwords which appear in the decrypted config files?
Stuart
-
When telnet is enabled this way the telnet password username becomes admin / admin the same as the GUI.
I believe you can change the GUI's password in the GUI, you could try that and see if it also changes the telnet password.
-
When telnet is enabled this way the telnet password username becomes admin / admin the same as the GUI.
I believe you can change the GUI's password in the GUI, you could try that and see if it also changes the telnet password.
No it does not because as soon as I loaded the config I reset the admin p/w but telnet stayed the same.
Maybe you can do it via telnet, I'll take a look.
Stuart
-
Yes your right, there looks to be two instances of password / username in the conf file.
for the WEB GUI
<X_Web Timeout="30" QuickConfigured="1">
<UserInfo NumberOfInstances="1">
<UserInfoInstance InstanceID="1" Username="admin" Userpassword="Ozgo8BYclaAK2X6zNJYepz1zqjFMhsmITvAGAMcsPcqA6uot79n1NnaGkC0Fkq/Widdyl29mxYwY9X2uROW3fGfZwL5HIGyxgEXIuMQxE+U=" Userlevel="2" UserpasswordSource="" EnablePasswdPrompt="0" UserpasswdPrompt=""/>
</UserInfo>
</X_Web>
And for the CLI
<X_Cli>
<UserInfo NumberOfInstances="1">
<UserInfoInstance InstanceID="1" Username="admin" Userpassword="PPOLwiqNO3lE3enntnka40==" Userlevel="0"/>
</UserInfo>
</X_Cli>
-
I also discovered that if you try to add lines and encrypt it will not load the new config file so there must be something in there which tells the router you have messed with the file!
Stuart
-
OK ref passwords I got myself a tad confused here. When you change the admin password using the web page it also changes the telnet password to be the same although it does not alter the telnet username. Now that's settled I am happy and have a correctly configured HG635 I can use in place of my VMG8924 which has to be returned to ZyXEL (see other thread).
Stuart
-
Could someone please help me how to use this tool i have the tool and the config file what should i do next i have no experience with python.
thanks
-
mrben100....welcome to the forum....
have you any experience of linux......it seems you can run python scripts under windows.
Do a google for "run python script windows" and see if you can instal the python package and then run a script on your PC.
I ran this decrypt script on my raspberry pi, i renamed the script to hg635.py then ran the command ......
python hg635.py decrypt downloaded_config_file my_decrypted_config_file
Where downloaded_config_file is the config downloaded from the router...and my_decrypted_config_file is the new readable and editable config
Hope this helps
Ian
edit ...typos
-
mrben100....welcome to the forum....have you any experience of linux......it seems you can run python scripts under windows.
Do a google for "run python script windows" and see if you can instal the python package and then run a script on your PC.
I ran this decrypt script on my raspberry pi, i renamed the script to hg635.py then ran the command ......
python hg635.py decrypt downloaded_config_file my_decrypted_config_file
Where downloaded_config_file is the config downloaded from the router...and my_decrypted_config_file is the new readable and editable config
Hope this helps
Ian
edit ...typos
thanks for your answer i have installed python and i could run the script but i get this msg
(config file not found…exiting).
thanks again
-
mrben100....welcome to the forum....have you any experience of linux......it seems you can run python scripts under windows.
Do a google for "run python script windows" and see if you can instal the python package and then run a script on your PC.
I ran this decrypt script on my raspberry pi, i renamed the script to hg635.py then ran the command ......
python hg635.py decrypt downloaded_config_file my_decrypted_config_file
Where downloaded_config_file is the config downloaded from the router...and my_decrypted_config_file is the new readable and editable config
Hope this helps
Ian
edit ...typos
thanks again now it works fine
but i need key/value pairs for HG532s
-
Hi just trying to use this script on my HG635 from TT.
I am getting the attached error from the script.
Am I doing something daft?
Running python script from windows prompt in windows 10.
Regards
Clive
Edit: I'm running python 3.5.2
Edit: Cracked it, I needed pycrypto installed :-)
-
hello all, i have a hg633 and when i do the decrypt i get Bad config file...exiting every time even after a clean reset on the router can someone please help me with this thanks again alan
-
A python script to decrypt and encrypt the config file from a talktalk HG633 router can be found at the following link.
https://pastebin.com/uhSuWunY
Credit to:
https://hg658c.wordpress.com/2017/12/04/decrypting-configuration-files-from-other-huawei-home-gateway-routers/
Use the script the same way as in the first post of this thread.
To enable telnet modify the 7th line of the decrypted config file, preferably using Notepad++ to edit the file, windows notepad may cause errors in the file.
Old line:
<X_ServiceManage CircleTestDevice="" CircleTestResult=""/>
New line:
<X_ServiceManage TelnetEnable="1" TelnetPort="23" KeyEquipMode="0" ConsoleEnable="" CircleTestDevice="" CircleTestResult=""/>
The router uses a cut down version of the broadcom "xdslcmd" commands
ie
$ xdslcmd
Usage: xdslcmd start [--up] [--mod <a|d|l|t|2|p|e|m|v>]
[--trellis <on|off>] [--bitswap <on|off>] [--sesdrop <on|off>]
[--sra <on|off>] [--phyReXmt <0|1>] [--i24k <on|off>]
[--profile <0x01 - 0xFF>|<"8a |8b |8c |8d |12a |12b |17a |30a">]
[--SOS <on|off>]
xdslcmd stop
xdslcmd connection [--up] [--down] [--loopback]
[--diagmode] [--normal] [--L0]
xdslcmd configure [--mod <a|d|l|t|2|p|e|m|v>]
[--trellis <on|off>] [--bitswap <on|off>] [--sesdrop <on|off>]
[--sra <on|off>] [--phyReXmt <0|1>] [--i24k <on|off>]
[--profile <0x01 - 0xFF>|<"8a |8b |8c |8d |12a |12b |17a |30a">]
[--SOS <on|off>]
xdslcmd info [--state] [--show] [--stats] [--SNR] [--QLN] [--Hlog] [--Hlin] [--Bits]
[--linediag] [--linediag1] [--pbParams][--vdsllinediag] [--adsllinediag] [--total] [--testparam]
[--vendor]
xdslcmd profile [--show]
xdslcmd --version
xdslcmd --help
Note: some of these xdslcmd commands are a bit flaky, the --Bits command only show results for download frequencies all upload frequencies give "0".
CPU info for the HG633:
$ cat /proc/cpuinfo
Processor : ARMv7 Processor rev 1 (v7l)
processor : 0
BogoMIPS : 1497.49
processor : 1
BogoMIPS : 1497.49
Features : swp half thumb fastmult edsp
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x4
CPU part : 0xc09
CPU revision : 1
Hardware : sd56xx
Revision : 0000
Serial : 0000000000000000
The file worked on my HG633 but please use as your own risk.
-
Hello anyone can reupload the python script to decrypt and encrypt hg635 config file it seems i could not find it anywhere
thanks for the help
hg635_configtool.py
-
This link https://pastebin.com/uhSuWunY (https://pastebin.com/uhSuWunY) works.
Stuart
-
yes that script is for hg633 already tried on my hg635 config file it does not work
-
Try this:
https://web.archive.org/web/20160305161411/http://pastebin.com/JbZjygY3
-
Try this:
https://web.archive.org/web/20160305161411/http://pastebin.com/JbZjygY3
thanks it works !