search

boginw / zyxel-vmg8825-keygen

A key generator for Zyxel VMG8825-T50
GNU General Public License v2.0
18 stars 6 forks source link

Zyxel EX5601-T0 #7

Open Frostis12 opened 7 months ago

Frostis12 commented 7 months ago

There seems to be new algorithm for Zyxel EX5601-T0 router and possibly other newer models. In libzcfg.so i can find "zcfgBeCommonIsApplyRandomSupervisorPasswordNewAlgorithm"

libzcfg_be.zip

aka-khalid commented 7 months ago

@boginw idk if it's useful, but I downloaded "V550ABPM8.1C0.bin", extracted the "libzcfg_be.so". tried to decompile it using RetDec and got this: libzcfg_be.zip I have ZERO experience in reverse engineering neither in C, so I can't figure out what I should do next. Buy I found a lot of functions in there, I believe these are usueful:

zcfgBeCommonAccountPasswordToSN
zcfgBeCommonAccountPasswordToSN2
zcfgBeCommonIsApplyRandomAdminPassword
zcfgBeCommonIsApplyRandomAdminPassword2
zcfgBeCommonIsApplyRandomAdminPasswordNewAlgorithm
zcfgBeCommonIsApplyRandomAdminPasswordNewAlgorithm2
zcfgBeCommonIsApplyRandomSupervisorPasswordNewAlgorithm
zcfgBeCommonIsApplyRandomSupervisorPasswordNewAlgorithm2
gilsonolegario commented 4 months ago

"GP_Privilege" stands for "http,ssh,telnet,ftp", sometimes "login,httpd,samba"

"X_ZYXEL_LoginCfg": {
"LoginGroupNumberOfEntries": 3,
"LoginGroupConfigurable": true,
"LogGp": [
{
"GP_Privilege": "http,ssh,telnet,ftp",
"Account": [
{
"AutoShowQuickStart": false,
"Enabled": true,
"EnableQuickStart": true,
"Page": "",
"Username": "root",
"Password": "",
"PasswordHash": "",
"Privilege": "login"
},
{
"AutoShowQuickStart": false,
"Enabled": true,
"EnableQuickStart": true,
"Page": "",
"Username": "supervisor",
"Password": "",
"PasswordHash": "",
"Privilege": "login,httpd,samba"
},
{
"AutoShowQuickStart": false,
"Enabled": true,
"EnableQuickStart": true,
"Page": "",
"Username": "kkkk",
"Password": "kkkk",
"PasswordHash": "",
"Privilege": "login,httpd,samba"
}