Open c4nnyiyim16 opened 1 month ago
bump
+
Same issue for me. Is there any suggestion?
not supported yet we are waiting ...
Can someone upload their config.bin
so that I can have a look at it?
Do you want to drop me the serial number via email (mkst@protonmail.com)... because I don't get the same error as you.
$ python3 examples/decode.py tmp/H298A_V1.bin tmp/config.cfg --serial ZTAXXXXXXXXX
Detected signature: H298A V9
Detected payload type 4
Trying to decode Type 4 payload...
No keygens matched the supplied/detected signature and parameters! Try adding --try-all-known-keys and try again.
I wonder if anyone has managed to grab the cspd
binary from this router to figure out what the iv + keys are?
how to get cspd binary?
Do you want to drop me the serial number via email (mkst@protonmail.com)... because I don't get the same error as you.
$ python3 examples/decode.py tmp/H298A_V1.bin tmp/config.cfg --serial ZTAXXXXXXXXX Detected signature: H298A V9 Detected payload type 4 Trying to decode Type 4 payload... No keygens matched the supplied/detected signature and parameters! Try adding --try-all-known-keys and try again.
I sent an email
I wonder if anyone has managed to grab the
cspd
binary from this router to figure out what the iv + keys are?
I sent an email as well any help is appreciated.
For some reason, the config.bin
files you are downloading are encoded as base64
.
So you would first need to do something like
import base64
with open("config.bin", "rb") as f:
data = f.read()
with open("config.bin", "wb") as f:
f.write(base64.b64decode(data))
However. that only gets you as far as being able to try to decode it. I wonder if these routers require the MAC as well as the Serial Number (and/or whether there are additional iv/key prefix or suffixes).
In terms of getting the cspd
file.. if you already have telnet access it's probably easy. I dont know whether this youtube video is of any use. Alternatively if there is a firmware update file for this router we can take a look (although it may be encrypted).
As far as I understand, it comes encrypted with base64 with the new version. zte-config-utility does not work. The config file I take before works without any problems. When I decoded the current config file from base64 and tried again, I couldn't get the result.
C:\zte-config-utility-master>py examples/decode.py --mac 8C:DE:xxxxxxxxx --serial ZTC0B1xxxxxxxxx config.bin config.xml Detected signature: ZXHN H298A V1.0 Detected payload type 4 Trying to decode Type 4 payload... Trying key: '8cc72b05705d5c46ZTC0B10105F4CA' iv: '667b02a85c61c786ZTC0B10105F4CA' generated from serial: 'ZTCxxxxxxxxxxx' Failed to decrypt payload. Tried 1 generated key(s)!
Can you try with auto.py
instead of decode.py
?
I tried it in many ways, with Mac, with serial with password
C:\zte-config-utility-master>py examples/auto.py --mac 8C:DE:xxxxxxxx --serial ZTC0xxxxxxxxx --password aaxxxxxxx config.bin config.xml Unable to find valid key for payload.
same
When writing this code to decode config.bin to config.xml: py examples/decode.py --serial ZTEXXX config.bin config.xml it gives me blank config.xml file and it says this in cmd message: Traceback (most recent call last): File "C:\Users\merta\Desktop\zte-config-utility-master\examples\decode.py", line 194, in
main()
File "C:\Users\merta\Desktop\zte-config-utility-master\examples\decode.py", line 49, in main
payload_type = zcu.zte.read_payload_type(infile)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\merta\AppData\Roaming\Python\Python312\site-packages\zcu-0.4.0-py3.12.egg\zcu\zte.py", line 56, in read_payload_type
File "C:\Users\merta\AppData\Roaming\Python\Python312\site-packages\zcu-0.4.0-py3.12.egg\zcu\zte.py", line 48, in read_payload
ValueError: Payload header does not start with the payload magic.
Any help will be appreciated