Decrypting my ISP's ZTE F670L router config in 5 minutes

nnotvcto about 18 hours ago 2 commentsRead Article on gist.github.com

DE version is available. Content is displayed in original English for accuracy.

⚡ Community Insights

Discussion Sentiment

100% Positive

Analyzed from 84 words in the discussion.

Discussion (2 Comments)Read Original on HackerNews

up-n-atom•about 4 hours ago

it’s a commonality. we discover the same over and over on the 8311 discord at pon.wiki. often the result of disclosure is a firmware update that removes the ability to create a configuration backup and restore.

notvcto•about 18 hours ago

Grabbed the config.bin off my ISP-provided ZTE F670L, decrypted it in about 5 minutes. The "encryption" key is just the serial number base concatenated with the byte-reversed MAC address... both printed on the sticker.

Inside: GPON credentials, TR-069 ACS config, VoIP SIP keys, and a hidden super admin account with full privileges. The password was in HaveIBeenPwned.

Used zte-config-utility. Steps are in the gist.