Last active
February 16, 2026 16:08
-
-
Save lc-at/acb3e0e86ec5250089d09dab97fe24c8 to your computer and use it in GitHub Desktop.
Restart script ZTE F6600P
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """Simple script to restart the ZTE F6600P modem/wireless router""" | |
| import base64 | |
| import hashlib | |
| from Crypto.PublicKey import RSA | |
| from Crypto.Cipher import PKCS1_v1_5 | |
| import requests | |
| base_url = "http://192.168.1.1" # no trailing slash | |
| username = "admin" | |
| password = "Telkomdso123" | |
| public_key = RSA.import_key( | |
| "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodPTerkUVCYmv28SOfRV\n7UKHVujx/HjCUTAWy9l0L5H0JV0LfDudTdMNPEKloZsNam3YrtEnq6jqMLJV4ASb\n1d6axmIgJ636wyTUS99gj4BKs6bQSTUSE8h/QkUYv4gEIt3saMS0pZpd90y6+B/9\nhZxZE/RKU8e+zgRqp1/762TB7vcjtjOwXRDEL0w71Jk9i8VUQ59MR1Uj5E8X3WIc\nfYSK5RWBkMhfaTRM6ozS9Bqhi40xlSOb3GBxCmliCifOJNLoO9kFoWgAIw5hkSIb\nGH+4Csop9Uy8VvmmB+B3ubFLN35qIa5OG5+SDXn4L7FeAA5lRiGxRi8tsWrtew8w\nnwIDAQAB\n-----END PUBLIC KEY-----" | |
| ) | |
| print("base_url =", base_url) | |
| session = requests.Session() | |
| session.headers["X-Requested-With"] = "XMLHttpRequest" | |
| # get sess token | |
| r = session.get(base_url + "/?_type=loginData&_tag=login_entry") | |
| assert r.status_code == 200 | |
| sess_token = r.json()["sess_token"] | |
| print("sess_token =", sess_token) | |
| # get login token | |
| r = session.get(base_url + "/?_type=loginData&_tag=login_token") | |
| assert r.status_code == 200 | |
| login_token = r.text[r.text.find(">") + 1 : r.text.find("<", 1)] | |
| assert login_token.isdigit() | |
| print("login_token =", login_token) | |
| # the login | |
| pwd_sha256 = hashlib.sha256(password.encode() + login_token.encode()).hexdigest() | |
| r = session.post( | |
| base_url + "/?_type=loginData&_tag=login_entry", | |
| data={ | |
| "action": "login", | |
| "Password": pwd_sha256, | |
| "Username": username, | |
| "_sessionTOKEN": sess_token, | |
| }, | |
| ) | |
| assert r.status_code == 200 | |
| sess_token = r.json()["sess_token"] | |
| print("[logged in] sess_token =", sess_token) | |
| session.get(base_url) | |
| # get tmp session token | |
| r = session.get(base_url + "/?_type=menuView&_tag=rebootAndReset&Menu3Location=0") | |
| needle = '_sessionTmpToken = "' | |
| o1 = r.text.find(needle) + len(needle) | |
| o2 = r.text.find('"', o1) | |
| tmp_sess_token = bytes.fromhex(r.text[o1:o2].replace(r"\x", "")).decode() | |
| print("[logged in] tmp sess_token =", tmp_sess_token) | |
| # the reset | |
| body = "IF_ACTION=Restart&Btn_restart=&_sessionTOKEN=" + tmp_sess_token | |
| cipher = PKCS1_v1_5.new(public_key) | |
| encrypted_body = cipher.encrypt(hashlib.sha256(body.encode()).hexdigest().encode()) | |
| check_header = base64.b64encode(encrypted_body).decode() | |
| r = session.post( | |
| base_url + "/?_type=menuData&_tag=devmgr_restartmgr_lua.lua", | |
| data=body, | |
| headers={ | |
| "Check": check_header, | |
| "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", | |
| }, | |
| ) | |
| print("[logged in] restart response =", r.text) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment