rajkosto · April 4, 2025 11:03 · carlos-chavez-p · Apr 3, 2025
diff --git a/nokia-router-cfg-tool.py b/nokia-router-cfg-tool.py
 #!/usr/bin/env python3


 #
 # Nokia/Alcatel-Lucent router backup configuration tool
 # G2425 support added by rajkosto on 20/11/2022
 # XS-2426G-B support added by rajkosto on 28/02/2023
 #
 # Features:
 # - Unpack/repack .cfg files generated from the backup and restore functionnality
 #   in order to modify the full router configuration
 # - Decrypt/encrypt the passwords/secret values present in the configuration
 #
 # Original author blog post: https://0x41.cf/reversing/2019/10/08/unlocking-nokia-g240wa.html
 #
 # Released under the MIT License (http://opensource.org/licenses/MIT)
 # Copyright (c) Sami Alaoui Kendil (thedroidgeek)
 # Copyright (c) Rajko Stojadinovic (rajkosto)
 #


 import io
 import sys
 import zlib
 import struct
 import base64
 import binascii
 import datetime
 import hashlib
 import secrets


 big_endian = True
 encrypted_cfg = False


 def u32(val):
    return struct.unpack('>I' if big_endian else '<I', val)[0]

 def p32(val):
    return struct.pack('>I' if big_endian else '<I', val)

 def checkendian(cfg):
    if (cfg[0:4] == b'\x00\x12\x31\x23'):
        return True
    elif (cfg[0:4] == b'\x23\x31\x12\x00'):
        return False
    else:
        return None


 class RouterCrypto:

    def __init__(self):

        from Crypto.Cipher import AES

        # key and IV for AES
        key = '3D A3 73 D7 DC 82 2E 2A 47 0D EC 37 89 6E 80 D7 2C 49 B3 16 29 DD C9 97 35 4B 84 03 91 77 9E A4'
        iv  = 'D0 E6 DC CD A7 4A 00 DF 76 0F C0 85 11 CB 05 EA'

        # create AES-128-CBC cipher
        self.cipher = AES.new(bytes(bytearray.fromhex(key)), AES.MODE_CBC, bytes(bytearray.fromhex(iv)))

    def decrypt(self, data):

        output = self.cipher.decrypt(data)

        # verify and remove PKCS#7 padding
        padLen = ord(output[-1:])
        if padLen <= 0 or padLen > 16: #cannot be 0 or > blocksize
            return None

        padBytes = output[-padLen:]
        validPad = all(padByte == padLen for padByte in padBytes)
        if validPad:
            return output[:-padLen]
        else:
            return None

    def encrypt(self, data):

        # add PKCS#7 padding for 128-bit AES
        pad_num = (16 - (len(data) % 16))
        data += chr(pad_num).encode() * pad_num

        return self.cipher.encrypt(data)

 class PKCSPassCrypto(RouterCrypto):

    def __init__(self, pkcsPass, pkcsSalt):

        from Crypto.Cipher import AES
        from hashlib import pbkdf2_hmac

        keyLen = 32 #AES-256
        ivLen = 16 #AES blocksize

        if not isinstance(pkcsPass, bytes): 
            pkcsPass = pkcsPass.encode()

        pkcs = pbkdf2_hmac('sha256', pkcsPass, pkcsSalt, 10, dklen=keyLen+ivLen)
        keyBytes = pkcs[:keyLen]
        ivBytes = pkcs[keyLen:]
        self.cipher = AES.new(keyBytes, AES.MODE_CBC, ivBytes)

 #G2425 and newer config pkcs password
 PKCSPasswords = ["S23l7nZm47XyMGs6y6oJpN9CR4nbfIZHJ4VRwp7HcdV6o2YvUmeNYFlz08Otwz78"]

 #
 # unpack xml from cfg
 #

 if (len(sys.argv) == 3 and sys.argv[1] == '-u'):

    # line feed
    print('')

    # read the cfg file
    cf = open(sys.argv[2], 'rb')
    cfg_data = cf.read()

    # check cfg file magic (0x123123) and determine endianness
    big_endian = checkendian(cfg_data)

    if big_endian == None:

        # check if config is encrypted
        decrypted = None
        try:
            # decrypt and check validity
            decrypted = RouterCrypto().decrypt(cfg_data)
            big_endian = checkendian(decrypted)
        except ValueError:
            pass

        # if decryption failed, or still invalid, bail out
        if big_endian == None:
            print('invalid cfg file/magic :(\n')
            exit()

        # set decrypted cfg buffer and encryption flag
        print('-> encrypted cfg detected')
        cfg_data = decrypted
        encrypted_cfg = True

    # log endianness
    if big_endian:
        print('-> big endian CPU detected')
    else:
        print('-> little endian CPU detected')

    # get the size of the compressed data
    data_size = u32(cfg_data[0x04:0x08])

    large_header = False
    if data_size == 0:
        data_size = u32(cfg_data[0x08:0x0C])
        large_header = True

    if data_size == 0:
        print('\nERROR: config data size is 0!\n')
        exit()

    # get fw_magic (unknown, could be fw version/compile time, hw serial number, etc.)
    fw_magic = 0
    if large_header:
        fw_magic = u32(cfg_data[0x20:0x24])
    else:
        fw_magic = u32(cfg_data[0x10:0x14])
    print('-> fw_magic = ' + hex(fw_magic))

    # get the compressed data
    compressed = []
    if large_header:
        compressed = cfg_data[0x28 : 0x28 + data_size]
    else:
        compressed = cfg_data[0x14 : 0x14 + data_size]

    # get the checksum of the compressed data 
    checksum = 0
    if large_header:
        checksum = u32(cfg_data[0x10:0x14])
    else:
        checksum = u32(cfg_data[0x08:0x0C])

    # verify the checksum
    if (binascii.crc32(compressed) & 0xFFFFFFFF != checksum):
        print('\nCRC32 checksum failed :(\n')
        exit()

    uncomp_size = 0
    if large_header:
        uncomp_size = u32(cfg_data[0x18:0x1C])
    else:
        uncomp_size = u32(cfg_data[0x0C:0x10])

    # unpack the config
    xml_data = None
    try:
        xml_data = zlib.decompress(compressed)
        pkcsPass = None
    except zlib.error:
        encData = None
        pkcsSalt = None
        tryPasswords = []
        if compressed[0] == 0xFF: #pkcs encrypted payload
            tryPasswords = PKCSPasswords
            with io.BytesIO(compressed) as payload:
                payload.seek(1)
                pkcsSalt = payload.read(8)
                encData = payload.read()

        for currPass in tryPasswords:
            decryptor = PKCSPassCrypto(currPass,pkcsSalt)
            compressed = decryptor.decrypt(encData)
            if compressed is None: #pkcs padding verification failed, key is wrong
                continue

            try:
                xml_data = zlib.decompress(compressed)
                pkcsPass = currPass
            except zlib.error:
                pass

        if xml_data is None:
            if len(tryPasswords):
                raise RuntimeError('Exhausted all known encryption passwords')
            else:
                raise

    if len(xml_data) != uncomp_size:
        print('WARNING: uncompressed size does not match value in header!')

    # output the xml file
    out_filename = 'config-%s.xml' % datetime.datetime.now().strftime('%d%m%Y-%H%M%S')
    if xml_data[0] != ord('<'):
        out_filename = out_filename.replace('.xml','.ini')

    of = open(out_filename, 'wb')
    of.write(xml_data)

    print('\nunpacked as: ' + out_filename)

    recompInfo = ('-pb' if big_endian else '-pl')
    if large_header:
        recompInfo += '64'
    if encrypted_cfg or pkcsPass:
        recompInfo += 'e'
        if pkcsPass:
            recompInfo += pkcsPass

    print('\n# repack with:')
    print('%s %s %s %s\n' % (sys.argv[0], recompInfo, out_filename, hex(fw_magic)))

    cf.close()
    of.close()
 #
 # generate cfg from xml
 #

 elif (len(sys.argv) == 4 and (sys.argv[1][:3] == '-pb' or sys.argv[1][:3] == '-pl')):

    fw_magic = 0

    try:
        # parse hex string
        fw_magic = int(sys.argv[3], 16)
        # 32-bit check
        p32(fw_magic)
    except:
        print('\ninvalid magic value specified (32-bit hex)\n')
        exit()

    big_endian = sys.argv[1][:3] == '-pb'
    large_header = False
    param_len = 3
    if sys.argv[1][3:5] == '64':
        large_header = True
        param_len += 2
    elif sys.argv[1][3:5] == '32':
        large_header = False
        param_len += 2

    encrypted_cfg = False
    if len(sys.argv[1]) > param_len and sys.argv[1][param_len] == 'e':
        encrypted_cfg = True
        param_len += 1

    pkcsPass = None
    if encrypted_cfg and len(sys.argv[1]) > param_len:
        pkcsPass = sys.argv[1][param_len:]
        encrypted_cfg = False

    out_filename = 'config-%s.cfg' % datetime.datetime.now().strftime('%d%m%Y-%H%M%S')

    # read the xml file
    xf = open(sys.argv[2], 'rb')
    xml_data = xf.read()
    xf.close()

    # compress using default zlib compression
    compressed = zlib.compress(xml_data)

    # pkcs encrypt the inner data if needed
    extraDecompLen = 1 #non pkcs encrypted configs have +1 to decomp len
    if pkcsPass is not None:
        extraDecompLen = 0
        with io.BytesIO() as payload:
            payload.write(b'\xFF')
            pkcsSalt = secrets.token_bytes(8)
            payload.write(pkcsSalt)
            cryptor = PKCSPassCrypto(pkcsPass,pkcsSalt)
            payload.write(cryptor.encrypt(compressed))
            compressed = payload.getvalue()

    ## construct the header ##
    # magic
    cfg_data = p32(0x123123)
    if large_header:
        cfg_data += p32(0)
    # size of compressed data
    cfg_data += p32(len(compressed))
    if large_header:
        cfg_data += p32(0)
    # crc32 checksum
    cfg_data += p32(binascii.crc32(compressed) & 0xFFFFFFFF)
    if large_header:
        cfg_data += p32(0)
    # size of xml file
    cfg_data += p32(len(xml_data) + extraDecompLen)
    if large_header:
        cfg_data += p32(0)
    # fw_magic
    cfg_data += p32(fw_magic)
    if large_header:
        cfg_data += p32(0)

    # add the compressed xml
    cfg_data += compressed

    # encrypt overall file if necessary
    if encrypted_cfg:
        cfg_data = RouterCrypto().encrypt(cfg_data)

    # write the cfg file
    of = open(out_filename, 'wb')
    of.write(cfg_data)
    of.close()

    print('\npacked as: ' + out_filename + '\n')


 #
 # decrypt/encrypt secret value
 #

 elif (len(sys.argv) == 3 and (sys.argv[1] == '-d' or sys.argv[1] == '-e')):

    decrypt_mode = sys.argv[1] == '-d'

    if decrypt_mode:

        # base64 decode + AES decrypt
        print('\ndecrypted: ' + RouterCrypto().decrypt(base64.b64decode(sys.argv[2])).decode('UTF-8') + '\n')

    else:

        # AES encrypt + base64 encode
        print('\nencrypted: ' + base64.b64encode(RouterCrypto().encrypt(sys.argv[2].encode())).decode('UTF-8') + '\n')


 else:

    print('\n#\n# Nokia/Alcatel-Lucent router backup configuration tool\n#\n')
    print('# unpack (cfg to xml)\n')
    print(sys.argv[0] + ' -u config.cfg\n')
    print('# pack (xml to cfg)\n')
    print(sys.argv[0] + ' -pb  config.xml 0x13377331 # big endian, no encryption, fw_magic = 0x13377331')
    print(sys.argv[0] + ' -pl  config.xml 0x13377331 # little endian, ...')
    print(sys.argv[0] + ' -pbe config.xml 0x13377331 # big endian, with encryption, ...')
    print(sys.argv[0] + ' -ple config.xml 0x13377331 # ...\n')
    print('# decrypt/encrypt secret values within xml (ealgo="ab")\n')
    print(sys.argv[0] + ' -d OYdLWUVDdKQTPaCIeTqniA==')
    print(sys.argv[0] + ' -e admin\n')
	#!/usr/bin/env python3


	#
	# Nokia/Alcatel-Lucent router backup configuration tool
	# G2425 support added by rajkosto on 20/11/2022
	# XS-2426G-B support added by rajkosto on 28/02/2023
	#
	# Features:
	# - Unpack/repack .cfg files generated from the backup and restore functionnality
	# in order to modify the full router configuration
	# - Decrypt/encrypt the passwords/secret values present in the configuration
	#
	# Original author blog post: https://0x41.cf/reversing/2019/10/08/unlocking-nokia-g240wa.html
	#
	# Released under the MIT License (http://opensource.org/licenses/MIT)
	# Copyright (c) Sami Alaoui Kendil (thedroidgeek)
	# Copyright (c) Rajko Stojadinovic (rajkosto)
	#


	import io
	import sys
	import zlib
	import struct
	import base64
	import binascii
	import datetime
	import hashlib
	import secrets


	big_endian = True
	encrypted_cfg = False


	def u32(val):
	return struct.unpack('>I' if big_endian else '<I', val)[0]

	def p32(val):
	return struct.pack('>I' if big_endian else '<I', val)

	def checkendian(cfg):
	if (cfg[0:4] == b'\x00\x12\x31\x23'):
	return True
	elif (cfg[0:4] == b'\x23\x31\x12\x00'):
	return False
	else:
	return None


	class RouterCrypto:

	def __init__(self):

	from Crypto.Cipher import AES

	# key and IV for AES
	key = '3D A3 73 D7 DC 82 2E 2A 47 0D EC 37 89 6E 80 D7 2C 49 B3 16 29 DD C9 97 35 4B 84 03 91 77 9E A4'
	iv = 'D0 E6 DC CD A7 4A 00 DF 76 0F C0 85 11 CB 05 EA'

	# create AES-128-CBC cipher
	self.cipher = AES.new(bytes(bytearray.fromhex(key)), AES.MODE_CBC, bytes(bytearray.fromhex(iv)))

	def decrypt(self, data):

	output = self.cipher.decrypt(data)

	# verify and remove PKCS#7 padding
	padLen = ord(output[-1:])
	if padLen <= 0 or padLen > 16: #cannot be 0 or > blocksize
	return None

	padBytes = output[-padLen:]
	validPad = all(padByte == padLen for padByte in padBytes)
	if validPad:
	return output[:-padLen]
	else:
	return None

	def encrypt(self, data):

	# add PKCS#7 padding for 128-bit AES
	pad_num = (16 - (len(data) % 16))
	data += chr(pad_num).encode() * pad_num

	return self.cipher.encrypt(data)

	class PKCSPassCrypto(RouterCrypto):

	def __init__(self, pkcsPass, pkcsSalt):

	from Crypto.Cipher import AES
	from hashlib import pbkdf2_hmac

	keyLen = 32 #AES-256
	ivLen = 16 #AES blocksize

	if not isinstance(pkcsPass, bytes):
	pkcsPass = pkcsPass.encode()

	pkcs = pbkdf2_hmac('sha256', pkcsPass, pkcsSalt, 10, dklen=keyLen+ivLen)
	keyBytes = pkcs[:keyLen]
	ivBytes = pkcs[keyLen:]
	self.cipher = AES.new(keyBytes, AES.MODE_CBC, ivBytes)

	#G2425 and newer config pkcs password
	PKCSPasswords = ["S23l7nZm47XyMGs6y6oJpN9CR4nbfIZHJ4VRwp7HcdV6o2YvUmeNYFlz08Otwz78"]

	#
	# unpack xml from cfg
	#

	if (len(sys.argv) == 3 and sys.argv[1] == '-u'):

	# line feed
	print('')

	# read the cfg file
	cf = open(sys.argv[2], 'rb')
	cfg_data = cf.read()

	# check cfg file magic (0x123123) and determine endianness
	big_endian = checkendian(cfg_data)

	if big_endian == None:

	# check if config is encrypted
	decrypted = None
	try:
	# decrypt and check validity
	decrypted = RouterCrypto().decrypt(cfg_data)
	big_endian = checkendian(decrypted)
	except ValueError:
	pass

	# if decryption failed, or still invalid, bail out
	if big_endian == None:
	print('invalid cfg file/magic :(\n')
	exit()

	# set decrypted cfg buffer and encryption flag
	print('-> encrypted cfg detected')
	cfg_data = decrypted
	encrypted_cfg = True

	# log endianness
	if big_endian:
	print('-> big endian CPU detected')
	else:
	print('-> little endian CPU detected')

	# get the size of the compressed data
	data_size = u32(cfg_data[0x04:0x08])

	large_header = False
	if data_size == 0:
	data_size = u32(cfg_data[0x08:0x0C])
	large_header = True

	if data_size == 0:
	print('\nERROR: config data size is 0!\n')
	exit()

	# get fw_magic (unknown, could be fw version/compile time, hw serial number, etc.)
	fw_magic = 0
	if large_header:
	fw_magic = u32(cfg_data[0x20:0x24])
	else:
	fw_magic = u32(cfg_data[0x10:0x14])
	print('-> fw_magic = ' + hex(fw_magic))

	# get the compressed data
	compressed = []
	if large_header:
	compressed = cfg_data[0x28 : 0x28 + data_size]
	else:
	compressed = cfg_data[0x14 : 0x14 + data_size]

	# get the checksum of the compressed data
	checksum = 0
	if large_header:
	checksum = u32(cfg_data[0x10:0x14])
	else:
	checksum = u32(cfg_data[0x08:0x0C])

	# verify the checksum
	if (binascii.crc32(compressed) & 0xFFFFFFFF != checksum):
	print('\nCRC32 checksum failed :(\n')
	exit()

	uncomp_size = 0
	if large_header:
	uncomp_size = u32(cfg_data[0x18:0x1C])
	else:
	uncomp_size = u32(cfg_data[0x0C:0x10])

	# unpack the config
	xml_data = None
	try:
	xml_data = zlib.decompress(compressed)
	pkcsPass = None
	except zlib.error:
	encData = None
	pkcsSalt = None
	tryPasswords = []
	if compressed[0] == 0xFF: #pkcs encrypted payload
	tryPasswords = PKCSPasswords
	with io.BytesIO(compressed) as payload:
	payload.seek(1)
	pkcsSalt = payload.read(8)
	encData = payload.read()

	for currPass in tryPasswords:
	decryptor = PKCSPassCrypto(currPass,pkcsSalt)
	compressed = decryptor.decrypt(encData)
	if compressed is None: #pkcs padding verification failed, key is wrong
	continue

	try:
	xml_data = zlib.decompress(compressed)
	pkcsPass = currPass
	except zlib.error:
	pass

	if xml_data is None:
	if len(tryPasswords):
	raise RuntimeError('Exhausted all known encryption passwords')
	else:
	raise

	if len(xml_data) != uncomp_size:
	print('WARNING: uncompressed size does not match value in header!')

	# output the xml file
	out_filename = 'config-%s.xml' % datetime.datetime.now().strftime('%d%m%Y-%H%M%S')
	if xml_data[0] != ord('<'):
	out_filename = out_filename.replace('.xml','.ini')

	of = open(out_filename, 'wb')
	of.write(xml_data)

	print('\nunpacked as: ' + out_filename)

	recompInfo = ('-pb' if big_endian else '-pl')
	if large_header:
	recompInfo += '64'
	if encrypted_cfg or pkcsPass:
	recompInfo += 'e'
	if pkcsPass:
	recompInfo += pkcsPass

	print('\n# repack with:')
	print('%s %s %s %s\n' % (sys.argv[0], recompInfo, out_filename, hex(fw_magic)))

	cf.close()
	of.close()
	#
	# generate cfg from xml
	#

	elif (len(sys.argv) == 4 and (sys.argv[1][:3] == '-pb' or sys.argv[1][:3] == '-pl')):

	fw_magic = 0

	try:
	# parse hex string
	fw_magic = int(sys.argv[3], 16)
	# 32-bit check
	p32(fw_magic)
	except:
	print('\ninvalid magic value specified (32-bit hex)\n')
	exit()

	big_endian = sys.argv[1][:3] == '-pb'
	large_header = False
	param_len = 3
	if sys.argv[1][3:5] == '64':
	large_header = True
	param_len += 2
	elif sys.argv[1][3:5] == '32':
	large_header = False
	param_len += 2

	encrypted_cfg = False
	if len(sys.argv[1]) > param_len and sys.argv[1][param_len] == 'e':
	encrypted_cfg = True
	param_len += 1

	pkcsPass = None
	if encrypted_cfg and len(sys.argv[1]) > param_len:
	pkcsPass = sys.argv[1][param_len:]
	encrypted_cfg = False

	out_filename = 'config-%s.cfg' % datetime.datetime.now().strftime('%d%m%Y-%H%M%S')

	# read the xml file
	xf = open(sys.argv[2], 'rb')
	xml_data = xf.read()
	xf.close()

	# compress using default zlib compression
	compressed = zlib.compress(xml_data)

	# pkcs encrypt the inner data if needed
	extraDecompLen = 1 #non pkcs encrypted configs have +1 to decomp len
	if pkcsPass is not None:
	extraDecompLen = 0
	with io.BytesIO() as payload:
	payload.write(b'\xFF')
	pkcsSalt = secrets.token_bytes(8)
	payload.write(pkcsSalt)
	cryptor = PKCSPassCrypto(pkcsPass,pkcsSalt)
	payload.write(cryptor.encrypt(compressed))
	compressed = payload.getvalue()

	## construct the header ##
	# magic
	cfg_data = p32(0x123123)
	if large_header:
	cfg_data += p32(0)
	# size of compressed data
	cfg_data += p32(len(compressed))
	if large_header:
	cfg_data += p32(0)
	# crc32 checksum
	cfg_data += p32(binascii.crc32(compressed) & 0xFFFFFFFF)
	if large_header:
	cfg_data += p32(0)
	# size of xml file
	cfg_data += p32(len(xml_data) + extraDecompLen)
	if large_header:
	cfg_data += p32(0)
	# fw_magic
	cfg_data += p32(fw_magic)
	if large_header:
	cfg_data += p32(0)

	# add the compressed xml
	cfg_data += compressed

	# encrypt overall file if necessary
	if encrypted_cfg:
	cfg_data = RouterCrypto().encrypt(cfg_data)

	# write the cfg file
	of = open(out_filename, 'wb')
	of.write(cfg_data)
	of.close()

	print('\npacked as: ' + out_filename + '\n')


	#
	# decrypt/encrypt secret value
	#

	elif (len(sys.argv) == 3 and (sys.argv[1] == '-d' or sys.argv[1] == '-e')):

	decrypt_mode = sys.argv[1] == '-d'

	if decrypt_mode:

	# base64 decode + AES decrypt
	print('\ndecrypted: ' + RouterCrypto().decrypt(base64.b64decode(sys.argv[2])).decode('UTF-8') + '\n')

	else:

	# AES encrypt + base64 encode
	print('\nencrypted: ' + base64.b64encode(RouterCrypto().encrypt(sys.argv[2].encode())).decode('UTF-8') + '\n')


	else:

	print('\n#\n# Nokia/Alcatel-Lucent router backup configuration tool\n#\n')
	print('# unpack (cfg to xml)\n')
	print(sys.argv[0] + ' -u config.cfg\n')
	print('# pack (xml to cfg)\n')
	print(sys.argv[0] + ' -pb config.xml 0x13377331 # big endian, no encryption, fw_magic = 0x13377331')
	print(sys.argv[0] + ' -pl config.xml 0x13377331 # little endian, ...')
	print(sys.argv[0] + ' -pbe config.xml 0x13377331 # big endian, with encryption, ...')
	print(sys.argv[0] + ' -ple config.xml 0x13377331 # ...\n')
	print('# decrypt/encrypt secret values within xml (ealgo="ab")\n')
	print(sys.argv[0] + ' -d OYdLWUVDdKQTPaCIeTqniA==')
	print(sys.argv[0] + ' -e admin\n')