├── Instructions ├── Alternate-Way-To-Get-Root-Access-JF-ONT-Home-Gateway.md ├── Decrypt-Router-Configuration-File.md ├── Disable-TR-069-JF-ONT-Home-Gateway.md ├── Enable-FTP-JF-ONT-Home-Gateway.md ├── Enable-Root-FTP-JF-ONT-Home-Gateway.md ├── Encrypt-Router-Configuration-File.md ├── Get-Any-File-From-JF-ONT-Home-Gateway.md ├── Get-Root-Access-JF-ONT-Home-Gateway.md └── Get-dbglogs-JF-ONT-Home-Gateway.md ├── README.md ├── jf_entware_mips.sh ├── keyguesser.py ├── router_firmware.js └── stb_firmware.js /Instructions/Alternate-Way-To-Get-Root-Access-JF-ONT-Home-Gateway.md: -------------------------------------------------------------------------------- 1 | # Alternate way to get root access in JF ONT for newer firmwares with router specific encryption keys 2 | 3 | *Disclaimer: - This is Only for educational purposes, No one is responsible for any type of damage. Any wrong step might brick your router. So be aware.* 4 | 5 | 1. First of all, follow [this guide](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Get-Any-File-From-JF-ONT-Home-Gateway.md) to get the file at `/flash/secure/key.txt` which is the encryption key of your backup config. 6 | 2. Go to your router admin page and download a backup of your router settings configuration from Administrator > Maintenance. 7 | 3. Decrypt the config (`.enc` file) using the command `openssl aes-128-cbc -d -pass file:key.txt -in input.enc -out output.txt` (Change `input.enc` and `output.txt` respectively to your requirements). 8 | 4. Open the decrypted config file. 9 | 5. Change the first line of the decrypted config file like this: 10 | 11 | ``` 12 | config.userdb = {} os.execute("/usr/sbin/telnetd"); os.execute("/pfrm2.0/bin/iptables -I fwInBypass -p tcp --dport 23 -m ifgroup --ifgroup-in 0x1/0x1 -j ACCEPT"); os.execute("echo -e \"password\npassword\" | passwd root"); 13 | ``` 14 | 15 | 6. Ensure there is no line break in the line you just pasted. The whole content should be in a single line and the line should start with `config` otherwise this isn't gonna work. 16 | 7. Encrypt the config using the command `openssl aes-128-cbc -pass file:key.txt -in input.txt -out output.enc` (Change `input.txt` and `output.enc` respectively). 17 | 8. The output file should have the same name as your actual backed up config file in step 2. 18 | 9. Restore the new backup file in Router Admin page at Administrator > Maintenance. 19 | 10. Done! Now Telnet into the Router and use username as `root` and password as `password`. 20 | -------------------------------------------------------------------------------- /Instructions/Decrypt-Router-Configuration-File.md: -------------------------------------------------------------------------------- 1 | # Decrypt Configuration File (Does not work anymore) 2 | 3 | *Disclaimer: - This is Only for educational purposes, No one is responsible for any type of damage.* 4 | 5 | 1. Make sure you have [**openssl**](https://wiki.openssl.org/index.php/Binaries) **installed** or else install it and **add it to environment variable PATH**. 6 | 2. Grab the key for your router model from [here](https://github.com/JFC-Group/JF-Customisation/tree/master/EncryptionKeys/). 7 | 3. Go to Your **Router WEB-UI Page** (`http://192.168.29.1`) and Sign in as **Admin**. (The default credentials are **`admin : Jiocentrum`**) 8 | 4. Go to **Administrator** --> **Maintenance** and click **Backup**. 9 | 5. A file (`RSTXXXXXXX_JCXXXXX.enc`) will be downloaded with **`.enc`** extension. 10 | 6. Open up **Terminal** or **Command Prompt**. 11 | 7. **Decrypt** the downloaded **`.enc`** file using the command 12 | `openssl aes-128-cbc -d -kfile "" -in "RSTXXXXXXX_JCXXXXX.enc" -out "RSTXXXXXXX_JCXXXXX.txt"` 13 | 8. `RSTXXXXXXX_JCXXXXX.txt` contains the decrypted configuration. You might view or edit it at your own risk as your router may get bricked due to incorrect configuration (A hard reset might fix it. Just push the button (inside a hole) behind the router for about 30 seconds) 14 | 9. You may also want to encrypt the configuration file after editing it and restore it. Instructions to do so are [here](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Encrypt-Router-Configuration-File.md). 15 | -------------------------------------------------------------------------------- /Instructions/Disable-TR-069-JF-ONT-Home-Gateway.md: -------------------------------------------------------------------------------- 1 | # Disable TR-069 (Does not work anymore) 2 | 3 | *Disclaimer: - This is Only for educational purposes, No one is responsible for any type of damage.* 4 | 5 | **NOTE : JioCall/Landline/JioSTB/Firmware Auto Update/Changing WiFi settings from MyJio or JioHome apps won't work if TR-069 is disabled.** 6 | 7 | 1. First of all, follow [this guide](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Decrypt-Router-Configuration-File.md) to get the router decrypted configuration file `RSTXXXXXXX_JCXXXXX.txt` 8 | 2. Open `RSTXXXXXXX_JCXXXXX.txt` with Notepad or other Text Editor. 9 | 3. **Find** the line 10 | `config.tr69["ManagementServer"][1]["URL"] = "https://acs.oss.jio.com:8443/ftacs-digest/ACS"` 11 | and **replace** it with 12 | `config.tr69["ManagementServer"][1]["URL"] = "http://127.0.0.1"` 13 | 4. **Find** the line 14 | `config.tr69["ManagementServer"][1]["tr69Status"] = "1"` 15 | and **replace** it with 16 | `config.tr69["ManagementServer"][1]["tr69Status"] = "0"` 17 | 5. **Find** the line 18 | `config.tr69["ManagementServer"][1]["PeriodicInformEnable"] = "1"` 19 | and **replace** it with 20 | `config.tr69["ManagementServer"][1]["PeriodicInformEnable"] = "0"` 21 | 6. Follow [this guide](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Encrypt-Router-Configuration-File.md) to re-encrypt the configuration file and restore it via the router admin panel. 22 | -------------------------------------------------------------------------------- /Instructions/Enable-FTP-JF-ONT-Home-Gateway.md: -------------------------------------------------------------------------------- 1 | # Enable FTP (Does not work anymore) 2 | 3 | *Disclaimer: - This is Only for educational purposes, No one is responsible for any type of damage.* 4 | 5 | **NOTE: FTP username will be admin & password will be your admin password in WEB-UI (Router Configuration Page)** 6 | 7 | 1. First of all, follow [this guide](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Decrypt-Router-Configuration-File.md) to get the router decrypted configuration file `RSTXXXXXXX_JCXXXXX.txt` 8 | 2. Open `RSTXXXXXXX_JCXXXXX.txt` with Notepad or other Text Editor 9 | 3. **Find** the line 10 | `config.vsftpd["ftpd"][1]["enable"] = "0"` 11 | and **replace** it with 12 | `config.vsftpd["ftpd"][1]["enable"] = "1"` 13 | 4. Follow [this guide](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Encrypt-Router-Configuration-File.md) to re-encrypt the configuration file and restore it via the router admin panel. 14 | -------------------------------------------------------------------------------- /Instructions/Enable-Root-FTP-JF-ONT-Home-Gateway.md: -------------------------------------------------------------------------------- 1 | 2 | # Enable FTP Server with `/` as FTP Root 3 | 4 | *Disclaimer: - This is Only for educational purposes, No one is responsible for any type of damage. Any wrong step might brick your router. So be aware.* 5 | 6 | 1. First of all, follow [this guide](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Get-Root-Access-JF-ONT-Home-Gateway.md) to enable root access to your router. 7 | 8 | 2. Use command `pkill vsftpd` to kill any already running FTP server on your router. 9 | 10 | 3. Using `vi`, create `/flash/vsftpd.conf` and add these lines: 11 | 12 | ``` 13 | anonymous_enable=NO 14 | local_enable=YES 15 | write_enable=YES 16 | dirmessage_enable=YES 17 | xferlog_enable=YES 18 | connect_from_port_20=YES 19 | listen_port=21 20 | idle_session_timeout=300 21 | max_clients=200 22 | max_per_ip=200 23 | chroot_local_user=YES 24 | ftp_username=root 25 | secure_chroot_dir=/ 26 | local_root=/ 27 | listen_ipv6=YES 28 | userlist_enable=no 29 | userlist_deny=NO 30 | ``` 31 | 32 | 4. Save the file. 33 | 34 | 5. Use command `vsftpd /flash/vsftpd.conf &` to start the FTP server. 35 | 36 | 6. Use command `iptables -I fwInBypass -p tcp --dport 21 -m ifgroup --ifgroup-in 0x1/0x1 -j ACCEPT` to enable listening to port 21. 37 | 38 | 7. Connect your router using FTP client like FileZilla using `root` as username and your root password as the password. 39 | 40 | _**P.S. : You can also make a `.sh` script in `/flash/` or `/flash2/` to automate this process.**_ 41 | -------------------------------------------------------------------------------- /Instructions/Encrypt-Router-Configuration-File.md: -------------------------------------------------------------------------------- 1 | # Encrypt Configuration File (Do not use this anymore) 2 | 3 | *Disclaimer: - This is Only for educational purposes, No one is responsible for any type of damage.* 4 | 5 | **(If you are attempting to get root or change the root password, you need to skip steps 1 to 5).** 6 | 7 | 1. Copy everything in the text configuration file (`RSTXXXXXXX_JCXXXXX.txt`) till before `config.checksum = ""`. 8 | 2. Go to this [MD5 Hash Generator Website](https://passwordsgenerator.net/md5-hash-generator/) and paste it and leave a new line at the end. It should look like ![this](https://i.imgur.com/mAle1mi.png) 9 | 3. Click on Generate to get the MD5 hash. Copy it. 10 | 4. In your text configuration file (`RSTXXXXXXX_JCXXXXX.txt`) change `config.checksum = ""` to `config.checksum = ""`. 11 | 5. Save the file. 12 | 6. Open Terminal or Command Prompt. 13 | 7. Use this command to re-encrypt the text configuration file with your respective `server.key` :- 14 | `openssl aes-128-cbc -kfile "" -in "RSTXXXXXXX_JCXXXXX.txt" -out "RSTXXXXXXX_JCXXXXX_MODIFIED.enc"` 15 | 8. In your Router WEB-UI Page (`http://192.168.29.1`), go to `Administrator --> Maintenance`. 16 | 9. Select and restore the `RSTXXXXXXX_JCXXXXX_MODIFIED.enc` file that was generated at step 7. 17 | 10. If by any chance your router configuration file had incorrect settings, it might reset the whole configuration or also might brick the router. If your router is bricked, a hard reset might fix it. Just push the button (inside a hole) behind the router for about 30 seconds. And after it boots up, restore the original configuration file that you downloaded directly from the Router WEB-UI to get back your original settings. 18 | -------------------------------------------------------------------------------- /Instructions/Get-Any-File-From-JF-ONT-Home-Gateway.md: -------------------------------------------------------------------------------- 1 | # Way to get any file directly from your Jio Router's Filesystem to your pendrive [Working as of 3rd January 2023] 2 | 3 | *Disclaimer: - This is Only for educational purposes, No one is responsible for any type of damage. Any wrong step might brick your router. So be aware.* 4 | 5 | ## Requirements:- 6 | 7 | 1. Chrome Browser 8 | 2. Postman (or cURL, if you prefer that) 9 | 3. A Pendrive or a Portable HDD/SSD that can be plugged into your router 10 | 11 | ## Notes:- 12 | 13 | *Here we are copying `/flash/secure/key.txt` which is the encryption key used to encrypt the router backup configuration to our pendrive.* 14 | 15 | *The location of the the pendrive root in the router is `/mnt/vfs/admin/ITSYOURAP/` (Remember to replace `"ITSYOURAP"` with the label of your pendrive)* 16 | 17 | ## Steps:- 18 | 19 | 1. Open your router admin page (`http://192.168.29.1`) and login via your admin credentials. 20 | 2. After logging in, copy the value of the cookie `TeamF1Login`. You can use the Application tab in Developer options to do so. 21 | 3. Go to the Administration > Maintenance Page 22 | 4. Press `CTRL + U` (If you are in Chrome Browser) to View Source of the page (Alternatively, you can Inspect Element) 23 | 5. Find the Backup/Restore HTML Form. It should look like this:- 24 | 25 | ```html 26 |
27 | 28 | ``` 29 | 6. Copy the value of token element from the form. Here it is sometoken. 30 | 7. Open up Postman and create a new POST request to `http://192.168.29.1/platform.cgi` 31 | 32 | In the headers section, uncheck `Accept` and `Accept-Encoding` header. 33 | Fill up these headers in the request (Use the Bulk Edit option and copy paste these):- 34 | 35 | ```none 36 | Cookie:TeamF1Login=yourteamf1logincookievalue 37 | Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 38 | Referer:http://192.168.29.1/platform.cgi?page=backupRestore.html 39 | ``` 40 | 41 | Change the `TeamF1Login` value with the cookie value you copied in step 2. 42 | Now go to the Body section and check the form-data checkbox. Click on the Bulk Edit option and copy paste these values: 43 | 44 | ```none 45 | button.usbRestore.statusPage:usbRestore 46 | file:/flash/secure/key.txt /mnt/vfs/admin/ITSYOURAP/ # 47 | token:sometoken 48 | thispage:backupRestore.html 49 | ``` 50 | 51 | Remember to replace `sometoken` with the value of the token you copied earlier. Also replace the first section of the file param with the file you want to copy. (We are copying `/flash/secure/key.txt` in this case) 52 | 53 | 8. Now Click on the Send button in Postman to send the request. 54 | Within a few seconds, your request gets completed and now you have the requested file in your Pendrive root. 55 | 56 | ***PS: You can also copy directories using this method. Just change the first section of the file param with the folder location in the router.*** 57 | -------------------------------------------------------------------------------- /Instructions/Get-Root-Access-JF-ONT-Home-Gateway.md: -------------------------------------------------------------------------------- 1 | # Get Root Access (via Telnet) 2 | 3 | *Disclaimer: - This is Only for educational purposes, No one is responsible for any type of damage. Any wrong step might brick your router. So be aware.* 4 | 5 | 1. First of all, follow [this guide](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Decrypt-Router-Configuration-File.md) to get the router decrypted configuration file `RSTXXXXXXX_JCXXXXX.txt` 6 | 7 | 2. Open `RSTXXXXXXX_JCXXXXX.txt` with Notepad or other Text Editor. 8 | 9 | 3. The first line of the file should look like : `config.userdb = {}`. 10 | 11 | 4. Change the first line to : 12 | 13 | ``` 14 | config.userdb = {} os.execute("/usr/sbin/telnetd"); os.execute("/pfrm2.0/bin/iptables -I fwInBypass -p tcp --dport 23 -m ifgroup --ifgroup-in 0x1/0x1 -j ACCEPT"); os.execute("echo -e \"password\npassword\" | passwd root"); 15 | ``` 16 | 17 | 5. Ensure there is no line break in the line you just pasted. The whole content should be in a single line and the line should start with `config` otherwise this isn't gonna work. 18 | 19 | 6. Follow **from step 6** mentioned in [this guide](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Encrypt-Router-Configuration-File.md) to re-encrypt the configuration file and restore it via the router admin panel. (You have to skip from step 1 to 5 in that guide otherwise your router may reset or restart and you will not have root). 20 | 21 | 7. Connect your router via Telnet at port 23 with `root` as user name and `password` as password. 22 | 23 | 8. For newer firmwares, use command `rm /flash/telnetDisable` to keep Telnet enabled. (Otherwise it will be disabled after some time). 24 | Otherwise, on older firmwares use command `touch /tmp/DEBUG_IMAGE` to keep Telnet enabled. (Otherwise it will be disabled after some time). 25 | 26 | **Remember: Everytime you restart the router, the root password gets changed to the default password (which we don't know yet) and you have to restore the config file again as in step 6 to change the root password. Step 8 will keep your telnet enabled across router restarts.** 27 | -------------------------------------------------------------------------------- /Instructions/Get-dbglogs-JF-ONT-Home-Gateway.md: -------------------------------------------------------------------------------- 1 | # Get Logs (dbglogs) [Doesn't Work Anymore] 2 | 3 | *Disclaimer: - This is Only for educational purposes, No one is responsible for any type of damage.* 4 | 5 | **NOTE: FTP username will be admin & password will be your admin password in WEB-UI (Router Configuration Page).** 6 | 7 | 1. Make sure you have [**openssl**](https://wiki.openssl.org/index.php/Binaries) **installed** or else install it and **add it to environment variable PATH**. 8 | 9 | 2. ~~**Download** and **Extract** the **zip** of your respective firmware from [here](https://github.com/JFC-Group/JF-Customisation/tree/master/Firmwares/)~~ 10 | 11 | 3. ~~Get **`server.key`** file from the Extracted zip at **`/pfrm2.0/etc/server.key`** and Copy it to **`Desktop/JF`**.~~ 12 | 13 | 4. ~~Grab the encryption key for your router model from [here](https://github.com/JFC-Group/JF-Customisation/tree/master/EncryptionKeys/) and Copy it to **`Desktop/JF`** as `server.key`~~ 14 | 15 | 5. Go to Your **Router WEB-UI Page** (`http://192.168.29.1`) and Sign in as **Admin**. (The default credentials are **admin : Jiocentrum**) 16 | 17 | 6. After you have signed in, change the URL in the address bar from `http://192.168.29.1/platform.cgi` to `http://192.168.29.1/dbglog.cgi` 18 | 19 | 7. Press Enter and wait a few minutes until a file gets downloaded. 20 | 21 | 8. Save the downloaded file (**`reliance-dbglog-enc.tgz`**) to **`Desktop/JF`** 22 | 23 | 9. Open up **Terminal** or **Command Prompt** in **`Desktop/JF`** 24 | 25 | 10. **Decrypt** the downloaded **.enc** file using the command 26 | `openssl aes-128-cbc -d -kfile "server.key" -in "reliance-dbglog-enc.tgz" -out "reliance-dbglog-dec.tgz"` 27 | 28 | 11. **Extract** the `reliance-dbglog-dec.tgz` file using **7zip** or use the command `tar -xvf reliance-dbglog-dec.tgz` 29 | 30 | 12. You will see a lot of files have been extracted to the directory **`Desktop/JF`**. These are the dbglogs. 31 | 32 | 13. Use [DB Browser for SQLite](https://sqlitebrowser.org/) to open the files with **`.db`** extension. 33 | 34 | 14. Now experiment with those files on your own. 35 | 36 | **The system.db file contains all the configuration data including Wi-Fi passwords, TR-069 Configuration, Router WEB-UI Passwords, and a lot more...** 37 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # JF-Customisation 2 | 3 | This repository contains all the files and instructions to customize your JF ONT Gateway. You can find instructions for miscellaneous customizations from [Instructions](https://github.com/JFC-Group/JF-Customisation/tree/master/Instructions/). 4 | 5 | *Special Thanks to [yashrastogi](https://broadbandforum.co/members/yashrastogi.81002/) for getting the [OTA URL of STB](https://broadbandforum.co/threads/jio-stb-jhsd200-ota-link.209956/) and [RealEng1neer](https://github.com/RealEng1neer) for arranging the ONT Firmware Links.* 6 | 7 | ## Disclaimer 8 | 9 | *This is Only for educational purposes. No one is responsible for any type of damage.* 10 | 11 | ## Available Instructions :- 12 | 13 | 1. [Getting Logs (dbglogs) from JF ONT Home Gateway](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Get-dbglogs-JF-ONT-Home-Gateway.md) 14 | 15 | 2. [Enable FTP on JF ONT Home Gateway](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Enable-FTP-JF-ONT-Home-Gateway.md) *(Might not work, check 5th instruction instead)* 16 | 17 | 3. [Disable TR-069 on JF ONT Home Gateway](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Disable-TR-069-JF-ONT-Home-Gateway.md) *(Might not work)* 18 | 19 | 4. [Get Root Access on JF ONT Home Gateway](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Get-Root-Access-JF-ONT-Home-Gateway.md) *(Might not work as JF changed the encryption key in R2.39 update! Please use [this](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Alternate-Way-To-Get-Root-Access-JF-ONT-Home-Gateway.md) instead)* 20 | 21 | 5. [Enable FTP Server with `/` as FTP Root](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Enable-Root-FTP-JF-ONT-Home-Gateway.md) 22 | 23 | 6. [Get any file directly from your JF Router's Filesystem to your pendrive](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Get-Any-File-From-JF-ONT-Home-Gateway.md) 24 | 25 | 7. [Updated and Alternate Way to Get Root in JF ONT Home Gateway](https://github.com/JFC-Group/JF-Customisation/blob/master/Instructions/Alternate-Way-To-Get-Root-Access-JF-ONT-Home-Gateway.md) 26 | 27 | 8. [Key Guesser for Encrypted Router Configuration file](https://github.com/JFC-Group/JF-Customisation/blob/master/keyguesser.py) 28 | 29 | Please also check the [discussions](https://github.com/JFC-Group/JF-Customisation/discussions). 30 | 31 | ## GitAds Sponsored 32 | [![Sponsored by GitAds](https://gitads.dev/v1/ad-serve?source=jfc-group/jf-customisation@github)](https://gitads.dev/v1/ad-track?source=jfc-group/jf-customisation@github) 33 | -------------------------------------------------------------------------------- /jf_entware_mips.sh: -------------------------------------------------------------------------------- 1 | 2 | echo "Mounting Devices" 3 | mkdir /flash2/entware 4 | mount /dev/sda1 /flash2/entware 5 | cd /flash2/entware 6 | echo "" 7 | echo "Downloading Busybox from bin.entware.net" 8 | mkdir /flash2/entware/bin 9 | wget -O /flash2/entware/bin/busybox http://bin.entware.net/armv7sf-k3.2/installer/chroot/other/mipsel/busybox --no-check-certificate 10 | chmod a+x /flash2/entware/bin/busybox 11 | CHROOT_DIR=/flash2/entware 12 | echo "" 13 | echo "Running Chroot install Script" 14 | # Mount VFS 15 | for dir in dev dev/pts proc sys; do 16 | mkdir -p $CHROOT_DIR/$dir 17 | mount -o bind /$dir $CHROOT_DIR/$dir 18 | sleep 1 19 | done 20 | 21 | #Install Busybox 22 | PATH=/bin:/sbin ./bin/busybox chroot . /bin/busybox --install -s 23 | 24 | # Make resolv.conf and hosts 25 | mkdir -p $CHROOT_DIR/etc 26 | echo 'nameserver 8.8.8.8' > $CHROOT_DIR/etc/resolv.conf 27 | echo 'nameserver 8.8.4.4' >> $CHROOT_DIR/etc/resolv.conf 28 | echo '127.0.0.1 localhost' > $CHROOT_DIR/etc/hosts 29 | 30 | 31 | echo "Done! Chroot in with" 32 | echo "PATH=/bin:/sbin $CHROOT_DIR/bin/busybox chroot $CHROOT_DIR /bin/sh" 33 | echo "Run wget http://bin.entware.net/mipselsf-k3.4/installer/generic.sh; mkdir /opt; chmod a+x generic.sh; sh generic.sh; and you will be done." 34 | -------------------------------------------------------------------------------- /keyguesser.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # This is only for educational purposes. No one is responsible for any type of damage. 4 | 5 | __author__ = "itsyourap" 6 | __url__ = "https://github.com/JFC-Group/JF-Customisation" 7 | 8 | """ 9 | This script tries to guess and identify the encryption key used to encrypt 10 | the JioFiber config file downloaded from the router's admin page 11 | 12 | Works for newer firmwares like R2.49 for JCOW414 13 | 14 | Modify this script variables accordingly before using this script 15 | 16 | Remember to run this script from the same directory where your downloaded 17 | encrypted config file is stored 18 | 19 | Usage: keyguesser.py 20 | """ 21 | 22 | from itertools import permutations 23 | import subprocess 24 | 25 | ############################################################################################################# 26 | # Modify these variables accordingly before using this script # 27 | ############################################################################################################# 28 | inFileName = "RSXXXXXXXXXXX_JCOW414.enc" # Full name of the encrypted config backup file # 29 | outFileName = "RSXXXXXXXXXXX_JCOW414.txt" # Name of output file if the decryption is successful # 30 | routerSerial = "RSXXXXXXXXXXX" # Your Router's Serial Number # 31 | routerSsid = "XXXXX" # Default Router SSID without the 'JioFiber-' prefix # 32 | ############################################################################################################# 33 | 34 | ############################################################################################################# 35 | # All of the above information might be found written on the back of the router box. # 36 | # The router SSID does NOT mean the current SSID of your router # 37 | # The router SSID is the DEFAULT SSID of your router, e.g., "JioFiber-Alpha" # 38 | # You have to just take the "Alpha" part in the above routerSsid variable # 39 | ############################################################################################################# 40 | 41 | def tryToDecrypt(hexKey): 42 | p = subprocess.Popen(["openssl", "aes-128-cbc", "-d", "-pass", "pass:{}".format(hexKey), 43 | "-in", inFileName, "-out", outFileName], stderr=subprocess.PIPE, stdout=subprocess.PIPE) 44 | output, error = p.communicate() 45 | output = output.decode() 46 | returnCode = p.returncode 47 | if (returnCode == 0): 48 | print("Success : {}".format(hexKey)) 49 | exit() 50 | else: 51 | print("Failed!") 52 | print() 53 | 54 | 55 | def tryKey(key): 56 | p = subprocess.Popen(["openssl", 'enc', "-aes-128-cbc", "-k", key, 57 | "-P", "-nosalt"], stderr=subprocess.PIPE, stdout=subprocess.PIPE) 58 | output, error = p.communicate() 59 | output = output.decode() 60 | startIndex = output.find("key=") + len("key=") 61 | endIndex = output.find("\n", startIndex) 62 | hexKey = output[startIndex:endIndex] 63 | print("Trying Key : {}".format(key)) 64 | tryToDecrypt(hexKey) 65 | 66 | 67 | keyStrings = ["1n0NaZQnC9oxcfwf", "us4AQiJAgbj0Fmxq", "NTqK8Ps5iFke8zrp", "bfqerloC15y79WQZ", 68 | "9gNzEbuDjtyT9Pyc", "uuphsZuO92AZW5GJ", "qdySWmmvYKdBcO53", "Q7ODauKsxUAUtbR7", 69 | "Kohgiem4joochei3", "6f1D27JyLm70GUUu", "zuFbKywMhJjVEhk3", "6uMrt5ricsD1ABDh", 70 | "iPjZ8bYm6s3uGYVf", "QGwaPHx2K1rNDTmL", "fJ7OeRF2TvqKdR30"] 71 | 72 | def useCombination(keyIndex): 73 | x = [routerSerial, keyStrings[keyIndex], routerSsid] 74 | 75 | perms = [] 76 | 77 | for i in range(1, len(x)+1): 78 | for c in permutations(x, i): 79 | perms.append("".join(c)) 80 | 81 | for i in range(0, len(perms)): 82 | raw = perms[i] 83 | tryKey(raw) 84 | 85 | 86 | if (__name__ == "__main__"): 87 | for i in range(0, len(keyStrings)): 88 | useCombination(i) 89 | -------------------------------------------------------------------------------- /router_firmware.js: -------------------------------------------------------------------------------- 1 | /* 2 | 1. Goto http://fota.slv.fxd.jiophone.net/ 3 | 2. Replace router options and current and max versions accordingly 4 | 3. Run it in browser developer console, to scan for available firmware versions. 5 | */ 6 | 7 | function precisionRound(number, precision) { 8 | const factor = Math.pow(10, precision); 9 | return Math.round(number * factor) / factor; 10 | } 11 | 12 | function checkFirmwareExists(version, url) { 13 | var http = new XMLHttpRequest(); 14 | http.open('HEAD', url); 15 | http.onreadystatechange = function () { 16 | if (this.readyState === this.DONE) { 17 | if (this.status !== 404) { 18 | console.log(`${version} : ${url}`); 19 | } 20 | } 21 | }; 22 | http.send(); 23 | } 24 | 25 | async function loadFirmwares() { 26 | const router = { 27 | manufacturer: "Sercomm", // Replace this with your Router Manufacturer (Sercomm, Skyworth, Arcadyan, etc...) 28 | model: "JCOW414", // Replace this with your Router Model Name (JCOW414, JCOW411, etc...) 29 | firmwarePrefix: "SRCMTF1_JCOW414_R", // Replace this with your Router Firmware Version Prefix (SRCMTF1_JCOW414_R, SKYWTF1_JCOW407_R, ARCNTF1_JCOW411_R, etc...) 30 | }; 31 | 32 | let currentVersion = 2.3; 33 | const maxVersion = 3; 34 | 35 | while (currentVersion < maxVersion) { 36 | const url = `http://fota.slv.fxd.jiophone.net/ONT/${router.manufacturer}/${router.model}/${router.firmwarePrefix}${precisionRound(currentVersion, 2)}.img`; 37 | checkFirmwareExists(precisionRound(currentVersion, 2), url); 38 | currentVersion += 0.01; 39 | } 40 | } 41 | 42 | loadFirmwares(); -------------------------------------------------------------------------------- /stb_firmware.js: -------------------------------------------------------------------------------- 1 | /* 2 | Example Link : http://fota.slv.fxd.jiophone.net/STB/Droidlogic/JHSD200/STB-JHSD200-7.4.6.zip 3 | 1. Goto http://fota.slv.fxd.jiophone.net/ 4 | 2. Replace STB options and current and max versions, and increment accordingly (Do not put to much difference between those numbers) 5 | 3. Run it in browser developer console, to scan for available firmware versions. 6 | */ 7 | 8 | function checkFirmwareExists(version, url) { 9 | const http = new XMLHttpRequest(); 10 | http.open('HEAD', url); 11 | http.onreadystatechange = function () { 12 | if (this.readyState === this.DONE) { 13 | if (this.status !== 404) { 14 | console.log(`${version} : ${url}`); 15 | } 16 | } 17 | }; 18 | http.send(); 19 | } 20 | 21 | function loadFirmwares() { 22 | const STB = { 23 | manufacturer: "Droidlogic", // Change this according to your need 24 | model: "JHSD200" // Change this according to your need 25 | }; 26 | 27 | let currentVersion = "7.0.0"; // Change this according to your need 28 | const increment = "0.0.1" // Change this according to your need 29 | const maxVersion = "8.0.0"; // Keep the difference within 2.0.0.0 otherwise your PC will not have enough bandwidth and resources to check all links 30 | 31 | while (compareVersions(currentVersion, maxVersion)) { 32 | const url = `http://fota.slv.fxd.jiophone.net/STB/${STB.manufacturer}/${STB.model}/STB-${STB.model}-${currentVersion}.zip`; 33 | checkFirmwareExists(currentVersion, url); 34 | currentVersion = incrementVersion(currentVersion, increment) 35 | } 36 | } 37 | 38 | function compareVersions(ver1, ver2) { 39 | return parseInt(ver1.split(".").join()) < parseInt(ver2.split(".").join()); 40 | } 41 | 42 | function incrementVersion(ver, increment) { 43 | const splitVer = ver.split("."); 44 | const splitIncrement = increment.split("."); 45 | let carry = 0; 46 | for (let i = (splitVer.length - 1); i >= 0; i--) { 47 | splitVer[i] = (parseInt(splitVer[i]) + parseInt(splitIncrement[i]) + carry).toString(); 48 | carry = 0; 49 | if ((i !== 0) && splitVer[i] >= 10) { 50 | carry = Math.trunc(parseInt(splitVer[i]) / 10); 51 | splitVer[i] = (parseInt(splitVer[i]) % 10).toString(); 52 | } 53 | } 54 | 55 | return splitVer.join("."); 56 | } 57 | 58 | loadFirmwares(); --------------------------------------------------------------------------------