Zyxel Password
Nickie Koskinen
Hi all! I have update a firmware of my zyxel GS1900-8 to 2.70. now my password does not match and none of the standard ones match. Is there a service password? The switch is hard to get to...thank you P.S. I try admin/admin, admin/1234, user/admin etc. nothing matches
The default password is admin/1234 and seems like you have tried it. This may be because you changed it before. Could you help to factory default the switch first? Please press the restore button for 10s.
I am trying to bring my old NAS326 back to life, but I cant seem to remember my username. I have tried using the reset button to set a new password, but i cantt log on with the username or email adress I am using to log on to the MyZyxel webpage.
The myzyxel.com account is distinct from
Following a reset (initiated by pressing the reset button and waiting for the beep sound), the login password will be reset to the default values of 'admin' for the account and '1234' for the password. You may login to the NAS using the admin account.
Unfortunately, you won't be able to find your username for the NAS326. However, you can definitely reset the NAS to factory settings and start fresh! This will erase all data on the drives, so make sure that's okay before proceeding:
If it's your intention to delete the data on the disks, you'll have to delete the volumes in the webinterface. And even that doesn't completely wipe the disk (that would take hours, you can wipe at +/- 100MB/sec, that is 3 hours for a TB), with a dedicated tool like TestDisk the data can still be restored. AFAIK the firmware has no way to actually erase the data. (Of course it can be done in an ssh shell, if needed).
If you're unable to recall your NAS326 username and resetting hasn't worked, starting fresh with a reset is a viable option if data loss isn't a concern. Double-check the NAS326 manual or contact Zyxel support for specific guidance on recovering or resetting your device.
The default credentials are undoubtedly "admin" for the username and "1234" for the password. However, if you have previously registered the device on Nebula, that might be the reason why the default credentials are not working now.
Once a device is added to the Nebula Org/Site, it becomes managed via Nebula, and the password is set to the one found in the Configure > Site settings > Device configuration section. To log in to the device's web GUI, please use this password.
No that's not the case, this was a BRAND new device bought from Newegg, i plugged it in, picked it up on my dhcp server and connected to it's local web ip address, and admin/1234 did NOT work, nor do those details work after doing a factory reset. Nor did any of the other username pasword combinations i mentioned earlier work.
I really hope you guys haven't changed to username/password combination and not documented it, either that or Newegg is sending out RMA'd devices claiming they are brand new, but again, a factory reset (ie holding a paperclip in the hole for 10 seconds until lights change, wait 10 mins etc) should clear EVERYTHING back to defaults of admin 1234, which it isn't.
Regarding Chrome, it's possible that some cached data or extensions might have interfered with the login process. As a troubleshooting step, you can try clearing the cache on Chrome or disabling any extensions that might be affecting the login.
I found interesting password keygen for some older zyxel models. It seems password for supervisor and root is calculated from serial number.
boginw/zyxel-vmg8825-keygen: A key generator for Zyxel VMG8825-T50 (github.com)
Since I'm trying to flash the original Zyxel firmware, there already is a valid zyfwinfo. It's 256 bytes, whereas the TMNL one is 1024 bytes due to the signature. I tried generating a new zyfwinfo with the binary executable from the TMNL source code ( ), but it also produces a 256 byte file without a signature, which will not pass the verification.
You will see now folder called "FW". Upload HACKGPON unbranded rooted image to that folder and wait router to start automatic flashing. Now you can follow HACKGPON guide to do what you like. Root password will be router serialnumber.
I tried the FTP method, but unfortunately, it doesn't work for T-Mobile routers. I guess it doesn't matter how you upload the firmware. It goes through the same verification process, so unless we can find out how TMNL signs their firmware, it's not possible to flash stock firmware or OpenWRT.
The config can be decrypted with this, if you know the root password: _decrypt.sh. However, the passwords in there are still encrypted. The algorithm for routers which use _ encrypt _ such as the VMG8825-T50 is also on th0mas.nl (not me btw), but the DX5401 and EX5601 use _ encryp1 _, which to my knowledge has not been cracked yet.
I did, but I keep getting 'rootFS verification failed'. My guess is that the signature that is added to zyfwinfo is calculated based on the 'root' file inside the firmware .bin. I have the source code for a TMNL firmware version. If that helps to find out how firmware is signed, I'm happy to send a link. Perhaps @nvl can be of help here, since he figured it out for the VMG8825.
For the VMG8825 when building a T-Mobile NL firmware from source this entry is set: CONFIG_ZYXEL_FW_SIGNATURE_SUPPORT=y
In the output folder there is a ras.bin and ras_signatured.bin file.
The script is based on the generated output when running make to build the firmware.
For the Zyxel-T56 Zyxel has changed a lot when building a firmware from source.
The generated output when running make to build a firmware is significant changed and you cant see nothing more about signed firmware.
based on TMNL source: V5.70(ACEA.0)T56C_b7
Hi, i've buyed the Zyxel LTE5398-M904. I searched the forum and finded nothing. The system to get into root shell is the same as the NR7101, the cpu is the same MT7621, the modem is a Quectel LTE cat 18 that work perfectly in openwrt. I'm asking if it's possible to compile a version compatible with my device. I'm not capable myself... is anyone interested? Thanks a lot (sorry for duplication i've posted this topic also inside NR7101 posts).
Most probably the way to generate the root password as changed. Bought a couple of days ago an LTE5398-M904 and the login/password was not admin/1234 anymore but admin/wifi network password...
The python script found there [ -vmg8825-keygen] gives incorrect root passwords.
reading -root-on-a-zyxel-vmg8825-t50-router/#fnref:1 I understood that all password, even for root and supervisor users are contained into the zcfg_config.json file. Actually in my router accessing this file is much simple: just set up FTP by webgui, access FTP as admin user (I used MiXplorer on Android for example) and zcfg_config.json is just here. The absurd thing: it has rw permission even with admin user! So just open it and copy the encrypted password under the root user (not the default password as per the guide linked, that's the same that you can calculate with the emulator). Now we can decrypt this encrypted password just by using the DynamicDNS as oracle explained in the guide: set a fake DDNS in webgui. Download the backup file. Open the backup file and replace the encrypted password under DynamicDNS with our encrypted password of root user copied before. Now save and restore the file from webgui. Go to ddns settings and just read the password: it's clear. As simple as that!
Screenshot_20230820-11252210802340 337 KB
It seems they have fixed smb but there's nothing about FTP. However they probably fixed that too. Do you know if updating to latest firmware the root password change? Now that I've gained access I'm reluctant to update. Even if probably you can downgrade there's always the possibility that the config file could remain unreadable by admin if permissions are changed
But note that this most likely writes to both firmware partitions like it does on the NR7101. So don't try unless you have some other way to get a copy of the original firmware. Or don't care about that...
But while updating the firmware I don't know if new random root/admin are generated or not. So there is a risk ... and then I would suggest not to try any firmware update unless bugs corrected are blockers for you.
Adding new device support This article assumes your device is based on a platform already supported by OpenWrt. If you need to add a new platform, see ->add.new.platform If you already solved the puzzle and are looking for device support...
Adding a new device A good all-round advice would be to start by looking at recent commits about adding a new device, to see what files where changed and how. Many files try to be as self-explanatory as possible, most of the times just opening them...
I needed a LTE-A router and found this model having a Cat 18 LTE modem at an excellent price point. I was missing VPN functionality in the OEM firmware so I thought it would be great if it could run OpenWRT.
I've been running OpenWRT for a week now and haven't noticed any issues so far. I cannot really compare it to OEM firmware as I didn't have it running for more than a couple of hours after I unboxed it
In the meantime, can you give me some feedback on stability:
of the LTE connection
router stability (general)
management of both front and rear LEDs
VLAN management (DSA or swconfig)
installed software packages for SMS management
other information you think is useful to share
ZyXEL NR7101 The ZyXEL NR7101 is an 802.3at PoE powered 5G/NR, IP68 certified, outdoor ethernet router/bridge with integrated directional 5G/NR MIMO antennas. It has a WiFi radio, and a GPS in the modem, but these should be considered secondary...
it means that I cannot consider an image made
with dd to be useful if so,
how can I make a backup before making any changes
I have no serial console,
I only have access to the original firmware with ssh to the root user
I don't have the OEM firmware readily available but I believe mtd_write command had some options for reading flash and writing to file. Alternatively, you could download a statically compiled busybox which contains nanddump and use that. For example I used -static but I don't guarantee for this repo.
c80f0f1006