I started by following the Hack GPON guide.
I attached a USB-TTL adapter to the serial, tried to access zloader and quickly realized that I didn't have root access.
Edit: After completing this whole process and writing it down, I realized that you could probably get away without using serial at all, although it does help to be able to see what is going on.
Using this method, you don't need to access zloader either.
So, what to do next? (Thanks Frost for this!)
Connect via SSH with the 'admin' user (I use PuTTY).
The firmware you have just flashed is a modified, rooted version of the stock firmware, which was confusing to me at first because the filename suggests it is an OpenWRT firmware image.
Anyway, with this firmware, signature verification is gone, which means we are able to flash an actual OpenWrt firmware, without getting the "Illegal image" message, however there are a couple more steps before we can do that.
From a Linux terminal (I used WSL with Ubuntu 20.04 LTS), download this firmware image using wget:
wget https://downloads.openwrt.org/releases/23.05.3/targets/mediatek/filogic/openwrt-23.05.3-mediatek-filogic-zyxel_ex5601-t0-stock-squashfs-sysupgrade.bin
I chose not to use the modified OpenWrt image provided by Hack GPON, because it is a fork and is not updated as frequently, and the ex5601-T1 does not have an SFP port anyway.
Now we need to generate a zyfwinfo file:
echo -n -e '\x45\x58\x59\x5A\x02\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x53\x01' > zyfwinfo
Credit goes to Pameruoso on Github for the above script. See this page for more information: https://github.com/openwrt/openwrt/pull/12580/commits/1c05388ab04c934ec240e8362321908f91381a90
Now we need to amend our newly generated zyfwinfo file into the OpenWrt sysupgrade file:
mkdir sysupgrade-zyxel_ex5601-t0-stock
mv zyfwinfo sysupgrade-zyxel_ex5601-t0-stock/
tar -rvf openwrt-23.05.3-mediatek-filogic-zyxel_ex5601-t0-stock-squashfs-sysupgrade.bin sysupgrade-zyxel_ex5601-t0-stock/
You should see this output:
sysupgrade-zyxel_ex5601-t0-stock/
sysupgrade-zyxel_ex5601-t0-stock/zyfwinfo
SSH into your router again and issue the same commands as earlier:
zycli fwidcheck off
zycli modelcheck off
Proceed to the router web interface, login as admin, go to the firmware upgrade page, tick the box "restore default settings" and upload the sysupgrade.bin file that you just amended.
The router should now flash and reboot into OpenWrt.
Note: The 2.5Gbps WAN port wasn't working for me initially.
If you have the same issue, go to Network, Interfaces, Devices, and configure eth1.
Go back to interfaces, attach both WAN interfaces to eth1.
If it won't work, delete the wan interfaces and create new ones, making sure to put them both back in the wan firewall zone.
Good luck!