If you have / in encrypted string - try to erase it and decrypt without it.
I tried decrypting the private key after removing / but it appears that the dyndns field only accepts <64 chars. Upon closer inspection I found that I could ssh in as root using option -o HostKeyAlgorithms=+ssh-rsa, so apparently no need for key pairs…
Hi ! i am new on linux ... how can i get zycast to run ? how to install in linux ? iam using debian 12
how to run the script ?
This is not so helpful given that zycast is a C program 
It's normally built as part of the firmware-utils, but you can build it separately by simply running
gcc -o zycast zycast.c
It has no dependencies at all except for the standard library, so that's all.
It's also possible to extract prebuilt binaries from one of the snapshot SDKs, like for example https://downloads.openwrt.org/snapshots/targets/x86/generic/openwrt-sdk-x86-generic_gcc-13.3.0_musl.Linux-x86_64.tar.zst . The binary will be extracted as
/openwrt-sdk-x86-generic_gcc-13.3.0_musl.Linux-x86_64/staging_dir/host/bin/zycast
But downloading all that just for this binary is a bit of an overkill....
1 Like
Thanks for the help , what Linux is you using ? I got Error 1 and 2 and can not start zcast on debian 12 Cinnamon
I can confirm that this method still works. You can flash either the original Zyxel firmware or an OpenWRT image. I managed to take over my Telenor unit
1 Like
Mee too. First I tried procedures from the Wiki, but was not able to stop the boot. So I compiled zycast on ubuntu and installed OpenWrt on first try. This is a NR7101 from Telenor, serial S230Z2*
i tried zycast with nr7302 , no success
1 Like
Why did you think it would work? Nr7302 dont have openwrt support!?
zycast can work on many different zyxel hardware.
being able to flash and recover is a good starting point.
i tried stock firmware.
TTL does not take input and the output does not show much interesting.
1 Like
you have a list of devices that work ?
I have no such list. Just making unverified assumptions....
It's safer to say that many Zyxel devices support/advertise a variant of this "multiboot" protocol. But my tool might not work with all of them since it is based on reverse engineering the NR7101 implementation only. The tool will probably need some adjustments and improvements for other variants. In particular those running on other architectures and/or from userspace instead of bootloader
1 Like
I had a Quick Look at the source code of zycast and it appears that the protocol supports erasing rom and rom-d but this is not implemented… I know it does not make much of a difference when running openwrt, but it could be useful in other scenarios. Did you ever test this during development @bmork ?
Can't remember testing flags at all. But yes, the flags could be useful. But support is most likely as device dependent as the rest of this. You'll just have to try on the devices where you need it.
1 Like
I tested zycast on a 7103 Telia device, and with no luck, i see in a WireShark capture thats its leaving the multicast group after an short period, so it does have "Multiboot" i guess.
I also connected it to TTL 3,3v, but the console output was gibberish, i have ordered a new TTL-USB unit and will try later.
The WiFi passord further up in this thread does not work, and WPS is not enabled at boot.
Wrong port speed, or did you try them all ?
Wich isp is 7103 from ?
All of them: 4800, 9600, 14400, 19200, 38400, 57600, 115200, 128000 and 256000