found this product
fine price in FRANCE: 54,59€
I ordered one, it will be at my house on June 13...
1 Like
boot interrupt with serial console
ZHAL> help
ATEN x[,y] set BootExtension Debug Flag (y=password)
ATSE x show the seed of password generator
ATDC disable check model mechanism
ATSH dump manufacturer related data in ROM
ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
ATGO boot up whole system
ATSR [x] system reboot
ATUR x[,y] upgrade RAS image (filename, partition number)
ZHAL>
ZHAL> ATSH
Firmware Version : V5.50(ABVY.1)C0
Bootbase Version : V1.43 | 12/11/2020 14:34:42
Vendor Name : Zyxel Communications Corp.
Product Model : DX3301-T0
Serial Number : S220XXX
First MAC Address : 7C7716XXX
Last MAC Address : 7C7716XXX
MAC Address Quantity : 16
Default Country Code : 00
Boot Module Debug Flag : 00
RootFS Checksum : e4bc1542
Kernel Checksum : 1703f172
Main Feature Bits : 00
Other Feature Bits :
8402e380: 0405050d 00000100 00000000 00000000
8402e390: 00000000 00000000 00000000 0000
ZHAL>
root password unknow
try
username : supervisor
pass : XzyNarN454
(web only)
username : root
pass : XzyNarN454
(telnet/ssh only)
it worked on my VMG-8623
Not this password
I use a serial console
This is the only available password. With this password (if it works) you can access the file system with winscp which is usually a modified openwrt, settings at /data/zcfg_config.json etc
Also there is output from serial console when booting the os, you can view ram and SoC there. Propably another econet device.
With Zyxel WSM20 i can stop boot with OpenWrt key "f"
I don't know how we can do it
How i use python keygen
git clone ...
after ?
./main.py S12345678
error
zyxel-vmg8825-keygen$ ./test.py S123Y12345678
Traceback (most recent call last):
File "./test.py", line 6, in <module>
from functions.GenKeyBySerialNum import *
File "/home/user/Bureau/zyxel-vmg8825-keygen/functions/GenKeyBySerialNum.py", line 1, in <module>
from common.doubleHash import *
File "/home/user/Bureau/zyxel-vmg8825-keygen/common/doubleHash.py", line 1, in <module>
from common.utils import *
File "/home/user/Bureau/zyxel-vmg8825-keygen/common/utils.py", line 7, in <module>
def asInt(bytes: bytearray | bytes, start: int = 0) -> int:
TypeError: unsupported operand type(s) for |: 'type' and 'type'
FxF8686F5C
C:\zyxel-vmg8825-keygen> python main.py S220Y05023091
zcfgBeCommonGenKeyBySerialNum : 78878UC74Y
zcfgBeCommonGenKeyBySerialNum_CBT : 9K9dbM3b
zcfgBeCommonGenKeyBySerialNumMethod2 : 919db03b
zcfgBeCommonGenKeyBySerialNumMethod3 : FxF8686F5C
zcfgBeCommonGenKeyBySerialNumConfigLength(1) : RUR48LUM
zcfgBeCommonGenKeyBySerialNumConfigLength(2) : rurzWfU7
zcfgBeCommonGenKeyBySerialNumConfigLength(3) : rur4GWU6
zcfgBeCommonGenKeyBySerialNumConfigLengthOld(1) : RUR48LUM
zcfgBeCommonGenKeyBySerialNumConfigLengthOld(2) : rurzWfU7
zcfgBeCommonGenKeyBySerialNumConfigLengthOld(3) : rur4GWU6
too weird as OS, I give up
The python implementation of the keygen is not correct. 
Better of trying the emulated version from bovirus, see:
You might want to edit out the sed pipe in the script to display all the passwords.
Just made an account to say, that those white sticks are not supposed to be antennas.. they did nothing wrong there! Those are feet.