add key and iv for ZTE F670

[happyhacks]

From https://reverseengineering.stackexchange.com/questions/33339/how-to-decrypt-zte-f670-routers-encrypted-config-bin-with-payload-type-5-with-t/33340

Step 1: Download the firmware - https://www.tripleoxygen.net/files/devices/zte/f670l/v1/firmware/stock/?SD

Step 2: Extract with binwalk - it has a jffs2-root of the file system

Step 3: Interact with the file system enough to see the httpd service - js files associated and the httpd ELF file that is the server binary

Step 4: load httpd into IDA - See that it uses libdb.so to manage the database. Load libdb.so into IDA - it uses libharcode.so

Step 5: libhardcode.so uses /etc/hardcode as input to decrypt files in /etc/hardcodefile

Step 6: RE the implementation to decrypt the file /etc/hardcodefile/dataprotocol to reveal

DefAESCBCKey=L04&Product@5A238dc79b15726d5c06
DefAESCBCIV=ZTE%FN$GponNJ025678b02a85c63c706
AESENCRYKey=
userkey=608158c36497b00221db14afb845c9e3

for the files attached in the question

Step 7: Apply this diff to the mentioned repo

diff --git a/examples/auto.py b/examples/auto.py
index 9331851..63688ec 100644
--- a/examples/auto.py
+++ b/examples/auto.py
@@ -27,6 +27,8 @@
     ("H267AV1_CZkey", "H267AV1_CZIV"),
     ("8cc72b05705d5c46f412af8cbed55aad", "667b02a85c61c786def4521b060265e8"),
     ("8dc79b15726d5c46d412af8cbed65aad", "678b02a85c63c786def4523b061265e8"),
+    #  ZTE F670
+    ("L04&Product@5A238dc79b15726d5c06", "ZTE%FN$GponNJ025678b02a85c63c706"),
 ]
 
 KNOWN_PASSWORD_KEYPAIR_SUFFIXES = [

and voila you can decrypt the file too

[man0eul3r]

Hi
Its works!
Thank you very much

Also You give step to find key and iv. Its very helpfull

I have tested your script and works well!!

[happyhacks]

@man0eul3r I have sent you a mail from my personal address at gmail.com

[man0eul3r]

Hello
okay
I have reply your email
Thank you friend