That is the wireless router I am connected to my ISP through. They were unable to send me some information I requested (which they claimed I should have anyway), but sent a stored config file for the device instead. Bad luck. Now, this password decoder does not cover all cases, but covers the most of them. Just put the filename of the config file on the command line and get the username and the password.

#!python
import sys

def DEBUG():
    return 0

def decode(x):
    lb = x & 0x0F
    hb = x >> 4

    map = {}
    if lb<8:
        map = {
            0x6:    0x2,    # 0110 -> 0010
            0x5:    0x3,    # 0101 -> 0011
            0x4:    0x4,    # 0100 -> 0100
            0xB:    0x5,    # 1011 -> 0101
            0xA:    0x6,    # 1010 -> 0110
            0x9:    0x7,    # 1001 -> 0111
        }
    else:
        map = {
            0x4:    0x3,    # 0100 -> 0011
            0xB:    0x4,    # 1011 -> 0100
            0xA:    0x5,    # 1010 -> 0101
            0x9:    0x6,    # 1001 -> 0110
            0x8:    0x7,    # 1000 -> 0111

            # the following characters are not confirmed 
            # but the only other option is to make it
            # 0x6:    0x8, which is unlikely  
            0x6:    0x2,    # 0110 -> 0010 
        }
    hb = map.get(hb, hb ^ 0xC)

    out = hb << 4 | lb
    if DEBUG():
        print "[%X>%X] %s " % (x, out, chr(out)), 
    return chr(out)

def dec_range(r):
    decoded = ""
    for i in r:
        if 0==i:
            break
        decoded+= decode(i)
    return decoded


f = open(sys.argv[1], "rb")
txt = f.read()

t2 = [ ord(i) ^ 0xC7 for i in txt ]

decoded = dec_range(t2[0xAC:0xAC+32])
print "USERNAME:%s" % decoded

decoded = dec_range(t2[0xCB:0xCB+32])
print "PASSWORD:%s" % decoded