I then looked at other options and noticed a possible backdoor relating to how the configuration was recovered from the cfgsave.dwb file. Further investigation showed that this does work for v5.01.4-uk. I have made the assumption that the same fix should work on different versions. The same fix does work with v5.02.2-uk. I have not tried with either the French or Spanish versions but the structure of the files suggest that it should work with all versions of the Livebox. I have made some versions of the cfgsave file available below.
Once you have copied the correct file ( the Livebox checks for the correct version and discards the complete file if the version is incorrect ), just use the option to restore the configuration from within the advanced pages on the Livebox. Assuming all is correct, the Livebox will reboot and once that has completed you should be able to connect through the serial port or a telnet session without requiring a password.
The method used is as follows. It appears that after the cfgsave files have been decrypted and copied into /etc, they are then run via a script (very secure!!) so what I have done is add a few lines to the wifi.conf file. First I remove the original /etc/passwd file and then echo out a new /etc/passwd file where there is no password set.
Please note that all your saved configuration will be lost if you run one of these cfgsave filee. Once the system has rebooted you will need to enter all your details again. What you might want to do is modify the wifi.conf file from your own saved configuration file with the extra lines to remove the root password. See here for more details on how to modify cfgsave.dwb files, using the removal/replacement of the passwd file as an example.
Another method is to login to the router with the test account, enter the test password (many thanks to evariste for the password) and then get a command shell from there. This can be done in the following manner.
I suggest that you use backdoors within the websrv if at all possible.