How are you finding the above links? Do you use any special software or manual scraping?
And for the engineer key thing. It's impossible to do a bruteforce attack as it would take more than a billion requests to the server considering the number of password character is 12 (as from the script code) and the character set length is 15.
Our only option is to gain access to system via adb(as it is an Android OS, it might be possible by shorting some IC pins to enter recovery mode) , as fastboot is of no luck, with limited options. Or ultimately, someone from Jio generous enough to provide the firmware file.
I don't use special software for those links. They are just hit and trial results and some through burpsuite spider.
Also the engineer key page uses anti-csrf tokens so it becomes more difficult to attack. The password length is not necessarily 12 as it is first encoded using md5 and a substring is chosen. This substring is then further encoded using the character set of 15 and posted in HTML request along with anti-csrf token.
Do you know how to decompile or open a firmware bin file?