search

hwti / G-010S-A

All about Nokia G-010S-A GPON SFP
190 stars 35 forks source link

how to change loid? #17

Open AxisRay opened 2 years ago

AxisRay commented 2 years ago 
fw_setenv omci_loid xxxxxxx

right?

And I cannot change the S/N

ONTUSER@SFP:~# ritool set MfrID YHTC
not allow to modify it.
ONTUSER@SFP:~# ritool dump
the Format:01
the MfrID:ALCL
the Factorycode:08
the HardwareVersion:3FE46541AACA
the ICS:01
the YPSerialNum:        F95A9009
the CleiCode:BVL3A8JNAA
the Mnemonic:G-010S-A
the ProgDate:190427
the MACAddress:ec:84:b4:ee:e3:c0
the DeviceIDPref:0000
the SWImage:3030
the OnuMode:0001
the G984Serial:f95a9009
the HWConfiguration:0000000000000000
the PartNumber:3FE46542AACA
the OperatorID:XXXX
the SLID:30303030303030303030303030303030
the CountryID:01
the GroupID:30303030
ONTUSER@SFP:~# upgradestatus
***** get current running image *****
current running image is  image0 !
***** get upgrade status ***********
image0_is_valid=1
image1_is_valid=1
next_active=0
commit=0
boot_fail=0
image0_version=3FE46398BGCB22
image1_version=3FE46398BFGB18

update: follow https://github.com/hwti/G-010S-A/issues/7#issuecomment-957071776_ we should set OperatorID 0000 first

ONTUSER@SFP:~# ritool set OperatorID 0000
hwti commented 2 years ago

I only saw the not allow to modify it. on the 3FE46398BGCB22 firmware, setting OperatorID to 0000 (or 9999) should bypass the check.

For the LOID, I see code to read LOID and LOIDPassword from ri/scfg in libdataModel.so which is called by parser and omciMgr, but the driver doesn't have them in its list (this is a binary format in the "ri" mtd). So the code seems to be present, but with no way to give it the values (unless patching either libdataModel.so or scfg.ko, but it wouldn't be easy).

AxisRay commented 2 years ago

I can see it try to get LOID from scfg

no LOID value in scfg
[01-01 10:00:15][OMCI]get loid failed
[01-01 10:00:15][OMCI]getLoidAuthInfo() exit @ 600m:15s:216ms, :
[01-01 10:00:15][OMCI] - create_instance_auto()  act_plugInUnitType = 48
[01-01 10:00:15][OMCI] - create_instance_auto()  act_plugInUnitType = 47

unless patching either libdataModel.so or scfg.ko

or we can modify the scfg in ri? it seems easier. but we should know the format detail first

ri.zip

AxisRay commented 2 years ago

Where is the function scfg_get image

AxisRay commented 2 years ago

It seems that we can use ritool to set the scfg

ONTUSER@SFP:/sbin# ls -lt /sbin/ritool 
lrwxrwxrwx    1 ONTUSER  root            17 Jan 25  2021 /sbin/ritool -> /usr/exe/scfgtool
ONTUSER@SFP:/sbin# ritool set LOID 7554196032
Set scfg descrip=LOID value=7554196032 failed.

Unfortunately, it failed. I am trying to figure it out.

update:

I found some error message in dmesg

[ 1527.488000] [K_SCFG] scfg_drv_ioctl: set scfg[LOID] from userspace
[ 1527.488000] item not exist, please check your input LOID

I didn't find where the scfgGroup defined. Maybe it was hardcoded ?

AxisRay commented 2 years ago

I have use hex editor to modify scfg.ko rename SSID-1Name to LOID rename SSID-1Password to LOIDPassword and rebuild the firmware

ONTUSER@SFP:~# ritool set LOID 12312312
ONTUSER@SFP:~# dmesg | tail
[  666.188000] [K_SCFG] scfg_drv_ioctl: set scfg[LOID] from userspace
[  666.768000] [K_SCFG] : set scfg success

there seems no error message

last_flow_me_recv_at = 0, last_igmp_channel_me_recv_at = 0, last_igmp_acl_me_recv_at = 0
[01-01 00:06:10][OMCI]>>>>on_omci_start_io()
[01-01 00:06:10][OMCI]getLoidAuthInfo() exit @ 6m:10s:111ms,         12312312:00000000
[01-01 00:06:10][OMCI]getLoidAuthInfo() exit @ 6m:10s:206ms,         12312312:00000000

It works!

hwti commented 2 years ago

scfg_get is in libscfg.so, and it does an ioctl on /dev/scfg exposed by scfg.ko.

scfg_get and scfg_set take a field name as parameter, which is handled by scfg.ko : scfgGroup seems to be some kind of table, which defines what kind of values are accepted, and where to store it in the mtd partition.

scfg_dump is used for oflt ri get command (which wants a parameter, but just dumps all values in the kernel log).

There are also APIs which manipulate a binary dump :

So by modifying the SSID-1Name and SSID-1Password field names in scfg.ko, you can store the values, but :

There might be padding issues, and handling of nul bytes if it's allowed by the spec (since it doesn't seem the values are meant to be stored in hex). Did it work with the OLT ? What format did you use for the two values, and what are the length ?

You would need to do the same changes in scfgtool to have the new names for ritool dump (which calls scfg_read in a loop).

AxisRay commented 2 years ago

you are right the length of SSID-1Password is not enough.

[ 1081.284000] [K_SCFG] scfg_drv_ioctl: set scfg[LOIDPassword] from userspace
[ 1081.284000] your contents is too long
[ 1081.284000] scfg_drv_set_internal failed

Here is my LOID and LOIDPassword (get from ISP)

<Loid>545331303030303035313131313131000000000000000000</Loid>
TS1000005111111
<Password>545331303030303035313131</Password>
TS1000005111

scfgGroup seems to be some kind of table, which defines what kind of values are accepted, and where to store it in the mtd partition.

I think we can modify the define to solve the "padding issues" and "length limit" ? but I didn't find where it been defined. I'm a totally noob in reverse engineering. 😥

AxisRay commented 2 years ago

Snipaste_2022-03-18_16-39-56

I have modified scfg.ko and extend LOID to 24bytes , LOIDPassword to 16bytes

ONTUSER@SFP:~# ritool set LOID TS1000005111111
ONTUSER@SFP:~# ritool set LOIDPassword TS1000005111
ONTUSER@SFP:~# ritool get LOID
the LOID:         TS1000005111111
ONTUSER@SFP:~# ritool get LOIDPassword 
the LOIDPassword:TS1000005111
ONTUSER@SFP:~# ritool get SSID-2Name
the SSID-2Name:0000
ONTUSER@SFP:~#

ritool works well.

the UserName:        usradmin
the UserPassword:   12345
the MgntUserName:      adminadmin
the MgntUserPassword: ALC#FGU
the LOID:         TS1000005111111
the LOIDPassword:    TS1000005111
the SSID-2Name:0000
the SSID-2Password:0000
the OperatorID:0000
the SLID:30303030303030303030303030303030
the CountryID:01
the GroupID:30303030
the Checksum1:63e5
the Spare6:3030
the RollbackFlag:0000

omciMgr seems abnormal

[01-01 00:04:41][OMCI]OMCI_LIB: Success to create OMCI mib upload share memory, pointer 0x76588000
ds_sec=-1
 Inside GatewayUniSupp_1Itf::GatewayUniSupp_1Itf constructor
[01-01 00:04:41][OMCI]getLoidAuthInfo() exit @ 4m:41s:305ms,          TS1000005111111    TS100000:    TS100000
[01-01 00:04:41][OMCI] - create_instance_auto()  act_plugInUnitType = 48
[01-01 00:04:41][OMCI] - create_instance_auto()  act_plugInUnitType = 47
EthManageItf::getInstance: without switch.
[01-01 00:04:41][OMCI]checkPonLEDStatus:Fiber disconnected 
 create auto instanmce gateway uni ME succesful
[01-01 00:04:41][OMCI]getLoidAuthInfo() exit @ 4m:41s:394ms,          TS1000005111111    TS100000r�v�r�0000:    TS100000r�v�r�0000
AnigSupp_1 creat

I haven't test with the OLT.

update: tested , not working full log

full log ``` [01-01 00:11:40]OMCI_RX# 232@ 11m:40s: 917ms-F8 BA 49 0A 01 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 62 BE E1 68 [01-01 00:11:40][E]>>>>on_omci_start_io() [01-01 00:11:40] TX_ONT_MSG -- @11m:40s:919ms [01-01 00:11:40]Msg_type = GET [01-01 00:11:40]Trans_id = 16 [01-01 00:11:40]Entity_id = ONT G(0x100) [01-01 00:11:40]Instance_id = 00 [01-01 00:11:40]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(256-00);instance_id(0x0000)--@11m:40s:927ms [01-01 00:11:40]OmciMain:: Response Msg Sent--@11m:40s:934ms [01-01 00:11:40]vendor_id.status = VALID [01-01 00:11:40]version.status = NOT VALID [01-01 00:11:40]serial_number.status = NOT VALID [01-01 00:11:40]traffic_management.status = NOT VALID [01-01 00:11:40]vp_connect_function.status = NOT VALID [01-01 00:11:40]battery_backup.status = NOT VALID [01-01 00:11:40]admin_state.status = NOT VALID [01-01 00:11:40]oper_state.status = NOT VALID [01-01 00:11:40]ONU_survival_time.status = NOT VALID [01-01 00:11:40]Logical_ONU_ID.status = NOT VALID [01-01 00:11:40]Logical_Password.status = NOT VALID [01-01 00:11:40]Credentials_Status.status = NOT VALID [01-01 00:11:40] RX_ONT_MSG -- @11m:40s:976ms [01-01 00:11:40]Msg_type = GET RESPONSE [01-01 00:11:40]Trans_id = 16 [01-01 00:11:40]Entity_id = ONT G(0x100) [01-01 00:11:40]Instance_id = 00 [01-01 00:11:40]Sub entity Id :NO SUB ENTITY ID [01-01 00:11:40]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:11:40]vendor_id.status = VALID [01-01 00:11:40]vendor_id.value = YHTC [01-01 00:11:41]version.status = NOT VALID [01-01 00:11:41]serial_number.status = NOT VALID [01-01 00:11:41]traffic_management.status = NOT VALID [01-01 00:11:41]vp_connect_function.status = NOT VALID [01-01 00:11:41]battery_backup.status = NOT VALID [01-01 00:11:41]admin_state.status = NOT VALID [01-01 00:11:41]oper_state.status = NOT VALID [01-01 00:11:41]ONU_survival_time.status = NOT VALID [01-01 00:11:41]Logical_ONU_ID.status = NOT VALID [01-01 00:11:41]Logical_Password.status = NOT VALID [01-01 00:11:41]Credentials_Status.status = NOT VALID [01-01 00:11:41]Duration : 00s:084ms [01-01 00:11:41]OMCI msg construction = SUCCESSFUL [01-01 00:11:41] [01-01 00:11:41]OMCI_TX# 232@ 11m:41s: 70ms-F8 BA 29 0A 01 00 00 00 00 80 00 59 48 54 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [01-01 00:11:41]OMCI_RX# 233@ 11m:41s: 72ms-F8 BB 49 0A FF FA 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 A1 E3 57 EB [01-01 00:11:41] TX_ONT_MSG -- @11m:41s:076ms [01-01 00:11:41]Msg_type = GET [01-01 00:11:41]Trans_id = 17 [01-01 00:11:41]Entity_id = LOID AUTHENTICATION(0xfffa) [01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(65530-00);instance_id(0x0000)--@11m:41s:076ms [01-01 00:11:41]getLoidAuthInfo() @ 11m:41s:84ms [01-01 00:11:41][E]getLoidAuthInfo() exit @ 11m:41s:85ms, SZ1000005945279 SZ100000Ҡ: SZ100000Ҡ [01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:087ms [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]operator_id.status = NOT VALID [01-01 00:11:41]logical_id.status = VALID [01-01 00:11:41]password.status = NOT VALID [01-01 00:11:41]authentication_status.status = NOT VALID [01-01 00:11:41] RX_ONT_MSG -- @11m:41s:100ms [01-01 00:11:41]Msg_type = GET RESPONSE [01-01 00:11:41]Trans_id = 17 [01-01 00:11:41]Entity_id = LOID AUTHENTICATION(0xfffa) [01-01 00:11:41]checkPonVidStatus: statePrevious=0, state=1 [01-01 00:11:41][C]OmciMain:: OMCI Link Status is UP--@11m:41s:125ms [01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:126ms [01-01 00:11:41]SendMsgToSlid msgsnd ok. slidMsg.onuState=3 [01-01 00:11:41]Enter notify_sipw_pon_status, onustate=3 [01-01 00:11:41]notify_sipw_pon_status: get SIPW queue failed, err = 2, No such file or directory [01-01 00:11:41]>>>>configLptPort: onu state is ONU_REGISTERED [01-01 00:11:41]actionProcess: process actionType=116,messageInQueue=-1,totalMsgCounter=35,time=11m:41s:130ms [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID [01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:11:41]operator_id.status = NOT VALID [01-01 00:11:41]logical_id.status = VALID [01-01 00:11:41]actionProcess: processAction: result is: SUCCESS, end @ 11m:41s 131ms [01-01 00:11:41]actionProcess: sendMsgToActionProcess, actionType=1991225376 [01-01 00:11:41][E]checkPonLEDStatus:Fiber connected [01-01 00:11:41]Evtmgr process not exist! notify_evtmgr_pon_status() return! [01-01 00:11:41]logical_id.value = 20 20 20 20 20 20 20 20 20 53 5a 31 30 30 30 30 30 35 39 34 35 32 37 39 [01-01 00:11:41]password.status = NOT VALID [01-01 00:11:41]authentication_status.status = NOT VALID [01-01 00:11:41]Duration : 00s:185ms [01-01 00:11:41]OMCI msg construction = SUCCESSFUL [01-01 00:11:41] [01-01 00:11:41]OMCI_TX# 233@ 11m:41s: 279ms-F8 BB 29 0A FF FA 00 00 00 40 00 20 20 20 20 20 20 20 20 20 53 5A 31 30 30 30 30 30 35 39 34 35 32 37 39 00 00 00 00 00 [01-01 00:11:41]OMCI_RX# 234@ 11m:41s: 294ms-F8 BC 49 0A FF FA 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 1C 47 C0 20 [01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(65530-00);instance_id(0x0000)--@11m:41s:297ms [01-01 00:11:41]getLoidAuthInfo() @ 11m:41s:298ms [01-01 00:11:41] TX_ONT_MSG -- @11m:41s:300ms [01-01 00:11:41]Msg_type = GET [01-01 00:11:41]Trans_id = 18 [01-01 00:11:41]Entity_id = LOID AUTHENTICATION(0xfffa) [01-01 00:11:41][E]getLoidAuthInfo() exit @ 11m:41s:299ms, SZ1000005945279 SZ100000Ҡ: SZ100000Ҡ [01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:306ms [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]operator_id.status = NOT VALID [01-01 00:11:41]logical_id.status = NOT VALID [01-01 00:11:41]password.status = VALID [01-01 00:11:41]authentication_status.status = NOT VALID [01-01 00:11:41] RX_ONT_MSG -- @11m:41s:333ms [01-01 00:11:41]Msg_type = GET RESPONSE [01-01 00:11:41]Trans_id = 18 [01-01 00:11:41]Entity_id = LOID AUTHENTICATION(0xfffa) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID [01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:11:41]operator_id.status = NOT VALID [01-01 00:11:41]logical_id.status = NOT VALID [01-01 00:11:41]password.status = VALID [01-01 00:11:41]password.value = 20 20 20 20 53 5a 31 30 30 30 30 30 [01-01 00:11:41]authentication_status.status = NOT VALID [01-01 00:11:41]Duration : 00s:033ms [01-01 00:11:41]OMCI msg construction = SUCCESSFUL [01-01 00:11:41] [01-01 00:11:41]OMCI_TX# 234@ 11m:41s: 373ms-F8 BC 29 0A FF FA 00 00 00 20 00 20 20 20 20 53 5A 31 30 30 30 30 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [01-01 00:11:41]OMCI_RX# 235@ 11m:41s: 376ms-F8 BD 49 0A 01 00 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 36 00 7C BF [01-01 00:11:41] TX_ONT_MSG -- @11m:41s:378ms [01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(256-00);instance_id(0x0000)--@11m:41s:381ms [01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:382ms [01-01 00:11:41]Msg_type = GET [01-01 00:11:41]Trans_id = 19 [01-01 00:11:41]Entity_id = ONT G(0x100) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]vendor_id.status = VALID [01-01 00:11:41]version.status = VALID [01-01 00:11:41]serial_number.status = NOT VALID [01-01 00:11:41]traffic_management.status = NOT VALID [01-01 00:11:41]vp_connect_function.status = NOT VALID [01-01 00:11:41]battery_backup.status = NOT VALID [01-01 00:11:41]admin_state.status = NOT VALID [01-01 00:11:41]oper_state.status = NOT VALID [01-01 00:11:41]ONU_survival_time.status = NOT VALID [01-01 00:11:41]Logical_ONU_ID.status = NOT VALID [01-01 00:11:41]Logical_Password.status = NOT VALID [01-01 00:11:41]Credentials_Status.status = NOT VALID [01-01 00:11:41] RX_ONT_MSG -- @11m:41s:412ms [01-01 00:11:41]Msg_type = GET RESPONSE [01-01 00:11:41]Trans_id = 19 [01-01 00:11:41]Entity_id = ONT G(0x100) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID [01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:11:41]vendor_id.status = VALID [01-01 00:11:41]vendor_id.value = YHTC [01-01 00:11:41]version.status = VALID [01-01 00:11:41]version.value = 3FE46541AACA01 [01-01 00:11:41]serial_number.status = NOT VALID [01-01 00:11:41]traffic_management.status = NOT VALID [01-01 00:11:41]vp_connect_function.status = NOT VALID [01-01 00:11:41]battery_backup.status = NOT VALID [01-01 00:11:41]admin_state.status = NOT VALID [01-01 00:11:41]oper_state.status = NOT VALID [01-01 00:11:41]ONU_survival_time.status = NOT VALID [01-01 00:11:41]Logical_ONU_ID.status = NOT VALID [01-01 00:11:41]Logical_Password.status = NOT VALID [01-01 00:11:41]Credentials_Status.status = NOT VALID [01-01 00:11:41]Duration : 00s:049ms [01-01 00:11:41]OMCI msg construction = SUCCESSFUL [01-01 00:11:41] [01-01 00:11:41]OMCI_TX# 235@ 11m:41s: 468ms-F8 BD 29 0A 01 00 00 00 00 C0 00 59 48 54 43 33 46 45 34 36 35 34 31 41 41 43 41 30 31 00 00 00 00 00 00 00 00 00 00 00 [01-01 00:11:41]OMCI_RX# 236@ 11m:41s: 471ms-F8 BE 49 0A 01 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 96 C0 27 2C [01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(256-00);instance_id(0x0000)--@11m:41s:474ms [01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:475ms [01-01 00:11:41] TX_ONT_MSG -- @11m:41s:475ms [01-01 00:11:41]Msg_type = GET [01-01 00:11:41]Trans_id = 1a [01-01 00:11:41]Entity_id = ONT G(0x100) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]vendor_id.status = NOT VALID [01-01 00:11:41]version.status = NOT VALID [01-01 00:11:41]serial_number.status = VALID [01-01 00:11:41]traffic_management.status = NOT VALID [01-01 00:11:41]vp_connect_function.status = NOT VALID [01-01 00:11:41]battery_backup.status = NOT VALID [01-01 00:11:41]admin_state.status = NOT VALID [01-01 00:11:41]oper_state.status = NOT VALID [01-01 00:11:41]ONU_survival_time.status = NOT VALID [01-01 00:11:41]Logical_ONU_ID.status = NOT VALID [01-01 00:11:41]Logical_Password.status = NOT VALID [01-01 00:11:41]Credentials_Status.status = NOT VALID [01-01 00:11:41] RX_ONT_MSG -- @11m:41s:506ms [01-01 00:11:41]Msg_type = GET RESPONSE [01-01 00:11:41]Trans_id = 1a [01-01 00:11:41]Entity_id = ONT G(0x100) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID [01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:11:41]vendor_id.status = NOT VALID [01-01 00:11:41]version.status = NOT VALID [01-01 00:11:41]serial_number.status = VALID [01-01 00:11:41]serial_number.value = YHTC1c80d0cc [01-01 00:11:41]traffic_management.status = NOT VALID [01-01 00:11:41]vp_connect_function.status = NOT VALID [01-01 00:11:41]battery_backup.status = NOT VALID [01-01 00:11:41]admin_state.status = NOT VALID [01-01 00:11:41]oper_state.status = NOT VALID [01-01 00:11:41]ONU_survival_time.status = NOT VALID [01-01 00:11:41]Logical_ONU_ID.status = NOT VALID [01-01 00:11:41]Logical_Password.status = NOT VALID [01-01 00:11:41]Credentials_Status.status = NOT VALID [01-01 00:11:41]Duration : 00s:049ms [01-01 00:11:41]OMCI msg construction = SUCCESSFUL [01-01 00:11:41] [01-01 00:11:41]OMCI_TX# 236@ 11m:41s: 569ms-F8 BE 29 0A 01 00 00 00 00 20 00 59 48 54 43 1C 80 D0 CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [01-01 00:11:41]OMCI_RX# 237@ 11m:41s: 572ms-F8 BF 49 0A 01 01 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 5E D6 33 ED [01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(257-00);instance_id(0x0000)--@11m:41s:575ms [01-01 00:11:41] TX_ONT_MSG -- @11m:41s:576ms [01-01 00:11:41]Msg_type = GET [01-01 00:11:41]Trans_id = 1b [01-01 00:11:41]Entity_id = ONT 2G(0x101) [01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:576ms [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]eqpt_id.status = VALID [01-01 00:11:41]omcc_version.status = NOT VALID [01-01 00:11:41]ven_prod_code.status = VALID [01-01 00:11:41]security_capability.status = NOT VALID [01-01 00:11:41]security_mode.status = NOT VALID [01-01 00:11:41]total_priority_queue_nbr.status = NOT VALID [01-01 00:11:41]total_trf_sch_nbr.status = NOT VALID [01-01 00:11:41]mode.status = NOT VALID [01-01 00:11:41]total_gem_ports_supported.status = NOT VALID [01-01 00:11:41]sysUpTime.status = NOT VALID [01-01 00:11:41]connCapability.status = NOT VALID [01-01 00:11:41]currConnMode.status = NOT VALID [01-01 00:11:41]qosConfigFlexibility.status = NOT VALID [01-01 00:11:41]pqScaleFactor.status = NOT VALID [01-01 00:11:41] RX_ONT_MSG -- @11m:41s:602ms [01-01 00:11:41]Msg_type = GET RESPONSE [01-01 00:11:41]Trans_id = 1b [01-01 00:11:41]Entity_id = ONT 2G(0x101) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID [01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:11:41]eqpt_id.status = VALID [01-01 00:11:41]eqpt_id.value = 42 56 4c 33 41 38 4a 4e 41 41 47 30 31 30 53 41 00 00 00 00 [01-01 00:11:41]omcc_version.status = NOT VALID [01-01 00:11:41]ven_prod_code.status = VALID [01-01 00:11:41]ven_prod_code.value = 3800 [01-01 00:11:41]security_capability.status = NOT VALID [01-01 00:11:41]security_mode.status = NOT VALID [01-01 00:11:41]total_priority_queue_nbr.status = NOT VALID [01-01 00:11:41]total_trf_sch_nbr.status = NOT VALID [01-01 00:11:41]mode.status = NOT VALID [01-01 00:11:41]total_gem_ports_supported.status = NOT VALID [01-01 00:11:41]sysUpTime.status = NOT VALID [01-01 00:11:41]connCapability.status = NOT VALID [01-01 00:11:41]currConnMode.status = NOT VALID [01-01 00:11:41]qosConfigFlexibility.status = NOT VALID [01-01 00:11:41]pqScaleFactor.status = NOT VALID [01-01 00:11:41]Duration : 00s:024ms [01-01 00:11:41]OMCI msg construction = SUCCESSFUL [01-01 00:11:41] [01-01 00:11:41]OMCI_TX# 237@ 11m:41s: 629ms-F8 BF 29 0A 01 01 00 00 00 A0 00 42 56 4C 33 41 38 4A 4E 41 41 47 30 31 30 53 41 00 00 00 00 38 00 00 00 00 00 00 00 00 [01-01 00:11:41]OMCI_RX# 238@ 11m:41s: 632ms-F8 C0 49 0A 00 07 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 11 2D 49 9F [01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(07-00);instance_id(0x0000)--@11m:41s:635ms [01-01 00:11:41] TX_ONT_MSG -- @11m:41s:636ms [01-01 00:11:41]Msg_type = GET [01-01 00:11:41]Trans_id = 1c [01-01 00:11:41]Entity_id = SOFTWARE IMAGE(0x7) [01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:636ms [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]version.status = VALID [01-01 00:11:41]is_committed.status = VALID [01-01 00:11:41]is_active.status = VALID [01-01 00:11:41]is_valid.status = VALID [01-01 00:11:41] RX_ONT_MSG -- @11m:41s:659ms [01-01 00:11:41]Msg_type = GET RESPONSE [01-01 00:11:41]Trans_id = 1c [01-01 00:11:41]Entity_id = SOFTWARE IMAGE(0x7) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID [01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:11:41]version.status = VALID [01-01 00:11:41]version.value = 3FE46398BGCB22 [01-01 00:11:41]is_committed.status = VALID [01-01 00:11:41]is_committed.value = 00 [01-01 00:11:41]is_active.status = VALID [01-01 00:11:41]is_active.value = 00 [01-01 00:11:41]is_valid.status = VALID [01-01 00:11:41]is_valid.value = 01 [01-01 00:11:41]Duration : 00s:020ms [01-01 00:11:41]OMCI msg construction = SUCCESSFUL [01-01 00:11:41] [01-01 00:11:41]OMCI_TX# 238@ 11m:41s: 681ms-F8 C0 29 0A 00 07 00 00 00 F0 00 33 46 45 34 36 33 39 38 42 47 43 42 32 32 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 [01-01 00:11:41]OMCI_RX# 239@ 11m:41s: 684ms-F8 C1 49 0A 00 07 00 01 F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 A9 F9 70 70 [01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(07-00);instance_id(0x0001)--@11m:41s:687ms [01-01 00:11:41] TX_ONT_MSG -- @11m:41s:688ms [01-01 00:11:41]Msg_type = GET [01-01 00:11:41]Trans_id = 1d [01-01 00:11:41]Entity_id = SOFTWARE IMAGE(0x7) [01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:688ms [01-01 00:11:41]Instance_id = 01 [01-01 00:11:41]version.status = VALID [01-01 00:11:41]is_committed.status = VALID [01-01 00:11:41]is_active.status = VALID [01-01 00:11:41]is_valid.status = VALID [01-01 00:11:41] RX_ONT_MSG -- @11m:41s:696ms [01-01 00:11:41]Msg_type = GET RESPONSE [01-01 00:11:41]Trans_id = 1d [01-01 00:11:41]Entity_id = SOFTWARE IMAGE(0x7) [01-01 00:11:41]Instance_id = 01 [01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID [01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:11:41]version.status = VALID [01-01 00:11:41]version.value = 3FE46398BGCB22 [01-01 00:11:41]is_committed.status = VALID [01-01 00:11:41]is_committed.value = 01 [01-01 00:11:41]is_active.status = VALID [01-01 00:11:41]is_active.value = 01 [01-01 00:11:41]is_valid.status = VALID [01-01 00:11:41]is_valid.value = 01 [01-01 00:11:41]Duration : 00s:016ms [01-01 00:11:41]OMCI msg construction = SUCCESSFUL [01-01 00:11:41] [01-01 00:11:41]OMCI_TX# 239@ 11m:41s: 714ms-F8 C1 29 0A 00 07 00 01 00 F0 00 33 46 45 34 36 33 39 38 42 47 43 42 32 32 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 [01-01 00:11:41]OMCI_RX# 240@ 11m:41s: 717ms-F8 C2 49 0A 01 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 0C 51 D1 05 [01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(256-00);instance_id(0x0000)--@11m:41s:721ms [01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:722ms [01-01 00:11:41] TX_ONT_MSG -- @11m:41s:722ms [01-01 00:11:41]Msg_type = GET [01-01 00:11:41]Trans_id = 1e [01-01 00:11:41]Entity_id = ONT G(0x100) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]vendor_id.status = VALID [01-01 00:11:41]version.status = NOT VALID [01-01 00:11:41]serial_number.status = NOT VALID [01-01 00:11:41]traffic_management.status = NOT VALID [01-01 00:11:41]vp_connect_function.status = NOT VALID [01-01 00:11:41]battery_backup.status = NOT VALID [01-01 00:11:41]admin_state.status = NOT VALID [01-01 00:11:41]oper_state.status = NOT VALID [01-01 00:11:41]ONU_survival_time.status = NOT VALID [01-01 00:11:41]Logical_ONU_ID.status = NOT VALID [01-01 00:11:41]Logical_Password.status = NOT VALID [01-01 00:11:41]Credentials_Status.status = NOT VALID [01-01 00:11:41] RX_ONT_MSG -- @11m:41s:736ms [01-01 00:11:41]Msg_type = GET RESPONSE [01-01 00:11:41]Trans_id = 1e [01-01 00:11:41]Entity_id = ONT G(0x100) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID [01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:11:41]vendor_id.status = VALID [01-01 00:11:41]vendor_id.value = YHTC [01-01 00:11:41]version.status = NOT VALID [01-01 00:11:41]serial_number.status = NOT VALID [01-01 00:11:41]traffic_management.status = NOT VALID [01-01 00:11:41]vp_connect_function.status = NOT VALID [01-01 00:11:41]battery_backup.status = NOT VALID [01-01 00:11:41]admin_state.status = NOT VALID [01-01 00:11:41]oper_state.status = NOT VALID [01-01 00:11:41]ONU_survival_time.status = NOT VALID [01-01 00:11:41]Logical_ONU_ID.status = NOT VALID [01-01 00:11:41]Logical_Password.status = NOT VALID [01-01 00:11:41]Credentials_Status.status = NOT VALID [01-01 00:11:41]Duration : 00s:018ms [01-01 00:11:41]OMCI msg construction = SUCCESSFUL [01-01 00:11:41] [01-01 00:11:41]OMCI_TX# 240@ 11m:41s: 756ms-F8 C2 29 0A 01 00 00 00 00 80 00 59 48 54 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [01-01 00:11:41]OMCI_RX# 241@ 11m:41s: 760ms-F8 C3 49 0A 01 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 E2 12 E8 0F [01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(256-00);instance_id(0x0000)--@11m:41s:763ms [01-01 00:11:41] TX_ONT_MSG -- @11m:41s:764ms [01-01 00:11:41]Msg_type = GET [01-01 00:11:41]Trans_id = 01 [01-01 00:11:41]Entity_id = ONT G(0x100) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:764ms [01-01 00:11:41]vendor_id.status = VALID [01-01 00:11:41]version.status = NOT VALID [01-01 00:11:41]serial_number.status = NOT VALID [01-01 00:11:41]traffic_management.status = NOT VALID [01-01 00:11:41]vp_connect_function.status = NOT VALID [01-01 00:11:41]battery_backup.status = NOT VALID [01-01 00:11:41]admin_state.status = NOT VALID [01-01 00:11:41]oper_state.status = NOT VALID [01-01 00:11:41]ONU_survival_time.status = NOT VALID [01-01 00:11:41]Logical_ONU_ID.status = NOT VALID [01-01 00:11:41]Logical_Password.status = NOT VALID [01-01 00:11:41]Credentials_Status.status = NOT VALID [01-01 00:11:41] RX_ONT_MSG -- @11m:41s:779ms [01-01 00:11:41]Msg_type = GET RESPONSE [01-01 00:11:41]Trans_id = 01 [01-01 00:11:41]Entity_id = ONT G(0x100) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID [01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:11:41]vendor_id.status = VALID [01-01 00:11:41]vendor_id.value = YHTC [01-01 00:11:41]version.status = NOT VALID [01-01 00:11:41]serial_number.status = NOT VALID [01-01 00:11:41]traffic_management.status = NOT VALID [01-01 00:11:41]vp_connect_function.status = NOT VALID [01-01 00:11:41]battery_backup.status = NOT VALID [01-01 00:11:41]admin_state.status = NOT VALID [01-01 00:11:41]oper_state.status = NOT VALID [01-01 00:11:41]ONU_survival_time.status = NOT VALID [01-01 00:11:41]Logical_ONU_ID.status = NOT VALID [01-01 00:11:41]Logical_Password.status = NOT VALID [01-01 00:11:41]Credentials_Status.status = NOT VALID [01-01 00:11:41]Duration : 00s:018ms [01-01 00:11:41]OMCI msg construction = SUCCESSFUL [01-01 00:11:41] [01-01 00:11:41]OMCI_TX# 241@ 11m:41s: 798ms-F8 C3 29 0A 01 00 00 00 00 80 00 59 48 54 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [01-01 00:11:41]OMCI_RX# 242@ 11m:41s: 801ms-F8 C4 48 0A FF FA 00 00 10 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 D0 8B 29 AF [01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_SET:Entity_id(65530-00);instance_id(0x0000)--@11m:41s:805ms [01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:806ms [01-01 00:11:41] TX_ONT_MSG -- @11m:41s:806ms [01-01 00:11:41]Msg_type = SET [01-01 00:11:41]Trans_id = 02 [01-01 00:11:41]Entity_id = LOID AUTHENTICATION(0xfffa) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]operator_id.status = NOT VALID [01-01 00:11:41]logical_id.status = NOT VALID [01-01 00:11:41]password.status = NOT VALID [01-01 00:11:41]authentication_status.status = VALID [01-01 00:11:41]authentication_status.value = 02 [01-01 00:11:41] RX_ONT_MSG -- @11m:41s:814ms [01-01 00:11:41]Msg_type = SET RESPONSE [01-01 00:11:41]Trans_id = 02 [01-01 00:11:41]Entity_id = LOID AUTHENTICATION(0xfffa) [01-01 00:11:41]Instance_id = 00 [01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID [01-01 00:11:41]Duration : 00s:006ms [01-01 00:11:41]OMCI msg construction = SUCCESSFUL [01-01 00:11:41] [01-01 00:11:41]OMCI_TX# 242@ 11m:41s: 822ms-F8 C4 28 0A FF FA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [01-01 00:11:42]checkPonVidStatus: statePrevious=1, state=0 [01-01 00:11:42]Enter notify_sipw_pon_status, onustate=2 [01-01 00:11:42][C]OmciMain:: OMCI Link Status is DOWN--@11m:42s:713 ```
vuducdong commented 2 years ago

@AxisRay upgrade custom firmware is here to help you change loid https://github.com/hwti/G-010S-A/issues/1#issuecomment-1066288848

AxisRay commented 2 years ago

@AxisRay upgrade custom firmware is here to help you change loid #1 (comment)

I know it. The custom firmware is uploaded by me.

I am trying to modify the orgin frimware just for research.

AxisRay commented 2 years ago

oh, "padding issues" 

[01-01 00:11:41]logical_id.value = 20 20 20 20 20 20 20 20 20 53 5a 31 30 30 30 30 30 35 39 34 35 32 37 39
[01-01 00:11:41]password.value = 20 20 20 20 53 5a 31 30 30 30 30 30
vuducdong commented 2 years ago

oh, "padding issues"

[01-01 00:11:41]logical_id.value = 20 20 20 20 20 20 20 20 20 53 5a 31 30 30 30 30 30 35 39 34 35 32 37 39
[01-01 00:11:41]password.value = 20 20 20 20 53 5a 31 30 30 30 30 30

1, Password: it's mean LOID password, right? (20 characters), but normaly is maximum 12 characters 2, SLID: 32 characters, not the same as the SLID on the web, normaly is maximum 20 character (10 ASCII or 20 HEX)

AxisRay commented 2 years ago

1, Password: it's mean LOID password, right? (20 characters), but normaly is maximum 12 characters

No, you can find why here

Where is the function scfg_get image

AxisRay commented 2 years ago

TEST PASS!!!

ONTUSER@SFP:~# onu ploamsg
errorcode=0 curr_state=5 previous_state=4 elapsed_msec=146852

I modified the ri mtd directly and fix "padding issues" And recalculated the checksum.

LOID AUTH LOG ``` TX_ONT_MSG -- @01m:23s:942ms [01-01 00:01:23][E]>>>>on_omci_start_io() [01-01 00:01:23]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(65530-00);instance_id(0x0000)--@01m:23s:945ms [01-01 00:01:23]getLoidAuthInfo() @ 1m:23s:946ms [01-01 00:01:23]Msg_type = GET [01-01 00:01:23]Trans_id = 01 [01-01 00:01:23][E]getLoidAuthInfo() exit @ 1m:23s:947ms, SZ1000005945279:SZ1000005945�� [01-01 00:01:23]OmciMain:: Response Msg Sent--@01m:23s:951ms [01-01 00:01:23]Entity_id = LOID AUTHENTICATION(0xfffa) [01-01 00:01:23]Instance_id = 00 [01-01 00:01:23]operator_id.status = NOT VALID [01-01 00:01:23]logical_id.status = VALID [01-01 00:01:23]password.status = NOT VALID [01-01 00:01:23]authentication_status.status = NOT VALID [01-01 00:01:23] RX_ONT_MSG -- @01m:23s:973ms [01-01 00:01:23]Msg_type = GET RESPONSE [01-01 00:01:23]Trans_id = 01 [01-01 00:01:23]Entity_id = LOID AUTHENTICATION(0xfffa) [01-01 00:01:23]Instance_id = 00 [01-01 00:01:23]Sub entity Id :NO SUB ENTITY ID [01-01 00:01:23]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:01:23]operator_id.status = NOT VALID [01-01 00:01:23]logical_id.status = VALID [01-01 00:01:23]logical_id.value = 53 5a 31 30 30 30 30 30 35 39 34 35 32 37 39 00 00 00 00 00 00 00 00 00 [01-01 00:01:24]password.status = NOT VALID [01-01 00:01:24]authentication_status.status = NOT VALID [01-01 00:01:24]Duration : 00s:061ms [01-01 00:01:24]OMCI msg construction = SUCCESSFUL [01-01 00:01:24] [01-01 00:01:24]OMCI_TX# 1@ 1m:24s: 35ms-6A 57 29 0A FF FA 00 00 00 40 00 53 5A 31 30 30 30 30 30 35 39 34 35 32 37 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [01-01 00:01:24]OMCI_RX# 2@ 1m:24s: 67ms-6A 58 49 0A FF FA 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 11 28 4F F5 [01-01 00:01:24] TX_ONT_MSG -- @01m:24s:074ms [01-01 00:01:24]Msg_type = GET [01-01 00:01:24]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(65530-00);instance_id(0x0000)--@01m:24s:077ms [01-01 00:01:24]getLoidAuthInfo() @ 1m:24s:77ms [01-01 00:01:24][E]getLoidAuthInfo() exit @ 1m:24s:78ms, SZ1000005945279:SZ1000005945�� [01-01 00:01:24]Trans_id = 02 [01-01 00:01:24]Entity_id = LOID AUTHENTICATION(0xfffa) [01-01 00:01:24]Instance_id = 00 [01-01 00:01:24]operator_id.status = NOT VALID [01-01 00:01:24]OmciMain:: Response Msg Sent--@01m:24s:080ms [01-01 00:01:24]logical_id.status = NOT VALID [01-01 00:01:24]password.status = VALID [01-01 00:01:24]authentication_status.status = NOT VALID [01-01 00:01:24] RX_ONT_MSG -- @01m:24s:102ms [01-01 00:01:24]Msg_type = GET RESPONSE [01-01 00:01:24]Trans_id = 02 [01-01 00:01:24]Entity_id = LOID AUTHENTICATION(0xfffa) [01-01 00:01:24]Instance_id = 00 [01-01 00:01:24]Sub entity Id :NO SUB ENTITY ID [01-01 00:01:24]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY [01-01 00:01:24]operator_id.status = NOT VALID [01-01 00:01:24]logical_id.status = NOT VALID [01-01 00:01:24]password.status = VALID [01-01 00:01:24]password.value = 53 5a 31 30 30 30 30 30 35 39 34 35 [01-01 00:01:24]authentication_status.status = NOT VALID [01-01 00:01:24]Duration : 00s:050ms [01-01 00:01:24]OMCI msg construction = SUCCESSFUL [01-01 00:01:24] [01-01 00:01:24]OMCI_TX# 2@ 1m:24s: 165ms-6A 58 29 0A FF FA 00 00 00 20 00 53 5A 31 30 30 30 30 30 35 39 34 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [01-01 00:01:24]OMCI_RX# 3@ 1m:24s: 171ms-6A 59 48 0A FF FA 00 00 10 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 5D 48 AF 1D [01-01 00:01:24] TX_ONT_MSG -- @01m:24s:177ms [01-01 00:01:24]Msg_type = SET [01-01 00:01:24]Trans_id = 03 [01-01 00:01:24]OmciMain:: Received MSG_N_OMCI_SET:Entity_id(65530-00);instance_id(0x0000)--@01m:24s:181ms [01-01 00:01:24]OmciMain:: Response Msg Sent--@01m:24s:182ms [01-01 00:01:24]OMCI_RX# 4@ 1m:24s: 182ms-6A 5A 49 0A 00 07 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 1E A5 5B 75 [01-01 00:01:24]Entity_id = LOID AUTHENTICATION(0xfffa) [01-01 00:01:24]Instance_id = 00 [01-01 00:01:24]operator_id.status = NOT VALID [01-01 00:01:24]logical_id.status = NOT VALID [01-01 00:01:24]password.status = NOT VALID [01-01 00:01:24]authentication_status.status = VALID [01-01 00:01:24]authentication_status.value = 02 [01-01 00:01:24] ```

UPDATE: image

We can set type to 0001 to enable hex format setting. So we can prevent "padding issues" .

ONTUSER@SFP:~# ritool set LOID 535a31303030303035393435323739000000000000000000
ONTUSER@SFP:~# ritool get LOID
the LOID:SZ1000005945279
ONTUSER@SFP:~# ritool set LOIDPassword 535a31303030303035393435
ONTUSER@SFP:~# ritool get LOIDPassword
the LOIDPassword:SZ1000005945
ONTUSER@SFP:~#

here is the firmware which based on 3FE46398BGCB22 new-firmware.zip

vuducdong commented 2 years ago

@AxisRay

I have 2 cases with OLT Huawei.

With ISP1: only check with GPON Serial number, it's ok to get O5

With ISP2: check GPON Serial number and SLID ==> can't get O5, it's O2, O3 (even when using all versions of original fw or custom fw from china)

Doesn't seem to be getting SLID on web, but getting SLID in "ri", and SLID in "ri" in incorrect format.

AxisRay commented 2 years ago

@vuducdong What format of your SLID ? you can set SLID by ritool set SLID xxxxxxxx

AxisRay commented 2 years ago

@vuducdong 

ONTUSER@SFP:~# ritool set SLID 30303535393132323700000000000000
ONTUSER@SFP:~# ritool get SLID
the SLID:30303535393132323700000000000000
vuducdong commented 2 years ago

@vuducdong

ONTUSER@SFP:~# ritool set SLID 30303535393132323700000000000000
ONTUSER@SFP:~# ritool get SLID
the SLID:30303535393132323700000000000000

ok, I'll try it. Thanks!

hwti commented 2 years ago

We can set type to 0001 to enable hex format setting. So we can prevent "padding issues" .

But then you need much more space, unless it's stored as a binary (it's strange to have HEX for the set, but to get a string for get). Even 16 + 12 would overwrite SSID2-Name / SSID2-Password (we probably don't care), but also OperatorID (unless changing all offsets).

omciMgr log suggests there is a string termination issue too (maybe just in the trace code).

hwti commented 2 years ago

The SLID issues are different, I didn't check on all firmwares, but I remember :

AxisRay commented 2 years ago

unless changing all offsets

I have changed.

vuducdong commented 2 years ago

@vuducdong

ONTUSER@SFP:~# ritool set SLID 30303535393132323700000000000000
ONTUSER@SFP:~# ritool get SLID
the SLID:30303535393132323700000000000000

still unable to authenticate O5

hwti commented 2 years ago

unless changing all offsets

I have changed.

This would cause issues when switching between firmwares.

It doesn't seem the offsets can be increased, unless removing other entries to make the space. On init, it seems only 256 bytes are read from the mtd (so maybe RollbackFlag is only in memory), and I don't see any other locations which would read it (except ri_read_byte which doesn't seem to be used). scfgGroupRi has a field with the size : 256. ritool dumpbin reads 256 bytes too. But there are functions like ri_write which supports up to 512 (but will only write the first 256 bytes to the mtd), which is strange.

hwti commented 2 years ago

@AxisRay if set OpreratorID is 0000, XXXX, 9999, it's show LOID and LOIDPassword, but while set LOID and get LOID is null. On the other hand, if set OperatorID is 0001, LOID and LOIDPassword disappear and not allow to modify.

On the 3FE46398BGCB22 firmware, if OperatorID is not 0000 or 9999 :

Note that it shouldn't prevent omciMgr from reading the hidden values.

AxisRay commented 2 years ago

unless removing other entries to make the space.

Right, I have resized the SSID-2Name and SSID-2Password. image

I also modified the libdataModel.so, limited the size of LOIDPassword to 12bytes instead of 16bytes. image

hwti commented 2 years ago

unless removing other entries to make the space.

Right, I have resized the SSID-2Name and SSID-2Password. image

What do you mean ? Even 16 + 12 would use the whole SSID-2Name and SSID-2Password space (I don't know if the code allows to set the size to 0, it doesn't look like it's what you did).

I also modified the libdataModel.so, limited the size of LOIDPassword to 12bytes instead of 16bytes. image

This shouldn't be necessary, as the stack buffer is big enough (and this could even lead to an unterminated string when using the maximum size, at least for omciMgr traces), even if this isn't a new problem).

AxisRay commented 2 years ago

What do you mean ? Even 16 + 12 would use the whole SSID-2Name and SSID-2Password space (I don't know if the code allows to set the size to 0, it doesn't look like it's what you did).

the ri mtd is defined in scfg.ko. I moved the start position as well. image

in fact, there is no need to modify SSID-2Password, if the LOIDPassword only have 12bytes. ignore it.

This would cause issues when switching between firmwares.

It should be safe when switching firmwares. as I mentioned above , the modification have no effect with other field. and I guess those field are not used in the firmware. such as SSID1-Name SSID1-Password SSID-2Name SSID-2Password

hwti commented 2 years ago

Well, I thought there was only 0x20 for the 4 values, not 0x30 🤦‍♂️

I will check the different possibilities for the flags in the driver (which you changed to input hex, but still store as binary I think). Maybe there is a way to be in string mode (since the GPON spec specifies them as strings), but without the padding.

But just in case, there is a possibility to modify on the ritool side to output as hex for consistency.