Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to change loid? #17

Open
AxisRay opened this issue Mar 15, 2022 · 28 comments
Open

how to change loid? #17

AxisRay opened this issue Mar 15, 2022 · 28 comments

Comments

@AxisRay
Copy link

AxisRay commented Mar 15, 2022
edited
Loading 

fw_setenv omci_loid xxxxxxx

right?

And I cannot change the S/N

ONTUSER@SFP:~# ritool set MfrID YHTC
not allow to modify it.

ONTUSER@SFP:~# ritool dump
the Format:01
the MfrID:ALCL
the Factorycode:08
the HardwareVersion:3FE46541AACA
the ICS:01
the YPSerialNum:        F95A9009
the CleiCode:BVL3A8JNAA
the Mnemonic:G-010S-A
the ProgDate:190427
the MACAddress:ec:84:b4:ee:e3:c0
the DeviceIDPref:0000
the SWImage:3030
the OnuMode:0001
the G984Serial:f95a9009
the HWConfiguration:0000000000000000
the PartNumber:3FE46542AACA
the OperatorID:XXXX
the SLID:30303030303030303030303030303030
the CountryID:01
the GroupID:30303030

ONTUSER@SFP:~# upgradestatus
***** get current running image *****
current running image is  image0 !
***** get upgrade status ***********
image0_is_valid=1
image1_is_valid=1
next_active=0
commit=0
boot_fail=0
image0_version=3FE46398BGCB22
image1_version=3FE46398BFGB18

update:
follow #7 (comment)_
we should set OperatorID 0000 first

ONTUSER@SFP:~# ritool set OperatorID 0000
@hwti
Copy link
Owner

hwti commented Mar 16, 2022

I only saw the not allow to modify it. on the 3FE46398BGCB22 firmware, setting OperatorID to 0000 (or 9999) should bypass the check.

For the LOID, I see code to read LOID and LOIDPassword from ri/scfg in libdataModel.so which is called by parser and omciMgr, but the driver doesn't have them in its list (this is a binary format in the "ri" mtd).
So the code seems to be present, but with no way to give it the values (unless patching either libdataModel.so or scfg.ko, but it wouldn't be easy).

@AxisRay
Copy link
Author

AxisRay commented Mar 16, 2022

I can see it try to get LOID from scfg

no LOID value in scfg
[01-01 10:00:15][OMCI]get loid failed
[01-01 10:00:15][OMCI]getLoidAuthInfo() exit @ 600m:15s:216ms, :
[01-01 10:00:15][OMCI] - create_instance_auto()  act_plugInUnitType = 48
[01-01 10:00:15][OMCI] - create_instance_auto()  act_plugInUnitType = 47

unless patching either libdataModel.so or scfg.ko

or we can modify the scfg in ri? it seems easier.
but we should know the format detail first

ri.zip

@AxisRay
Copy link
Author

AxisRay commented Mar 16, 2022

Where is the function scfg_get
image

@AxisRay
Copy link
Author

AxisRay commented Mar 16, 2022
edited
Loading

It seems that we can use ritool to set the scfg

ONTUSER@SFP:/sbin# ls -lt /sbin/ritool 
lrwxrwxrwx    1 ONTUSER  root            17 Jan 25  2021 /sbin/ritool -> /usr/exe/scfgtool
ONTUSER@SFP:/sbin# ritool set LOID 7554196032
Set scfg descrip=LOID value=7554196032 failed.

Unfortunately, it failed. I am trying to figure it out.

update:

I found some error message in dmesg

[ 1527.488000] [K_SCFG] scfg_drv_ioctl: set scfg[LOID] from userspace
[ 1527.488000] item not exist, please check your input LOID

I didn't find where the scfgGroup defined. Maybe it was hardcoded ?

@AxisRay
Copy link
Author

AxisRay commented Mar 16, 2022

I have use hex editor to modify scfg.ko
rename SSID-1Name to LOID
rename SSID-1Password to LOIDPassword
and rebuild the firmware

ONTUSER@SFP:~# ritool set LOID 12312312
ONTUSER@SFP:~# dmesg | tail
[  666.188000] [K_SCFG] scfg_drv_ioctl: set scfg[LOID] from userspace
[  666.768000] [K_SCFG] : set scfg success

there seems no error message

last_flow_me_recv_at = 0, last_igmp_channel_me_recv_at = 0, last_igmp_acl_me_recv_at = 0
[01-01 00:06:10][OMCI]>>>>on_omci_start_io()
[01-01 00:06:10][OMCI]getLoidAuthInfo() exit @ 6m:10s:111ms,         12312312:00000000
[01-01 00:06:10][OMCI]getLoidAuthInfo() exit @ 6m:10s:206ms,         12312312:00000000

It works!

@hwti
Copy link
Owner

hwti commented Mar 16, 2022

scfg_get is in libscfg.so, and it does an ioctl on /dev/scfg exposed by scfg.ko.

scfg_get and scfg_set take a field name as parameter, which is handled by scfg.ko : scfgGroup seems to be some kind of table, which defines what kind of values are accepted, and where to store it in the mtd partition.

scfg_dump is used for oflt ri get command (which wants a parameter, but just dumps all values in the kernel log).

There are also APIs which manipulate a binary dump :

  • scfg_read : used in liboflt.so (oflt_show_ri, not used) and for ritool dumpbin command
  • scfg_write : used for ritool initbin command
    The scfgtool binary also has code for an nvram_tool symlink (in addition to ritool), where these binary commands use a different offset (but this is probably for other devices).

So by modifying the SSID-1Name and SSID-1Password field names in scfg.ko, you can store the values, but :

  • the LOID would be limited to 16 characters, instead of 24 bytes
  • the LOIDPassword would be limited to 8 characters, instead of 12 (16 ?) bytes

There might be padding issues, and handling of nul bytes if it's allowed by the spec (since it doesn't seem the values are meant to be stored in hex).
Did it work with the OLT ? What format did you use for the two values, and what are the length ?

You would need to do the same changes in scfgtool to have the new names for ritool dump (which calls scfg_read in a loop).

@AxisRay
Copy link
Author

AxisRay commented Mar 17, 2022
edited
Loading

you are right
the length of SSID-1Password is not enough.

[ 1081.284000] [K_SCFG] scfg_drv_ioctl: set scfg[LOIDPassword] from userspace
[ 1081.284000] your contents is too long
[ 1081.284000] scfg_drv_set_internal failed

Here is my LOID and LOIDPassword (get from ISP)

<Loid>545331303030303035313131313131000000000000000000</Loid>
TS1000005111111
<Password>545331303030303035313131</Password>
TS1000005111

scfgGroup seems to be some kind of table, which defines what kind of values are accepted, and where to store it in the mtd partition.

I think we can modify the define to solve the "padding issues" and "length limit" ?
but I didn't find where it been defined.
I'm a totally noob in reverse engineering. 😥

@AxisRay
Copy link
Author

AxisRay commented Mar 18, 2022
edited
Loading

Snipaste_2022-03-18_16-39-56

I have modified scfg.ko and extend LOID to 24bytes , LOIDPassword to 16bytes

ONTUSER@SFP:~# ritool set LOID TS1000005111111
ONTUSER@SFP:~# ritool set LOIDPassword TS1000005111
ONTUSER@SFP:~# ritool get LOID
the LOID:         TS1000005111111
ONTUSER@SFP:~# ritool get LOIDPassword 
the LOIDPassword:TS1000005111
ONTUSER@SFP:~# ritool get SSID-2Name
the SSID-2Name:0000
ONTUSER@SFP:~#

ritool works well.

the UserName:        usradmin
the UserPassword:   12345
the MgntUserName:      adminadmin
the MgntUserPassword: ALC#FGU
the LOID:         TS1000005111111
the LOIDPassword:    TS1000005111
the SSID-2Name:0000
the SSID-2Password:0000
the OperatorID:0000
the SLID:30303030303030303030303030303030
the CountryID:01
the GroupID:30303030
the Checksum1:63e5
the Spare6:3030
the RollbackFlag:0000

omciMgr seems abnormal

[01-01 00:04:41][OMCI]OMCI_LIB: Success to create OMCI mib upload share memory, pointer 0x76588000
ds_sec=-1
 Inside GatewayUniSupp_1Itf::GatewayUniSupp_1Itf constructor
[01-01 00:04:41][OMCI]getLoidAuthInfo() exit @ 4m:41s:305ms,          TS1000005111111    TS100000:    TS100000
[01-01 00:04:41][OMCI] - create_instance_auto()  act_plugInUnitType = 48
[01-01 00:04:41][OMCI] - create_instance_auto()  act_plugInUnitType = 47
EthManageItf::getInstance: without switch.
[01-01 00:04:41][OMCI]checkPonLEDStatus:Fiber disconnected 
 create auto instanmce gateway uni ME succesful
[01-01 00:04:41][OMCI]getLoidAuthInfo() exit @ 4m:41s:394ms,          TS1000005111111    TS100000r�v�r�0000:    TS100000r�v�r�0000
AnigSupp_1 creat

I haven't test with the OLT.

update:
tested , not working
full log

full log 
[01-01 00:11:40]OMCI_RX# 232@  11m:40s: 917ms-F8 BA 49 0A 01 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 62 BE E1 68 
[01-01 00:11:40][E]>>>>on_omci_start_io()
[01-01 00:11:40]
TX_ONT_MSG -- @11m:40s:919ms
[01-01 00:11:40]Msg_type    = GET
[01-01 00:11:40]Trans_id    = 16
[01-01 00:11:40]Entity_id   = ONT G(0x100)
[01-01 00:11:40]Instance_id = 00
[01-01 00:11:40]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(256-00);instance_id(0x0000)--@11m:40s:927ms
[01-01 00:11:40]OmciMain:: Response Msg Sent--@11m:40s:934ms

[01-01 00:11:40]vendor_id.status = VALID
[01-01 00:11:40]version.status = NOT VALID
[01-01 00:11:40]serial_number.status = NOT VALID
[01-01 00:11:40]traffic_management.status = NOT VALID
[01-01 00:11:40]vp_connect_function.status = NOT VALID
[01-01 00:11:40]battery_backup.status = NOT VALID
[01-01 00:11:40]admin_state.status = NOT VALID
[01-01 00:11:40]oper_state.status = NOT VALID
[01-01 00:11:40]ONU_survival_time.status = NOT VALID
[01-01 00:11:40]Logical_ONU_ID.status = NOT VALID
[01-01 00:11:40]Logical_Password.status = NOT VALID
[01-01 00:11:40]Credentials_Status.status = NOT VALID
[01-01 00:11:40]
RX_ONT_MSG -- @11m:40s:976ms
[01-01 00:11:40]Msg_type    = GET RESPONSE
[01-01 00:11:40]Trans_id    = 16
[01-01 00:11:40]Entity_id   = ONT G(0x100)
[01-01 00:11:40]Instance_id = 00
[01-01 00:11:40]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:11:40]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:11:40]vendor_id.status = VALID
[01-01 00:11:40]vendor_id.value = YHTC
[01-01 00:11:41]version.status = NOT VALID
[01-01 00:11:41]serial_number.status = NOT VALID
[01-01 00:11:41]traffic_management.status = NOT VALID
[01-01 00:11:41]vp_connect_function.status = NOT VALID
[01-01 00:11:41]battery_backup.status = NOT VALID
[01-01 00:11:41]admin_state.status = NOT VALID
[01-01 00:11:41]oper_state.status = NOT VALID
[01-01 00:11:41]ONU_survival_time.status = NOT VALID
[01-01 00:11:41]Logical_ONU_ID.status = NOT VALID
[01-01 00:11:41]Logical_Password.status = NOT VALID
[01-01 00:11:41]Credentials_Status.status = NOT VALID
[01-01 00:11:41]Duration : 00s:084ms
[01-01 00:11:41]OMCI msg construction = SUCCESSFUL
[01-01 00:11:41]
[01-01 00:11:41]OMCI_TX# 232@  11m:41s:  70ms-F8 BA 29 0A 01 00 00 00 00 80 00 59 48 54 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[01-01 00:11:41]OMCI_RX# 233@  11m:41s:  72ms-F8 BB 49 0A FF FA 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 A1 E3 57 EB 
[01-01 00:11:41]
TX_ONT_MSG -- @11m:41s:076ms
[01-01 00:11:41]Msg_type    = GET
[01-01 00:11:41]Trans_id    = 17
[01-01 00:11:41]Entity_id   = LOID AUTHENTICATION(0xfffa)
[01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(65530-00);instance_id(0x0000)--@11m:41s:076ms
[01-01 00:11:41]getLoidAuthInfo() @ 11m:41s:84ms
[01-01 00:11:41][E]getLoidAuthInfo() exit @ 11m:41s:85ms,          SZ1000005945279    SZ100000Ҡ:    SZ100000Ҡ
[01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:087ms

[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]operator_id.status = NOT VALID
[01-01 00:11:41]logical_id.status = VALID
[01-01 00:11:41]password.status = NOT VALID
[01-01 00:11:41]authentication_status.status = NOT VALID
[01-01 00:11:41]
RX_ONT_MSG -- @11m:41s:100ms
[01-01 00:11:41]Msg_type    = GET RESPONSE
[01-01 00:11:41]Trans_id    = 17
[01-01 00:11:41]Entity_id   = LOID AUTHENTICATION(0xfffa)
[01-01 00:11:41]checkPonVidStatus: statePrevious=0, state=1
[01-01 00:11:41][C]OmciMain:: OMCI Link Status is UP--@11m:41s:125ms
[01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:126ms

[01-01 00:11:41]SendMsgToSlid msgsnd ok. slidMsg.onuState=3
[01-01 00:11:41]Enter notify_sipw_pon_status, onustate=3
[01-01 00:11:41]notify_sipw_pon_status: get SIPW queue failed, err = 2, No such file or directory
[01-01 00:11:41]>>>>configLptPort: onu state is ONU_REGISTERED
[01-01 00:11:41]actionProcess: process actionType=116,messageInQueue=-1,totalMsgCounter=35,time=11m:41s:130ms
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:11:41]operator_id.status = NOT VALID
[01-01 00:11:41]logical_id.status = VALID
[01-01 00:11:41]actionProcess: processAction: result is: SUCCESS, end @ 11m:41s 131ms
[01-01 00:11:41]actionProcess: sendMsgToActionProcess, actionType=1991225376
[01-01 00:11:41][E]checkPonLEDStatus:Fiber connected 
[01-01 00:11:41]Evtmgr process not exist! notify_evtmgr_pon_status() return!
[01-01 00:11:41]logical_id.value = 20 20 20 20 20 20 20 20 20 53 5a 31 30 30 30 30 30 35 39 34 35 32 37 39 
[01-01 00:11:41]password.status = NOT VALID
[01-01 00:11:41]authentication_status.status = NOT VALID
[01-01 00:11:41]Duration : 00s:185ms
[01-01 00:11:41]OMCI msg construction = SUCCESSFUL
[01-01 00:11:41]
[01-01 00:11:41]OMCI_TX# 233@  11m:41s: 279ms-F8 BB 29 0A FF FA 00 00 00 40 00 20 20 20 20 20 20 20 20 20 53 5A 31 30 30 30 30 30 35 39 34 35 32 37 39 00 00 00 00 00 
[01-01 00:11:41]OMCI_RX# 234@  11m:41s: 294ms-F8 BC 49 0A FF FA 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 1C 47 C0 20 
[01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(65530-00);instance_id(0x0000)--@11m:41s:297ms
[01-01 00:11:41]getLoidAuthInfo() @ 11m:41s:298ms
[01-01 00:11:41]
TX_ONT_MSG -- @11m:41s:300ms
[01-01 00:11:41]Msg_type    = GET
[01-01 00:11:41]Trans_id    = 18
[01-01 00:11:41]Entity_id   = LOID AUTHENTICATION(0xfffa)
[01-01 00:11:41][E]getLoidAuthInfo() exit @ 11m:41s:299ms,          SZ1000005945279    SZ100000Ҡ:    SZ100000Ҡ
[01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:306ms

[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]operator_id.status = NOT VALID
[01-01 00:11:41]logical_id.status = NOT VALID
[01-01 00:11:41]password.status = VALID
[01-01 00:11:41]authentication_status.status = NOT VALID
[01-01 00:11:41]
RX_ONT_MSG -- @11m:41s:333ms
[01-01 00:11:41]Msg_type    = GET RESPONSE
[01-01 00:11:41]Trans_id    = 18
[01-01 00:11:41]Entity_id   = LOID AUTHENTICATION(0xfffa)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:11:41]operator_id.status = NOT VALID
[01-01 00:11:41]logical_id.status = NOT VALID
[01-01 00:11:41]password.status = VALID
[01-01 00:11:41]password.value = 20 20 20 20 53 5a 31 30 30 30 30 30 
[01-01 00:11:41]authentication_status.status = NOT VALID
[01-01 00:11:41]Duration : 00s:033ms
[01-01 00:11:41]OMCI msg construction = SUCCESSFUL
[01-01 00:11:41]
[01-01 00:11:41]OMCI_TX# 234@  11m:41s: 373ms-F8 BC 29 0A FF FA 00 00 00 20 00 20 20 20 20 53 5A 31 30 30 30 30 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[01-01 00:11:41]OMCI_RX# 235@  11m:41s: 376ms-F8 BD 49 0A 01 00 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 36 00 7C BF 
[01-01 00:11:41]
TX_ONT_MSG -- @11m:41s:378ms
[01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(256-00);instance_id(0x0000)--@11m:41s:381ms
[01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:382ms

[01-01 00:11:41]Msg_type    = GET
[01-01 00:11:41]Trans_id    = 19
[01-01 00:11:41]Entity_id   = ONT G(0x100)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]vendor_id.status = VALID
[01-01 00:11:41]version.status = VALID
[01-01 00:11:41]serial_number.status = NOT VALID
[01-01 00:11:41]traffic_management.status = NOT VALID
[01-01 00:11:41]vp_connect_function.status = NOT VALID
[01-01 00:11:41]battery_backup.status = NOT VALID
[01-01 00:11:41]admin_state.status = NOT VALID
[01-01 00:11:41]oper_state.status = NOT VALID
[01-01 00:11:41]ONU_survival_time.status = NOT VALID
[01-01 00:11:41]Logical_ONU_ID.status = NOT VALID
[01-01 00:11:41]Logical_Password.status = NOT VALID
[01-01 00:11:41]Credentials_Status.status = NOT VALID
[01-01 00:11:41]
RX_ONT_MSG -- @11m:41s:412ms
[01-01 00:11:41]Msg_type    = GET RESPONSE
[01-01 00:11:41]Trans_id    = 19
[01-01 00:11:41]Entity_id   = ONT G(0x100)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:11:41]vendor_id.status = VALID
[01-01 00:11:41]vendor_id.value = YHTC
[01-01 00:11:41]version.status = VALID
[01-01 00:11:41]version.value = 3FE46541AACA01
[01-01 00:11:41]serial_number.status = NOT VALID
[01-01 00:11:41]traffic_management.status = NOT VALID
[01-01 00:11:41]vp_connect_function.status = NOT VALID
[01-01 00:11:41]battery_backup.status = NOT VALID
[01-01 00:11:41]admin_state.status = NOT VALID
[01-01 00:11:41]oper_state.status = NOT VALID
[01-01 00:11:41]ONU_survival_time.status = NOT VALID
[01-01 00:11:41]Logical_ONU_ID.status = NOT VALID
[01-01 00:11:41]Logical_Password.status = NOT VALID
[01-01 00:11:41]Credentials_Status.status = NOT VALID
[01-01 00:11:41]Duration : 00s:049ms
[01-01 00:11:41]OMCI msg construction = SUCCESSFUL
[01-01 00:11:41]
[01-01 00:11:41]OMCI_TX# 235@  11m:41s: 468ms-F8 BD 29 0A 01 00 00 00 00 C0 00 59 48 54 43 33 46 45 34 36 35 34 31 41 41 43 41 30 31 00 00 00 00 00 00 00 00 00 00 00 
[01-01 00:11:41]OMCI_RX# 236@  11m:41s: 471ms-F8 BE 49 0A 01 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 96 C0 27 2C 
[01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(256-00);instance_id(0x0000)--@11m:41s:474ms
[01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:475ms

[01-01 00:11:41]
TX_ONT_MSG -- @11m:41s:475ms
[01-01 00:11:41]Msg_type    = GET
[01-01 00:11:41]Trans_id    = 1a
[01-01 00:11:41]Entity_id   = ONT G(0x100)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]vendor_id.status = NOT VALID
[01-01 00:11:41]version.status = NOT VALID
[01-01 00:11:41]serial_number.status = VALID
[01-01 00:11:41]traffic_management.status = NOT VALID
[01-01 00:11:41]vp_connect_function.status = NOT VALID
[01-01 00:11:41]battery_backup.status = NOT VALID
[01-01 00:11:41]admin_state.status = NOT VALID
[01-01 00:11:41]oper_state.status = NOT VALID
[01-01 00:11:41]ONU_survival_time.status = NOT VALID
[01-01 00:11:41]Logical_ONU_ID.status = NOT VALID
[01-01 00:11:41]Logical_Password.status = NOT VALID
[01-01 00:11:41]Credentials_Status.status = NOT VALID
[01-01 00:11:41]
RX_ONT_MSG -- @11m:41s:506ms
[01-01 00:11:41]Msg_type    = GET RESPONSE
[01-01 00:11:41]Trans_id    = 1a
[01-01 00:11:41]Entity_id   = ONT G(0x100)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:11:41]vendor_id.status = NOT VALID
[01-01 00:11:41]version.status = NOT VALID
[01-01 00:11:41]serial_number.status = VALID
[01-01 00:11:41]serial_number.value = YHTC1c80d0cc
[01-01 00:11:41]traffic_management.status = NOT VALID
[01-01 00:11:41]vp_connect_function.status = NOT VALID
[01-01 00:11:41]battery_backup.status = NOT VALID
[01-01 00:11:41]admin_state.status = NOT VALID
[01-01 00:11:41]oper_state.status = NOT VALID
[01-01 00:11:41]ONU_survival_time.status = NOT VALID
[01-01 00:11:41]Logical_ONU_ID.status = NOT VALID
[01-01 00:11:41]Logical_Password.status = NOT VALID
[01-01 00:11:41]Credentials_Status.status = NOT VALID
[01-01 00:11:41]Duration : 00s:049ms
[01-01 00:11:41]OMCI msg construction = SUCCESSFUL
[01-01 00:11:41]
[01-01 00:11:41]OMCI_TX# 236@  11m:41s: 569ms-F8 BE 29 0A 01 00 00 00 00 20 00 59 48 54 43 1C 80 D0 CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[01-01 00:11:41]OMCI_RX# 237@  11m:41s: 572ms-F8 BF 49 0A 01 01 00 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 5E D6 33 ED 
[01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(257-00);instance_id(0x0000)--@11m:41s:575ms
[01-01 00:11:41]
TX_ONT_MSG -- @11m:41s:576ms
[01-01 00:11:41]Msg_type    = GET
[01-01 00:11:41]Trans_id    = 1b
[01-01 00:11:41]Entity_id   = ONT 2G(0x101)
[01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:576ms

[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]eqpt_id.status = VALID
[01-01 00:11:41]omcc_version.status = NOT VALID
[01-01 00:11:41]ven_prod_code.status = VALID
[01-01 00:11:41]security_capability.status = NOT VALID
[01-01 00:11:41]security_mode.status = NOT VALID
[01-01 00:11:41]total_priority_queue_nbr.status = NOT VALID
[01-01 00:11:41]total_trf_sch_nbr.status = NOT VALID
[01-01 00:11:41]mode.status = NOT VALID
[01-01 00:11:41]total_gem_ports_supported.status = NOT VALID
[01-01 00:11:41]sysUpTime.status = NOT VALID
[01-01 00:11:41]connCapability.status = NOT VALID
[01-01 00:11:41]currConnMode.status = NOT VALID
[01-01 00:11:41]qosConfigFlexibility.status = NOT VALID
[01-01 00:11:41]pqScaleFactor.status = NOT VALID
[01-01 00:11:41]
RX_ONT_MSG -- @11m:41s:602ms
[01-01 00:11:41]Msg_type    = GET RESPONSE
[01-01 00:11:41]Trans_id    = 1b
[01-01 00:11:41]Entity_id   = ONT 2G(0x101)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:11:41]eqpt_id.status = VALID
[01-01 00:11:41]eqpt_id.value = 42 56 4c 33 41 38 4a 4e 41 41 47 30 31 30 53 41 00 00 00 00 
[01-01 00:11:41]omcc_version.status = NOT VALID
[01-01 00:11:41]ven_prod_code.status = VALID
[01-01 00:11:41]ven_prod_code.value = 3800
[01-01 00:11:41]security_capability.status = NOT VALID
[01-01 00:11:41]security_mode.status = NOT VALID
[01-01 00:11:41]total_priority_queue_nbr.status = NOT VALID
[01-01 00:11:41]total_trf_sch_nbr.status = NOT VALID
[01-01 00:11:41]mode.status = NOT VALID
[01-01 00:11:41]total_gem_ports_supported.status = NOT VALID
[01-01 00:11:41]sysUpTime.status = NOT VALID
[01-01 00:11:41]connCapability.status = NOT VALID
[01-01 00:11:41]currConnMode.status = NOT VALID
[01-01 00:11:41]qosConfigFlexibility.status = NOT VALID
[01-01 00:11:41]pqScaleFactor.status = NOT VALID
[01-01 00:11:41]Duration : 00s:024ms
[01-01 00:11:41]OMCI msg construction = SUCCESSFUL
[01-01 00:11:41]
[01-01 00:11:41]OMCI_TX# 237@  11m:41s: 629ms-F8 BF 29 0A 01 01 00 00 00 A0 00 42 56 4C 33 41 38 4A 4E 41 41 47 30 31 30 53 41 00 00 00 00 38 00 00 00 00 00 00 00 00 
[01-01 00:11:41]OMCI_RX# 238@  11m:41s: 632ms-F8 C0 49 0A 00 07 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 11 2D 49 9F 
[01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(07-00);instance_id(0x0000)--@11m:41s:635ms
[01-01 00:11:41]
TX_ONT_MSG -- @11m:41s:636ms
[01-01 00:11:41]Msg_type    = GET
[01-01 00:11:41]Trans_id    = 1c
[01-01 00:11:41]Entity_id   = SOFTWARE IMAGE(0x7)
[01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:636ms

[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]version.status = VALID
[01-01 00:11:41]is_committed.status = VALID
[01-01 00:11:41]is_active.status = VALID
[01-01 00:11:41]is_valid.status = VALID
[01-01 00:11:41]
RX_ONT_MSG -- @11m:41s:659ms
[01-01 00:11:41]Msg_type    = GET RESPONSE
[01-01 00:11:41]Trans_id    = 1c
[01-01 00:11:41]Entity_id   = SOFTWARE IMAGE(0x7)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:11:41]version.status = VALID
[01-01 00:11:41]version.value = 3FE46398BGCB22
[01-01 00:11:41]is_committed.status = VALID
[01-01 00:11:41]is_committed.value = 00
[01-01 00:11:41]is_active.status = VALID
[01-01 00:11:41]is_active.value = 00
[01-01 00:11:41]is_valid.status = VALID
[01-01 00:11:41]is_valid.value = 01
[01-01 00:11:41]Duration : 00s:020ms
[01-01 00:11:41]OMCI msg construction = SUCCESSFUL
[01-01 00:11:41]
[01-01 00:11:41]OMCI_TX# 238@  11m:41s: 681ms-F8 C0 29 0A 00 07 00 00 00 F0 00 33 46 45 34 36 33 39 38 42 47 43 42 32 32 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 
[01-01 00:11:41]OMCI_RX# 239@  11m:41s: 684ms-F8 C1 49 0A 00 07 00 01 F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 A9 F9 70 70 
[01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(07-00);instance_id(0x0001)--@11m:41s:687ms
[01-01 00:11:41]
TX_ONT_MSG -- @11m:41s:688ms
[01-01 00:11:41]Msg_type    = GET
[01-01 00:11:41]Trans_id    = 1d
[01-01 00:11:41]Entity_id   = SOFTWARE IMAGE(0x7)
[01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:688ms

[01-01 00:11:41]Instance_id = 01
[01-01 00:11:41]version.status = VALID
[01-01 00:11:41]is_committed.status = VALID
[01-01 00:11:41]is_active.status = VALID
[01-01 00:11:41]is_valid.status = VALID
[01-01 00:11:41]
RX_ONT_MSG -- @11m:41s:696ms
[01-01 00:11:41]Msg_type    = GET RESPONSE
[01-01 00:11:41]Trans_id    = 1d
[01-01 00:11:41]Entity_id   = SOFTWARE IMAGE(0x7)
[01-01 00:11:41]Instance_id = 01
[01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:11:41]version.status = VALID
[01-01 00:11:41]version.value = 3FE46398BGCB22
[01-01 00:11:41]is_committed.status = VALID
[01-01 00:11:41]is_committed.value = 01
[01-01 00:11:41]is_active.status = VALID
[01-01 00:11:41]is_active.value = 01
[01-01 00:11:41]is_valid.status = VALID
[01-01 00:11:41]is_valid.value = 01
[01-01 00:11:41]Duration : 00s:016ms
[01-01 00:11:41]OMCI msg construction = SUCCESSFUL
[01-01 00:11:41]
[01-01 00:11:41]OMCI_TX# 239@  11m:41s: 714ms-F8 C1 29 0A 00 07 00 01 00 F0 00 33 46 45 34 36 33 39 38 42 47 43 42 32 32 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 
[01-01 00:11:41]OMCI_RX# 240@  11m:41s: 717ms-F8 C2 49 0A 01 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 0C 51 D1 05 
[01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(256-00);instance_id(0x0000)--@11m:41s:721ms
[01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:722ms

[01-01 00:11:41]
TX_ONT_MSG -- @11m:41s:722ms
[01-01 00:11:41]Msg_type    = GET
[01-01 00:11:41]Trans_id    = 1e
[01-01 00:11:41]Entity_id   = ONT G(0x100)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]vendor_id.status = VALID
[01-01 00:11:41]version.status = NOT VALID
[01-01 00:11:41]serial_number.status = NOT VALID
[01-01 00:11:41]traffic_management.status = NOT VALID
[01-01 00:11:41]vp_connect_function.status = NOT VALID
[01-01 00:11:41]battery_backup.status = NOT VALID
[01-01 00:11:41]admin_state.status = NOT VALID
[01-01 00:11:41]oper_state.status = NOT VALID
[01-01 00:11:41]ONU_survival_time.status = NOT VALID
[01-01 00:11:41]Logical_ONU_ID.status = NOT VALID
[01-01 00:11:41]Logical_Password.status = NOT VALID
[01-01 00:11:41]Credentials_Status.status = NOT VALID
[01-01 00:11:41]
RX_ONT_MSG -- @11m:41s:736ms
[01-01 00:11:41]Msg_type    = GET RESPONSE
[01-01 00:11:41]Trans_id    = 1e
[01-01 00:11:41]Entity_id   = ONT G(0x100)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:11:41]vendor_id.status = VALID
[01-01 00:11:41]vendor_id.value = YHTC
[01-01 00:11:41]version.status = NOT VALID
[01-01 00:11:41]serial_number.status = NOT VALID
[01-01 00:11:41]traffic_management.status = NOT VALID
[01-01 00:11:41]vp_connect_function.status = NOT VALID
[01-01 00:11:41]battery_backup.status = NOT VALID
[01-01 00:11:41]admin_state.status = NOT VALID
[01-01 00:11:41]oper_state.status = NOT VALID
[01-01 00:11:41]ONU_survival_time.status = NOT VALID
[01-01 00:11:41]Logical_ONU_ID.status = NOT VALID
[01-01 00:11:41]Logical_Password.status = NOT VALID
[01-01 00:11:41]Credentials_Status.status = NOT VALID
[01-01 00:11:41]Duration : 00s:018ms
[01-01 00:11:41]OMCI msg construction = SUCCESSFUL
[01-01 00:11:41]
[01-01 00:11:41]OMCI_TX# 240@  11m:41s: 756ms-F8 C2 29 0A 01 00 00 00 00 80 00 59 48 54 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[01-01 00:11:41]OMCI_RX# 241@  11m:41s: 760ms-F8 C3 49 0A 01 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 E2 12 E8 0F 
[01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(256-00);instance_id(0x0000)--@11m:41s:763ms
[01-01 00:11:41]
TX_ONT_MSG -- @11m:41s:764ms
[01-01 00:11:41]Msg_type    = GET
[01-01 00:11:41]Trans_id    = 01
[01-01 00:11:41]Entity_id   = ONT G(0x100)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:764ms

[01-01 00:11:41]vendor_id.status = VALID
[01-01 00:11:41]version.status = NOT VALID
[01-01 00:11:41]serial_number.status = NOT VALID
[01-01 00:11:41]traffic_management.status = NOT VALID
[01-01 00:11:41]vp_connect_function.status = NOT VALID
[01-01 00:11:41]battery_backup.status = NOT VALID
[01-01 00:11:41]admin_state.status = NOT VALID
[01-01 00:11:41]oper_state.status = NOT VALID
[01-01 00:11:41]ONU_survival_time.status = NOT VALID
[01-01 00:11:41]Logical_ONU_ID.status = NOT VALID
[01-01 00:11:41]Logical_Password.status = NOT VALID
[01-01 00:11:41]Credentials_Status.status = NOT VALID
[01-01 00:11:41]
RX_ONT_MSG -- @11m:41s:779ms
[01-01 00:11:41]Msg_type    = GET RESPONSE
[01-01 00:11:41]Trans_id    = 01
[01-01 00:11:41]Entity_id   = ONT G(0x100)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:11:41]vendor_id.status = VALID
[01-01 00:11:41]vendor_id.value = YHTC
[01-01 00:11:41]version.status = NOT VALID
[01-01 00:11:41]serial_number.status = NOT VALID
[01-01 00:11:41]traffic_management.status = NOT VALID
[01-01 00:11:41]vp_connect_function.status = NOT VALID
[01-01 00:11:41]battery_backup.status = NOT VALID
[01-01 00:11:41]admin_state.status = NOT VALID
[01-01 00:11:41]oper_state.status = NOT VALID
[01-01 00:11:41]ONU_survival_time.status = NOT VALID
[01-01 00:11:41]Logical_ONU_ID.status = NOT VALID
[01-01 00:11:41]Logical_Password.status = NOT VALID
[01-01 00:11:41]Credentials_Status.status = NOT VALID
[01-01 00:11:41]Duration : 00s:018ms
[01-01 00:11:41]OMCI msg construction = SUCCESSFUL
[01-01 00:11:41]
[01-01 00:11:41]OMCI_TX# 241@  11m:41s: 798ms-F8 C3 29 0A 01 00 00 00 00 80 00 59 48 54 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[01-01 00:11:41]OMCI_RX# 242@  11m:41s: 801ms-F8 C4 48 0A FF FA 00 00 10 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 D0 8B 29 AF 
[01-01 00:11:41]OmciMain:: Received MSG_N_OMCI_SET:Entity_id(65530-00);instance_id(0x0000)--@11m:41s:805ms
[01-01 00:11:41]OmciMain:: Response Msg Sent--@11m:41s:806ms

[01-01 00:11:41]
TX_ONT_MSG -- @11m:41s:806ms
[01-01 00:11:41]Msg_type    = SET
[01-01 00:11:41]Trans_id    = 02
[01-01 00:11:41]Entity_id   = LOID AUTHENTICATION(0xfffa)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]operator_id.status = NOT VALID
[01-01 00:11:41]logical_id.status = NOT VALID
[01-01 00:11:41]password.status = NOT VALID
[01-01 00:11:41]authentication_status.status = VALID
[01-01 00:11:41]authentication_status.value = 02
[01-01 00:11:41]
RX_ONT_MSG -- @11m:41s:814ms
[01-01 00:11:41]Msg_type    = SET RESPONSE
[01-01 00:11:41]Trans_id    = 02
[01-01 00:11:41]Entity_id   = LOID AUTHENTICATION(0xfffa)
[01-01 00:11:41]Instance_id = 00
[01-01 00:11:41]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:11:41]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:11:41]Duration : 00s:006ms
[01-01 00:11:41]OMCI msg construction = SUCCESSFUL
[01-01 00:11:41]
[01-01 00:11:41]OMCI_TX# 242@  11m:41s: 822ms-F8 C4 28 0A FF FA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[01-01 00:11:42]checkPonVidStatus: statePrevious=1, state=0
[01-01 00:11:42]Enter notify_sipw_pon_status, onustate=2
[01-01 00:11:42][C]OmciMain:: OMCI Link Status is DOWN--@11m:42s:713

@vuducdong
Copy link

vuducdong commented Mar 18, 2022
edited
Loading

@AxisRay upgrade custom firmware is here to help you change loid #1 (comment)

@AxisRay
Copy link
Author

AxisRay commented Mar 19, 2022

@AxisRay upgrade custom firmware is here to help you change loid #1 (comment)

I know it. The custom firmware is uploaded by me.

I am trying to modify the orgin frimware just for research.

@AxisRay
Copy link
Author

AxisRay commented Mar 19, 2022

oh, "padding issues"

[01-01 00:11:41]logical_id.value = 20 20 20 20 20 20 20 20 20 53 5a 31 30 30 30 30 30 35 39 34 35 32 37 39
[01-01 00:11:41]password.value = 20 20 20 20 53 5a 31 30 30 30 30 30

@vuducdong
Copy link

vuducdong commented Mar 19, 2022
edited
Loading

oh, "padding issues"

[01-01 00:11:41]logical_id.value = 20 20 20 20 20 20 20 20 20 53 5a 31 30 30 30 30 30 35 39 34 35 32 37 39
[01-01 00:11:41]password.value = 20 20 20 20 53 5a 31 30 30 30 30 30

1, Password: it's mean LOID password, right? (20 characters), but normaly is maximum 12 characters
2, SLID: 32 characters, not the same as the SLID on the web, normaly is maximum 20 character (10 ASCII or 20 HEX)

@AxisRay
Copy link
Author

AxisRay commented Mar 19, 2022

1, Password: it's mean LOID password, right? (20 characters), but normaly is maximum 12 characters

No, you can find why here

Where is the function scfg_get image

@AxisRay
Copy link
Author

AxisRay commented Mar 19, 2022
edited
Loading

TEST PASS!!!

ONTUSER@SFP:~# onu ploamsg
errorcode=0 curr_state=5 previous_state=4 elapsed_msec=146852

I modified the ri mtd directly and fix "padding issues"
And recalculated the checksum.

LOID AUTH LOG 
TX_ONT_MSG -- @01m:23s:942ms
[01-01 00:01:23][E]>>>>on_omci_start_io()
[01-01 00:01:23]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(65530-00);instance_id(0x0000)--@01m:23s:945ms
[01-01 00:01:23]getLoidAuthInfo() @ 1m:23s:946ms
[01-01 00:01:23]Msg_type    = GET
[01-01 00:01:23]Trans_id    = 01
[01-01 00:01:23][E]getLoidAuthInfo() exit @ 1m:23s:947ms, SZ1000005945279:SZ1000005945��
[01-01 00:01:23]OmciMain:: Response Msg Sent--@01m:23s:951ms

[01-01 00:01:23]Entity_id   = LOID AUTHENTICATION(0xfffa)
[01-01 00:01:23]Instance_id = 00
[01-01 00:01:23]operator_id.status = NOT VALID
[01-01 00:01:23]logical_id.status = VALID
[01-01 00:01:23]password.status = NOT VALID
[01-01 00:01:23]authentication_status.status = NOT VALID
[01-01 00:01:23]
RX_ONT_MSG -- @01m:23s:973ms
[01-01 00:01:23]Msg_type    = GET RESPONSE
[01-01 00:01:23]Trans_id    = 01
[01-01 00:01:23]Entity_id   = LOID AUTHENTICATION(0xfffa)
[01-01 00:01:23]Instance_id = 00
[01-01 00:01:23]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:01:23]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:01:23]operator_id.status = NOT VALID
[01-01 00:01:23]logical_id.status = VALID
[01-01 00:01:23]logical_id.value = 53 5a 31 30 30 30 30 30 35 39 34 35 32 37 39 00 00 00 00 00 00 00 00 00 
[01-01 00:01:24]password.status = NOT VALID
[01-01 00:01:24]authentication_status.status = NOT VALID
[01-01 00:01:24]Duration : 00s:061ms
[01-01 00:01:24]OMCI msg construction = SUCCESSFUL
[01-01 00:01:24]
[01-01 00:01:24]OMCI_TX#   1@   1m:24s:  35ms-6A 57 29 0A FF FA 00 00 00 40 00 53 5A 31 30 30 30 30 30 35 39 34 35 32 37 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[01-01 00:01:24]OMCI_RX#   2@   1m:24s:  67ms-6A 58 49 0A FF FA 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 11 28 4F F5 
[01-01 00:01:24]
TX_ONT_MSG -- @01m:24s:074ms
[01-01 00:01:24]Msg_type    = GET
[01-01 00:01:24]OmciMain:: Received MSG_N_OMCI_GET:Entity_id(65530-00);instance_id(0x0000)--@01m:24s:077ms
[01-01 00:01:24]getLoidAuthInfo() @ 1m:24s:77ms
[01-01 00:01:24][E]getLoidAuthInfo() exit @ 1m:24s:78ms, SZ1000005945279:SZ1000005945��
[01-01 00:01:24]Trans_id    = 02
[01-01 00:01:24]Entity_id   = LOID AUTHENTICATION(0xfffa)
[01-01 00:01:24]Instance_id = 00
[01-01 00:01:24]operator_id.status = NOT VALID
[01-01 00:01:24]OmciMain:: Response Msg Sent--@01m:24s:080ms

[01-01 00:01:24]logical_id.status = NOT VALID
[01-01 00:01:24]password.status = VALID
[01-01 00:01:24]authentication_status.status = NOT VALID
[01-01 00:01:24]
RX_ONT_MSG -- @01m:24s:102ms
[01-01 00:01:24]Msg_type    = GET RESPONSE
[01-01 00:01:24]Trans_id    = 02
[01-01 00:01:24]Entity_id   = LOID AUTHENTICATION(0xfffa)
[01-01 00:01:24]Instance_id = 00
[01-01 00:01:24]Sub entity Id :NO SUB ENTITY ID 
[01-01 00:01:24]Result_reason = COMMAND_PROCESSED_SUCCESSFULLY
[01-01 00:01:24]operator_id.status = NOT VALID
[01-01 00:01:24]logical_id.status = NOT VALID
[01-01 00:01:24]password.status = VALID
[01-01 00:01:24]password.value = 53 5a 31 30 30 30 30 30 35 39 34 35 
[01-01 00:01:24]authentication_status.status = NOT VALID
[01-01 00:01:24]Duration : 00s:050ms
[01-01 00:01:24]OMCI msg construction = SUCCESSFUL
[01-01 00:01:24]
[01-01 00:01:24]OMCI_TX#   2@   1m:24s: 165ms-6A 58 29 0A FF FA 00 00 00 20 00 53 5A 31 30 30 30 30 30 35 39 34 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[01-01 00:01:24]OMCI_RX#   3@   1m:24s: 171ms-6A 59 48 0A FF FA 00 00 10 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 5D 48 AF 1D 
[01-01 00:01:24]
TX_ONT_MSG -- @01m:24s:177ms
[01-01 00:01:24]Msg_type    = SET
[01-01 00:01:24]Trans_id    = 03
[01-01 00:01:24]OmciMain:: Received MSG_N_OMCI_SET:Entity_id(65530-00);instance_id(0x0000)--@01m:24s:181ms
[01-01 00:01:24]OmciMain:: Response Msg Sent--@01m:24s:182ms

[01-01 00:01:24]OMCI_RX#   4@   1m:24s: 182ms-6A 5A 49 0A 00 07 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 1E A5 5B 75 
[01-01 00:01:24]Entity_id   = LOID AUTHENTICATION(0xfffa)
[01-01 00:01:24]Instance_id = 00
[01-01 00:01:24]operator_id.status = NOT VALID
[01-01 00:01:24]logical_id.status = NOT VALID
[01-01 00:01:24]password.status = NOT VALID
[01-01 00:01:24]authentication_status.status = VALID
[01-01 00:01:24]authentication_status.value = 02
[01-01 00:01:24]

UPDATE:
image

We can set type to 0001 to enable hex format setting.
So we can prevent "padding issues" .

ONTUSER@SFP:~# ritool set LOID 535a31303030303035393435323739000000000000000000
ONTUSER@SFP:~# ritool get LOID
the LOID:SZ1000005945279
ONTUSER@SFP:~# ritool set LOIDPassword 535a31303030303035393435
ONTUSER@SFP:~# ritool get LOIDPassword
the LOIDPassword:SZ1000005945
ONTUSER@SFP:~#

here is the firmware which based on 3FE46398BGCB22
new-firmware.zip

@vuducdong
Copy link

vuducdong commented Mar 20, 2022
edited
Loading

@AxisRay

I have 2 cases with OLT Huawei.

With ISP1: only check with GPON Serial number, it's ok to get O5

With ISP2: check GPON Serial number and SLID ==> can't get O5, it's O2, O3 (even when using all versions of original fw or custom fw from china)

Doesn't seem to be getting SLID on web, but getting SLID in "ri", and SLID in "ri" in incorrect format.

@AxisRay
Copy link
Author

AxisRay commented Mar 20, 2022
edited
Loading

@vuducdong What format of your SLID
you can set SLID by ritool set SLID xxxxxxxx

@AxisRay
Copy link
Author

AxisRay commented Mar 20, 2022

@vuducdong

ONTUSER@SFP:~# ritool set SLID 30303535393132323700000000000000
ONTUSER@SFP:~# ritool get SLID
the SLID:30303535393132323700000000000000

@vuducdong
Copy link

vuducdong commented Mar 20, 2022
edited
Loading

@vuducdong

ONTUSER@SFP:~# ritool set SLID 30303535393132323700000000000000
ONTUSER@SFP:~# ritool get SLID
the SLID:30303535393132323700000000000000

ok, I'll try it. Thanks!

@hwti
Copy link
Owner

hwti commented Mar 20, 2022
edited
Loading

We can set type to 0001 to enable hex format setting.
So we can prevent "padding issues" .

But then you need much more space, unless it's stored as a binary (it's strange to have HEX for the set, but to get a string for get).
Even 16 + 12 would overwrite SSID2-Name / SSID2-Password (we probably don't care), but also OperatorID (unless changing all offsets).

omciMgr log suggests there is a string termination issue too (maybe just in the trace code).

@hwti
Copy link
Owner

hwti commented Mar 20, 2022

The SLID issues are different, I didn't check on all firmwares, but I remember :

  • The web interface stores the value elsewhere : if present it will be used instead of the ri one.
  • There are many issues depending on the HEX/ASCII mode : padding, length, nul bytes, ...
  • Even if the web interface applies the correct value, after a reboot it might change since there are bugs when reading the config file (padding done in a different way, ...).

@AxisRay
Copy link
Author

AxisRay commented Mar 20, 2022

unless changing all offsets

I have changed.

@vuducdong
Copy link

vuducdong commented Mar 21, 2022
edited
Loading

@vuducdong

ONTUSER@SFP:~# ritool set SLID 30303535393132323700000000000000
ONTUSER@SFP:~# ritool get SLID
the SLID:30303535393132323700000000000000

still unable to authenticate O5

@hwti
Copy link
Owner

hwti commented Mar 21, 2022

unless changing all offsets

I have changed.

This would cause issues when switching between firmwares.

It doesn't seem the offsets can be increased, unless removing other entries to make the space.
On init, it seems only 256 bytes are read from the mtd (so maybe RollbackFlag is only in memory), and I don't see any other locations which would read it (except ri_read_byte which doesn't seem to be used).
scfgGroupRi has a field with the size : 256.
ritool dumpbin reads 256 bytes too.
But there are functions like ri_write which supports up to 512 (but will only write the first 256 bytes to the mtd), which is strange.

@hwti
Copy link
Owner

hwti commented Mar 21, 2022

@AxisRay if set OpreratorID is 0000, XXXX, 9999, it's show LOID and LOIDPassword, but while set LOID and get LOID is null. On the other hand, if set OperatorID is 0001, LOID and LOIDPassword disappear and not allow to modify.

On the 3FE46398BGCB22 firmware, if OperatorID is not 0000 or 9999 :

  • scfg_set will refuse to set anything (so ritool set ... will fail), except OperatorID
  • ritool dump and ritool get will not display all values (there is a boolean for each value, to tell if it's visible with any OperatorID)

Note that it shouldn't prevent omciMgr from reading the hidden values.

@AxisRay
Copy link
Author

AxisRay commented Mar 21, 2022

unless removing other entries to make the space.

Right, I have resized the SSID-2Name and SSID-2Password.
image

I also modified the libdataModel.so, limited the size of LOIDPassword to 12bytes instead of 16bytes.
image

@hwti
Copy link
Owner

hwti commented Mar 21, 2022

unless removing other entries to make the space.

Right, I have resized the SSID-2Name and SSID-2Password. image

What do you mean ? Even 16 + 12 would use the whole SSID-2Name and SSID-2Password space (I don't know if the code allows to set the size to 0, it doesn't look like it's what you did).

I also modified the libdataModel.so, limited the size of LOIDPassword to 12bytes instead of 16bytes. image

This shouldn't be necessary, as the stack buffer is big enough (and this could even lead to an unterminated string when using the maximum size, at least for omciMgr traces), even if this isn't a new problem).

@AxisRay
Copy link
Author

AxisRay commented Mar 22, 2022
edited
Loading

What do you mean ? Even 16 + 12 would use the whole SSID-2Name and SSID-2Password space (I don't know if the code allows to set the size to 0, it doesn't look like it's what you did).

the ri mtd is defined in scfg.ko.
I moved the start position as well.
image

in fact, there is no need to modify SSID-2Password, if the LOIDPassword only have 12bytes.
ignore it.

This would cause issues when switching between firmwares.

It should be safe when switching firmwares.
as I mentioned above , the modification have no effect with other field.
and I guess those field are not used in the firmware.
such as SSID1-Name SSID1-Password SSID-2Name SSID-2Password

@hwti
Copy link
Owner

hwti commented Mar 22, 2022

Well, I thought there was only 0x20 for the 4 values, not 0x30 🤦‍♂️

I will check the different possibilities for the flags in the driver (which you changed to input hex, but still store as binary I think). Maybe there is a way to be in string mode (since the GPON spec specifies them as strings), but without the padding.

But just in case, there is a possibility to modify on the ritool side to output as hex for consistency.

This was referenced Jul 25, 2023
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hwti @AxisRay @vuducdong