http://grandstream.com/support/configurationtool.html you can download the tool if you want it here
Configuration Files Generator Tool for WINDOWS http://sourceforge.net/projects/provisioning/
Here is a version written in Perl
And here its equivalent in Lua
Using the template file the configuration tool makes phone specific configuration files, basically it just reformats the config options into one line serpated by ampersands and attaches its custom header
The custom header takes up the first 16 characters and only makes sense if viewed in a hex editor
00 00 00 44 58 1b 00 0b 82 00 00 00 0d 0a 0d 0a
The mac address of the phone used in this example is 000b82000000
00 00 00 44 58 1b 00 0b 82 00 00 00 0d 0a 0d 0a
Followed by two CRLF's (Newlines)
00 00 00 44 58 1b 00 0b 82 00 00 00 0d 0a 0d 0a
The first 6 bytes dont make alot of sense but they appear to be some sort of verification code as if u change the contents and or length of the configuration options it will change changeing the mac address it appears to go down 1 for every 1 the mac address goes up...
if anyone could shed some light on this particular part of the cfg file it would be great :)
i seem to get the feeling it is some sort of hash of the configuration options with the mac address subtracted from it ...
00 00 00 44 58 1b 00 0b 82 00 00 00 0d 0a 0d 0a
The parameters are strung together without whitespace, ie:
"P30=time.nist.gov&P63=1&P31=1"
A "key" parameter ("&gnkey=0b82") is then added to the parameter string. ie:
"P30=time.nist.gov&P63=1&P31=1&gnkey=0b82"
If the length of this parameter string is not even, a zero byte is added to the string,
A 16 byte "header" that is prepended to the resulting configuration string.
The header consists of:
Byte 0x00: 0x00
Byte 0x01: 0x00
Byte 0x02: high byte of (length of parameter string) divided by 2
Byte 0x03: low byte of (length of parameter string) divided by 2
Byte 0x04: 0x00 (replaced by high byte of checksum)
Byte 0x05: 0x00 (replaced by low bytes of checksum)
Byte 0x06: first byte of device MAC address
Byte 0x07: second byte of device MAC address
Byte 0x08: third byte of device MAC address
Byte 0x09: fourth byte of device MAC address
Byte 0x0A: fifth byte of device MAC address
Byte 0x0B: sixth byte of device MAC address
Byte 0x0C: carriage return ( 0x0C )
Byte 0x0D: line feed (0x0A)
Byte 0x0E: carriage return ( 0x0C )
Byte 0x0F: line feed (0x0A)
This results in a configuration string of:
16 bytes header + (configuration parameters) + (&gnkey=0b82) + (Padding byte if length is not even)
You then compute a 16 bit checksum (initial value 0x0000 - adding the value of each individual byte)
of the entire confguration string. This value is the subtracted from 0x10000 and placed in bytes 4 and
5 of the header, then the header and parameter strings are written to a binary file.
This format has been tested and confirmed with firmware versions ip to 1.0.6.0 of the grandstream and
BudgeTon and HandyTone devices.
Grandstream do provide a template (with largely correct comments) on their website. ...
Configuration Files Generator Tool for WINDOWS http://sourceforge.net/projects/provisioning/
Here is a version written in Perl
And here its equivalent in Lua
Using the template file the configuration tool makes phone specific configuration files, basically it just reformats the config options into one line serpated by ampersands and attaches its custom header
The custom header takes up the first 16 characters and only makes sense if viewed in a hex editor
00 00 00 44 58 1b 00 0b 82 00 00 00 0d 0a 0d 0a
The mac address of the phone used in this example is 000b82000000
00 00 00 44 58 1b 00 0b 82 00 00 00 0d 0a 0d 0a
Followed by two CRLF's (Newlines)
00 00 00 44 58 1b 00 0b 82 00 00 00 0d 0a 0d 0a
The first 6 bytes dont make alot of sense but they appear to be some sort of verification code as if u change the contents and or length of the configuration options it will change changeing the mac address it appears to go down 1 for every 1 the mac address goes up...
if anyone could shed some light on this particular part of the cfg file it would be great :)
i seem to get the feeling it is some sort of hash of the configuration options with the mac address subtracted from it ...
00 00 00 44 58 1b 00 0b 82 00 00 00 0d 0a 0d 0a
configuration file format
The parameters are strung together without whitespace, ie:
"P30=time.nist.gov&P63=1&P31=1"
A "key" parameter ("&gnkey=0b82") is then added to the parameter string. ie:
"P30=time.nist.gov&P63=1&P31=1&gnkey=0b82"
If the length of this parameter string is not even, a zero byte is added to the string,
A 16 byte "header" that is prepended to the resulting configuration string.
The header consists of:
Byte 0x00: 0x00
Byte 0x01: 0x00
Byte 0x02: high byte of (length of parameter string) divided by 2
Byte 0x03: low byte of (length of parameter string) divided by 2
Byte 0x04: 0x00 (replaced by high byte of checksum)
Byte 0x05: 0x00 (replaced by low bytes of checksum)
Byte 0x06: first byte of device MAC address
Byte 0x07: second byte of device MAC address
Byte 0x08: third byte of device MAC address
Byte 0x09: fourth byte of device MAC address
Byte 0x0A: fifth byte of device MAC address
Byte 0x0B: sixth byte of device MAC address
Byte 0x0C: carriage return ( 0x0C )
Byte 0x0D: line feed (0x0A)
Byte 0x0E: carriage return ( 0x0C )
Byte 0x0F: line feed (0x0A)
This results in a configuration string of:
16 bytes header + (configuration parameters) + (&gnkey=0b82) + (Padding byte if length is not even)
You then compute a 16 bit checksum (initial value 0x0000 - adding the value of each individual byte)
of the entire confguration string. This value is the subtracted from 0x10000 and placed in bytes 4 and
5 of the header, then the header and parameter strings are written to a binary file.
This format has been tested and confirmed with firmware versions ip to 1.0.6.0 of the grandstream and
BudgeTon and HandyTone devices.
Template
Grandstream do provide a template (with largely correct comments) on their website. ...