PaytonImageEditor
Cisco SPA232D firmware editor
Install / Use
/learn @BigNerd95/PaytonImageEditorREADME
paytonImageEditor
Cisco SPA232D firmware editor
GPL
SPA112_SPA122_SPA232D_gpl_pkg-4.zip
Build custom firmware
$ cd CustomFW
$ sudo tar xf squashfs-root.tar.xz
$ ./build.sh
You can find a pre-built custom firmware with only telnet enabled here
Flash CustomFW
Flash the custom firmware like an official update through the web interface
Telnet
You can now connect to telnet:
$ telnet 192.168.15.1 23000
(No login)
You must connect via LAN port.
Firmware structure
Header modules are present twice.
| Size (byte) | Type | Name | Description | | :----------: | ---- | ---- | ------- | | 136 | Firmware Header | Firmware Header | Header of the entire firmware image | | 128 | Module Header | Module 1 header | Copy of Module 1 header | | 128 | Module Header | Module 2 header | Copy of Module 2 header | | 128 | Module Header | Module N header | Copy of Module N header | | 128 | Module Header | Module 1 header | | | Module 1 size | Module Data | Module 1 data | | | 128 | Module Header | Module 2 header | | | Module 2 size | Module Data | Module 2 data | | | 128 | Module Header | Module N header | | | Module N size | Module Data | Module N data | |
Firmware Header
| Size (byte) | Type | Name | Description |
| :----------: | ---- | ---- | ------- |
| 16 | Byte array | Magic | Eg: PAYTOND FiRmWaRe |
| 32 | Byte array | Signature | Not used |
| 16 | Byte array | Digest | MD5 of Firmware Header + Modules Headers |
| 16 | Byte array | Randseq | Not so random |
| 4 | Unsigned BE Int | Firmware Heder Size | Eg: 136 |
| 4 | Unsigned BE Int | Module Header Size | Eg: 128 |
| 4 | Unsigned BE Int | Firmware size | Entire firmware image size |
| 32 | Byte array | Version | Eg: 1.4.1 |
| 4 | Unsigned BE Int | Modules number | Number of modules present in this firmware image |
| 4 | Unsigned BE Int | Flash type | Eg: 0x137a80 |
| 4 | Unsigned BE Int | Slic type | Eg: 0x1eaea3a |
Randseq
- Zero out Signature, Digest and Randseq in Firmware Header
- Concat Firmware Header and all Modules Headers
- Initialize a counter to 19
- For each bytes
- sum the counter to the byte
- keep only first 8 bits
- increment counter by 19
- MD5 of the resulting bytes Digest is computed on
Digest
- Write Randseq in Firmware Header
- MD5 Digest of Firmware Header + Modules Headers
Module Header
| Size (byte) | Type | Name | Description |
| :----------: | ---- | ---- | ------- |
| 4 | Unsigned BE Int | Always zero | Eg: 0x00000000 |
| 4 | Byte array | Module Magic | Eg: RSFw |
| 1 | Unsigned Int | Module type | Used to identify bootloader, filesystem, etc. |
| 1 | Unsigned Int | Module instance | |
| 2 | Byte array | Reserved | |
| 4 | Unsigned BE Int | Module Header Size | Eg: 128 |
| 16 | Byte array | Module Digest | MD5 of module data |
| 4 | Unsigned BE Int | Module size | Entire firmware image size |
| 4 | Unsigned BE Int | Module Checksum | Not used |
| 32 | Byte array | Module version | Eg: 1.0 |
| 52 | Byte array | Reserved | |
| 4 | Unsigned BE Int | Module Header Checksum | Sum of all bytes of this header (without this filed) |
Related Skills
node-connect
349.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
109.4kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
349.0kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
349.0kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
