GXV3175 Reset to Factory default without knowing admin password


#1

See subject. From a bankrupcy auction we aquired several GXV3175 phones. One of them has been setup so there’s no settings menu. Booting it in recovery works, however, it then asks for user/password. According to Grandstream, the default ones should do, but they don’t.

So how do I factory reset this phone?


#2

you set your phone to basic mode and in this mode you can not reset factory by menu .
if you have latest firmware version you can do this steps
1-turn off the phone
2- turn on the phone
3- when the phone is booting you should press 1 and 9 numbers on keypad in same time
4- after pressing the numbers phone is rebooting again and when it coming up again it should be in to factory reset


#3

this is a touchscreen phone. it has no physical keypad. The phone app does not allow to press 2 keys at the same time. In other words: this solution does not work, unfortunatelly.


#4

Check manual, you need keep volume+ and start i think, but not really remember.


#5

The manual only gives 2 ways to reset, one is using the settingd menu, which is disabled, the other one through the webinterface, which requires the admin password. I found the boot in recovery mode (holding home on power up) but this also requires the non default password.

This phone has no physical buttons to hold except hook and home.

If it had been in the manual, I wouldt have been askjng here.


#6

So it leave only 1 way: changing pass or lock via config file.


#7

I don’t believe that model had a button press factory reset option.

Changing password via config file would be the only way I know as well.


#8

I have got the phone hooked up to a raspberry pi and am using tcpdump and etherreal to sniff traffic. It does a DHCP request and tries to setup an openvpn tunnel. It doesn’t do any requests for a config file.

Possibly if it would get an OpenVPN tunnel, it might? But then you’d need a key for openvpn, which requires… the password.

What idiot of a company makes a phone which is not factory resettable with a button or button-combination.

The only option I see left, is to use the internal JTAG connector to erase the nvram. I had hoped there was another solution.

For instance… the phone has a card reader. Can one put a config on a card and would that override the config on there? file naming?


#9

I appears I’m on the brink of having this solved.

The answer was in the DHCP server. You can set a tftp server and config file server option in the DHCP server.

The phone now requests files from the tftp server I have running. So all there is left to do now, is put the correct config files on there.

Still, pretty absurd grandstream made a phone you can’t factory reset if you don’t have the password, or a complete setup with dhcp/DNS/TFTP.


#10

This is by design. GS phones can be completely locked without anyway to Factory it.
3175 was in time when many providers give you phones almost free but forced you to use their service, this way then can block end user form using it any other way.


#11

Apparently it doesn’t work, as I managed to factory it.


#12

What is the “it” that doesn’t work when you Factory Reset the device?


#13

Context, my remark was that a phone without hardware reset option (button/buttoncombo) is insane. Marcin replied that GS phones could be fully locked by design.

This lock apparently does not work. As in the end, I managed to factory reset the device.


#14

And you reset it by?


#15

As I said, you can use DHCP to provision it with firmware/config server using tftp. Regardless of the setting about dhcp overrides, this works.

So make a cfg.xml file, put it in the root of your tftp, and then set dhcp options for firmware and config server.


#16

And wouldn’t this be beyond the skills of most end users? IMHO, this reflects what @Marcin said.


#17

So would a simple reset to factory settings button which has to be pressed 10 seconds, or setting the phone up for another provider.


#18

I can lock config too. You want me to lock your device fully ? (Then no one can unlock it, maybe GS can flash memory)
As @drostoker say, it was done to prevent normal user for changing settings not someone with proper knowledge.


#19

You can reflash memory yourself, there’s a jtag onboard.

As I said: a simple factory reset button which has to be pressed for 10 seconds, behind a pinhole, on an unbeknown location on the device, would have already prented normal users do do something. Or only on the PCB without external access.