The bytes of the key used to encrypt the config file can be found by disassembling the cli binary. Of course it's much easier to find them if you already know what they are. The key appears to be the same for the TD-W9970.
The StatPOSTer program should save the decrypted file, but you will not be able to edit the file, because it is compressed. If you examine the decrypted file in a hex editor, you might see a few readable parts of the config file near the start of the file, but there are less readable parts further down the file. I do not know how to decompress the data, nor how to compress it again.
It might be possible to adapt the strategy used with the TD-W9980, but the first problem is that I don't have a blank editable xml config for the 9970, and the second problem is that there may have been some slight changes to the file format, the MD5 checksum at the start might be for the compressed data, rather than the uncompressed data like it is for the older models.
In summary, it might be possible to work out how to do it, but it requires some original research by someone who has the device and is willing to do a lot of experimenting with it, while it's not connected to the phone line of course, because it may require a lot of rebooting. It's also possible that if you upload a config file with somehow bad contents, the device may accept it, load it, and reboot, but the device may not function and requires pressing the factory reset button. The minimum tools needed would be a hex editor, an md5sum program, and some program like the openssl command that can do the encryption (can't use StatPOSTer because it adds or removes the MD5 checksum automatically).
If you send me a sample config file (with no personal data in - factory reset the 9970 first), I could look at it, but even if I could figure out how to adapt the method used with the 9980, which there is no guarantee I could do, or even that the strategy used with the 9980 can be applied, there would still be the problem of the blank editable config file needed.
I know there's a default_config.xml file in the firmware, but that's also encrypted on newer models, and I haven't found how to decrypt it yet, and in any case, that default_config.xml file is nothing like the config saved by the device, so even if someone finds the key and how to decrypt it, it's doubtful it could be used anyway.