Linksys PAP2 locked to Vonage, support people funny

Could you spoof ls.tftp.vonage.net to point to your tftp server and provide the spa000F66A84007.xml file yourself? Just an idea.

That is a very interesting idea. Anyone know if the format of that file defined anywhere?

I haven't been able to find much information about constructing either Sipura or Bugtone config files. It would be nice to be able to program them via a file that I could keep under CVS instead of some web browser interface that doesn't allow me to save a copy of the phone's state.

-wolfgang

***"When it boots, it makes a TFTP request to ls.tftp.vonage.net for "/spa000F66A84007.xml"***

I'll hazard a guess that 00:0F:66:A8:40:07 is the MAC address of the Linksys, this is how a Cisco 7960 requests its config file from a TFTP server using Asterisk - the file name requested is specific to the MAC address.

"Wolfgang S. Rupprecht" wrote in message news: snipped-for-privacy@bonnet.wsrcc.com...

That was my idea too. Take a look at the file though. I have a feeling that it's a signed config file. It probably references some firmware that's downloaded if it's different than the current version. I'd expect it to be signed too.

Those are all guesses though. I'd love to discover that I'm wrong but I went ahead and had a couple *real* SPA-2000s air mailed to me this evening. I don't have time to mess around with "buying" hardware I don't control.

--kyler

I just got this from Jeremy McNamara who is apparently still upset at me for trying to provide help with his ticket handling system. The only thing for which he has shown any appreciation has been my posting of his information, so here goes...

The PAP2 and the RT31P2 both are ABSOLUTELY NOT ~LOCKED~ to Vonage.

I have personally reconfigured both units to talk to any SIP proxy, without opening the unit or otherwise violating the warranty

If you were a nicer person I might give you a few really good tips. All I will say is the other people that responded to your post are on the right track.

Jeremy McNamara

--kyler

Anyone can get the file through TFTP.

--kyler

I'm apparently a Usenet posting service now. It's not clear to me what the value of this is but perhaps someone else can use it.

--kyler

=================================================================

From: Jeremy McNamara Subject: Detail

*CLI>

Sip read: INVITE sip: snipped-for-privacy@X.X.X.X SIP/2.0 Via: SIP/2.0/UDP 192.168.1.125:5060;branch=z9hG4bK-f85be36a From: ;tag=96564193ae44263e To: Call-ID: f2ce5b85-7638edb2@192.168.1.125 CSeq: 101 INVITE Max-Forwards: 70 Contact: Expires: 240 User-Agent: Linksys/PAP2-2.0.9(LSd) Content-Length: 422 Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER Supported: x-sipura Content-Type: application/sdp

v=0 o=- 26868 26868 IN IP4 192.168.1.125 s=- c=IN IP4 192.168.1.125 t=0 0 m=audio 16442 RTP/AVP 0 2 4 8 18 96 97 98 100 101 a=rtpmap:0 PCMU/8000

*CLI> sip show peer pap2 * Name : pap2 Secret : MD5Secret : Context : NANPA Language : FromUser : FromDomain : Callgroup : (0) Pickupgroup : (0) Mailbox : LastMsgsSent : -1 Dynamic : Yes Expire : 991 Expiry : 900 Insecure : No Nat : Always ACL : No CanReinvite : Yes PromiscRedir : No DTMFmode : rfc2833 LastMsg : 0 ToHost : Addr->IP : X.X.X.X Port 5060 Defaddr->IP : 0.0.0.0 Port 5060 Username : pap2 Codecs : G.729A Status : UNKNOWN Useragent : Linksys/PAP2-2.0.9(LSd) Full Contact : sip:pap2@192.168.1.125:5060

Jeremy McNamara

P.S. Yes, it works thru my home NAT, as you can see

Care to share? Anyone by chance have Vonage and willing to give me their MAC address or a copy of their tftp downloaded "xml" file? I bought a couple of these units after the sales people at Fry's told me "they are not locked to Vonage, but are bundeled with it. You can use them with any VoIP provider." And I like a lot of other people would like to be able to use them with any VoIP provider. I opened up one of the units and was going to desolder the two flash roms and read them in an attempt to be able to "unlock" them. But that may not be necessary?

Thanks,

Dustin

I posted the server and path for mine awhile ago.

Good luck!

--kyler

I made the assumption you did not have active service with Vonage currently under that mac address. I used a tftp client and pulled the file. Based on the first few characters of the file Salted__ I would have to agree with everyone that the file appears to be Salt encrypted...

Yes...

I was under the impression that all units downloaded a "firmware" file, not just the active ones. This is not that case. Virgin MAC's do not have a file. I downloaded a few different MAC's by incrementing the *known* good MAC and ran kDiff against the files. They are different. So maybe the salt somehow involves that MAC?

Ah! Yes, you're right. The file still seems to be able to configure the unit though, so I'd expect that if you can do something with it you'd have control.

--kyler

Well the Vonage website says something like "reboot your unit and do not unplug your it during the first 5 minutes... or you may end up with a dead unit..." that makes me think it might be firmware and reflashing the unit. Has anyone had Vonage and canceled? And did their unit revert to the way it was when you first got it after canceling?

-dustin

All units download files which can contain firmware+configuration. If a unit hasn't been activated there is no need to send it firmware or even configuration files, just enough to tell the device to try again later.

Ok, I downloaded six spa.xml files. I've seen that they are really cripted (using mac address?) and my PAP2 does not validate the one loaded. So I wish i try using the Sipura configuration compile, SPC, available only on protected Sipura site so to compile a text file using macaddress as cripting key. Does someone have a copy of SPC, either for windows or for linux ? Thanks

##-----------------------------------------------##

Article posted with Cabling-Design.com Newsgroup Archive

no-spam read and post WWW interface to your favorite newsgroup -

comp.dcom.voice-over-ip - 1063 messages and counting!

##-----------------------------------------------##

What is SPC?