Discussion: Linksys

Comments Filter

Still looking for password/unlock

Looks like linuxvoip.info went offline. Anyway have a copy of it or similar resources?

by code0, Monday 21 of March, 2005 (00:35:36 UTC)
here is an idea


It is an idea. Why doesnt someone call up vonage with their pap2 device (using the old firmware) and have vonage "flag" an update to their device. The way i look at it is this. If vonage can force feed a firmware update to the boxes, why cant we? If they flag one of the boxes, and we have ethercap running, we capture the traffic, we analyse it, and most likely we get the magical admin password to the pap2. If we dont get the admin password atleast we figure out how they feed firmware and we can copy the firmware the same way (through faked dns entries and such)

Its a valid idea, and i have a VIRGIN pap2 to try your ideas on. (i am currently trying to brute force the username and password which is frankly impossible even at 1000 attempts per second, it will take 1million years, no joking, to force the password)

by mcamino, Thursday 17 of March, 2005 (20:37:01 UTC)
WRT54GP2-NA VERY CHeap no questions ask


by dj212, Sunday 27 of February, 2005 (08:02:16 UTC)
REQUIRED Firmware for RT31P2-NA

Hi , i am new to the form,
I want to know the any buddy has the Firmware for RT31P2-NA Latest one, so that i can flash that, and restore my Router which is not working for the Voice (Voice ports are continuously blinking and when i tried to move to the Voice Setup the router is generating a message called "Router is Synchronising services, Please wait" anybody can help me out, Routers internet sharing and all other functions are working fine, Please Please help me(:cry:)(:cry:)(:cry:) 18-02-2005

by , Friday 18 of February, 2005 (12:24:32 UTC)

Well Guys, I may have a sudgestion. If you need the specs on the hardware, go to http://www.bekka.dynu.com/vonageworkaround/vonageworkaround.htm

by , Sunday 30 of January, 2005 (06:20:33 UTC)
Re: Re: Re: Re: Re: Linksys PAP2 to Asterisk HOWTO

good luck, the problem is finding an salted file that will unlock it, and even at that when the unit resets, the default firmware will kick in and put it back to vonage. The only way to fix this, is to dump the firmware and mod it, then reload it to the device. the ONLY way I see this working is to hack the firmware out of a PAP2-NA --- that would involve taking the EEPROM chip off the pap, dumping it then doing the same on a regular PAP-2 then loading the NA firmware on it. Long story short, this has not been done and I doubt anyone will do it. dlowings

by , Thursday 13 of January, 2005 (09:15:00 UTC)
Re: Re: Re: Re: Linksys PAP2 to Asterisk HOWTO

Well I've got the whole setup ready to go, I set up dhcp to have a linux box as its gateway router then just do a DNAT to swap the 216... address for my dns server and have a fake vonage.net domain on my dns server. It correctly gets the linux box as its tftp source and downloads sthe dummy file I put there. After it downloads that it switches to fsp and also queries port 2400 just like it does if the file is missing. So now I'll I need is a good .xml file to try with it.

by , Wednesday 12 of January, 2005 (04:48:03 UTC)
PAP2 info and recollection


I have nearly driven myself batty while investigating this device. I am curious about the password that a user mentioned he/she had on voip-info. I assume the password is MAC related similarly to Intel switches. However, did you recieve it from them after you requested it?


Any info you have would be interesting.

Here is what I have found.

1. You dont want to connect a virgin box to the Internet. This is pretty obvious and stated on a few sites
2. After sniffing the traffic from the PAP2 I have noted it requests an XML file (spaxxxxxxxxxxxxxxx.xml where the x's are the exact charaters of the devices MAC address)
3. This XML file is salt encrypted. (Its should be a trivial process to unencrypt if I were more knowledgeable about salting
4. setting up your own TFTP server and serving a blank (zero byte) file causes the unit to request the file three time then continue on. Interestingly what follows next is odd. It requests the network time. I have not been able to get my NTP server to respond to it. (yes it is configured properly... the NTP server that is)
5. From a phone plugged into the unit. entering 4 stars gets you a config prompt. entering numbers followed by a pound sign executes commands. You may have already heard of 73738 (which spells RESET) or 732668 (which spells REBOOT). When this is done the unit resets itself. 73738 is interesting because a statically enteredIP into the config page prior to executing this command is erased. Also DNS IP are re-added back in if they are removed or changed.
6. The admin link requires a password.
7. The Sipura 2000 is close enough to try a firmware possibly. However.. I would try to get SPC, which is the Sipura Profile Compiler. With this we can generate profiles and possibly salt them ourselves and feed them to the unit.

Most of this you probably already know.

Things to do next.
Analyze the password from the posted user, once recieved. (NOTE: This requires that users MAC address)
Find someone with SPC
get my NTP server to work to see what the unit does after it sets its time.


by , Thursday 06 of January, 2005 (03:22:00 UTC)
Re: PAP2 Password

Any updates on this? Has anyone been able to get the password in?

by , Tuesday 04 of January, 2005 (18:51:20 UTC)
Re: PAP2 Password

I think you need the password to re-enable the web interface via the phone, Vonage turns it off the first time it connects. If anyone has a password I would galdly try it on virgin B and C box's.. If you like send it to dlowings_spam@cox.net.

by , Tuesday 28 of December, 2004 (01:12:05 UTC)