dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
85096
Fiku
join:2006-07-05
Italy

Fiku to global_dev

Member

to global_dev

Re: [PAP2] Unlocking Guide - Part II

i have bought from ebay a pap2 and i have a 3.1.9lsc firmware. i don't know if this firmware was automatically updated or not. i was on internet when i saw the firmware information.
buying from ebay must have much surprises like mine because i didn't know what was vonage (now i know) so i'm not a u.s citizen and i can't use vonage services from italy.

i ask you is possible to do something to unlock this device? or i have to forgot this idea?

thanks to all and sorry for my bad english.
kukku5
join:2006-05-31
Abbotsford, BC

kukku5 to rcilink

Member

to rcilink

what next

i got pap2 unlocked now how do i configure or what do i use to make long distance calls i know its long process but just hint or tell me in one sentence so that i can look for the right thing in the post or if there is nay link u have please post (linksys vonage pap2 na & linksys wrt54gs i have )

thanks

christcorp
Premium Member
join:2001-05-21
Cheyenne, WY

christcorp

Premium Member

I might be confused about your question, but there is no secret to making calls. The part about unlocking the PAP2 was so that you could use a vonage pre-provisioned router on a different PROVIDER's network. So, to answer your question, sign up with a provider! Of course you want to sign up with a provider who allows you to bring your own adapter instead of renting or selling you theres. If not, then you just wasted a lot of time unlocking the one you have. Unlocking didn't mean free service.

Now, on a side bar, there are many non-traditional services out there that are more of a pay as you go service. 2 services that come to mind in Wengo.com and Sipdiscount.com. Both services charge you 10 euros ($12 US) for unlimited calls to 20+ countries. For Sipdiscount.com, the $12 gives you 4 months of unlimited calls. (300 minutes per week max). Wengo.com allows 6 months for the $12. If you call a country that isn't on the free list, then the calls are less than $0.02 a minute, and that charge comes off of the $12 that you paid.

So, in reality, for $12, you get unlimited calling to 20+ countries, not to exceed 300 minutes per week. You also get approximately 6000 minutes to all other countries not on the free list. (300 minutes per week still applies). Whatever isn't used up at the end of the 4 month; 6 months with Wengo.com disappears. You can however add more money at any time and the clock starts new.

If you want an incoming number, it's a couple of dollars a month. There are at least a dozen of these type companies that are fairly reputable. Especially if you call outside of the United States and Canada. It's the cheapest you'll get. It's that or go with a more traditional voip provider that allows you to bring your own adapter like viatalk or another provider. Personally, the wengo or sipdiscount type of provider is an excellent deal. Especially for calling overseas. Later... Mike...

apatel22
@comcast.net

apatel22 to rcilink

Anon

to rcilink

Re: [PAP2] Unlocking Guide - Part II

I've read most of the posts since pg. 87 and have an http and tftp server running but before I install a DNS server, is there a nice clear step-by-step guide for unlocking a PAP2 that has never connected to the internet using fw 3.1.9lsc?

HsinMu
@comcast.net

HsinMu to mypiv7

Anon

to mypiv7
Hi,

I read most of the post regarding unlocking PAP2, but I'm stuck now. I would be appreciated if anyone can help.

I bought a new PAP2 from CompUSA and it was never connected to the Internet. The firmware is 3.1.9LSc out of box.

So I started to do things described in the PDFs and the posts. I used tftp to download the spaMAC.xml file from vonage. And I setup the DNS, DHCP, TFTP, WEB server as instructed in the posts and a ethernet, and then plugin the power and the network cable from my laptop to PAP2. (I setup DHCP server on my laptop, so I don't have to connect PAP2 to the router/switch)
I also setup ethereal to sniff the packets between my laptop and PAP2.

PAP2 did retrieve the xml file from the TFTP server. But after that it starts to ask for the same file on port 21 and 2600 (I saw this from ethereal). So I setup another two (separate) TFTP server on these two ports, and PAP2 download the two files. (same file from vonage)

But after retrieving the three xml files, nothing happens. PAP2 never tries to fetch the bin file from the web server (nothing in the log).

During the whole process, I factory reset or power cycle PAP2 several times, and the behavior is always the same. After retrieving the three xml files, nothing happens.

I'm stuck at this point. Any idea?

Many thanks,

-HsinMu

DogFace056
join:2005-12-09
Cary, NC

1 edit

DogFace056

Member

HsinMu,

If it went for ports 21 and 2400, then clearly it didn't find the XML. You should double check your TFTP server's configuration and whether you placed the XML file in the correct TFTP folder.
butlerj2000
join:2006-04-06
Jacksonville, FL

butlerj2000 to rcilink

Member

to rcilink
I unlocked a pap2 and installed fw 3.1.6. I saved the original GPPK values. I sent this pap2 to a friend who somehow managed to factory reset the unit and get it provisioned by Vonage. From the original GPPK values I also extracted the user and admin passwords. The PAP2 now has 3.1.9 installed. Can I get back into the admin settings in order to downgrade the firmware to 3.1.6?

Sukru Bey
join:2005-09-17
Toronto, ON

Sukru Bey to rcilink

Member

to rcilink
I think this is something we haven't discuss clearly. So, it is good you asked. How can we reunlock the PAP2 when we know its GPP_K value?

The admin PW you see in the xml file will not work, because that PW changes after couple xml files and we don't know it. Also, because web server and admin access disabled, you won't have access to the PAP2. The best way for reunlocking 3.0.9 fw PAP2 is rewriting the xml file and feeding the PAP2 with your own Fonage xml file, where web server and admin access inabled and where the PWs are blank.

1- Open your plain text xml file
2- Change ONLY ONLY the following values:
Enable_Web_Server from No to Yes
Enable_Web_Admin_Access from No to Yes
Admin_Passwd Just delete whatever is there and LEAVE-IT-BLANK
User_Password Just delete whatever is there and LEAVE-IT-BLANK
3- Save the file as a different xml file.
4- This step is important: Use openssl to make another plain text xml file from original xml file you downloaded from Fonage.
5- Try this part until you successfully turn the encrypted xml file into plain text.
6- When you are successful, now encrypte the xml file you made the changes I explained above.
7- Now your own encrypted Fonage xml file is ready.
8- Use the DNS settings and TFTP and others.
9- When you see the PAP2 takes the xml file you created, then you will be able to login as admin.
10- When you login as admin, first, downgrade the fw to 3.1.6 or bellow.
11- when you have 3.1.6 fw, just factory reset it and reunlock it using classic unlocking method and your PAP2 will be free

Good luck

worabi
@ameritech.net

worabi

Anon

Could someone help me find the spa2000 2.0.9d fw? I will try to unlock my brand new PAP2 3.1.9 fw. I guess I managed to collect all things I need except for the 2.0.9d fw and the apache software, since they have lots of software on their website and I am not exactly sure which one I need.

Please help.
worabi

worabi

Anon

Sorry guys, I must have been sleeping. I know that I need the HTTP server from apache. I am now only missing the 2.0.9d fw and any other instructions or suggestions you guys may provide me with.

Thanks for your help.
butlerj2000
join:2006-04-06
Jacksonville, FL

butlerj2000 to Sukru Bey

Member

to Sukru Bey
Thanks for all of your help. I was able to get the PAP2 back to 3.1.6 by the following steps:

1. Factory Reset your PAP2 by using User Password from plain text XML.
2. Erase DNS settings from PAP2 and Save.
3. Open your plain text xml file in notepad
4. Change ONLY the following values:
Enable_Web_Server from No to Yes
Enable_Web_Admin_Access from No to Yes
Admin_Passwd Just delete whatever is there and LEAVE-IT-BLANK
User_Password Just delete whatever is there and LEAVE-IT-BLANK
5. Save the file as a different xml file. I used text.xml
6. Put this file in OpenSSl/bin folder.
7. Create a batch file as follows: openssl aes-256-cbc -in text.xml -out spaMAC.xml -k GPP_K
8. Run batch file to create encyrpted xml
9. Put encyrpted xml file in root TFPT folder
10. Use Simple DNS to spoof ls.tftp.vonage.net to your tftp server
11. Recycle PAP2. It should load the encyrpted XML.
12. Put fw 3.1.6 in tftp root folder.
13. Log on to PAP2. You should be able to get to Admin Advanced Settings.
14. Go to Provision Tab and make sure provisioning is set to no. Save settings.
15. Downgrade firmware to 3.1.6.

This forum has been an invaluable resource to me.
mazilo
From Mazilo
Premium Member
join:2002-05-30
Lilburn, GA

mazilo

Premium Member

said by butlerj2000:

Thanks for all of your help. I was able to get the PAP2 back to 3.1.6 by the following steps:

1. Factory Reset your PAP2 by using User Password from plain text XML.
Was your PAP2 locked to Vonage and run on a firmware v3.1.6 or older before you unlocked it? If your PAP2 was locked to Vonage and run on firmware newer that v3.1.6, I believe its web menu as well as reset feature are disabled by Vonage. In this case, your PAP2 won't be able to recognize the plain-text XML you provided, let alone to unlock it.
butlerj2000
join:2006-04-06
Jacksonville, FL

butlerj2000

Member

The PAP2 was unlocked, original GPPK saved and plain-text XML created by VuckFonage before my friend let Vonage provision it. Anyway it is now totally unlocked again, and I downgraded the fw from 3.1.9 back to 3.1.6. I never fed it a plain-text XML. The XML that I fed it was encyrpted by openssl, and the 3.1.9 PAP2 loaded it without any problems. As soon as the xml file was loaded I had immediate admin rights. As been said many times on this forum save your original GPP-K and spaMAC.xml files. I have unlocked about 75 PAP2's and have saved these files for all of them.
worabi
join:2006-07-13
Champaign, IL

worabi

Member

Could you provide me with the SPA2000 2.0.9d fw that you used to unlock your PAP2?
worabi

worabi

Member

Thank you all guys. Your help was insightful.

Finally, I was able to unlock my PAP2 and get the original GPP-K code.
mazilo
From Mazilo
Premium Member
join:2002-05-30
Lilburn, GA

mazilo to butlerj2000

Premium Member

to butlerj2000
said by butlerj2000:

The PAP2 was unlocked, original GPPK saved and plain-text XML created by VuckFonage before my friend let Vonage provision it.
AFAIK, once your PAP2 has been provisioned by Vonage, its GPP_K values get replaced by Vonage and the factory reset and web menu features are disabled. So regardless if you have the original GPP_K values, your PAP2 will expect the next provisioned XML file be encrypted with the new GPP_K values. Any provisioning uses original GPP_K values will not be accepted unless the PAP2 is first factory reset (consecutively several times if the firmware is newer than v3.1.6).
The XML that I fed it was encyrpted by openssl, and the 3.1.9 PAP2 loaded it without any problems. As soon as the xml file was loaded I had immediate admin rights.
Can you confirm this successful story of unlocking a PAP2 runs on firmware newer than v3.1.6 that has been provisioned by Vonage? The reason I asked this is because once the PAP2 gets provisioned by Vonage, its factory GPP_K values get replaced with a new one by Vonage through the provision. This means the PAP2 no longer recognize the old (factory) GPP_K values and it won't be able to decrypt the XML file encrypted with the original/factory GPP_K values unless it first gets factory reset several times.

Nakkoush
@81.199.x.x

Nakkoush

Anon

I followed the instructions of this group... and i just need a
confirmation before i unlcok my linksys

I downloaded Sipura 2000 firmware from the original website
»www.sipura.com/Documents ··· .1.5.zip
i put it in a folder at C:\SPAtools and i opened a command prompt
there and run spa2pap2 spa2000-03-01-05.bin spa2k-pap2.bin
here we go, and i got the file spa2k-pap2.bin

1: what is the best PAP2 firmware to patch is it the latest PAP2
firmware,because from what i am reading here the latest firmware
cannot be unlocked again.. any recommendation?!

2: What is the TFTP root folder? i mean before i run
»192.168.1.102/upgrade?tf ··· pap2.bin
where my files are supposed to be?!

3: Does the TFTP application has to be running during the upgrade
proccess? or just need to be intalled on the pc??

Last question: from what i'm reading here that if my serial is below
FH900E9XXXXX than my PAP2 can be unlocked, in my case the serial of
the PAP2 i have now is: FH900E703XXX that means my PAP2 should easily
be unlocked? is that correct?

Sukru Bey
join:2005-09-17
Toronto, ON

Sukru Bey to rcilink

Member

to rcilink
Mazilo,

As long as you have original GPP_K value, after factory reset, the PAP2 will take that xml file encrypted with original GPP_K value. So, you do not need to use second xml file at all because you know admin PW once PAP2 gets the xml file.

For more fun, if you want to know what a locked PAP2 settings are, you can create an xml file including this:
<flat-profile>
<Admin_Passwd ua="na"></Admin_Passwd>
</flat-profile>
and encrypte that with the GPP_K value. After factory reset, the PAP2 will take that file and you will be able to login as admin. Then click provisioning to see what a locked PAP2 has there. It is fun thoug.
butlerj2000
join:2006-04-06
Jacksonville, FL

butlerj2000 to mazilo

Member

to mazilo
Since I used the orginal xml in VuckFonage to create the unencrypted xml, only the original GPP_k would work in openssl to re-encrypt this file after I made the changes. You are correct it now has a different GPP_K from the original. I only factory reset it once. I am not going to press my luck. Provisioning is now turned off and I can get to the admin settings again. I saved both GPP_K's. When I have some more time I will explore this further.
rizzo2dial
Premium Member
join:2004-08-05

rizzo2dial

Premium Member

said by butlerj2000:

Since I used the orginal xml in VuckFonage to create the unencrypted xml, only the original GPP_k would work in openssl to re-encrypt this file after I made the changes. You are correct it now has a different GPP_K from the original. I only factory reset it once. I am not going to press my luck. Provisioning is now turned off and I can get to the admin settings again. I saved both GPP_K's. When I have some more time I will explore this further.
Based on the above, you used a modified Vonage config file (i.e. a decrypted Vonage XML file which you re-encrypted after modifying it) to re-unlock your adapter. As explained in this post, Vonage assigns a new (GPP_D based) GPP_K value in successive XML file upgrades.

The GPP_K value your adapter now has came from the XML file you fed your adapter. Should you re-factory reset your adapter, the FACTORY FRESH GPP_K value is the only one you'll need to re-unlock it.

Rizzo

P.S. Your situation is precisely why one should go through the effort of extracting their factory fresh GPP_K value.
getamail
join:2006-07-15
Ames, IA

getamail to rcilink

Member

to rcilink
I have got vonage3.1.9LSc fw. I was trying to download the spaMAC.xml from vongage site using tftp. But I couldn't do it. always report timeout.

I am sure that my tftp has no prblem, since I have tested on two connected pc. I also use ethereal (and tftp log) to see that pap2 is trying to reach the spaMac.xml in my local fake setup network.

I was stuck at getting the spaMAC.xml. Is it possible that vonage didn't even post the file?

some brother before suggested to manufacture the spaMAC.xml. But I couldn't find any detailed description.

Any advise is welcome. thanks!thanks!thanks!

Please_help
@pacbell.net

Please_help

Anon

Not SUre if I screwed it.

When I use 15# I get 3.1.9c
I did do ****73738#1#

Able to get to Web interface but am completely lost after that.

Any pointers. Willing to do reading if you can point to correct place.
mypiv7
join:2006-04-29
USA

1 edit

mypiv7 to rcilink

Member

to rcilink
Are you talking about step 15 from this link »[PAP2] Unlocking Guide 1st page?
Those instruction are only for fw less then 3.1.6.

For fw greater then 3.1.8/3.1.9 here are the instructions.
Four factors: router, Apache, tftp & DNS. Let’s go through them one by one.

0. router, disable DHCP server. enable forwarding tftp & http ports. point the default DNS to server pc (my pc IP is 192.168.1.102. i.e. using 192.168.1.102 as DNS on the router).
Install Simple DNS Plus, Apache, and tftp server on pc (192.168.1.102).
1. Apache, no settings required except installation. easiest action.
2. tftp, settings needed: root directory, enable transmit & receive, enable Log file. no IP settings involved. 2nd easiest action.
3. DNS. key in entire unlocking. point ls.tftp.Vonage.net and httpconfig.Vonage.net both to my pc (192.168.1.102). might add the third ntp1-nyc.Vonage.net later.
go to Tools, Options,..in General set the Domain to ls.tftp.Vonage.net (click OK) Next click on Records (it will open a new window) and go to Tools, Quick Domain Wizard. Put ls.tftp.Vonage.net in the Domain name. Set Web server IP and FTP server IP to your tftp server IP. Delete the name in Secondary DNS server. (click OK).
Setting of httpconfig.Vonage.net is very similar. Now my tftp and DNS servers are on the same pc.

All your firewalls are turned off or disabled. It might not necessary but it’s easier to go through.

How to verify the setting is correct? You need a second pc. disconnect the pap2, using its cat5 cable to connect the 2nd pc. on 2nd pc (NOT the server pc), in a dos window, ping ls.tftp.Vonage.net & httpconfig.Vonage.net. both should point to 192.168.1.102 (server pc). Or open a browser (ie or firefox).
httpconfig.Vonage.net/
ls.tftp.Vonage.net/
Apache webpage of the server pc should be displayed on the 2nd pc.
Now, put the pap2 back. rest of the unlocking other procedure has been addressed many times in this thread.

when the pap2 starts up, it first looks for spa_MAC_.xml on ls.tftp.Vonage.net by tftp (done easily if the file under TFTP-Root when using SolarWinds TFTP Server. For other TFTP servers, the root folder should work), after that it tries to retrieve the latest fw by http from httpconfig.Vonage.net. As the DNS points to local pc (192.168.1.102), looking into the Apache/DNS log (& error log) you can find out where & what filename the pap2 is looking for then you feed the file accordingly.

This instruction were from the original post don't remember who posted them, sorry.

Please_help
@pacbell.net

Please_help

Anon

Thanks so much. This info should help a lot. WOUld try agian.
Just one question. Wouldn't I need the GPP_K ? How can I get the new GPP_K key. I have not connected my box to net yet
mypiv7
join:2006-04-29
USA

mypiv7

Member

said by Please_help :

Thanks so much. This info should help a lot. WOUld try agian.
Just one question. Wouldn't I need the GPP_K ? How can I get the new GPP_K key. I have not connected my box to net yet
You don't need the GPP_K to unlock the 1st time. DO NOT DO NOT CONNECT TO INTERNET before unlocking and disabling provisioning.

Please_help
@myvzw.com

Please_help

Anon

Thx. I tried your suggestion.

Here is where I got stuck.
1. In the original instrucitons, it asks to put the modifie3d firmware in the HTTP_ROOT. Is that the htdocs of the apache or the the default in apache.
2. If I disable DHCP how woudl I get any IP for the 2nd PC you suggested.

When I finally enabled DHCP, even though my DNS was being modified form 2nd PC the ping was not successful.
On the host PC which has tftp serevr etc when I do DNS lookup, it was coming correct even though ping failed. ANy insights

Marcoplaut
@fplaut.com

Marcoplaut to rcilink

Anon

to rcilink
Hi,

I'm french and i bought a PAP2 on ebay, unknowing that there were locked versions of that product. If my PAP has been conected to internet, is there a solution to unlock it ? (I don't really want to read the 110 page of the topic...)

christcorp
Premium Member
join:2001-05-21
Cheyenne, WY

christcorp

Premium Member

I can understand that. You don't need to read 110 pages of a thread. I can tell you right now that the answer is roughly Yes. Now, as far as how, and IF it will work, that will require reading the 110 pages.

Not to me a smartass, but there are way too many variables to say whether yours will unlock or not. Version of firmware is a definite factor. Different versions require different procedures. Then there's the what if's. There will be times where if it doesn't work a certain way, you might have to try a different method. Then finally, it is possible that even if everything you did is by the book and correct, you could still have an adapter that won't unlock.

Sorry if this isn't the answer you were looking for, but it is the truth. Later... Mike...

DogFace056
join:2005-12-09
Cary, NC

DogFace056 to Marcoplaut

Member

to Marcoplaut
said by Marcoplaut :

Hi,

I'm french and i bought a PAP2 on ebay, unknowing that there were locked versions of that product. If my PAP has been conected to internet, is there a solution to unlock it ? (I don't really want to read the 110 page of the topic...)
Your unit is very easy to unlock. Register a user ID on this site and then PM me.
snoopy123ng
join:2006-07-19

2 edits

snoopy123ng to rcilink

Member

to rcilink
Can someone please provide a very detail procedure (step by step)to unlock the adapter with 3.1.9lsc? I am confused now. Many Thanks....