Re: VONAGE VT2142 unlock help in VOIP Tech Chat http://www.dslreports.com/forum/r21814728 en Thu, 10 Dec 2009 13:02:39 EDT Thu, 10 Dec 2009 13:02:39 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22423341 winsnomore : @usbjtag -- I am not sure I get this 100%
1. I need to buy the JTAG dongle about $60 on that website.
2. need to solder pins to the board to connect dongle
3 run this thing --

and finally it's unlocked -- can't i just buy unlocked router for ebay for about $25 and be done :-)

You guys have done wonderful work - but it's really too much to do for a $25 box .. or am I missing something]]> http://www.dslreports.com/forum/remark,22423341 Thu, 21 May 2009 15:09:15 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22134257 usbjtag : Another version of CYT.dll (0.02) now support WRTP54G.
Install 3.1.27 firmware on WRTP54G and 3.1.24 for RTP300.]]> http://www.dslreports.com/forum/remark,22134257 Thu, 26 Mar 2009 17:55:12 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22055889 usbjtag : Just released the CYT.dll for RTP300 and VT2X42. The detail of unlock VT2x42 posted at »www.usbjtag.com/jtagnt/VT2X42.php]]> http://www.dslreports.com/forum/remark,22055889 Thu, 12 Mar 2009 02:21:51 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22054261 vilord : Glad I checked :) I'll be sure to dump it first before I wipe out the config partitions. Now to find that lmmc tool... :D]]> http://www.dslreports.com/forum/remark,22054261 Wed, 11 Mar 2009 20:12:03 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22054246 usbjtag : If you have the tool, log in to your router with password router/router and export the configuration. Use LMMC tool to unzip it and you have plane text xml of router and voice settings.]]> http://www.dslreports.com/forum/remark,22054246 Wed, 11 Mar 2009 20:09:16 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22054176 vilord : sounds like lmmc tool is what i want, don't really care to re-encrypt :)]]> http://www.dslreports.com/forum/remark,22054176 Wed, 11 Mar 2009 19:56:36 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22054063 usbjtag : I am not 100% sure but I see some key in the log. And if it is then you can encrypt the xml file.
If not what you can do is to delete the keys. But you can get the Vonage configuration with LMMC tool so you can get the VOnage setting and put back with plane text xml.]]> http://www.dslreports.com/forum/remark,22054063 Wed, 11 Mar 2009 19:37:48 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22054057 toro : Yes, it's possible, but I don't know the algorythm for obtaining the RC4 key from the CRYPT_KEY (I know for sure it depends on the ADMIN_PWD and CRYPT_KEY).
If anyone is willing to try and find it, I can provide a few combinations of ADMIN_PWD, CRYPT_KEY and the resulting RC4 key.]]> http://www.dslreports.com/forum/remark,22054057 Wed, 11 Mar 2009 19:36:50 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22053911 vilord :
said by toro See Profile :

get rid of HASH_DIR and CRYPT_KEY completely (to prevent any further provisioning)
Is it possible to get the CRYPT_KEY from this to get the GPP KEY to be able to ask [insert provider here]'s tftp server for the xml file, with plans to decrypt it and modify it and upload it to the box?
I'm thinking for using a VT2142 with port one on vonage and port two on something else...]]> http://www.dslreports.com/forum/remark,22053911 Wed, 11 Mar 2009 19:12:24 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22053231 usbjtag : Then follow the steps I described and it will work for you. ]]> http://www.dslreports.com/forum/remark,22053231 Wed, 11 Mar 2009 17:11:17 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22052669 vilord : I'm only doing one device... so I'll probably only have a parallel jtag... maybe this won't help me...]]> http://www.dslreports.com/forum/remark,22052669 Wed, 11 Mar 2009 15:35:36 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22052576 usbjtag : Yes I will post. The dll will be free for USB JTAG NT user. The dll will support WRT54G after I got mine from eBay.]]> http://www.dslreports.com/forum/remark,22052576 Wed, 11 Mar 2009 15:21:45 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22052363 vilord : You rule! Where do I get this wondrous creature? Will you be posting it to your website? Will it be free?

And...

If it works for RTP300 will it work for WRTP54G?]]> http://www.dslreports.com/forum/remark,22052363 Wed, 11 Mar 2009 14:46:31 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22051465 usbjtag : The problem of mac address erased problem had solved.
I have written the dll that can do the job automatically but if you only had PJTAG, you can still do so.
The unlock process is as follows. (Same as VT2442, will confirm if it works for RTP300 late today).
1. read the boot.
In the boot find the password and make it well known password (Admin).
Find the HASH_DIR and CRYPT_KEY, erase them (not put 0), If any parameters exist after those parameters, SHIFT THEM UP). This will keep the original MAC address.
2. read the log (I do not know its official name).
In the boot find the password and make it well known password (Admin).
Find the HASH_DIR and CRYPT_KEY, shift the data to erase those values.
3. program the boot
4. program the log.
5. Erase the cfg1.
6. Erase cfg2.

Your box now is unlocked.

Log in as the Admin/Admin, Go to advanced/voice provision then modify the configuration url to be tftp://your pc ip (mine is 192.168.15.2). This box now accept plane text xml file. ]]> http://www.dslreports.com/forum/remark,22051465 Wed, 11 Mar 2009 12:19:22 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22047022 vilord : Another quick question about the VT ATA's, can you configure any dial plans at all with the XML, and do they support IP dialling?

Thanks!]]> http://www.dslreports.com/forum/remark,22047022 Tue, 10 Mar 2009 16:57:04 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22043644 usbjtag : You are right. Because I use JTAG to zero the path and the mac address stopped processing. After fix the dll the problem goes away and configure the box is easy now.]]> http://www.dslreports.com/forum/remark,22043644 Tue, 10 Mar 2009 01:35:40 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22042089 toro :
Since we remove all the configuration, the tftp file is no longer tixxxxxxxxxxxxxx.xml. Instead it is provision.xml.
I think your adapter has the WAN MAC address removed or set to something generic like 01:02:03:04:05:06 (you may want to check it through the web admin page, or with "cat /proc/ticfg/env" in a SSH session). I had that problem at some point and it went away once I set the WAN MAC address properly through the serial console at the PSP boot prompt (you can also set it from the SSH sesstion with something like

echo "HWA_0 00:AA:BB:CC:DD:EE" > /proc/ticfg/env"
]]> http://www.dslreports.com/forum/remark,22042089 Mon, 09 Mar 2009 19:38:37 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22042042 toro : An unlocked VT2x42 adapter will save and use a plain text XML.
The adapters unlocked just with the CYT unlocker appear to "forget" the configuration sometimes because the way the firmware is designed, if they fail to connect to the VoIP service a few times, they download the default Vonage configuration, override any existing XML and become locked again.
Once an adapter is unlocked, it can't download the Vonage configuration anymore, so it doesn't override the plain text XML.]]> http://www.dslreports.com/forum/remark,22042042 Mon, 09 Mar 2009 19:28:55 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22040385 usbjtag : I am testing these. I think it will remember.
Since we remove all the configuration, the tftp file is no longer tixxxxxxxxxxxxxx.xml. In stead it is provision.xml. There is another difference I noticed that the prov path stays. (That might indicate it will not remember). Normaly after download the xml the path changes to something like "side-2". ]]> http://www.dslreports.com/forum/remark,22040385 Mon, 09 Mar 2009 14:36:55 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22040367 vilord : After configuring via the plain text xml, will it remember the configs after a powerfail? I'm thinking of configuring my old one and sending to my father to introduce him to byod voip, but if it needs to contact the tftp server on every bootup, it wouldn't be terribly useful...
Also, any chance I could get a copy of the unreleased version?
Thank you!!!]]> http://www.dslreports.com/forum/remark,22040367 Mon, 09 Mar 2009 14:33:28 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22040337 usbjtag : The program was written but not released yet. I need to test a little bit more. The reason is that I found it does differently on VT2442 for the log. In VT2142 I can erase the log and cfgs then you can use plain text xml via tftp. In VT2442 you need to "modify" the log section.
Maybe I will release the VT2142 first. The future release will support RTP300 and WRTP54G. ]]> http://www.dslreports.com/forum/remark,22040337 Mon, 09 Mar 2009 14:28:07 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,22040153 vilord : Did you end up writing this program for the VT2x42 series devices? Can you erase the config partitions from the JTAG easily? I have a VT2142...

I guess what I'm reading is you are saying if you erase the config partitions, then change the ADMIN_PWD in the boot block and it'll boot up, correct?

How do I find the config partitions to erase them? I guess if I hack around with it a while I'll understand better.]]> http://www.dslreports.com/forum/remark,22040153 Mon, 09 Mar 2009 13:54:49 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21911446 usbjtag : Actually it is quite easy to write a small program to auto delete those keys at right place.

If I had the right boot I would use complete dump with JTAG (just change the mac) and that will only take about 2 minutes including the erase and programming. No need to have second cable to do the RS232. The script is just for someone with no good boot. Since it only takes less than 2 minute (actually erase is 38 seconds on Spansion and program is 24 seconds, Intel chip is a little slower). Use a solder less connector with clip will do the job.]]> http://www.dslreports.com/forum/remark,21911446 Fri, 13 Feb 2009 13:36:01 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21910456 toro : I've unlocked many (30+) of these routers the following way:
- I have a good boot loader image with ADMIN_PWD changed, HASH_DIR and CRYPT_KEY, MAC addresses and the SerialNumber removed and the ProductID set to match the -NA version. Also the console state is set to unlocked
- I flash the boot loader with my image and erase the environment block
- reboot the router. It will automatically rebuild the environment block and stop at the boot prompt because the ProductID doesn't match
- at this point I use the serial console to set the environment variables for correct MAC addresses, SerialNumber, and then I format and flash the two firmware images using the -NA firmware
- now you can boot the router into the -NA firmware
There's no way that router can get locked again or even accept Vonage firmwares.]]> http://www.dslreports.com/forum/remark,21910456 Fri, 13 Feb 2009 10:53:10 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21910381 meister_sd :
said by toro See Profile :

You can't use hardcoded addresses to change the environment variables.
Right - that is why he said this:

"Find ADMIN_PWD in here the password start at 0x9000d575"

But I haven't had any luck changing anything in this area. Even if I change one byte in the Admin password - it won't boot and nothing shows in the console. I'm going to look more at his commands this weekend to see what needs to be changed using HairyDairy.]]> http://www.dslreports.com/forum/remark,21910381 Fri, 13 Feb 2009 10:38:18 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21910327 toro : You can't use hardcoded addresses to change the environment variables. If you take another router, same model but made at a different time, the environment variables will be located in the same area but different addresses (mostly due to minor version differences in the boot loader code). You will need to either use the same boot loader dump, or implement a search feature.]]> http://www.dslreports.com/forum/remark,21910327 Fri, 13 Feb 2009 10:29:16 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21909157 usbjtag : Here is the script.

// modify the password. Find ADMIN_PWD in here the password start at 0x9000d575
// Replace with 9000d574 with your address
// Modify it with empty password. ABW9wzpK6VV4Q
e 9000d575 41 42 57 39 77 7a 70 4b 36 56 56 34 51
// Empty CRYPT_KEY
// replace 9000d52a with your address of CRYPT_KEY
e 9000d52a 0
// Empty HASH_DIR
// replace 9000d515 with your address of HASH_DIR
e 9000d515 0
// Modify the ProductID to CYLM
// replace 9000d43d with your address of ProductID
e 9000d4ed 43 59 4c 4D
// program the boot
pause
program boot
// Erase log
f log ff
pause
program log
// erase the cfg
f cfg ff
pause
program cfg
// erase the cfg1
f cfg ff
pause
program cfg1
// Load the initial Linksys firmare to kernel
ldram kernel
// modify so it can boot
e 9002000b 57
// program the kernel
pause
program kernel
// Load the initial Linksys firmare to kernel1
ldram kernel1
// modify so it can boot
e 9040000b 57
// program the kernel1
pause
program kernel1
// You have finished the unlock. Good luck]]> http://www.dslreports.com/forum/remark,21909157 Fri, 13 Feb 2009 00:21:24 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21908879 meister_sd :
said by usbjtag See Profile :

2. Change the productID.
Are you talking about the area around 0x0000d53d? If I change anything in that area, including the password, it won't boot.

Can I see the script?]]> http://www.dslreports.com/forum/remark,21908879 Thu, 12 Feb 2009 23:00:19 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21908032 mazilo :
said by usbjtag See Profile :

Why I want to have the Vonage firmware?
I didn't ask you to flash a Vonage firmware; however, I just asked if you can confirm the device will re-lock itself after a factory reset if you re-flash your device with a Vonage firmware. This way what you said in your post and I quoted below will be true.

said by usbjtag See Profile :

After those steps the RTP300 looks truly NA to me and never will be factory re-locked.

--
Mazilo always prays for FREEBIES!
US Phone: +1-678-601-0907
UK Phone: +44-703-194-2574
]]> http://www.dslreports.com/forum/remark,21908032 Thu, 12 Feb 2009 20:01:29 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21907899 usbjtag : Yes if you donot modify one BYTE from ff to 0x57 it will not boot. The upgrade process will modify that byte for you.

Why I want to have the Vonage firmware? The default directory is built in the firmware. ]]> http://www.dslreports.com/forum/remark,21907899 Thu, 12 Feb 2009 19:37:55 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21906734 toro :
said by mazilo See Profile :

Have you confirm this by flashing back a Vonage firmware to see if it will re-lock after a factory reset?
The Vonage firmware can't be flashed back on the device once the ProductID has been changed (unless one would patch the Vonage firmware to have the RTP300-NA ProductID which doesn't make much sense)]]> http://www.dslreports.com/forum/remark,21906734 Thu, 12 Feb 2009 15:59:59 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21906678 mazilo :
said by usbjtag See Profile :

1. Empty all the keys. Make Admin password empty.
AFAIK, this is OK.

3. modify the stocked firmware one byte to allow program via JTAG.
I doubt this is needed through a JTAG cable.

After those steps the RTP300 looks truly NA to me and never will be factory re-locked.
Have you confirm this by flashing back a Vonage firmware to see if it will re-lock after a factory reset?
--
Mazilo always prays for FREEBIES!
US Phone: +1-678-601-0907
UK Phone: +44-703-194-2574
]]> http://www.dslreports.com/forum/remark,21906678 Thu, 12 Feb 2009 15:52:40 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21906249 usbjtag : I made a script to modify the RTP300 to accept NA firmware. As DogFace05 mentioned change productID might be illegal but technically it is possible. All it does is to
1. Empty all the keys. Make Admin password empty.
2. Change the productID.
3. modify the stocked firmware one byte to allow program via JTAG.
4. Program two copies of the Linksys firmware.
5. Erase two copies of configuration and log.
After those steps the RTP300 looks truly NA to me and never will be factory re-locked.]]> http://www.dslreports.com/forum/remark,21906249 Thu, 12 Feb 2009 14:38:50 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21833657 Teksavvy1 : I have collected the information I used to unlock my

VONAGE vt2142 and VT2442

www.unlockvt2442.com
.
.
.
--
found link www.unlockvta.com 4 Unlocking the Vonage VTA]]> http://www.dslreports.com/forum/remark,21833657 Fri, 30 Jan 2009 11:49:23 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21833564 Teksavvy1 : Unlock Motorola VT2142 and VT2442


I have collected the information I used to unlock my

VONAGE VT2142 and VT2442

unlockvt2442.com
.
.

--
found link www.unlockvta.com 4 Unlocking the Vonage VTA
]]> http://www.dslreports.com/forum/remark,21833564 Fri, 30 Jan 2009 11:33:06 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21831949 usbjtag : I agree. But if you are not for the reason to make money and you play with it, I think it is OK for the testing purpose. There is nothing legal as to program third party firmware. Or modify the NA to program on an non-NA router. Saying that everything sold on eBay saying UNLOCKED is somewhat questioned.]]> http://www.dslreports.com/forum/remark,21831949 Fri, 30 Jan 2009 02:53:31 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21831892 DogFace05 : FWIW, you may want to be aware of the potentially very serious legal trouble you could risk exposing yourself to by modifying the product ID.

Here in the US, it would constitute a violation of the DMCA (H.R.2281, Sec. 1201, Circumvention of copyright protection systems), as the product ID controls access to code that the device owner has not been licensed to use with the device as sold by its manufacturer. I'm not familiar with the laws in Canada, but the US DMCA is part of a wider international treaty known as WIPO, which Canada is also a signator of. It is therefore very likely that the same, or similar laws apply there as well.

Furthermore, modifying the product ID and distributing the device as an -NA, also falls into the realm of counterfeiting, with very severe penalties here in the US (10-20 years in jail). Again, counterfeiting laws are very similar in most western countries, and are the result of international treaties. Even if the laws happened to be more liberal up north of the border, if you plan on exporting/distributing any such modified devices to the US, you effectively become bound by and subject to US law.

Note that Cisco/Linksys do not seem to have bothered legally persuing any such cases todate. However, there's nothing to stop them, should they choose to, as our current laws give them every right to. And even if Cisco/Linksys don't bother persuing any legal action, there are several other parties with intellectual property rights in the firmware of these devices, who could if so inclined.

I don't mean to scare you--just pointing out the potential risks that you could expose yourself to. If you're just doing it for personal use, there's probably little to worry about. However, should you plan on distributing such modified devices, it may be in your best interest and peace of mind to first consult with a lawyer versed in such legal matters.]]> http://www.dslreports.com/forum/remark,21831892 Fri, 30 Jan 2009 02:28:26 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21830429 usbjtag : Totally agree with you.
Export the configure and unzip it still have some value as it is much easier to get the configuration from VOnage and de-cipher it. Someone would like to use software with their current account. The configuration on the box is much easier to unzip than to decode the Vonage xml file.]]> http://www.dslreports.com/forum/remark,21830429 Thu, 29 Jan 2009 20:56:51 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21830381 toro :
Does the SSL certificate belongs to Vonage?
No, the SSL certificate is issued by Linksys.
Actually it is not hard to find all the left overs and remove them as they are pure text and no checksum applied to the boot for those parameters. A few tries can make reasonable "clean" boot and a good NA VOIP box can be created.
That's the point, you should NOT erase the SSL certificate.
I found people complaining it is difficult to configure VT2442 box even it is unlocked. You need to use CYT to push the configuration in.I noticed if you log in as admin (even router) you can export the config file.
The configuration can be uploaded using a TFTP or HTTP server, I think many people do it this way rather than using the CYT unlocker. Plus the CYT unlocker doesn't work for the newest firmware versions.
In my opinion is easier to use this method than encrypting/compressing a configuration file. But that's just me.]]> http://www.dslreports.com/forum/remark,21830381 Thu, 29 Jan 2009 20:50:49 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21830292 usbjtag : Does the SSL certificate belongs to Vonage?
Actually it is not hard to find all the left overs and remove them as they are pure text and no checksum applied to the boot for those parameters. A few tries can make reasonable "clean" boot and a good NA VOIP box can be created.
One thing I am interested recently is I found people complaining it is difficult to configure VT2442 box even it is unlocked. You need to use CYT to push the configuration in. I noticed if you log in as admin (even router) you can export the config file.
In admin we can import the config file. If we can make a legal configure file we can config the box without CYT tool and it will be much easier. I have found how to generate the proper config based on xml file but the CRC calculation of the config is blocking me. I have searched the source code from CYT devices but non of the CRC algorithms work for the configuration. I think this should be that hard and once we have done that we only need a free xml notepad to configure the VT2x42 box.]]> http://www.dslreports.com/forum/remark,21830292 Thu, 29 Jan 2009 20:33:38 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21830238 toro :
Just modify the product ID will still have some left overs in the boot. (Some Vonage urls and paths).
Correct. Those are the HASH_DIR and CRYPT_KEY I mentioned in an earlier post, which I normally remove.
Just one thing I want to mention: if you're really picky about the way you unlock these routers, if you clone another router by changing the MAC addresses and Serial Number, the SSL certificate stored in the flash will become invalid. This is no big deal for 99% of the home users. However some VoIP providers use it for a secure remote provisioning, to ensure that no-one except the Linksys router with the right MAC address can download a certain configuration file.]]> http://www.dslreports.com/forum/remark,21830238 Thu, 29 Jan 2009 20:22:06 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21830195 usbjtag : I program the flash with JTAG. It is faster than TFTP as I do not need second cable to run the console. One tool is all I need to program the flash.
But I would prefer to get a clean NA dump and modify the mac address to make a new flash dump. This will create a clean NA box.
Just modify the product ID will still have some left overs in the boot. (Some Vonage urls and paths).]]> http://www.dslreports.com/forum/remark,21830195 Thu, 29 Jan 2009 20:14:40 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21827490 toro :
If we use TFTP to upgrade we can change the product ID.
If we just modify the product ID and still want to use web upgrade page to upgrade it will never fire up.
How do you change the Product ID without reprogramming the flash with a JTAG ?
In my case the process is always the following:
- read the boot and env block with JTAG
- change the product ID, remove the env variables I don't need
- write back the boot and anv blocks
- at this point, the router won't boot up anymore, because the existing firmware has a different Product ID than the environment key
- use TFTP to program the 3.1.x firmware
After this, the router will boot up and can be flashed with -NA firmwares from the web interface.]]> http://www.dslreports.com/forum/remark,21827490 Thu, 29 Jan 2009 12:46:18 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21827456 usbjtag : If we use TFTP to upgrade we can change the product ID.
If we just modify the product ID and still want to use web upgrade page to upgrade it will never fire up.
A complete re-program the whole flash with MAC modified can make it a true -NA. With USB JTAG program a whole flash will take only about 2 minute include the erasing. Not 90 hours to program. So it makes the re-factory the router possible and fast too. The programming time is so fast and you will take long time to open the box and put back than the programming.]]> http://www.dslreports.com/forum/remark,21827456 Thu, 29 Jan 2009 12:39:33 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21825864 toro :
Have you ever changed the ProductID to make it a true -NA? One that will accept -NA firmware without modification?
Yes, for RTP300 and WRTP54G I usually change the ProductID to the one corresponding to the -NA version so I can load -NA firmwares without having to patch them. I haven't encountered any issue doing that.]]> http://www.dslreports.com/forum/remark,21825864 Thu, 29 Jan 2009 06:57:24 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21825590 usbjtag : I have not tested ADM5120 myself.
If I have a full flash dump, I can convert linksys to true -NA version. Not only the product ID. There are other data in the boot makes it non-NA. ]]> http://www.dslreports.com/forum/remark,21825590 Thu, 29 Jan 2009 02:12:53 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21825532 meister_sd :
said by toro See Profile :

I've used the technique so far on RTP300, WRTP54G, Moto VT2142, Moto VT2442, Linksys PAP2v2, D-Link VWR-VD.
Have you ever changed the ProductID to make it a true -NA? One that will accept -NA firmware without modification?

@USBJTAG: Do you have any support for an ADM5120?]]> http://www.dslreports.com/forum/remark,21825532 Thu, 29 Jan 2009 01:42:03 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21821685 usbjtag : Agree. No need to downgrade to special firmware to work. Yet RTP-300 has NA version of firmware and that is good choice after unlocked.]]> http://www.dslreports.com/forum/remark,21821685 Wed, 28 Jan 2009 14:37:02 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21821544 toro : I've used the technique so far on RTP300, WRTP54G, Moto VT2142, Moto VT2442, Linksys PAP2v2, D-Link VWR-VD. It should work for the Vtech IP8100 as well, except not all the JTAG pins are present.
Basically I save the first 128K of the flash using the JTAG, then look for ADMIN_PWD, HASH_DIR and CRYPT_KEY. I replace the value for ADMIN_PWD with a known hash such as ABW9wzpK6VV4Q ("Admin") and get rid of HASH_DIR and CRYPT_KEY completely (to prevent any further provisioning). I also look for CONSOLE_STATE and set it to unlocked. Then upload the bin file back to the same location, boot up to the PSP loader and use the console to erase CONFIG_A and CONFIG_B.
That's all, after this you can boot up, and use Admin/Admin to login and point the provisioning to your own TFTP or HTTP server.]]> http://www.dslreports.com/forum/remark,21821544 Wed, 28 Jan 2009 14:13:23 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21821075 usbjtag : The same tech works for RTP300.
The theory is once you erase the log and cfg patition, the firmware will load the default admin password stored in bootblock. The well know hash of the Admin can be put in the boot and it will be the new password of admin.
Since those Vt2142 has flash types that has to be distinguished by the CFI command, I need to finish the software and then make a step by step unlock VT2142, VT2442 and new steps of RTP300. (I do not have other devices yet). I have already posted the RTP300 in the forum but will make it more public along with VT2X42 unlock.]]> http://www.dslreports.com/forum/remark,21821075 Wed, 28 Jan 2009 13:05:22 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21820208 meister_sd :
said by usbjtag See Profile :

I will compile how to and latter post at www.usbjtag.com.
Can you let us know when you do that and where the post is? This should apply to most of the Linux devices of that type.]]> http://www.dslreports.com/forum/remark,21820208 Wed, 28 Jan 2009 10:46:51 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21817406 usbjtag : If you just need to unlock one router it is not need to buy a fast JTAG> Build a simple JTAG. I will compile how to and latter post at www.usbjtag.com.
There is no need to downgrade the firmware to be able to get admin access.
All you need to do is erase the log and cfg and then modify the ADMIN_PWD key. The same method applies to RTP300. I have not tested with WRTP54G. But should be the same.

If you have a VT2142 and log in as router/router, go to tools and export the config. You then unzip the file to xml, your VONAGE phone password is in it.]]> http://www.dslreports.com/forum/remark,21817406 Tue, 27 Jan 2009 20:15:20 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21816871 anon : Hi Usbjtag,
Please help me. Can you show me some pic of your jtag that you used and if possible can please direct me where i can buy?

Thanks in advance]]> http://www.dslreports.com/forum/remark,21816871 Tue, 27 Jan 2009 18:53:36 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21814728 usbjtag : I found a way to unlock VT2442 and VT2142 without downgrading the firmware. Actually keep the latest firmware has benefit.
You just need to use JTAG to erase the configuration patitions and then modify the admin password in the bootblock. Then you can login as Admin and use CYT to push the configuration.
I also found if you use VT2442 and VT2142 you can get yoru VONAGE configuration and possible use software phone or use your own device to work with VONAGE (untested).]]> http://www.dslreports.com/forum/remark,21814728 Tue, 27 Jan 2009 12:48:38 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21737410 anon : I got the Gizmo5 sip info and now i am ready to put in my ATA VT2142. But my firmware is 11.4 . can i downgrade using user login?]]> http://www.dslreports.com/forum/remark,21737410 Tue, 13 Jan 2009 22:54:33 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21723043 meister_sd :
said by toro See Profile :

Probably the only known solution at this point is to use a JTAG
You can also downgrade the firmware using the serial port. I've never done it but I know it is possible.]]> http://www.dslreports.com/forum/remark,21723043 Sun, 11 Jan 2009 17:03:35 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21722930 toro : The only difference between VT2142 and VT2442 is the 4 port switch. I have both models and the menu options are really the same.
Don't look for the Provisioning settings if you logged in as "router" or "user", they only show up when you login with the Admin account. Basically the whole purpose of unlocking is to reset the password for the Admin account.
As far as I remember, the CYT unlocker doesn't work for the current firmware versions. So if your adapter was connected to the internet in the last year, forget about the unlocker.
Probably the only known solution at this point is to use a JTAG and there's plenty of info in this thread:
»[Unlock] Unlock and re-use VT2442]]> http://www.dslreports.com/forum/remark,21722930 Sun, 11 Jan 2009 16:43:54 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21722247 PX Eliezer : It appears to me that some of the forum participants who might know this are not around this weekend. So I would give it through Tuesday morning.

If no one has replied by then, it is likely that regrettably, no one will have any other solution.

You should consider also that for Gizmo5, you could use a basic adapter such as a Grandstream Handytone 286 which you can get for around $ 30. So what is your time worth?

While we are on this, I want to add that with Gizmo5, you have to download the program onto your computer first, even though your end goal is to use an ATA. Once you obtain the SIP parameters (user name, password, and so forth), you can program the ATA. At that point, if you wish, you could remove the Gizmo5 software from your computer. Certainly do not have the software and the ATA running at the same time.]]> http://www.dslreports.com/forum/remark,21722247 Sun, 11 Jan 2009 15:06:35 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21721829 anon : Thank you,
I looked those link and they are explaining more about VT2442 but my one is Vt 2142 and its menu are different. Please advice.]]> http://www.dslreports.com/forum/remark,21721829 Sun, 11 Jan 2009 13:47:52 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21720962 PX Eliezer : Did you see these posts which maybe will be of use?

»Re: CYT Device: Unlocking Information

»CYT Device: Unlocking Information]]> http://www.dslreports.com/forum/remark,21720962 Sun, 11 Jan 2009 10:45:27 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21719780 PX Eliezer : Please be patient. It may take a day or two.

Even boffins like to have some fun on Saturday night.]]> http://www.dslreports.com/forum/remark,21719780 Sun, 11 Jan 2009 01:13:11 EDT Re: VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21719634 anon : Please some one help me or give me some direction.]]> http://www.dslreports.com/forum/remark,21719634 Sun, 11 Jan 2009 00:23:53 EDT VONAGE VT2142 unlock help http://www.dslreports.com/forum/remark,21716374 anon : Hi,
I am a novice and would like some help from expert. My Vonage agreement is over and now i would like to use MOTOROLA VT2142 with GIZMO5. Can some please help me to unlock this adapter? I tried many search on Forums and did not find unlocking information. I tried cyt3.0 to 4.6 but nothing works. I login to adapter using "router" and "user" but did not see sip info. Please help.

Thanks]]> http://www.dslreports.com/forum/remark,21716374 Sat, 10 Jan 2009 14:53:40 EDT