said by tom thomas :
so far i am not getting anything in wireshark that i can make sense of. it appears to be using some form of encrypted TCP for authentication.
Yep, it makes an HTTPS request to mobile.nettalk.com to fetch your SIP user ID and password. This info gets cached in persistent storage and is only refetched if you select a different account in the app. You can't easily capture it, e.g. with Fiddler2, because the client checks the server certificate and disconnects if you have a MITM. Sorry, I don't have the time to look deeper.
However, the rest is standard SIP, so you can easily view the SIP user ID (though not the password). Now, mazilo, listen up! The server is presently accepting unregistered unauthenticated calls, so enjoy them while it lasts.