VOIP Tech Chat → Re: [Unlock] Unlocking Linksys SPA2102 adapter

Then unless your provider gives you the password there is very little you can do.
You can try to sniff the traffic from the ATA when it boots up, by connecting its WAN interface to your router through to an old hub (not switch), connecting your PC to the same hub and running Wireshark. The ATA will probably use TFTP, HTTP or HTTPS to retrieve its configuration file within the first 1-2 minutes of the boot up. Unless it uses HTTPS, you can actually see the request and the URL for the file and try to download it manually. Then, if you're lucky and the file is not encrypted you can get your passwords from there or you can spoof the provider's servers and "feed" the ATA another file which will reset the passwords. If the file is encrypted you are out of luck, you won't be able to decrypt it without knowing the key which is stored in the ATA.

the ATA and PC both are connected to the router, which connected to cable modem. Do I need connect it through the hub before router? Also, I read somewhere that encryption somehow use MAC address of ATA for the key.

Yes, the hub basically replicates all packets to all ports, so your PC can sniff the traffic that is supposed to go to the ATA. With a switch (which is built into today's routers), the traffic only goes to the port of the device that is meant to receive it.
The encryption can be done in different ways, the most common one is to save a unique encryption key in the ATA and all the provisioning files feed to the ATA afterwards will be encrypted with that key.

If ATA use TFTP to retrieve its configuration file, the TFTP server may be configured to prevent direct download of configuration file, is it correct?

Usually no. However that restriction may be implemented in case of HTTPS (but in that case you can't even see the URL for the config file)