Before you waste too much time, confirm with somebody who has access to P2606 that the password is actually stored in rom-0.
I don't have P2606 but have access to Z2+ and I've saved the rom-0 then changed the password and saved rom-0 again and did the whole thing again. All three rom-0 files are binary identical! ...meaning the password is not stored in rom-0.
Well, few guys in polish forums stated that they were able to recover the VoIP data by uploading the rom-0 file to a non-modified P2602. I don't have the required tools to upgrade router's FW, so i'm looking for another way. I've also read that sniffing could work, but i don't know nothing about it. Could anybody tell me how to sniff the VoIP password?
If it was that easy, i wouldn't even post here. The problem is that i have so poor firmware that there isn't any voip data section. It lies somewhere deeply in router's config files, rom-0 probably.