acyd
join:2005-06-01
Eatontown, NJ | reply to jcgalvez
Re: [PAP2] New Firmware 3.1.7(LSd) found I'd be interested to hear where this firmware really came from since I work at Vonage and I don't think we give out firmware for unlocked PAP2's. In fact, the default super password was changed because of them, also our policy on even instructing a user how to factory reset. |
|
|
|
maziloFrom MaziloPremium
join:2002-05-30
Lilburn, GA
kudos:1
1 edit | said by acyd:I'd be interested to hear where this firmware really came from since I work at Vonage and I don't think we give out firmware for unlocked PAP2's. If you expect us to tell you how we have come about to know the releases of new firmwares, please don't.
In fact, the default super password was changed because of them, You can keep changing the default super password, and the changes basically won't affect us.
also our policy on even instructing a user how to factory reset. Are you sure what you are talking about? I see some people can't even perform a factory reset to their PAP2 units once they are locked by Vonage. So, what's the deal here on telling user how to factory reset the unit if the unit has been completely locked?
BTW, the latest PAP2 firmware is now 3.1.7-LSe which comes with a new feature to have the ability to disable/enable upgrade from user login. |
|
bmn? ? ?Premium,ExMod 2003-06
join:2001-03-15
hiatus | reply to rizzo2dial
Hopefully that's not the case... I applied that firmware to an uncrippled, never locked PAP2 that I bought from Voxilla.
--
Support "W"
The one thing worse than idle hands is an idle mind. |
|
| reply to mazilo
said by mazilo:BTW, the latest PAP2 firmware is now 3.1.7-LSe which comes with a new feature to have the ability to disable/enable upgrade from user login. can you post the link to it. i tried changing the "d" to "e" in the link above, but couldnt download it |
|
| reply to acyd
said by acyd:I'd be interested to hear where this firmware really came from since I work at Vonage and I don't think we give out firmware for unlocked PAP2's. You're asking us where firmware, which is posted on a Vonage server, came from?!?! WTF!
My guess would be: From Linksys 
Vonage "gives out" firmware all the time. Any time a Vonage adapter is configured to be updated w/ a new firmware version, Vonage "gives it out."
You sure you work for Vonage? (Sounds like a brutal commute from Eatontown to Edison).
Rizzo |
|
maziloFrom MaziloPremium
join:2002-05-30
Lilburn, GA
kudos:1 | said by rizzo2dial:You sure you work for Vonage? (Sounds like a brutal commute from Eatontown to Edison). Sounded to me the poster was smoking a pot when posting his questions...  :D:):D:):D |
|
 qsg1049Just Fix ItPremium
join:2003-05-19
Crystal Lake, IL | reply to rizzo2dial
said by rizzo2dial:said by acyd:I'd be interested to hear where this firmware really came from since I work at Vonage and I don't think we give out firmware for unlocked PAP2's. You sure you work for Vonage? (Sounds like a brutal commute from Eatontown to Edison). Rizzo Maybe we can ask him what the new default super passwords are to prove whats he's claiming? |
|
rcilinkPremium
join:2003-12-15
Manchester, NH
1 edit | reply to rizzo2dial
From what was posted on another forum, the vonage reps are required to have the enduser RMA the PAP2 if it needs to be tweaked.. They no longer give out any admin passwords...
That must be an expensive solution, to pay for return shipping on a PAP2... |
|
maziloFrom MaziloPremium
join:2002-05-30
Lilburn, GA
kudos:1
2 edits | reply to CSD8086
Trojan horses found on PAP2 new firmware v3.1.7?said by CSD8086:******* DANGER DANGER DANGER DANGER ******* DON'T USE THIS FILE IN PLACE OF SP2K-PAP2.BIN IF YOU'RE FOLLOWING THE UNLOCKING GUIDE. 3.1.7 will brick a PAP2 that is being upgraded from the Sipura firmware!!!! SPA -> 3.1.3 -> 3.1.7 is OK, but SPA -> 3.1.7 will toast your unit! Anyone have any reliable ideas for unbricking a unit? I guessed you must be right in this matter. I re-read the RELEASE note on 3.1.7 and it says as follows:
====================================
Feature Enhancement
====================================
Since 3.1.7
1. Disable ability to upgrade from user login.
Here is my interpretation on the above release note:
1. No more upgrades can be performed through a user account, i.e. http ://upgrade?tftp ://firmware.bin can no longer be used to perform a firmware upgrade as a user.
2. Based on the above presumption, it is possible Vonage has added some routines on the new v3.1.7 firmware to counteract the TFTP spoofing method that we have used to unlock our PAP2 units. In other words, if you have upgraded your PAP2 units with this v3.1.7 firmware, your PAP2 units can no longer be spoofed to perform a provision through a DNS hack.
3. [EDIT] Perhaps, this v3.1.7 firmware will also has a new routine to let the PAP2 units phone home, by passing the regular setup. In other words, v3.1.7 firmware doesn't look at the Provision Enable feature and yet be able to phone home at a certain time.
If my assumptions are right and everyone is jumping into the bandwagon to perform the firmware upgrade to v3.1.7, then I believe Vonage will have the last laugh. Is anyone willing to salvage his/her PAP2 unit trying to prove that I am wrong in this matter? |
|
| said by mazilo:I guessed you must be right in this matter. I re-read the RELEASE note on 3.1.7 and it says as follows: ====================================
Feature Enhancement
====================================
Since 3.1.7
1. Disable ability to upgrade from user login. Got a link to the 3.1.7 release notes?
In light of the above, I've reverted my PAP2 back to 3.1.6.
Rizzo |
|
maziloFrom MaziloPremium
join:2002-05-30
Lilburn, GA
kudos:1 | Re: Trojan horses found on PAP2 new firmware v3.1. said by rizzo2dial:In light of the above, I've reverted my PAP2 back to 3.1.6. Rizzo,
I just sent you an e-mail regarding the above. |
|
| reply to rizzo2dial
said by rizzo2dial:said by mazilo:I guessed you must be right in this matter. I re-read the RELEASE note on 3.1.7 and it says as follows: ====================================
Feature Enhancement
====================================
Since 3.1.7
1. Disable ability to upgrade from user login. Got a link to the 3.1.7 release notes? In light of the above, I've reverted my PAP2 back to 3.1.6. Rizzo Dear Rizzo,
Can you provide instructions to revert back to 3.1.6 ??? |
|
maziloFrom MaziloPremium
join:2002-05-30
Lilburn, GA
kudos:1 | Just flash back with v3.1.6 the same way you flash to v3.1.6. |
|
| said by mazilo:Just flash back with v3.1.6 the same way you flash to v3.1.6. I tried to go back to 3.1.3 using the TFTP method using the the .BIN file installed on my PC. It appears that the "downgrade" will not work. Still reported as 3.1.7LSd... |
|
| Back to 03-01-06-LS |
|
| reply to rizzo2dial
Re: [PAP2] New Firmware 3.1.7(LSd) found ====================================Feature Enhancement====================================Since 3.1.7
1. Disable ability to upgrade from user login.
^That's only for LSe, you are fine if you use 3.1.7LSd firmware. |
|
maziloFrom MaziloPremium
join:2002-05-30
Lilburn, GA
kudos:1
1 edit | said by dale5605 :
====================================
Feature Enhancement
====================================
Since 3.1.7
1. Disable ability to upgrade from user login.
^That's only for LSe, you are fine if you use 3.1.7LSd firmware. If it is only for LSe, then it would have said Since 3.1.7LSd. The fact is it says Since 3.1.7 that triggered my thoughts and concerns. If you do have your PAP2 unit running with v3.1.7LSd, please be careful that Vonage may have purposely injecting such a Trojan Horse to let it bypass the Provision Enable switch to phone home. I hope I am wrong in this presumption, nevertheless it is good that you have such an argument to disagree with my presumption and are willing to take such a risk so that everyone doesn't have to be jumping on the same bandwagon to risk their PAP2 units locked by Vonage should my presumption is right. Honestly, I can tell you all that if Vonage has purposely injected a Trojan Horse onto its new v3.1.7 firmware to let the PAP2 unit phones home bypassing the Provision Enable switch, this means WAR and should be fought back! |
|
Reviews:
 ·Axvoice
1 edit | It'll be fairly straight-forward with a network sniffer if the unit is "phoning home." I suspect though once you have the GPP key you'll always be able to re-unlock your adapter as you'll have the admin user-id password.
[side_note]VuckFonage is a great tool for this purpose. Being able to download multiple config files fairly quickly and decrypt them. Again, thanks Rizzo!![/side_note]
I'd wait until you start seeing other providers (such as iConnectHere, Verizon VoiceWing, etc.) that use the PAP2 offer up a 3.1.7 firmware before I'd recommend the masses to migrate/upgrade to it. |
|
maziloFrom MaziloPremium
join:2002-05-30
Lilburn, GA
kudos:1 | reply to rizzo2dial
May be it is time to find the v3.1.7 firmware specifically for -NA and not from Vonage. |
|
rcilinkPremium
join:2003-12-15
Manchester, NH | reply to rizzo2dial
Re: [PAP2] New Firmware 3.1.7(LSe) Seriously, I think you guys are giving Vonage a lot of credit.. thinking that they have the skill to build their own firmware.. nah! No way!
I would imagine that they are a heavy influence into Sipura (now linksys, now Cisco), and can push ideas into the firmware builds..
So, No, I am not saying it isn't possible to have a firmware with a mind of its own...
Maybe an easy way to help identify this firmware..
Where did it come from? Looking at the package, it looks like it is an authentic item.. The packaging does not lead me to believe that it came from Vonage. It looks more like it was taken from the Linksys secured support site... The 'authorized' service providers who use/sell large-quantity PAP2 units can get in there and take these files..
So, can someone verify that package is still on their secure support site? If so, it will debunk the idea of a Linksys/sipura/cisco employee trying to poison this unlock project.
The "unlocking guide" was posted here on the 27th of September. The "3.1.7e" release was released on or about the 13th of October. That gives them time to make the one change (disable 'user' level firmware upgrades) and QA it.
I would say this is their response to the unlocking problem for Vonage and friends.
I would imagine that some have seen memos, internally, talking of methods to better secure a Linksys PAP2, to prevent an unlock. Any of the lurkers care to comment?
When I find some time again, I will load 3.1.7e and put it on a subnet with a sniffer to let everyone know if it trys to phone 'home' or not. If someone beats me to it, please post the results. |
|
