Unofficial magicJack Forum

Unofficial magicJack Forum

Your Unofficial magicJack and magicJack Plus phone service information resource
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
Use MagicJack service with other softphone (found password!)
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Unofficial magicJack Forum -> magicJack Tips, Tricks, and Hacks
View previous topic :: View next topic  
Author Message
VanguardLH
MagicJack User


Joined: 04 Aug 2008
Posts: 38

PostPosted: Thu Nov 13, 2008 1:53 am    Post subject: Use MagicJack service with other softphone (found password!)

I tried the SJphone (which is purportedly a customized version used by MagicJack) but couldn't find where to enter the call registration server (or auth proxy that validates you use of their services), the VOIP load proxy (used to handle your call load), and the username and password for the call registration process. So I moved to the trying to get the X-Lite softphone to replace the MagicJack softphone - and I almost got there.

Of interest to those trying to do the same with other softphone is the obstacle of finding the 20-character registration password to validate their use of the MagicJack (MJ) VOIP-to-PSTN service. Getting the username is easy. There are some articles that mention using a brute force guessing scheme using Cain but that was only feasible when the password was 4 characters long. Then MagicJack switched to use port 443 (HTTPS) and a 20-character password so that put the kabosh on many folks trying to setup a different softphone for use with the MJ service. Well, I found out how to get the 20-character password: use pmdump to dump the memory copy of magicjack.exe process and search for the variable that holds the password. You'll have to read through my journal of how I almost got the X-Lite softphone to work with the MJ service and also with the TigerJet ATA dongle that comes with the MJ so a telephone can be used instead of the softphone.

I got most a lot of X-Lite to function with the MJ service but only partially with its dongle. The remaining problems to be solved before the X-Lite softphone is a complete substitute solution are:

- X-Lite softphone won't disconnect the call in progress when I hangup the telephone connected to the dongle.

- X-Lite softphone won't ring the telephone connected to the dongle when calls are received.

- X-Lite softphone won't connect a received call to the telphone connected to the dongle. Making calls using the telephone worked okay. Couldn't receive calls using the telephone (but could using the softphone).

So if you are only interested in using the softphone with MJ's VOIP-to-PSTN service (and using a headset connected to the computer or the computer's soundcard with its speakers and microphone) then the above problems are irrelevant since you don't even need the dongle because you aren't trying to use a telephone connected to it.

The next post in this thread is what I wrote up with reviewing all of it before posting. It documents how I tried to switch away from using the MJ softphone and move to using the X-Lite softphone but it was oriented to getting the telephone used as the primary device for making and receiving calls. I want to use the telephone like a telephone, not have to get on the computer to use a softphone. The telephone is cordless so I'm not restricted to the locale of the computer in my house.

So enjoy reading the next post in this thread. It might help someone else with their setup. If anyone has suggestion on how to solve the last remaining problems with using the telephone with X-Lite then I'd like to hear about them. I know many folks have complained about hearing of others that could find the password but never divulged how to do it. It's divulged here and involves no disassembly or hacker tricks. The password is easily found in the memory image of the magicjack.exe program as plain text.

Read on if you have the stomach for long posts.
Back to top
View user's profile Send private message
VanguardLH
MagicJack User


Joined: 04 Aug 2008
Posts: 38

PostPosted: Thu Nov 13, 2008 1:55 am    Post subject:

Here's my journal of what I did in trying to replace the MJ softphone with the X-Lite softphone. For me, it is not a complete solution because I could not get the telphone to ring for received calls, listen on the telephone for received calls, and couldn't get the X-Lite softphone to end the call when I hungup the telephone.

* Perform the normal installation of the MagicJack by following their instructions. Get the MagicJack working by using their installation procedure. This includes the initial procedure to register the MagicJack to create an account.

* Plug the MagicJack dongle into a USB port. This creates the two virtual USB drives for the MagicJack. The 1st drive has autorun.exe to load their software when the USB drive appears by using auto-play in Windows. The 2nd drive is the data drive with the \magicjack folder containing your profile data, like using the headset or sound card, contacts list, call history, etc.

* Since you want to use a softphone other than the one included with the MagicJack product, you never want to run their autorun.exe program when you plug in their dongle. You could disable auto-play in Windows but then you kill that feature for all removable drives. Instead you can use the security policy editor (secpol.msc) in NT-based versions of Windows to create a software restriction policy that blocks autorun.exe from loading. Add a path rule that blocks <d1:>\autorun.exe from running, where <d1:> is whatever is the 1st virtual USB drive created when you plug in the MagicJack dongle. You will see entries in the Event Viewer when the security policy bars autorun.exe from loading whenever you plug in the MagicJack dongle. If you add hard drives, repartition your existing hard drives, add external drives, or otherwise change the drive letter assigned to the first virtual USB drive for the MagicJack device, you will need to update this security policy to point at where is the autorun.exe program for MagicJack.

* MagicJack's install adds its cdloader2.exe program to the Run registry key for your Windows account. You could delete that data item in your Run key using the registry editor (regedit.exe) but it is easier to use msconfig.exe to disable that startup item.

* Kill off all MagicJack process using Task Manager (magicjack.exe, mjsetup.exe, UTSCSI.exe). Leave the MagicJack dongle plugged into a USB port.

* Run the MagicJack softphone but do NOT use their shortcut. Their shortcut runs MagicJackLoader.exe which will run their install or setup program, recreate shortcuts, regenerate files (which are the same as before), display the splash screen, and all before even getting to load their magicjack.exe softphone (a customized version of SJphone). Plus you want to enable logging to see some data regarding the connections made by their softphone. Instead create your own shortcut to run the magicjack.exe program directly where the properties of the shortcut are:

Program: "%userprofile%\Application Data\mjusbsp\magicJack.exe" /foreground /lf log.txt /scf _magicJackPersonalDataRoot "<d2:>\magicJack"
Start-in path: "%userprofile%\Application Data\mjusbsp

Make sure to use the double-quotes where shown due to the inclusion of spaces in the paths (the last parameter doesn't need to be double-quoted but it doesn't hurt and in case YMax changes the data folder to a name that includes spaces). "%userprofile%\Application Data\mjusbsp" is the default path or program folder where the MagicJack installation copies its program files. The /lf parameter is the logfile. The log.txt file gets saved in the current path and why you specify the "Start in" path so the logfile is saved in the same folder as the MagicJack program files. The /scf parameter tells the modified SJphone where to find its user data files. These are on the 2nd virtual USB drive created when you plug in the MagicJack dongle, so replace <d2:> with whatever is the drive letter for that 2nd MagicJack drive. Now run that shortcut by double-clicking on it. The MagicJack softphone should load and do so much more quickly since all the setup testing, file regeneration, and splash screen don't need to be processed.

* If you use a NAT router, it probably has a logfile that you can enable to see to where you are connecting; however, often all you see are IP addresses which make it difficult to see to where you are connecting (IP names are easier for you to recognize). WallWatcher works with the loggin function of many routers and you can configure it to do a reverse DNS lookup to show the IP names for all those connections (where a lookup works, that is). Or you can use a packet sniffer, like Wireshark or Nirsoft's SmartSniff, to monitor your network traffic. Some firewalls also provide logging to show to where you are connecting. You want to monitor your network traffic and also see IP names for those connections so you can readily see which ones are for the MagicJack connections (which are connects to hosts on the talk4free.com domain). The purpose of this monitoring is to find out which proxy hosts are used by MagicJack for your currently assigned MagicJack telephone number when you are using their VOIP service. The proxy host names will look something like "<hostname>.<city>.talk4free.com".

* Make a call using the telephone connected to the MagicJack. You will now have the logfile (log.txt) file to look at in the MagicJack program folder.

* Before you end your MagicJack program, you need to get the registration password for your SIP account. This is NOT your password used when you initially created your online account (http://my.magicjack.com) when registering the product when you installed it. This is the SIP REGISTER password needed for the softphone to authenticate to the MagicJack service that you are allowed to use their services. This is a 20-digit password so brute force at guessing it is not feasible and packet sniffing won't work because HTTPS (port 443) is used. Instead you need to see what got stored in the memory copy of the MagicJack softphone (magicjack.exe) that manages to get registered to use their services. For this, you need to get a memory dump of the running magicjack.exe process. Download the pmdump.exe utility from http://www.ntsecurity.nu/toolbox/pmdump/. This is a command-line utility to dump the memory contents of a process into a file. To run the program, open a DOS shell (cmd.exe), navigate to where you downloaded the .exe file, and run the program. To get help, just run "pmdump.exe". Use Task Manager's Processes tab to get the process identifier (PID) of the magicjack.exe process, or run "pmdump -l". You use that PID in the pmdump command to identify which process to read its memory image. For example, if the magicjack.exe process was PID 2500 then you would run:

pmdump.exe 2500 magicjack.dat

magicjack.dat (or whatever name you used for the filename) will contain the memory dump of the magicjack.exe process running as PID 2500. This file will be large. The magicjack.exe process consumes 85MB so the dump file will be that big, too. Open the output file using WordPad (to get around just CR used for newlines instead of CR-LF that Notepad expects), or any editor you like. Once the output file loads into your editor, search for "ProxyUserName" (sans quotes). You should find lines in the memory dump that look like (only the pertinent lines are shown below):

ProxyUserName=Eaaapppnnnn01
ProxyUserPassword=<proxypwd>
SIPCallerID=Eaaapppnnnn01
SIPVoiceMailAddress=aaapppnnnnn
SIPProxyURI=<registrationhostlist>
UserDomain=talk4free.com

The ProxyUserName and ProxyUserPassword are your authentication credentials to their registration servers to verify you have permission to use their services. aaapppnnnn is your MagicJack phone number assigned when you first provisioned your MagicJack account (aaa = area code, ppp = local prefix, nnnn = index number). Later you are told how to get the ProxyUserName, registration host (authproxy), and UserDomain from the logfile of MagicJack's softphone (a customized version of SJPhone) but it is here, too. For the authproxy host and port, it will be one of those in the registration host list in the SIPProxyURI value. What is most important here is the password that you will need when configuring a SIP account in the X-Lite softphone. You need both the username and password to authenticate to their registration server to use their service. MagicJack doesn't want you to know these login credentials in trying to force you to keep using their custom softphone (along with the autorun.exe, setup, and splash programs they bundle together).

* Using the Task Manager, kill all MagicJack processes (magicjack.exe, mjsetup.exe, etc.).

* In the log.txt file, do a search on "sip:". After it is listed your username that you will specify in the X-Lite setup. It should look something like "Eaaapppnnnn01" where "aaapppnnnn" is your MagicJack telephone number assigned during its registration when you installed it (aaapppnnnn is the 3-digit area code, 3 digit locale prefix, and the 4-digit index number within that locale; i.e., it's your 10-digit MagicJack telephone number with no delimiter characters). This value will be used for the following config fields in the X-Lite softphone:

User name
Authorization user name

* In the log.txt file, search for the "RECEIVED UDP:" string. An IP address and port are listed after it. The entire line looks like:

RECEIVED UDP:<authproxy>:<port> -> UDP:<yourIPaddrs>:<socketport>

where <authproxy> is their host to authenticate your use of their VOIP service and <port> is on what port it listens (should be port 5070). <yourIPaddrs> is whatever is your current IP address assigned to your computer where you are running MagicJack. If you use a NAT router between your computer and your ISP, this will be an intranet IP address, like 192.168.x.x, that was assigned by your router's DHCP server (or a static one that you assigned to your computer). With a router, you will see a different IP address as the value of the "received=xx.xx.xx.xx" parameter (in the "Via:" line following the "RECEIVED UDP:" or "SENDING UDP:" lines) in the log.txt file which is the IP address of the WAN-side of your router. If you connect your computer direct to the Internet (using dial-up modem or your computer is connected directly to the cable/DSL modem), this is the IP address assigned to you by your ISP. What you want from this line is the auth proxy's IP address.

* In the log.txt file, find the MagicJack host that handles the VOIP load for your calls. You must have made a call for this proxy host to be determined by their auth proxy. After making a successful VOIP call, search for the "SIP/2.0 183 Session Progress" line in the log.txt file (which shows SIP version, status code of 183, and a comment string to describe that status). This reports the results of the registration process for them to determine what VOIP proxy you will use. Parameters are returned for use during your VOIP session, which are on lines that look like:

v=0
o=- 1676152522 1676152522 IN IP4 <authproxy>
s=ENSResip
c=IN IP4 <VOIPproxy>
t=0 0
m=audio 14162 RTP/AVP 0 101
a=fmtp:101 0-15
a=ptime:30
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=silenceSupp:off - - - -
a=sendrecv

You are interested in the <VOIPproxy> value. This will be an IP address but you can use an IP name (from a reverse DNS lookup) if you prefer using hostnames instead of numbers.

* Although you will be installing the X-Lite softphone to make the VOIP calls, and although it detects the MagicJack dongle (TigerJet USB device), it won't work using the telephone to punch its keys to dial the phone number. Something has to deliver the scan codes for the dialing tones from the MagicJack dongle to the VOIP program (X-Lite). That is the purpose of the TJinit utility. Get it from http://www.tjnet.com/software/index.htm. Download and install. It should be added to your Startup group in the start menu to load on login so it is available when the X-Lite softphone also loads on login. Without it you cannot use the telphone attached to the MagicJack dongle to get its dialing tones to the softphone. TJinit is the link between the telephone input jack on the dongle to the softphone.

* Install the X-Lite softphone. It's product page is at http://www.counterpath.net/x-lite.html with a download link. Do NOT have it running at the same time as the custom SJphone included with the MagicJack product (only run one softphone at a time; else they can interfere with each other when trying to utilize the same VOIP device).

* Replace the TjIpSys.dll included by the X-Lite install with an updated version of the file.
o There is a link at TigerJet's software downloads page (http://www.tjnet.com/software/index.htm) to the updated Eyebeam DLL (X-Lite is a light version of EyeBeam). That link takes you to http://www.cuphone.com/help/eyebeam.htm. Rename the original TjIPsys.dll file to TjIPsys.OLD_dll and then copy the newer DLL file into that folder (C:\Program Files\CounterPath\X-Lite, the default install path for X-Lite).
o Alternatively, copy the TjIPsys.dll file from the MagicJack install folder ("%userprofile%\Application Data\mjusbsp) into the X-Lite install folder. Right-click on the .dll files, select Properties, and under the Version tab check the version of the file. The one from MagicJack might be newer than the one currently available for download at TigerJet's web site, especially if you have run MagicJack's update program. At the time that I checked, the .dll from TigerJet was version 11.7.0.0 while the version in the MagicJack folder was 13.03.0.
* Download the PDF manual for X-Lite. Go to the product page mentioned before and click on the Resources tab to see a list of document downloads. At the time of this writing, the only document available for X-Lite was its manual which was at http://www.counterpath.net/assets/files/191/X-Lite3.0_UserGuide.pdf for version 3.0 of X-Lite. Don't click on the link unless you want to load the manual from their file server into your web browser. Right-click and use Save Target As to save the .pdf file into the X-Lite install folder, and then create a shortcut to it in the X-Lite start menu group created by its install.

* After installing the X-Lite softphone, you need to configure a SIP account. Create a new SIP account: right-click on the X-Lite softphone and select "SIP Account Settings" from the context menu. Click the button to Add a new SIP account. Under the Account tab:

- User Details section:

o Display Name: Specify what is displayed as your CallerID by those that receive your calls.

o User Name: Contains the SIP identifier that you found in the log.txt file (Eaaapppnnnn01).

o Password: Contains the password that is encoded into the MagicJack softphone when it got provisioned by MagicJack's provisioning host. Normally you can't see this value. It is not the password you specified when you registered the MagicJack software with their service and which is the password when you login at http://my.magicjack.com to look at your account status and settings. You got this password from the instructions above on using pmdump to copy the memory image of the magicjack.exe process into a file and then found the password in the file.

o Authorization user name: Same as the User Name field.

o Domain: Specify the VOIP proxy discovered above in the log.txt file after making a VOIP call. I've also found talk4free.com will work.

- Domain Proxy section:

o Register with domain and receive incoming calls: Enable.

o Sent outbound via: Select the "Proxy" radio button. Specify the auth proxy and port found in the log.txt file. This is the registration server that checks if you can make a VOIP call. You can use either its IP address (as shown in the log.txt file) or do a reverse DNS lookup and enter its IP name. I prefer IP names, like proxy1.<city>.talk4free, instead of IP addresses (numbers). You must include the port number on which that proxy listens, so the syntax for the "Address" field for this proxy selection looks like "<authproxy>:<port>". Since port 5070 is used, this value looks something like "proxy1.<city>.talk4free:5070".

- Dialing Plan section

You probably don' t need to change this field, especially if using a telephone instead of the softphone. This is a pattern-matching string used by X-Lite to define the expected patterns of characters for a telephone number or SIP address along with transformations to perform on the matching pattern. It is best to download the PDF manual for X-Lite and read Appendix B on how to define the dialing plan string. The syntax is:

pattern1[...|patternN]];[match=1;<keyword1>=<value1>[...;keywordX=<valueX>][;match=N;<keyword1>=<value1>[...;keywordX=<valueX>]]]

The patterns are an ordinal list delimited by the vertical bar characters. Once a pattern is matched, the X-Lite softphone will begin dialing the number (after any transformations, if any) rather than wait for the user to hit the Dial button. This is similar to the MagicJack's softphone dialing once you've enter the last digit in a 10-digit phone number. If the input string doesn't match on a pattern, the X-Lite softphone waits for the user to hit the Dial button. If you're using a telephone attached to the MagicJack dongle, you probably don't want to bother with the softphone and have dialing begin when you complete entering the phone number on your telephone. If you're using the softphone, you can hit the Dial button whenever you choose that the phone number has been completely entered. My orientation is to use the telephone to make calls without ever bothering with the softphone, so I want the softphone to dial as soon as I've complete entry of the phone number when using the telephone attached to the MagicJack dongle (and without waiting 10 seconds to see if another digit is entered from the telephone).

You don't need to specify a dialing plan if you intend on only using the X-Lite softphone since you can always just hit the Dial button when you know the input is complete. If you don't input a string from other than the softphone itself to specify the phone number, you won't need to do pattern matching and you won't need to transform what is inputted to what gets dialed (as you might if you copy-n-paste a string from somewhere else into the softphone). If you use a telephone attached to the MagicJack dongle as your primary means of making calls (and don't want to bother separately hitting the Dial button in the X-Lite softphone or wait the 10-second pause for the softphone to realize you aren't entering more digits) then you need to define a dialing plan that will match on the phone numbers you enter from your telephone so dialing begins immediately.

The default dialing plan string is:

#1\a\a.T;match=1;prestrip=2;

This string specifies only one pattern (with a matching transform parameter). \a is a wildcard for a non-numeric character, and . is the wildcarding character meaning zero or more occurrences of the prior character. So this pattern is matched (and dialing begins automatically after the 4-second pause for the T timer parameter) if the user inputs "#1", one non-numeric character, like "-", and then zero or more non-numeric characters, like the letters associated with digits on the telephone keypad. So if the user inputs "#1USS-GET-ZUNE" (Microsoft's 877-438-9863 telephone support for their Zune service), it will get transformed to "USS-GET-ZUNE" and dialing starts. I have never started a phone number with the pound character ("#") when dialing from my telephone, plus using it with the MagicJack service results in connecting to YMax's test service to check if it can successfully perform the VOIP connect to the entered PSTN phone number (i.e., #8774389863 entered on my telephone results in YMax testing if their VOIP service can connect to Microsoft's tech number). With the MagicJack service, you don't need to add the "1" prefix for long-distance phone calls as everywhere is a local call for the MagicJack. The 10-digit phone number is sufficient to connect to a local or long-distance phone number. So this pattern would never be entered by me, and so leaving the default string in the Dialing Plan field has no effect for my calls. I could use an empty Dialing Plan because what I punch on my telephone's keypad is what I want it to use (and just wait the 10 seconds for the softphone to realize that I'm not entering any more characters or digits).

If you want dialing to begin immediately after you input a phone number, you'll have to define a pattern (and possibly a transform on it), something like:

#1\a\a.T|[2-9]xxxxxxxxx|1xxxxxxxxxx|[49]11;match=1;prestrip=2;match=3;prestrip=1

#1\a\a.T|...;match=1;prestrip=2;... (pattern match with transform)
This keeps the default pattern and its prestrip transform already included in the install of X-Lite to route non-numeric phone numbers; however, since I'm punching keys on a telephone, the dongle only hears the tones so it only knows their digits, not their alphabetic characters (so this pattern and its transform are only applicable when inputting a string into the X-Lite softphone and not when dialing using a telephone). The T timer parameter is for the softphone to wait 4 seconds for the next character because the string length is variable.

...|[2-9]xxxxxxxxx|... (pattern match, no transform)
Adds a 10-digit pattern match (a 10-digit phone number starting with 2 through 9 followed by another 9 digits) whereupon dialing begins immediately.

...|1xxxxxxxxxx|...;match=3;prestrip=1 (pattern match with transform)
Just in case I enter a phone number using the "1" long-distance prefix, and since it is irrelevant with the MagicJack service (for calls originating in the USA and Canada), another pattern is included that starts with "1" (to match my input) but the transform strips it out from the actual number that gets dialed (and dialing begins immediately), so "1xxxxxxxxxx" inputted is changed to "xxxxxxxxxx" dialed.

...|[49]11|... (pattern match, no transform)
I want dialing to begin immediately after entering the 911 emergency number and 411 for directory assistance.

* You may have to configure the devices used by the X-Lite softphone. It tries to detect the devices but the selections might not be appropriate for use with the MagicJack dongle. Under the Devices category of options:

- Headset section:
If you use just the softphone, you'll want to set the speaker and mic inputs to your sound card. If you intend on using the MagicJack USB dongle and the telephone connected to it, select the TigerJet USB device ("USB Internet Phone by TigerJet").

- Speakerphone section:
By default, the sound card's speakers and microphone are selected. When you click the Speakerphone button in the X-Lite window, your speakers and mic become the speakerphone. I figured that was okay since I don't use the speakerphone feature on my telephone now. Yet, when I dialed a phone number using the telephone connected to the MagicJack dongle, I wouldn't hear anything. I had to click the Speakerphone button on the X-Lite softphone to hear the call. I had to change the devices in this section to use the TigerJet USB device (and the telephone connected to it).

To use my telephone connected to the MagicJack dongle (the TigerJet USB device) for phone calls, I had to set both the Headset and Speakerphone devices in X-Lite to use the TigerJet USB device. For best call quality, I enabled all quality settings for both Headset and Speakerphone devices: echo cancellation auto-gain control, and noise reduction.

- Ring Device:
I set this to the TigerJet USB device because I want my telephone to ring when phone calls are received. If set to use the sound card's speakers, I may not hear new calls because I often mute the sound on my computer except for when I want to hear sounds, like when playing games. I also disabled ringing the built-in PC speaker on getting phone calls. I only want my telephone to ring.


What you are left after the above setup is: using a software restriction policy to prevent autorun.exe from loading (and running the setup and splash programs to eventually load magicjack.exe) by using auto-play in Windows that is found in the 1st virtual USB drive that appears when you plug in the MagicJack dongle; no longer using the customized SJphone that comes with MagicJack and instead using the X-Lite softphone.

There are two remaining bugs that I haven't been able to solve:

1. Terminating the phone call when I hang up the telephone. TJinit interfaces between the telephone to send the scan codes to the VOIP program for the dialing tones but it doesn't send anything when the user goes on-hook (disconnects the call). This means the call remains active although I've hungup the telephone. I have to use the X-Lite softphone to hangup the call.

2. Getting the telephone to ring on an incoming call. Although the Ring Device is set the TigerJet USB device (MagicJack dongle), the telephone does not ring. I can set the Ring Device to use my sound card's speakers and hear an incoming call (if my speakers aren't muted which they usually are) but I cannot take the call on the telephone. I can make calls using the telephone but I cannot receive calls using the telephone. On getting call, all I hear on the telephone is a dial-tone. Since the Speakerphone options in the softphone are configured to use the TigerJet USB device (so I can make outbound calls), I tried hitting the Speakerphone button on the X-Lite softphone but that did not connect the telephone to the call.


Last edited by VanguardLH on Thu Nov 13, 2008 3:53 pm; edited 3 times in total
Back to top
View user's profile Send private message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Thu Nov 13, 2008 8:34 am    Post subject:

WTF are you serious??

Good job at exposing the loop holes for the USB device on a public forum. I bet the engineers at MJ appreciate the help.
Back to top
View user's profile Send private message
kingfisher1111
MagicJack Expert


Joined: 27 Nov 2007
Posts: 76

PostPosted: Thu Nov 13, 2008 12:23 pm    Post subject: Edit this post

some one edit this post.Damn don't be smart..
Thanks

Edit: Mod edit.
Back to top
View user's profile Send private message
StrFmSTr
MagicJack Newbie


Joined: 18 Sep 2008
Posts: 3

PostPosted: Thu Nov 13, 2008 4:12 pm    Post subject:

Smooth move, Ex-Lax.
Back to top
View user's profile Send private message
MagicHack
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 241

PostPosted: Thu Nov 13, 2008 8:22 pm    Post subject:

dan wrote:
WTF are you serious??

Good job at exposing the loop holes for the USB device on a public forum. I bet the engineers at MJ appreciate the help.

Loop Holes? What loop holes?

I still do not understand why people make such a big deal out of this.

MagicJack does, and always will use standard SIP. Once you have your SIP credentials, you can use any ATA, softphone, etc. (Of course this violates the magicJack Terms of Service.)

The underlying credentials returned from the magicJack provisioning servers are in fact encrypted. Nobody posted the underlying encryption key, nor the details of the actual encryption algorithm. He only pointed out that at some point, the SIP info is in plain text in the magicJack memory space. He did not show you how to obtain the SIP info for someone else. He only showed you how to get YOUR SIP info.

Besides, pmdump is a very kludgey way to obtain your credentials. There are much easier ways...
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Thu Nov 13, 2008 8:31 pm    Post subject:

MagicHack wrote:
I still do not understand why people make such a big deal out of this. ... (Of course this violates the magicJack


That might be why people make such a big deal. If someone doesn't want to agree to the terms of service, they shouldn't agree (and move on). Nothing wrong with that.

Mark
Back to top
View user's profile Send private message
neo2121
Dan isn't smart enough to hire me


Joined: 09 Jan 2008
Posts: 282

PostPosted: Thu Nov 13, 2008 9:13 pm    Post subject:

a little bit of a different spin on a old trick Wink not many people would try and use a different soft phone and maintain use of the USB dongle. Seems to me the whole point of getting the SIP info would be to not be tethered to the computer. See i download a lot of errr..lets just say "news stories" and "linux distros" from news groups. So there is a little bit of a bottle neck at my network card.

as for the not ringing issue or call ending when you push hang up on your phone. maybe you might need to try a different USB-RJ11 adapter? I saw three at walmart for about 15 -20 bucks that work with "skype" but not required to work with it might want to give them a try. Good how to though hopefully I will stop getting e-mails on how to use pmdump and how to find words in a text document I swear I get like 10 emails a day asking me what to do with the dump file after they get it.
Back to top
View user's profile Send private message Visit poster's website AIM Address
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Fri Nov 14, 2008 9:21 am    Post subject:

Very good point MagicHack. So I know you remeber when people were useing Fiddler to obtain sip messaging. Suddenly MJ made changes to block sip credentials this way.. When a lot of users started using caller id spoof. Well suddently this too was cut off/changed. I would just like to see the use of alternate sip devices available for a little longer. After the posting above I am sure this too will be changed.. And not everyone here is as smart as you in cracking these devices..

Dan
Back to top
View user's profile Send private message
VanguardLH
MagicJack User


Joined: 04 Aug 2008
Posts: 38

PostPosted: Fri Nov 14, 2008 4:16 pm    Post subject:

The "Terms of Service" web page (http://www.magicjack.com/tos) is hidden from their customers. Yes, the page exists but it's hidden because it cannot be found by navigating around their web site. Even their chat reps cannot find an actual link to their TOS page from their web site.

They begin with "the magicJack device and the associated Software (the "Software")" so they start by differentiating the two items in their product. When describing their magicIn and magicOut services, they only mention the magicJack device is needed for those services, not the Software. Also, "You agree that you will use the magicJack device in compliance with all applicable local, state, national, and international laws, rules and regulations." Again, this doesn't mention the Software.

"you agree that the terms should be interpreted broadly to protect the intention of the Agreement". Not enforcable. It is vague and anyone can be as little or greatly broad in their interpretation as they want. In a contract, you only agree to what is actually set forth in the document. It cannot be demanded that you comply with terms that are not explicitly declared in a contract. When was the last time you surrendered your intestines because, gee, a really broad interpretation of terms not in a contract might have intended to state such? Duh!

Their License section states, "magicJack grants you a personal, non-transferable and non-exclusive right and license to use the magicJack device and Software on your computer; provided that you do not (and do not allow anyone else to) copy, modify, create a derivative work of, reverse engineer, reverse assemble or otherwise attempt to discover any source code, sell, assign, sublicense, grant a security interest in, or otherwise transfer any right of the magicJack device."

Copy: I did not copy their software.
Modify: I did not modify their software.
Create a derivative work: Nope, didn't modify their software, didn't create a new program based on their software.
Reverse engineer: You cannot reverse engineer plain text. Can you reverse engineer a .txt file?
Reverse assemble: No reverse assembly is required. Just reading plain text.
Otherwise attempt to discover source code: Source code not involved. Never looked for any. Never attempted to disassemble their compiled code back into assembler code.
Sell, ...: Nope, not selling the magicJack device, not selling their software, or any of that other stuff.

Obviously any antivirus software needs to interrogate the memory image of a running program. So do HIPS program. So does any security program. So other programs ARE allowed to interrogate the memory images of process running on YOUR property, which includes a hex editor or memory dumper. In fact, Windows comes with its own memory dumper (on a crash) that writes into a .dmp file that you can read. No one can declare that you cannot scan your own property by reading anything that is in memory.

They don't obfuscate their login credentials. None of their terms of use would be violated if you were to read a .txt file they included with their software. Anyone could read that file. Anyone can read their memory.
No disassembly is needed to see those login credentials. pmdump and other memory editors are not disassemblers. Finding text in memory doesn't even qualify as a hack.

Note: If we keep forcing YMax to change their software then maybe they'll start making it function properly without it being to corruptive to the use of the owner's host by the owner.
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Fri Nov 14, 2008 4:46 pm    Post subject:

VanguardLH wrote:
They begin with "the magicJack device and the associated Software (the "Software")" so they start by differentiating the two items in their product.


I think you're setting up a strawman argument. Item #11 from the ToS appears to be more relevant:

MJ ToS wrote:
11. Advertisements

You also understand and agree that use of the magicJack device and Software will include advertisements. Advertisements will be served through the magicPage™ Software or the magicJack softphone –


There would be no reason to "agree" to this term of service unless you were agreeing to view those ads. And, we know from MJ's stated business model, those ads are what are expected to subsidize the price of the service (adding credibility that this is the unstrained way to read this term of service).

I agree with you that, if the above term of service is important to MJ, they were sloppy by not encrypting the password held in program storage.

Mark
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Fri Nov 14, 2008 5:04 pm    Post subject:

VanguardLH wrote:
They don't obfuscate their login credentials.


They don't do anything to eliminate the possibility of resale, but it's prohibited by their ToS.

They don't do anything to define what exactly is unacceptable or excessive use, but they reserve the right to terminate service if they believe it has occurred.

It's absurd to say that, because they didn't prevent you from violating the ToS, you can't violate it. (This is probably what the broadly worded "interpreted broadly to protect the intention of the Agreement" means. To avoid creative nit-picking to get around the obvious intent.).

Mark
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Fri Nov 14, 2008 5:29 pm    Post subject:

VanguardLH wrote:
"you agree that the terms should be interpreted broadly to protect the intention of the Agreement". Not enforcable.


Regarding this point, the ToS provides your answer:

MJ ToS wrote:
IF YOU DO NOT ACCEPT AND ABIDE BY THIS AGREEMENT, YOU MAY NOT USE THE magicJack DEVICE OR DOWNLOAD OR USE THE SOFTWARE.


Literally speaking, if you don't agree with an element of the ToS, the solution is to seek written clarification (or alteration). Just choosing to ignore it is itself a violation of the ToS.

I'm not a big fan of shrinkwrap licensing And, there are instances I wouldn't feel bound by a ToS. For example, if the system contains Public Domain material, but tries to protect it (or limit my use of it) through a license. (Public Domain is Public Domain regardless of where it exists, or how it's packaged. The packaging may be protected. But the unadorned Public Domain material cannot.).

I'm just saying that I can understand why some would feel that this is violating the ToS. And, your attempts to justify it make it look worse (IMO). I think it would be easier to just say "I don't believe in EULAs, and I don't care what others think." Smile

Mark


Last edited by az2008 on Fri Nov 14, 2008 7:24 pm; edited 1 time in total
Back to top
View user's profile Send private message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Fri Nov 14, 2008 7:14 pm    Post subject:

Vanguard,
I agree that they way you explained it you have not violated the TOS. Simply dumping the memory of the MJ device to a .txt file and viewing this files does not break the TOS..


But then why post this to a public forum?
Back to top
View user's profile Send private message
Darkman90808
Dan Should Pay Me


Joined: 27 Feb 2008
Posts: 701

PostPosted: Fri Nov 14, 2008 10:14 pm    Post subject:

Putting aside discussions re: ToS, I just don't get the point of using a third party softphone. When I first got my MJ, I was all twitterpated and got it set up on X-Lite.

Big yawn. I like the ability to just use my MJ like a regular phone. I thought the MS Outlook addy would be a big deal, but not so much. Instead, the call log/redial functions serve me better than Outlook.

I *do* understand the upset about posting information that will potentially cause some hacks or tweaks to go away, but it won't affect me a particle. On the other hand, I yearn for the good old days of CID Spoofing.

One reporter's opinion.
Back to top
View user's profile Send private message
VanguardLH
MagicJack User


Joined: 04 Aug 2008
Posts: 38

PostPosted: Sat Nov 15, 2008 4:16 am    Post subject:

I do agree to abide by the TOS for what is actually written in it. Reading memory is not a violation of the TOS. They couldn't require that because lots of software MUST read the memory. Even the OS has to read the memory to load the program image and then pass control to it. I didn't need clarification. Reading memory to find text strings is not disassembly.

YMax changed to a 20-character password and also used HTTPS on port 443 to encrypt the password. That they screwed up their security attempt is not my responsibility. Also, from what I've read of other VOIP providers, they do NOT hide the user's login credentials from the user. Why should YMax?

Getting rid of the ads was not my intention. I don't care about the ads because I won't see them, anyway. MJ's softphone will retrieve them but they'll never be seen be me. See my other post where I mention running MagicJack's own software under a different account than the one I logged into. I don't even need to use MagicBlock. I will decide what paints on my screen, not any software vendor. Including ads in their softphone doesn't require that I actually SEE them. I don't even have to see their softphone!

By the way, has anyone seen any ads yet? All I've ever seen is the series about some unidentified company is using MJ's service and pressing *1234 for some set of personal options (which I've never bothered with yet). Just WHERE is all this supposed ad revenue coming from? While I usually do not see their softphone when I use the telephone connected to their dongle, I have seen it occasionally and I have yet to see anything in that ad-panel that would generate any revenue for Ymax.

When they do their ad-panel update, it must be via some HTA (HTML Application) type of update because each update is accompanied with the web navigation complete sound event (a click noise). I got tired of listening to my host clicking away all day long (when I used to run the MJ softphone under the account that I login under) so I disable that sound event. Nope, that's not a violation of their TOS, either, as they cannot require that I not mute my speakers or even have speakers.

Because I did read the TOS, and because "excessive use" was not defined, I had to press them to find out what it meant. According to them, it is not based on how many calls I make or receive or how long they are. It is for abusive use where the user isn't making or receiving phone calls but performing overhead on their system that doesn't result in a phone call. The example they gave me was making a hundred connects per minute to initiate a call but then never actually waiting for the call to connect; i.e., dial a number, disconnect, and repeat a hundred times a minute. I suppose this would be similar to a Denial of Service attack against their service.

As I noted, I only got so far trying to replace MJ's softphone with the X-Lite softphone. Because my requirement is to use the telephone (and NOT the softphone alone), my experiment failed because of the last lingering problems that I noted. So I went back to using MJ's softphone. Also, as part of the SIP status, the agent string for the softphone gets reported to their registration server. Currently it appears they do not validate this string to be whatever the MJ softphone uses - but they could.
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Sat Nov 15, 2008 8:31 am    Post subject:

VanguardLH wrote:
I do agree to abide by the TOS for what is actually written in it.


Obviously not true. In an earlier post you said you didn't agree with at least one broad statement of the ToS ("you agree that the terms should be interpreted broadly to protect the intention of the Agreement"). You apparently don't agree with a very specific and emphasized statement either: "IF YOU DO NOT ACCEPT AND ABIDE BY THIS AGREEMENT, YOU MAY NOT USE THE magicJack DEVICE OR DOWNLOAD OR USE THE SOFTWARE."

VanguardLH wrote:
Reading memory is not a violation of the TOS.


I didn't say it was. The question was whether it violates the ToS to do that for the purpose of replacing the softphone when 1) you agreed to receive ads, and 2) by your own admission, MJ took steps, albeit incomplete, to hide that information so people couldn't replace their softphone.

VanguardLH wrote:
Also, from what I've read of other VOIP providers, they do NOT hide the user's login credentials from the user. Why should YMax?


Obviously because they want to serve ads. Something which is required in the ToS. It could also be to minimize support overhead if they (unknowingly) receive support requests from people running softphones outside what is mentioned in the ToS.

VanguardLH wrote:
Getting rid of the ads was not my intention.


It's the result that matters, not your intention.

VanguardLH wrote:
so I disable that sound event. Nope, that's not a violation of their TOS, either, as they cannot require that I not mute my speakers or even have speakers.


The ToS doesn't say you agree to have clicks delivered to you.

Like I said before. I'm not a fan of shrinkwrap licensing. If you want to say you don't respect EULAs and ToSes, that's fine. But, weaseling around the obvious wording and intent of the MJ ToS makes it look worse.

I can respect someone who says they don't feel bound to shrinkwrap licensing because, historically, a contract is only one which is consumated by clear negotiation (initialing each paragraph, etc.). But, saying that you do feel bound, and then constructively interpreting the ToS (ignoring terms which say you're not authorized to use MJ if you disagree with any term; adding terms about system sounds that don't exist; or denying that the ads, as used today, may impute value to MJ, as if the ToS gives you that discretion) sounds bad. It's not straight up.

Anyway, I merely answered "magichack's" observation that he didn't understand why some people object to things like this. I personally don't have a strong feeling about it. But, let's not be coy. OK?

Mark
Back to top
View user's profile Send private message
VanguardLH
MagicJack User


Joined: 04 Aug 2008
Posts: 38

PostPosted: Sat Nov 15, 2008 2:45 pm    Post subject:

az2008 wrote:
VanguardLH wrote:
I do agree to abide by the TOS for what is actually written in it.
Obviously not true. In an earlier post you said you didn't agree with at least one broad statement of the ToS ("you agree that the terms should be interpreted broadly to protect the intention of the Agreement"). You apparently don't agree with a very specific and emphasized statement either: "IF YOU DO NOT ACCEPT AND ABIDE BY THIS AGREEMENT, YOU MAY NOT USE THE magicJack DEVICE OR DOWNLOAD OR USE THE SOFTWARE."
I said not enforceable because it is not legally definable. Their statement is nebulous. It means whatever they would like you to have to mean if it helps them. It means whatever they claim it to mean. It means nothing. You can't agree or disagree with something that has no meaning. "You must agree the sky is <pick-a-color>." So what color are you agreeing is the sky? If blue then you omitted red at sunset. If blue and red then you omitted yellowish green at dawn. If all colors then you omitted no color on a clear night. If all colors and no color then you omit when there isn't any sky to be seen or experienced (underground, in space). When I saw that declaration, my first reaction was that it is the stupidest clause that I've ever seen in a contract. They certainly have you by the balls provided you volunteer to put them in their vise and you voluntarily choose to tighten the vise.

az2008 wrote:
VanguardLH wrote:
Reading memory is not a violation of the TOS.
I didn't say it was. The question was whether it violates the ToS to do that for the purpose of replacing the softphone when 1) you agreed to receive ads, and 2) by your own admission, MJ took steps, albeit incomplete, to hide that information so people couldn't replace their softphone.
I was responding to several posts since my last post, not just to yours. I didn't quote each person in my reply, including not quoting you as to whom I was replying. Posts here are linear. Just because it was after yours doesn't mean I was solely addressing your post.

az2008 wrote:
VanguardLH wrote:
Also, from what I've read of other VOIP providers, they do NOT hide the user's login credentials from the user. Why should YMax?
Obviously because they want to serve ads. Something which is required in the ToS. It could also be to minimize support overhead if they (unknowingly) receive support requests from people running softphones outside what is mentioned in the ToS.
Oh, you know the intimate decision of YMax regarding why they hid the login credentials? I don't. I don't see evidence anyone else here does, either, including you. You're obviously just guessing because it fits into your argument based on your voluntary broad interpretation of their terms. I can guess, too, to fit my argument. Without a declaration from YMax (which we'll never get), it's not really known why they hide the login credentials. I suspect the real decision was in making the MagicJack as completely automated and easy by having the user to do as little as possible to get the MagicJack working. They are obviously paying squat for their tech support crew and they want to reduce their tech support chats. That guess fits into this argument as to why they hide the login credentials. I'm sure other folks can make other guesses, too. Personally, and based on a broad interpretation (yeah, right), I'm not sure they hide the login credentials to lock their users into their current softphone.

az2008 wrote:
VanguardLH wrote:
so I disable that sound event. Nope, that's not a violation of their TOS, either, as they cannot require that I not mute my speakers or even have speakers.
The ToS doesn't say you agree to have clicks delivered to you.
And the TOS doesn't say a lot of things about what I did, too. That was my point. Thanks for exhibiting proof that I don't have to comply with terms not specified in the TOS in obeying some undefined "broad" interpretation of those terms beyond anyone's comprehension of what they might mean depending on what someone might like them to mean. Gee, after all, a broad interpretation of allowing ads in their software could be that I must hear the clicks announcing the arrival of those ads. See, that's why that clause is just so overtly stupid. It means nothing.

az2008 wrote:
Anyway, I merely answered "magichack's" observation that he didn't understand why some people object to things like this. I personally don't have a strong feeling about it. But, let's not be coy. OK?
I don't have to be coy. I don't have to lie. I don't have to make excuses. I do not act stupid because someone would like me to be. And I don't bend over to get reamed because maybe that's what the contract meant but that's not what it said. It's not my legal responsibility to favor any decisions or requirements not explicitly stated in the contract to the other party. If you want to go through life being the meek, go right ahead. That's not me.

Take for example another instance of users discovering something that a software vendor did and took actions against it. When Sony injected a covert rootkit-like file handler to hide their files for DRM, did users take kindly to it? No. Did it stop them from finding out how to thwart that file hiding? No, it was their property and they will chose how files are stored on their system, not the vendor. There was a loud whine from users and Sony suspended that crap. So did the users remain meek and just take it? No. Did I not investigate and not neuter the scheme because someone would like me not to? No. Was I presented with any documentation that said that I must agree to using their XCP rootkit? No, regardless of whether or not there was some stupid "you must broadly interpret" clause. Did Microsoft ask permission from Sony BMG to start deleting the XCP rootkit component of Sony's controversial DRM scheme? No. You don't need to relinquish control over your property because someone would like it that way.

I'm pretty sure from this point on that we'll just be pushing each other's flame button. If the admins or moderators here believe that my post was so detrimental or violated the rules of this forum, it would've been deleted by now.
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Sat Nov 15, 2008 3:06 pm    Post subject:

VanguardLH wrote:
I said not enforceable because it is not legally definable.


Which means you disagree with MJ's use of that particular Term of service. Which causes this emphasized Term of service to become applicable:

MagicJack TOS wrote:
IF YOU DO NOT ACCEPT AND ABIDE BY THIS AGREEMENT, YOU MAY NOT USE THE magicJack DEVICE OR DOWNLOAD OR USE THE SOFTWARE.


It is pure sophistry to say you can't agree with something you can't understand. The point of the ToS is to reach agreement. It specifically and emphatically says that if you can't agree, you can't use it.

As I said before. I can understand someone saying shrinkwrap licensing is an invalid "contract" because it isn't properly consummated. But, claiming you accept such a contract while contorting yourself around what you don't like looks bad.

I noticed you didn't address the ToS concerning agreement that usage involves advertisements:

MagicJack ToS wrote:
You also understand and agree that use of the magicJack device and Software will include advertisements. Advertisements will be served through the magicPage™ Software or the magicJack softphone – the software/softphone attempts to serve local advertisements and classifieds ...


How do you interpret that with respect to using a different softphone (which won't receive and attempt to serve those ads)?

Mark
Back to top
View user's profile Send private message
angel-78
magicJack Apprentice


Joined: 02 Jul 2008
Posts: 28
Location: SAN DIEGO

PostPosted: Sun Nov 16, 2008 10:49 am    Post subject:

This should be edited. This makes it too easy, people don't have to do any real reading anymore. And MJ will most probably change things and mess things up for other people.
Back to top
View user's profile Send private message MSN Messenger
VanguardLH
MagicJack User


Joined: 04 Aug 2008
Posts: 38

PostPosted: Sun Nov 16, 2008 2:00 pm    Post subject:

az2008 wrote:
VanguardLH wrote:
I said not enforceable because it is not legally definable.


Which means you disagree with MJ's use of that particular Term of service.
Yeah, right, keep trying to spew that illogic. I already said that I cannot agree or disagree with a term that is nebulous. Get over it, az. No matter what you try to claim regarding your viewpoint and your interpretation, it isn't going to affect the outcome.
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Sun Nov 16, 2008 3:57 pm    Post subject:

VanguardLH wrote:
az2008 wrote:
VanguardLH wrote:
I said not enforceable because it is not legally definable.


Which means you disagree with MJ's use of that particular Term of service.
Yeah, right, keep trying to spew that illogic. I already said that I cannot agree or disagree with a term that is nebulous.


Agree is a well-defined word. Prefixing it with "not" is just as unequivocal.

If you don't agree with the Term that MJ's ToS "should be interpreted broadly to protect the intention of the Agreement" then you haven't agreed.

It doesn't say "if you disagree." It says that you must "agree." And, that your acceptance of the agreement is prerequisite to your use of MJ.

There's nothing in the agreement that affords you the opportunity to use the product if you're in some kind of undefineable middle-gound where you can neither agree or disagree. The agreement simply says you must agree, and if you can't accept that, you can't use it.

This is actually a good example of why the Term ("should be interpreted broadly to protect the intention of the Agreement") was included. You're interpreting the agreement broadly (adding words like "disagree") to destroy the intention of the Agreement.

And, again, I don't feel too strongly about it. I was just answering "magichack's" question about why anyone would object. If someone takes the ToS seriously, they clearly could object. Your own arguments imply that the ToS should be taken serious because you're trying to find a home for your activities within the ToS.

As I said before, I can respect people who disregard shrinkwrap licensing as an invalid form of contract (absent negotiation and consummation). Perhaps as an act of civil disobedience. But, weaseling around the clear words of an agreement isn't attractive.

Mark
Back to top
View user's profile Send private message
kingfisher1111
MagicJack Expert


Joined: 27 Nov 2007
Posts: 76

PostPosted: Mon Nov 17, 2008 12:30 am    Post subject:

Vanguard,

This is not something you did find new.Everyone knows about this from past 1 year when MJ was started.You are trying to write something which everyone knows.I beleive doing against the forum will result in a ban.
Someone is going to sure ban you by tomorrow.
Back to top
View user's profile Send private message
VanguardLH
MagicJack User


Joined: 04 Aug 2008
Posts: 38

PostPosted: Mon Nov 17, 2008 4:56 am    Post subject:

kingfisher1111 wrote:
Vanguard,

This is not something you did find new.Everyone knows about this from past 1 year when MJ was started.You are trying to write something which everyone knows.I beleive doing against the forum will result in a ban.
Someone is going to sure ban you by tomorrow.
Then show the URLs to those other posts that divulged how to discover the actual SIP login credentials that have supposedly been known for a year now. Come on, prove your claim.
Back to top
View user's profile Send private message
VanguardLH
MagicJack User


Joined: 04 Aug 2008
Posts: 38

PostPosted: Mon Nov 17, 2008 5:09 am    Post subject:

Now I have to figure out how to keep magicjack.exe from accessing my Favorites folder. Nope, don't want them there. They don't get to access my personal info.
Back to top
View user's profile Send private message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Mon Nov 17, 2008 10:21 am    Post subject:

Vanguard,
not sure what your looking for with all these post.. How about "that a boy" Or your "great"


I am sure that the reason why these post have not been removed allready is the forum admin has been MIA for awhile.

If you would like to spit in MJ face on a public forum that is your right. However dont expect to make a lot of friends doing it.

Dan
Back to top
View user's profile Send private message
laserjobs
Dan Should Pay Me


Joined: 12 Nov 2007
Posts: 670

PostPosted: Mon Nov 17, 2008 10:58 am    Post subject:

kingfisher1111 wrote:
Vanguard,

This is not something you did find new.Everyone knows about this from past 1 year when MJ was started.You are trying to write something which everyone knows.I beleive doing against the forum will result in a ban.
Someone is going to sure ban you by tomorrow.


Personally I think VanguardLH deserves to win the free magicjack for this post. It is very well written and brings a lot of answers and questions to the forum.

I hope the admin is listening
Back to top
View user's profile Send private message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Mon Nov 17, 2008 1:56 pm    Post subject:

well he hasn’t exactly reinvented the wheel here! This has been around for at least a year. But as far as the technical write up explaining it. Then yea give him a pat on the back and a Magic Jack.. Because at this point I think that is really what he is looking for..
Back to top
View user's profile Send private message
MagicHack
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 241

PostPosted: Mon Nov 17, 2008 7:54 pm    Post subject:

dan wrote:
well he hasn’t exactly reinvented the wheel here! This has been around for at least a year. But as far as the technical write up explaining it. Then yea give him a pat on the back and a Magic Jack.. Because at this point I think that is really what he is looking for..

It was a very well written 'tutorial'. I too say give him a magicJack.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
AlaninKY
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 270
Location: Louisville, KY USA

PostPosted: Wed Nov 19, 2008 12:44 pm    Post subject:

I vote VanguardLH should receive a free magicJack!
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
GuyOnTheAir
Dan isn't smart enough to hire me


Joined: 11 Feb 2008
Posts: 328
Location: Greater Los Angeles, CA

PostPosted: Wed Nov 19, 2008 5:44 pm    Post subject:

I applaud Vanguard in his tutorial, and I appreciate him making it, posting it, and defending it.

I hate the incredibly selfish attitude of some that says "we may have discovered something, but we want to keep it such a secret and only share it with those we want in our club".

With a selfish attitude like that, nobody like Stewart or others would have ever created the spoofing software that many of us appreciated.

On this forum, and in life, I tend to like to share information with others who might also be interested in that information. It's a very "open-source" kind of attitude. I wish it was seen more here.

Instead, we get people responding to forum posts with "use the search function", and "seek and ye shall find", rather than answering questions, or truly steering the info seeker in the right direction.

Finally, to the arguments about the ToS requiring you to view ads, obviously, you're not, since ads have not been displayed to this point. So it's a moot point. If true ads were being displayed, and Vanguard was working to thwart that, you could slap his hand if you so wish, you righteous pompous one. But, ads are not displayed, so arguing he's not agreeing to view them is ridiculous.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Wed Nov 19, 2008 5:58 pm    Post subject:

GuyOnTheAir wrote:
to the arguments about the ToS requiring you to view ads, obviously, you're not, since ads have not been displayed to this point. So it's a moot point. If true ads were being displayed,


I see advertisements all day long. That they're not as "targeted" as I think MJ would like them to be. But, that doesn't mean they have no value to MJ. Certainly nothing in the ToS gives me power to impute (or deny) a benefit which an advertisement may have to MJ.

The ToS says that you understand and accept that ads will be a part of the service. You receive ads. Period.

If you guys don't respect the ToS. That's fine. Just don't act coy about it.

Mark
Back to top
View user's profile Send private message
magicjack_411
MagicJack Newbie


Joined: 19 Nov 2008
Posts: 1

PostPosted: Thu Nov 20, 2008 2:44 am    Post subject:

i followed you instructions to obtain the password and i could not find it in the dump; i found everything else but the password.
"ProxyUserName" is not present in the file. "UserName" is and it does contain
"Eaaapppnnnn01" where aaapppnnn = you know what. has something changed? i want to use that info with the a good wifi phone so i wont have to
leave the damm CPU on to receive calls. any help would be nice.
Back to top
View user's profile Send private message
SpamBox
Dan isn't smart enough to hire me


Joined: 14 Dec 2007
Posts: 417
Location: Rocky Mountains Front Range

PostPosted: Thu Nov 20, 2008 6:17 am    Post subject:

dan wrote:
WTF are you serious?? Good job at exposing the loop holes for the USB device on a public forum. I bet the engineers at MJ appreciate the help.


Please... I'm sure the engineers already knew how to dump memory. Personally I don't see what the big deal is. So he explains how to get your SIP credentials, big deal. Exposing loop holes? It's not like he exposed some security hole or something. It's not going to allow someone to "hack" your MJ. So what's the big deal?

He did a good job explaining the process though it's still too much for a newbie or even a somewhat experienced techie.

People please realize if you're having troubles with MJ now, then don't try this at home. He explained why he went this route and that's fine. An easier way to get rid of the annoying clicks would be to just go to your "Sounds" and change the sound scheme to "No Sounds". It'll get rid of all the other annoying Window sounds too.
Back to top
View user's profile Send private message
GuyOnTheAir
Dan isn't smart enough to hire me


Joined: 11 Feb 2008
Posts: 328
Location: Greater Los Angeles, CA

PostPosted: Thu Nov 20, 2008 7:04 pm    Post subject:

az2008 wrote:
GuyOnTheAir wrote:
to the arguments about the ToS requiring you to view ads, obviously, you're not, since ads have not been displayed to this point. So it's a moot point. If true ads were being displayed,


I see advertisements all day long. ...... Certainly nothing in the ToS gives me power to impute (or deny) a benefit which an advertisement may have to MJ.

The ToS says that you understand and accept that ads will be a part of the service. You receive ads. Period.

If you guys don't respect the ToS. That's fine. Just don't act coy about it.

Mark


Nobody is acting "coy". I'm glad you see advertisements. I sure don't. I see promotional messages from magicJack and service announcements. I see instructional notes about how to access voicemail. I sure don't see ads. Your argument doesn't hold water. Nothing in the ToS denies you the power to not impute or deny a benefit to mJ, either. In fact, nothing in the ToS even requires you to view these ads you claim you see. Just as in television. nothing stops you from recording a show and using software or hardware, or the fast forward button to stop seeing the ads.

Finally, respect must be earned; it cannot be demanded.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Thu Nov 20, 2008 7:29 pm    Post subject:

GuyOnTheAir wrote:
Nobody is acting "coy". I'm glad you see advertisements. I sure don't. I see promotional messages


What's a promotion to you may be an ad to MJ. There's nothing in the ToS which gives you the right to determine what is and isn't an advertisment, or to impute how much value MJ derives from using the advertising space as it sees fit.

GuyOnTheAir wrote:
Just as in television. nothing stops you from recording a show and using software or hardware, or the fast forward button to stop seeing the ads.


Remind me again, what was the ToS you were required to accept prior to watching television?

As I said, if you don't respect the ToS, that's fine. Just say so. Let's not be coy about how the ToS doesn't strictly define what an "ad" is, or how MJ may use the ad space for its own benefit, or that "agree" and "disagree" are nebulous terms where, if you fall somewhere in the middle it means you can use MJ without doing either.

Mark
Back to top
View user's profile Send private message
GuyOnTheAir
Dan isn't smart enough to hire me


Joined: 11 Feb 2008
Posts: 328
Location: Greater Los Angeles, CA

PostPosted: Thu Nov 20, 2008 7:46 pm    Post subject:

az2008 wrote:


What's a promotion to you may be an ad to MJ. There's nothing in the ToS which gives you the right to determine what is and isn't an advertisment, or to impute how much value MJ derives from using the advertising space as it sees fit.

GuyOnTheAir wrote:
Just as in television. nothing stops you from recording a show and using software or hardware, or the fast forward button to stop seeing the ads.


Remind me again, what was the ToS you were required to accept prior to watching television?

As I said, if you don't respect the ToS, that's fine. Just say so. Let's not be coy about how the ToS doesn't strictly define what an "ad" is, or how MJ may use the ad space for its own benefit, or that "agree" and "disagree" are nebulous terms where, if you fall somewhere in the middle it means you can use MJ without doing either.

Mark


There is also nothing in the ToS which prohibits me from determining what is and isn't an ad.

What exactly is your argument?

Your argument is that you think that I'm not following the ToS and you think you are and you don't like that I think I"m following it too? Nothing in the ToS gives you the right to determine whether others are following the ToS and their interpretation of it. (All written language is subject to interpretation by the reader.)

And where was this ToS that I supposedly accepted? Not in the packaging, not in the signup screens I remember, not even available with a link from their Web site.

It's ridiculous that you choose to argue over whether or not you think that I think I'm following the ToS or not.

On that note, I'll not continue arguing with someone who obviously "just doesn't get it."
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Thu Nov 20, 2008 8:04 pm    Post subject:

GuyOnTheAir wrote:
There is also nothing in the ToS which prohibits me from determining what is and isn't an ad.


Sure. And there's nothing in the ToS prohibiting you from determining whether an advertisement is appropriately "targeted." But, that doesn't change the fact that a prerequisite to using MJ is acceptance of

MJ ToS wrote:
You also understand and agree that use of the magicJack device and Software will include advertisements. Advertisements will be served through the magicPage™ Software or the magicJack softphone ... You also understand and agree that use of the magicJack device and Software may include certain communications, such as service announcements, administrative messages and newsletters, and you will not be able to opt out of receiving them.


The way you're defining what the ToS *doesn't* say is a good example of why the ToS says you must agree "the terms should be interpreted broadly to protect the intention of the Agreement." The very clause VanguardLH used to find a nebulous area between "agree" and "disagree" (a word not found in the ToS) which allows him to use MJ without accepting the ToS(!).

GuyOnTheAir wrote:
And where was this ToS that I supposedly accepted?


If you didn't accept the ToS, that's fine. Just say so. You're the one trying to find a home in the ToS for replacing the softphone with one that doesn't display advertisements. If you're going to do that, don't blame me for pointing out how there's no home for it.

Mark
Back to top
View user's profile Send private message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Thu Nov 20, 2008 9:07 pm    Post subject:

Right from the TOS page off magicjack

c) remove any copyright, trademark or other proprietary rights notices contained in or on the magicJack device, including those of any of our business associates, from whom we may have licensed certain components used in the magicJack device. Violation of any of these obligations may result in immediate termination of this Agreement

http://www.magicjack.com/TOS/


but my point was not violation of TOS as I am violating the TOS.. I just wanted to have my cake and eat it too. I know selfish.

Once they encrypt the passwords in the USB memory. Dont cry that they made changes
Back to top
View user's profile Send private message
jeepsterguy
magicJack Apprentice


Joined: 05 Nov 2008
Posts: 10

PostPosted: Fri Nov 21, 2008 10:34 am    Post subject:

Isn't this section of the forum called Tips, Tricks and Hacks? And with this being a forum, every user has the right to post what he feels is valid information. Whether or not I agree with the post is of no regard. I read this thread expecting to see forum members intelligently discussing how to work with other softphone products, and what I got is a sometimes immature discussion on the legality of the TOS and what constitutes agreement or disagreement to the TOS.
Honestly, that is for some legal department to define, not for a bunch of techie folks to fight about.
If you felt that the Tip exposed something you feel should remain an open secret/benefit to be exploited by tech savvy users, then maybe a private message to the poster explaining your views would have been a better way to address this or a private message to the boards administrator to remove the thread. The back and forth counterpoints didn't really serve a purpose and really exposed several of the posters to a very bad light.
As for the effort in developing the instructions for the tip, the poster did a commendable job. Just because it may result in a change in the MJ software really is not the point, is it? And so what if it does. CallerID spoof was a great thing while it lasted. Many users benefited. Should this forum have stifled this hack if they knew it would have caused a change? What good would that have done. Yeah, a few people would still be using it, but if you wanted to keep things to just a few people, why bother to even use this forum. Isn't the spirit and intent of this forum and and specifically this section of the forum for information just like what was posted?
Back to top
View user's profile Send private message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Fri Nov 21, 2008 11:40 am    Post subject:

sounds like you benefitted from the post Jeepsterguy.. good for you enjoy this feature. While it lasts. Then go back to using a PC and USB dongle. But dont complain about quality of service on a PC when this happens
Back to top
View user's profile Send private message
jeepsterguy
magicJack Apprentice


Joined: 05 Nov 2008
Posts: 10

PostPosted: Fri Nov 21, 2008 11:54 am    Post subject:

Dan,
No, I did not use the information to configure a softphone, nor did I want to. I am happy with the product the way it is. I like to read these forum threads usually, but found that this one had degenerated to something that probably should have been placed in Rants and Raves. Hacks are just a part of what happens to a product in its product cycle, and fixes for those hacks are part of the cycle as well. Had the poster not posted the information, it would have been posted by someone else at another time or place. This forum is to share what we know about the product to the benefit (or detriment) of others.

Your assumption that I was using the information to use other softphones just because I posted defending the original poster and how off-the-mark the thread had gotten from its subject is exactly what I was talking about in my original post. It shows an immaturity that just really should be left at the door. Just because I found the information useful and well documented does not mean I would be using it.

Maybe its time for you to step back a bit before you fire off a comment and really think through what you are assuming is happening. It would probably benefit how people see you as well as the quality of the postings to this forum.


Last edited by jeepsterguy on Fri Nov 21, 2008 12:27 pm; edited 1 time in total
Back to top
View user's profile Send private message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Fri Nov 21, 2008 12:18 pm    Post subject:

"Maybe its time for you to step back a bit before you fire off a comment and really thinking through what you are assuming is happening. It would probably benefit how people see you as well as the quality of the postings to this forum."



"Take it easy" this was not a personal attack on you. Just stating my opinion like you stated yours. Since this hack does not affect you either way. This could affect how people view your posts as well.
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Fri Nov 21, 2008 12:22 pm    Post subject:

jeepsterguy wrote:
but found that this one had degenerated to something that probably should have been placed in Rants and Raves.


Thanks for contributing. Smile I merely responded to "magichack's" challenge, asking how anyone could have an objection to the activity (purpose) described. Clearly, if someone takes the ToS seriously (and, by extension, MJ's interest in their own business model), they'd possibly have objections.

Mark
Back to top
View user's profile Send private message
msiam
Dan isn't smart enough to hire me


Joined: 15 Nov 2007
Posts: 474
Location: WI

PostPosted: Mon Nov 24, 2008 5:31 pm    Post subject:

If ever I decide to get another devorce... I will seek VanguardLH for my Lawyer.. Laughing
Back to top
View user's profile Send private message
nostrodamus
MagicJack Contributor


Joined: 28 Apr 2008
Posts: 66

PostPosted: Tue Nov 25, 2008 1:08 am    Post subject:

magicjack_411 wrote:
i followed you instructions to obtain the password and i could not find it in the dump; i found everything else but the password.
"ProxyUserName" is not present in the file. "UserName" is and it does contain
"Eaaapppnnnn01" where aaapppnnn = you know what. has something changed?


Same question here..... Even though the field names "ProxyUserName" and "ProxyUserPassword" are nowhere in the dump file, I did manage to find my phone number in the Exxxxxxxxxx01 format. But as many times as that number came up in the dump, there was nothing resembling a password anywhere in the near vicinity.

I looked at the file in Notepad++, Hex Workshop, and good old boring MS Notepad, all with the same results.

Am I missing something?
Back to top
View user's profile Send private message
redsparrow
MagicJack Newbie


Joined: 14 Nov 2008
Posts: 1

PostPosted: Thu Nov 27, 2008 2:33 pm    Post subject:

you need to run pmdump as soon as "magicJack.exe" appears in the process list.
Back to top
View user's profile Send private message
enotz
magicJack Apprentice


Joined: 28 Apr 2008
Posts: 23

PostPosted: Thu Dec 04, 2008 12:42 pm    Post subject: An easy way to find it in the dump

If you have two magicJacks then it is easy to dump the memory dump for each. Just compare them and you will find VERY few changes. The phone number and the credentials are of course different

Isn't it worth and extra $20
Back to top
View user's profile Send private message
zmaddmattz
MagicJack Contributor


Joined: 29 Nov 2008
Posts: 66

PostPosted: Fri Dec 05, 2008 12:56 pm    Post subject: Re: An easy way to find it in the dump

enotz wrote:
If you have two magicJacks then it is easy to dump the memory dump for each. Just compare them and you will find VERY few changes. The phone number and the credentials are of course different

Isn't it worth and extra $20


Theres a problem with that, the dump data can be in excess of 100mb. it is very unlikely that you will be able to find the info you are looking for. I have a rock solid method of getting the info if anbody is interested pm me. Don't bother pm'n me if you have less then 10 posts
Back to top
View user's profile Send private message
enotz
magicJack Apprentice


Joined: 28 Apr 2008
Posts: 23

PostPosted: Mon Dec 08, 2008 9:56 am    Post subject: The files are indeed hugs

However, diff does all the work and there are very few changes under XP.

Under vista it is a problem because of course Vista is much more secure and does its random placement of code in memory
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Unofficial magicJack Forum -> magicJack Tips, Tricks, and Hacks All times are GMT - 4 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Powered by phpBB Ultra Turbo Extended Edition Live © 2001-9999, phpBB Group
magicJack and magicJack Plus are trademarks of magicJack LLP. This website is in no way affiliated, endorsed, or sponsored by magicJack LLP, and is an unofficial forum for consumers to openly communicate regarding their experiences with the magicJack products.