Password Length

[ramjet555]

I'm trying to decode the password in my magicjack.
Can anyone tell me what the password length is?

Has anyone spoofed their own caller ID using an ATA ect?
What are the other settings?
I'd like to use it on my Linksys wip phone if anyone has done this.

Has anyone cracked theirs in a short period of time recently?

Thanks

Ramjet

[MagicHack]

I'm trying to decode the password in my magicjack.
Can anyone tell me what the password length is?

20 characters. (Numbers and letters)

[ramjet555]

Has anyone cracked this 20 character password?
How long did it take?
Is there a way of decoding it rather than brute force?

Ramjet

[malahal]

thanks...

[necrocytosis]

I've been doing some digging and these forums seem to have the most information about this. I have seen in more than one place here the "20 characters (letters and numbers)" comment about the MJ SIP password. The password is MD5 hashed, so how was it determined that the password consists of 20 chars alpha-numeric? I would very much like as much information about this as possible. I want to know if it is possible to get the plaintext of the SIP password used by my MagicJack.

-A S

[thechad]

I cracked two of them, just today, within 2 hours of finding and reading a few posts on this website. All the information required to find your SIP authentication info. is posted within this forum. And no, I didn't spend 6 years or use a supercomputer trying to brute force a 20 character ALPHA-numeric passcode. It took more like 60 seconds. And actually, the second one didn't have any ALPHA characters at all. If you are slightly familiar with any application running in windows, run back your memory and think about what it might take to find something that wants to be hidden.

I've already dropped too many hints within this post. Good luck, Chuck!

[necrocytosis]

I cracked two of them, just today, within 2 hours of finding and reading a few posts on this website. All the information required to find your SIP authentication info. is posted within this forum. And no, I didn't spend 6 years or use a supercomputer trying to brute force a 20 character ALPHA-numeric passcode. It took more like 60 seconds. And actually, the second one didn't have any ALPHA characters at all. If you are slightly familiar with any application running in windows, run back your memory and think about what it might take to find something that wants to be hidden.

I've already dropped too many hints within this post. Good luck, Chuck!

Alright, this isn't my first time using a computer. I used to have 48.5 GB of rainbow tables for cryptanalysis attack on MD5 hashes that were 1 - 8 chars, loweralpha-numeric. It took three months to generate those tables on two computers running all the time. Those tables allow you to crack an MD5 hash that is 1 - 8 chars in length and uses only lowercase letters and numbers in something like 15 minutes or less. That was opposed to the something like 10 days it would have taken my computer by itself to bruteforce the same hash. Each time you add a character of length to the possible password used to make the hash, you increase the cracking time astronomically. When you increase the value to 20 possible letters and numbers, the time required on just my simple computer is many billions of years.

According to your post you didn't bruteforce any MD5 hashes. All I'm asking is what exactly you did do to get the cleartext. Instead of adopting an uppity "holier than thou" attitude and telling us to search the forums deeper, why don't you merely post a link in this thread to the other threads where you found the information that lead to your success? Wouldn't that be nice?

Seriously, this is like the 5th post I've found on forums where someone is asking about MJ SIP info, and some schmuck says something like "lol the info is on t3h forums. Just keep searching lol."

Lame.

[laserjobs]

I cracked two of them, just today, within 2 hours of finding and reading a few posts on this website. All the information required to find your SIP authentication info. is posted within this forum. And no, I didn't spend 6 years or use a supercomputer trying to brute force a 20 character ALPHA-numeric passcode. It took more like 60 seconds. And actually, the second one didn't have any ALPHA characters at all. If you are slightly familiar with any application running in windows, run back your memory and think about what it might take to find something that wants to be hidden.

I've already dropped too many hints within this post. Good luck, Chuck!

Alright, this isn't my first time using a computer. I used to have 48.5 GB of rainbow tables for cryptanalysis attack on MD5 hashes that were 1 - 8 chars, loweralpha-numeric. It took three months to generate those tables on two computers running all the time. Those tables allow you to crack an MD5 hash that is 1 - 8 chars in length and uses only lowercase letters and numbers in something like 15 minutes or less. That was opposed to the something like 10 days it would have taken my computer by itself to bruteforce the same hash. Each time you add a character of length to the possible password used to make the hash, you increase the cracking time astronomically. When you increase the value to 20 possible letters and numbers, the time required on just my simple computer is many billions of years.

According to your post you didn't bruteforce any MD5 hashes. All I'm asking is what exactly you did do to get the cleartext. Instead of adopting an uppity "holier than thou" attitude and telling us to search the forums deeper, why don't you merely post a link in this thread to the other threads where you found the information that lead to your success? Wouldn't that be nice?

Seriously, this is like the 5th post I've found on forums where someone is asking about MJ SIP info, and some schmuck says something like "lol the info is on t3h forums. Just keep searching lol."

Lame.

What is lame is people asking for SIP credentials without putting in any effort.

PS. Try fishing around my.magicjack.com

[thechad]

Agreed... it's the difference between giving one a fish, or instructing one how to fish for themselves.

[ramjet555]

Lazerjobs,
Your post begs the question as to why you "assume" that the other
posters have 'not made any effort" and those are your words that your wrote.

You appear to be lacking understanding or empathy
for the many hours of work that many of us have gone to to solve this riddle.

Not only did I make an effort that lasted weeks, but had a friend who works in voip security to
have a look at it and spend some time on it and I have still not managed
to find the essential information. I can't imagine anyone wanting this information
for any fraudulent purpose, its $20 a year. Its more of a desire to experiment and see
MJ working on another sip device and avoid the incredible and unnecessary amount of
self promotion in splashes etc, every time you start your computer. Yuk.


I PM'd all the writers of those who posted that they knew how and not one
bothered to reply.

I'll offer this. I don't know how, yet, but suspect may be in one of the windows registry files.

It would be nice to see some real genuine help and empathy instead of
this egotistical posts that say, I'm hot and I know but you are really stupid and have not made an effort.

[laserjobs]

ramjet555, why don't you share your findings that you and your voip security friend worked on with the rest of the class?

I am sure you found some interesting details behind magicJack that could help us all out. Maybe then we can start working with you on what you are looking for?

[teddy_b]

why you "assume" that the other posters have not made any effort"

Nobody assumes that... Only that you have not made enough efforts ... Still every once in a while somebody starts ranting about people not giving away the information.

But how come you guys missed the main point?! MagicJack business model is based (at least partially) on advertisement displayed on the Softphone screen. As long as 99% of the customers will use MJ as intended - with USB dongle and supplied software - this model may actually work, there will be advertisers willing to pay for their ads, and MJ will survive providing us inexpensive and (hopefully in the future) reliable service. It is probably OK (and expected) that up to 1% (or some other small number) of all customers will find another way of using the service - and that includes thin clients, ATAs and other VoIP devices, and alternative softphones. Currently only a few geeks are willing to violate the MJ TOS (risking their service to get cancelled) and able to go through all the hassle to find a way to obtain their SIP credentials and configure other devices, or to setup and maintain a thin client. What will happen if clear step-by-step instructions will be published here, and spread all over the internet? Do the math...

As others pointed out already, all hints needed are here - nobody's going to post more. If you don't find it, then you're simply - no offence - not "geeky" enough (and geekness has nothig to do with anyone's intelligence, IQ or stupidity), or you just do not really need it ...

[ramjet555]

teddy_b, The magicjack script blockers are around, I have them installed and I notice
others use thin clients to avoid MagicJack's forced insidious unwanted advertising.

[thechad]

I think there is a thread posted around May 19 that asked this same question. Someone there may have a suggestion.

C'mon guys... weigh your wants vs. needs... the guys at MJ need to feed their families too!

From what I hear, they still make some money on long distance... to you. Since they own their own CLEC, people that call your toll number brings in some funds.

BTW, QVC's got a $36.28 deal on magicJacks, plus ~$3 s/h and applicable taxes. It was deal of the day yesterday for $33.

[ramjet555]

The posts here give a lot away about personalities in an amazingly short number of words.
Take this latest "C'mon guys... weigh your wants vs. needs... the guys at MJ need to feed their families too!

Only a loonie would suggest that posters here are trying to take food of the table of magicjack.
Today I'm returning some MJ's and getting my money back. I just don't use them and they have been replaced
by other services. I'd still like to use MJ on my voip phone, its something I will do and then probably never use it again.
I'm aware that many others feel the same way and want to get it working on their own device purely out of the challenge.

Yes, they "make money on long distance" try a 100% profit margin, for starters, add on the
potential for advertizing later and it shows future corporate value. I predict their rates will crash.

Now, Magic Jack will INCREASE their sales if they allow other devices to use their services.
MJ cannot defeat "advertizing blocker programs", thats it, so if we figure a way to put the magicjack username and password
on our own devices, it will generate more business for them.

[thechad]

I agree, there's much to say about a personality. IMHO, possibly a bit spoiled, with a hint of "loonie" yourself.
I don't even own an magicJack, because I don't need it either. If the thrill of the challenge is what you're looking for, then why go around asking everyone for the answers? "spoiled" Why would someone buy something if they didn't think they were going to use it, or replace it anyway? "loonie" I find that the folks who really want the challenge will identify the means to achieve the goal, pay attention, don't give up, and in no time will obtain the answers. It's much more phun and rewarding to know you achieved your goals using your own intelligence, ingenuity, and reluctance to give up.

And if you can't find a little humor in people and yourself, you're destined to be angry for a lifetime.

[ramjet555]

Your post was much appreciated.
I will try to go through it all.

Has anyone else been successful with this?

Thanks


Ramjet

[crackerjack]

Your post was much appreciated.
I will try to go through it all.

Has anyone else been successful with this?

Thanks


Ramjet

Thought you returned these and got your money back???

[JohnnyFreightTRAIN]

hahahahaha.

[momo]

Agreed... it's the difference between giving one a fish, or instructing one how to fish for themselves.

there's one wrong thing about that attitude, sometimes you first have to FEED one before TEACHING one how to fish, or that one will go hungry until one learns how to fish.

It makes no sense ignoring the initial hunger, while trying to teach.
... but I don't think most get that

I've pm'd plenty on here, because some of their posts said ... 'hey, PM me for the info'
but none replied, except ONE, but said the same thing, it's already on the site.
so we not only have to decript the SIP, but also have to decrypt the posts and paste the info together

YEAH, I saw post 1 and post 6 as one on here said to do, in another thread, but it's all a jumble if you aren't fluent with this.
especially if you have someone you're taking care of needing 24 hour attention.

[vc2]

Agreed... it's the difference between giving one a fish, or instructing one how to fish for themselves.

there's one wrong thing about that attitude, sometimes you first have to FEED one before TEACHING one how to fish, or that one will go hungry until one learns how to fish.

It makes no sense ignoring the initial hunger, while trying to teach.
... but I don't think most get that

I've pm'd plenty on here, because some of their posts said ... 'hey, PM me for the info'
but none replied, except ONE, but said the same thing, it's already on the site.
so we not only have to decript the SIP, but also have to decrypt the posts and paste the info together

YEAH, I saw post 1 and post 6 as one on here said to do, in another thread, but it's all a jumble if you aren't fluent with this.
especially if you have someone you're taking care of needing 24 hour attention.

Apparently, Feeding the fish is not permitted on this forum. If you do, your posts get deleted.

[momo]

Agreed... it's the difference between giving one a fish, or instructing one how to fish for themselves.

there's one wrong thing about that attitude, sometimes you first have to FEED one before TEACHING one how to fish, or that one will go hungry until one learns how to fish.

It makes no sense ignoring the initial hunger, while trying to teach.
... but I don't think most get that

I've pm'd plenty on here, because some of their posts said ... 'hey, PM me for the info'
but none replied, except ONE, but said the same thing, it's already on the site.
so we not only have to decript the SIP, but also have to decrypt the posts and paste the info together

YEAH, I saw post 1 and post 6 as one on here said to do, in another thread, but it's all a jumble if you aren't fluent with this.
especially if you have someone you're taking care of needing 24 hour attention.

Apparently, Feeding the fish is not permitted on this forum. If you do, your posts get deleted.

I can understand the public thing, but why are members saying, within the post, to PM them if they don't want to be PM'd
I'm able to get (i think) all the other info, except the password.

EDITED...
Problem solved ... thank you (you know who)

[arowanadream]

I totally agree with ramjet555. I believe they never did it and just fooling around. They are the one that work at MJ