MJ SIP Password Changed

[manachinu]

Today i noticed my MJ wasnt able to connect using Softphone or ATA . Decided to take a new dump and noticed MJ Password was changes.

Anyone with similar issue ?

[mrjlturner]

Same issue..but I can't even find the password in my dump file...this stinks! What was the field name that you found yours under?

Today i noticed my MJ wasnt able to connect using Softphone or ATA . Decided to take a new dump and noticed MJ Password was changes.

Anyone with similar issue ?

[mrjlturner]

Found another post with the same issues...The latest update blocks the SIP credentials from being seen in the dump file...unless you are sneaky...

Same issue..but I can't even find the password in my dump file...this stinks! What was the field name that you found yours under?

Today i noticed my MJ wasnt able to connect using Softphone or ATA . Decided to take a new dump and noticed MJ Password was changes.

Anyone with similar issue ?

[kumar]

Im gonna try to revert and dump it...


Kumar

[kumeil]

What did you use to capture that dump? I tried Windows Vista and got the Dump, but it doesn't have any information anymore. Any help would be appreciated.

[Sherwin Williams]

Found another post with the same issues...The latest update blocks the SIP credentials from being seen in the dump file...unless you are sneaky...

The SIP password is still in the dump file. No need to be sneaky.

Start your softphone, when you see "ready to call", do your pmdump.

Password is in there. 20 ASCII characters long.

[pagemen]

so this might be a coincident...

my PAP2 can't register yesterday night, wasn't aware of the credential issue so I do a factory reset and set everything up again--MJ started working after that, with old password...

[propizza]

I had a new pass on one mj and the same on my other

[pagemen]

just run pmdump again, same password...anyway, i guess all users will get a new password, just a matter of time.

[konnan]

Same issue , but i redump it again, and suprise New password, same proxyuri... so MJ it now working in my ata...

[synchron]

Ditto for me - got a new password - Oddly enough lot's of O's and 0's so it took a few tries to authenticate. Wondering if besides it being 20 characters they're making it harder although any ASCII chart will tell you the difference between O vs 0.

Synchron

[konnan]

Sychron: I resolved that issue by open the dump with notepad and just make a copy paste...

[synchron]

Cut/paste does not work for me. The process allows me to enter 20 characters but wants me to manually type it twice (like many webforms when wanting to authenticate someone).

Synchron

[gooney]

Download this hex editor to view your dump... loads faster than wordpad and notepad... its fast and its free.

Hex Edit Free 2.5F

http://www.download.com/Hex-Edit-Free/3 ... ?tag=mncol

[jamoke]

I've been able to retrieve my credentials in the past using pmdump. However, when I run the app, it seems to exit the dump quickly, leaving a file size of about 79MB. Am I doing something wrong? I can't find the proper string that contained my password as I have in the past. Is there a relationship of when I start the dump and placing a call?

[angel-78]

I use textpad and it worked fine. I also got a new password. I don't know if anyone noticed but they also changed the User-Agent.

[Taken83oveR]

Yea, my password must of changed. I have been running fine on a Linksys PAP2-NA, for many months now. But I am having trouble getting the new password, using pmdump or vista's dump feature.

[manachinu]

Its just timing issue...you have to run pmdump as soon as you see magicjack in process list.

[Taken83oveR]

Yea, I am doing it before magicjack even finishes loading up (using my own shortcut), as soon as I see it in the taskmanager. I am right clicking and dumping. Not giving it time to do much of anything.

Edit: Ok I got it. The trick is not to do it to fast or to slow. As soon as magicjack opens up, and you see the gui. Very soon, magicjack will try to sign in. You want to start the dump, right before this process.

[Günter Höhn]

Yea, I am doing it before magicjack even finishes loading up (using my own shortcut), as soon as I see it in the taskmanager. I am right clicking and dumping. Not giving it time to do much of anything.

Edit: Ok I got it. The trick is not to do it to fast or to slow. As soon as magicjack opens up, and you see the gui. Very soon, magickack will try to sign in. You want to start the dump, right before this process.

I believe the password will be in there all the time. My MJ has been running for a few days, and the steps below work fine.

Assuming you strings, pmdump, and grep in your PATH, you can get your password like this

1. Find the pid for your magicjack.exe

   Code: Select all

   C:\>pmdump -list|grep -i magicjack
    31337 - magicJack.exe

2. Dump the magicjack.exe process using the pid listed above

   Code: Select all

   pmdump 31337 dumpfile.dat

3. use grep to pull out possible passwords (I'm sure there is easier way to do this)

   Code: Select all

   C:\>strings dumpfile.dat | grep -w -E [0-9A-Z]{20} |grep -v -E [a-z~!@#$%^&*()_+\[\=">""<".;:'] 

Your password will be one of the strings displayed.

Edited to fix grep statement. Thank you to posters.

[kumeil]

Hey, I am trying to get the password again. I do a dump when it says ready to call. I still can't find the password inside. What field am I looking for? THANKS.

[robatino]

> I believe the password will be in there all the time. My MJ has been running for a few days, and the steps below work fine.

In general, it won't be. I did a successful dump by doing it quickly, before the phone call. It contains the password on a line starting with "ProxyUserPassword=". A dump I did just after the phone call doesn't contain either this string or the password (which I did a separate search for). I did both dumps after the latest MJ update.

> What field am I looking for? THANKS.

Search for "ProxyUserPassword" (without quotes). If the password is there, it will be immediately after that.

[Sherwin Williams]

Yea, I am doing it before magicjack even finishes loading up (using my own shortcut), as soon as I see it in the taskmanager. I am right clicking and dumping. Not giving it time to do much of anything.

Edit: Ok I got it. The trick is not to do it to fast or to slow. As soon as magicjack opens up, and you see the gui. Very soon, magickack will try to sign in. You want to start the dump, right before this process.

I believe the password will be in there all the time. My MJ has been running for a few days, and the steps below work fine.

Assuming you strings, pmdump, and grep in your PATH, you can get your password like this

1. Find the pid for your magicjack.exe

   Code: Select all

   C:\>pmdump -list|grep -i magicjack
    31337 - magicJack.exe

2. Dump the magicjack.exe process using the pid listed above

   Code: Select all

   pmdump 31337 dumpfile.dat

3. use grep to pull out possible passwords (I'm sure there is easier way to do this)

   Code: Select all

   C:\>strings dumpfile.dat | grep -w -E [0-9A-Z]{20} |grep -v -E [a-z~!@#$%^&*()_+"\[=<>.;:'] 

Your password will be one of the strings displayed.

Nice use of the grep command. Had my password in like 3 seconds with that beauty.

[neo2121]

Well i get a lot of e-mails on the subject of not being able to find the password in the dump file. Well there is a new tool out over at magicjackhacks.com its the top news story right now. But this program uses pmdump and takes about 5 min but in the end it will spit out your password via command line.

In regards to the update not allowing you to get the password anymore I plugged my magicjack just to get the download ran the program and still got the password they haven't changed my password either. Well I hope this helps a few people out

[alphabeta]

I got all Zeros when I search for the "ProxyUserPassword" . Is this right or I am missing something?

[Taken83oveR]

Well i get a lot of e-mails on the subject of not being able to find the password in the dump file. Well there is a new tool out over at magicjackhacks.com its the top news story right now. But this program uses pmdump and takes about 5 min but in the end it will spit out your password via command line.

In regards to the update not allowing you to get the password anymore I plugged my magicjack just to get the download ran the program and still got the password they haven't changed my password either. Well I hope this helps a few people out

PM.exe, does not run on x64.

[SpamBox]

Well i get a lot of e-mails on the subject of not being able to find the password in the dump file. Well there is a new tool out over at magicjackhacks.com its the top news story right now. But this program uses pmdump and takes about 5 min but in the end it will spit out your password via command line.

In regards to the update not allowing you to get the password anymore I plugged my magicjack just to get the download ran the program and still got the password they haven't changed my password either. Well I hope this helps a few people out

Works on XP Media Center Edition just fine. Had to run it twice though. The first time my MJ was 'upgraded' and your 'magic' found my old pw. Unplugged MJ, re-ran your 'magic', re-plugged my MJ, and it found my new pw.

Thanks! Saved me from getting a headache. Very easy to use.
-SpamBox

[Günter Höhn]

Well i get a lot of e-mails on the subject of not being able to find the password in the dump file. Well there is a new tool out over at magicjackhacks.com its the top news story right now. But this program uses pmdump and takes about 5 min but in the end it will spit out your password via command line.

In regards to the update not allowing you to get the password anymore I plugged my magicjack just to get the download ran the program and still got the password they haven't changed my password either. Well I hope this helps a few people out

Ha. I was thinking the same thing thing. I've received almost 40 PM's since posting. There is not need to wait 5 minutes to get your SIP info. I posted above how to get it in 5 seconds. Without running some unknown exe!

Don't know about you, but, I don't randomly run exe's that people post!

[Taken83oveR]

Yea, I am doing it before magicjack even finishes loading up (using my own shortcut), as soon as I see it in the taskmanager. I am right clicking and dumping. Not giving it time to do much of anything.

Edit: Ok I got it. The trick is not to do it to fast or to slow. As soon as magicjack opens up, and you see the gui. Very soon, magickack will try to sign in. You want to start the dump, right before this process.

I believe the password will be in there all the time. My MJ has been running for a few days, and the steps below work fine.

Assuming you strings, pmdump, and grep in your PATH, you can get your password like this

1. Find the pid for your magicjack.exe

   Code: Select all

   C:\>pmdump -list|grep -i magicjack
    31337 - magicJack.exe

2. Dump the magicjack.exe process using the pid listed above

   Code: Select all

   pmdump 31337 dumpfile.dat

3. use grep to pull out possible passwords (I'm sure there is easier way to do this)

   Code: Select all

   C:\>strings dumpfile.dat | grep -w -E [0-9A-Z]{20} |grep -v -E [a-z~!@#$%^&*()_+"\[=<>.;:'] 

Your password will be one of the strings displayed.

I get a error when using your method. Thought I would try it, just for fun.

[joevv]

Looks like the only passwords that were changed was the ones running ATA's or other softphones . I know this for a fact so that means MJ can tell which users are not using their softphone and specifically targeted those users only. Sorta of an ECM. If you persist on not using the MJ softphone I guess the next step would be termination. Besides, they now have the ability to change your password at random so do you want to dump everyday?

[Poo619]

How do you know for a fact that they only changed the passwords on people who use ATA's? The only people who would even realize their password was changed are those searching for it to use on an ATA so I can't possible see how you can say that you know for a fact.

[neo2121]

Ha. I was thinking the same thing thing. I've received almost 40 PM's since posting. There is not need to wait 5 minutes to get your SIP info. I posted above how to get it in 5 seconds. Without running some unknown exe!

Don't know about you, but, I don't randomly run exe's that people post!

included is the source code for the file so you can look it over if you think its malicious. Just trying to help out I don't know how you get your password but it takes my rig about 5 min to dump the exe and then for me to open the file and scroll all the way to the bottom and copy and paste we just made it simpler that's all. use it don't use it I don't care its there though have good one

[Günter Höhn]

Looks like the only passwords that were changed was the ones running ATA's or other softphones . I know this for a fact so that means MJ can tell which users are not using their softphone and specifically targeted those users only. Sorta of an ECM. If you persist on not using the MJ softphone I guess the next step would be termination. Besides, they now have the ability to change your password at random so do you want to dump everyday?

My password changed, and I do not use an ATA.

If properly configured, there is no way magicJack can tell you are using an ATA.

[jamoke]

How does one "properly" configure their device so MJ can't tell what you're using? I would imagine it's a matter of setting the user agent, but I'm not sure how you set this for the MJ trunk versus all SIP trunks globally. I am an Asterisk user.

[gooney]

Looks like the only passwords that were changed was the ones running ATA's or other softphones . I know this for a fact so that means MJ can tell which users are not using their softphone and specifically targeted those users only. Sorta of an ECM. If you persist on not using the MJ softphone I guess the next step would be termination. Besides, they now have the ability to change your password at random so do you want to dump everyday?

I think they would rather terminate your account if they know youre using an ata rather than just changing password.

included is the source code for the file so you can look it over if you think its malicious. Just trying to help out I don't know how you get your password but it takes my rig about 5 min to dump the exe and then for me to open the file and scroll all the way to the bottom and copy and paste we just made it simpler that's all. use it don't use it I don't care its there though have good one

Tested your little utility just for fun and i must say you guys did a very good job... took around 3 seconds is all to get the password and no need for timing pmdump.

I believe the password will be in there all the time. My MJ has been running for a few days, and the steps below work fine.

Assuming you strings, pmdump, and grep in your PATH, you can get your password like this

1. Find the pid for your magicjack.exe

   Code: Select all

   C:\>pmdump -list|grep -i magicjack
    31337 - magicJack.exe

2. Dump the magicjack.exe process using the pid listed above

   Code: Select all

   pmdump 31337 dumpfile.dat

3. use grep to pull out possible passwords (I'm sure there is easier way to do this)

   Code: Select all

   C:\>strings dumpfile.dat | grep -w -E [0-9A-Z]{20} |grep -v -E [a-z~!@#$%^&*()_+"\[=<>.;:'] 

Your password will be one of the strings displayed.

Tested your workaround and works really well... great job with grep

[joevv]

How do you know for a fact that they only changed the passwords on people who use ATA's? The only people who would even realize their password was changed are those searching for it to use on an ATA so I can't possible see how you can say that you know for a fact.

I have many MJ's and I have the sip info on all of them. I use some with ATA's and others with Mj softphone. All of the ATA's stoped working when the passwords changed. When I reaquired the sip info and compared to the originals only the ATA's had changed the others did not.

[joevv]

If properly configured, there is no way magicJack can tell you are using an ATA.

Don't be so sure. The Mj softphone interacts with many windoze apps. Resgistry for one so don't miss inform people by stating that there's no way mj can tell if you're using an ATA.

[MagicHack]

If properly configured, there is no way magicJack can tell you are using an ATA.

Don't be so sure. The Mj softphone interacts with many windoze apps. Resgistry for one so don't miss inform people by stating that there's no way mj can tell if you're using an ATA.

The magicJack does in fact read/write from the registry, but none of that information is in fact passed to magicJack. If you do a network capture using wireshark, you'll see they use standard SIP. Nothing more, nothing less. So, assuming you set your user-agent string appropriately, the packets will look as though they came right from the magicJack.

[joevv]

[
I think they would rather terminate your account if they know youre using an ata rather than just changing password.

The answer is obvious. This board alone has over 16,000 registered members. Most come here to learn how to use ATA's and other softphones to use with linux. I estimate the number of people using other softphone/hardware to be in the thousands (very conservative estimate).
Its not in MJ's best interest to terminate that many users right now but in the future they may because the revenue lost would not cause a major impact on their business.

[alphabeta]

[
I think they would rather terminate your account if they know youre using an ata rather than just changing password.

The answer is obvious. This board alone has over 16,000 registered members. Most come here to learn how to use ATA's and other softphones to use with linux. I estimate the number of people using other softphone/hardware to be in the thousands (very conservative estimate).
Its not in MJ's best interest to terminate that many users right now but in the future they may because the revenue lost would not cause a major impact on their business.

How using ATA causing revenue loss?

[joevv]

[... assuming you set your user-agent string appropriately, the packets will look as though they came right from the magicJack.

There you go. That's one way they could tell if your are not using their softphone. All they have to do is change the user Agent. Their softphone will reply with the correct value others will not.

[joevv]

How using ATA causing revenue loss?

I didn't say using ATA's caused revenue lost. Terminating all ATA users would be a revenue lost to MJ

[gooney]

Looks like the only passwords that were changed was the ones running ATA's or other softphones . I know this for a fact so that means MJ can tell which users are not using their softphone and specifically targeted those users only. Sorta of an ECM. If you persist on not using the MJ softphone I guess the next step would be termination. Besides, they now have the ability to change your password at random so do you want to dump everyday?

By the way i have been using ata since feb or maybe march i forgot lol anyway they have not changed my password and it is still running as of this moment. maybe it will change today hahaha never know.

[VaHam]

Yea, I am doing it before magicjack even finishes loading up (using my own shortcut), as soon as I see it in the taskmanager. I am right clicking and dumping. Not giving it time to do much of anything.

Edit: Ok I got it. The trick is not to do it to fast or to slow. As soon as magicjack opens up, and you see the gui. Very soon, magickack will try to sign in. You want to start the dump, right before this process.

I believe the password will be in there all the time. My MJ has been running for a few days, and the steps below work fine.

Assuming you strings, pmdump, and grep in your PATH, you can get your password like this

1. Find the pid for your magicjack.exe

   Code: Select all

   C:\>pmdump -list|grep -i magicjack
    31337 - magicJack.exe

2. Dump the magicjack.exe process using the pid listed above

   Code: Select all

   pmdump 31337 dumpfile.dat

3. use grep to pull out possible passwords (I'm sure there is easier way to do this)

   Code: Select all

   C:\>strings dumpfile.dat | grep -w -E [0-9A-Z]{20} |grep -v -E [a-z~!@#$%^&*()_+"\[=<>.;:'] 

Your password will be one of the strings displayed.

I get a error when using your method. Thought I would try it, just for fun.

I get the exact same error.

[synchron]

Guys, how important is it to enter the user-agent string header? The ATA does not have a field entry for this in either SIP Proxy settings or SIP User Account, however, I could enter it via Telnet and their CLI (It's an Innomedia MTA6328re). I get both Voip light successful registration without the user-agent string.

I also Wireshark captured with both MJ dongle and with ATA and I can't seem to find where this user-agent string is used. Is it really necessary and will I get flagged for it?

TIA,

Synchron.

[laserjobs]

Guys, how important is it to enter the user-agent string header? The ATA does not have a field entry for this in either SIP Proxy settings or SIP User Account, however, I could enter it via Telnet and their CLI (It's an Innomedia MTA6328re). I get both Voip light successful registration without the user-agent string.

I also Wireshark captured with both MJ dongle and with ATA and I can't seem to find where this user-agent string is used. Is it really necessary and will I get flagged for it?

TIA,

Synchron.

There seems to be no place to change the user-agent on the Innomedia. I just turned the user-agent header off but it probably will not make any difference.

[MagicHack]

I get the exact same error.

Gunther, I get that error too. However, when I escape the brackets, it works...

So, change your grep to be something like:

Code: Select all

strings mj.bin | grep -w -E [0-9A-Z]{20} | grep -v -E [a-z~!@#$%^&*()_+\[\=">""<".;:']

[mufon]

Guys, how important is it to enter the user-agent string header? The ATA does not have a field entry for this in either SIP Proxy settings or SIP User Account, however, I could enter it via Telnet and their CLI (It's an Innomedia MTA6328re). I get both Voip light successful registration without the user-agent string.

I also Wireshark captured with both MJ dongle and with ATA and I can't seem to find where this user-agent string is used. Is it really necessary and will I get flagged for it?

TIA,

Synchron.

There seems to be no place to change the user-agent on the Innomedia. I just turned the user-agent header off but it probably will not make any difference.

The Innomedia is probably like the AC-211 in that the user-agent string is configure via provisioning config file. If you can get an admin guide for the Innomedia, it probably provides details.

[laserjobs]

Guys, how important is it to enter the user-agent string header? The ATA does not have a field entry for this in either SIP Proxy settings or SIP User Account, however, I could enter it via Telnet and their CLI (It's an Innomedia MTA6328re). I get both Voip light successful registration without the user-agent string.

I also Wireshark captured with both MJ dongle and with ATA and I can't seem to find where this user-agent string is used. Is it really necessary and will I get flagged for it?

TIA,

Synchron.

There seems to be no place to change the user-agent on the Innomedia. I just turned the user-agent header off but it probably will not make any difference.

The Innomedia is probably like the AC-211 in that the user-agent string is configure via provisioning config file. If you can get an admin guide for the Innomedia, it probably provides details.

I could not find it anywhere in the documentation
http://www.innomedia.com/manuals/Admini ... s_v1_1.pdf

[VaHam]

I get the exact same error.

Gunther, I get that error too. However, when I escape the brackets, it works...

So, change your grep to be something like:

Code: Select all

strings mj.bin | grep -w -E [0-9A-Z]{20} | grep -v -E [a-z~!@#$%^&*()_+\[\=">""<".;:']

Thanks Gunter and you MagicHack that fixed the problem I was having.

Interesting the MJ password did not change on the MJ I was testing.