magicJack and magicJack Plus Support, Reviews, FAQs and Tricks

MagicHack wrote:It looks like magicJack patched that URL a little... although, you can still obtain SIP information using the URL above, you just need to pass a valid nonce, chkval, and version along with the serial number, and you can still obtain your (or someone elses) SIP info.

Nah, that would imply that some actual security was implemented
It's just that old versions are no longer supported -- try http://prov1.talk4free.com/softphone/pr ... xxxxxxxxxx .

Stewart wrote:

MagicHack wrote:It looks like magicJack patched that URL a little... although, you can still obtain SIP information using the URL above, you just need to pass a valid nonce, chkval, and version along with the serial number, and you can still obtain your (or someone elses) SIP info.

Nah, that would imply that some actual security was implemented
It's just that old versions are no longer supported -- try http://prov1.talk4free.com/softphone/pr ... xxxxxxxxxx .

OK, so they did make some server side changes, they were just not as clever as I gave them credit for.

Very cool find Stewart.

My proxy user password was alot more then 4 digits?!

do I just use the first 4 digits?

joecanadian wrote:My proxy user password was alot more then 4 digits?!

do I just use the first 4 digits?

New passwords are 12 characters now

I am on a 206 area code. Last night I checked fiddler and the password is still the same old 4 digit one.

i just now checked. the proxy user pw is 4 digits only for area code 216


anant

Hi all:

Has anyone sucessfully adapted MJ with SJ phone? I have downloaded SJ phone and also obtained SIP proxy data for my MJ. I am trying to fill in the proxy data into SJ phone options - profile . Can someone help me with this.

anant

I did as it was explained in the first post of this thread and it worked

Its not working anymore. Just checked a few times .. the page shows some encrypted text. Looks like they have encrypted the account information, just like Sunrocket used to do.

Stewart any help from you will be appreciated.

banstro wrote:Its not working anymore. Just checked a few times .. the page shows some encrypted text. Looks like they have encrypted the account information, just like Sunrocket used to do.

Thanks for the heads up. It looks like they are indeed phasing in encryption. For now, you can use version=20071210000000 (last date before encryption started), though that will obviously soon stop working.

Dang it... I just found out about this... and it would so help to use an ATA device instead of the comp... yeah magicJack is pretty inexpensive, but leaving a power hungry pc on 24/7 for the year adds to the bill...

is there ANY other way to get the sip info??? i really would like to get it working on an ata...

thanks!

news update...

you can get the username in cain & abel... just start the capture, restart magicjack, and you'll see the sip hash in the sniffer. the only problem is the password, which looks like it needs to be brute forced...

so to save me some time, i know it's 12 characters, but can anyone tell me if it's
-only numbers
-or numbers and letters (and if letters, lower case only or both)?

thanks mucho

-----

MagicHack wrote:Gregg,

Your post is very useful to the Newbie, but I want to point out a few things.

The second 'Connection' to the magicjack proxy server is not really a 'connection'. It is UDP, and thus connectionless. (yes, I am nit-picking. This is an important point if you ever decided to brute force someone elses password, because you have to deal with dropped packets.) If you sniff the wire, you will see that the second 'connection' usually looks something like this:

Code: Select all

    MagicJack                   SIP Server
     |                               |
     |------------REGISTER --------->|
     |                               |
     |<------401 Unauthorized--------|
     |                               |
     |-----------REGISTER----------->|
     |                               |
     |<-----------200 OK-------------|
     |                               |

The data passed across the wire for this second 'connection' is not encrypted either - it is an MD5 checksum. It is just standard WWW-Authentication (see rfc2617). So, the actual calculation for the 'encrypted' password is as follows:

Code: Select all

Calculate A1 = MD5(username:realm:password)
Calculate A2 = MD5(METHOD:uri)
Calculate Final Hash = MD5(A1:nonce:A2)

I looked all of this stuff up a while back because I was writing a tool to brute force the passwords:

(Of course, after writing this, someone pointed out that tools like cain exist, and do this kind of thing automatically for you...)

MagicHack

MagicHack... how did that app of your go... did you finish it? With Cain & Abel set at 12 numbers, it'll take my PC 14 days... it's it's just digits it might be doable, but if not... i think i'll have to find a 64bit multithreated app that will prob go much much faster. Any ideas???

This sucks.
Just got done ordering my magicjack.
And now it looks like I'm not going to be able to use it the way I wanted too.

password in mine is all numbers

My password is 4-digit all numbers.

joecanadian wrote:password in mine is all numbers

thank you thank you for answering my post. i'll start cracking now that i know my efforts won't be futile

SpamBox wrote:This sucks.
Just got done ordering my magicjack.
And now it looks like I'm not going to be able to use it the way I wanted too.

i know... i wanted to use an ata so i don't use too much electricity with my pc on all the time... i'm kinda sad i just missed it by days... but you can still get your username with cain & abel and the other settings are most likely the same. i wouldn't quite give up yet. all you need is a password, but it's limited to just numbers (12), which cain reports it'll take a little over 14 days... so if there's no power outage or anything (i don't have a ups), i'll post my results when it's done.

it's too bad cain & abel doesn't have a save/resume. eh. but we'll see what happens... if anybody comes up with anything before then, please share

but if not, merry christmas everyone... be back soon...

candlebox1369 wrote:i know... i wanted to use an ata so i don't use too much electricity with my pc on all the time... i'm kinda sad i just missed it by days... but you can still get your username with cain & abel and the other settings are most likely the same. i wouldn't quite give up yet. all you need is a password, but it's limited to just numbers (12), which cain reports it'll take a little over 14 days... so if there's no power outage or anything (i don't have a ups), i'll post my results when it's done.
it's too bad cain & abel doesn't have a save/resume. eh. but we'll see what happens... if anybody comes up with anything before then, please share
but if not, merry christmas everyone... be back soon...

Keep me (us) posted. Hopefully by the time I get mine in the mail, your Cain will be done working. And everything will be working.

SpamBox how fast is your system ... cpu, ram... ?

so I can rough how long mine will take!

I am 512 amd athlon1200 mobile (laptop )

joecanadian wrote:SpamBox how fast is your system ... cpu, ram... ?
so I can rough how long mine will take!
I am 512 amd athlon1200 mobile (laptop )

I got a P4 2.8G HT, 2GB ram

I wonder if the new magicjacks still can be used on a thin client?
Don't know if SP2 can be installed on XP embedded...hmmm

well it's still about 14 days...



I suppose I could wait 14 days to find out, but i wanted to ask if someone who has a 4 digit password can run cain & abel to verify that it does indeed crack the password.
-Download and install, start the capture (2nd green icon at the top), restart magicJack, under sniffer send the sip hash to the cracker, and under cracker:
-set character set to just 0123456789
-set password length for min & max to just 4
-start cracking...

It will seriously only take less than 1 minute as I've tried it (but obviously didn't work as mine is 12). I'm just curious... if it works on the 4 digit password, then it should work for everyone else who has a 12 digit password.

14 days on mine as well...

I about flipped the first go around - i didn't select custom and left it at predefined (with the whole alphabet and all the numbers), it said 250,000 years...

I feel so stupid sometimes

would be nice if some one has some fore-knowledge as to whether or not this works.

ir_efrem wrote:14 days on mine as well...

I about flipped the first go around - i didn't select custom and left it at predefined (with the whole alphabet and all the numbers), it said 250,000 years...

I feel so stupid sometimes

would be nice if some one has some fore-knowledge as to whether or not this works.

250,000 years! wow, Vista should be stable by then!

I started out at around 12 days and now I'm down to 10. I figure it'll get down to about a day or two and then the power will go out longer than my UPS can keep the computer up.

kenbr wrote:I started out at around 12 days and now I'm down to 10. I figure it'll get down to about a day or two and then the power will go out longer than my UPS can keep the computer up.

-----Keep us posted. It will be interesting to see if you are successful.

Yah I am interested too..

I have a 12 digit one and buying another well waiting to see if you guys can first of course prove successful.

250,000 years! wow, Vista should be stable by then!

naw , Vista is a In between they are already talking about the new OS. They will probably history repeat them selves and abandon it cut support. But no fear they have the biggest linux lab in the world and must be studying Linux possibly build a microsoft flavour cause its the only way they could survive lol!

I've got a bad feeling about this. I have two MagicJacks. With one of them I had gotten the SIP info using Fiddler before they made change which encrypted the data. I have been using that info in an ATA for the last couple of weeks without a problem. The other I have been using in my USB port on my computer while I've been running Cain trying to get the password. Last night both of them stopped working. The MagicJack software was giving an error 401. There was a software upgrade on the Magicjack USB device and later this morning it started working again but my ATA still does not work. I'm thinking they have changed something else and even if Cain does return a valid password I may not be able to get the ATA to work.

for everyone else with an ATA, does it still work??? cuz i was thinking of getting one...

did something change with the past 24 hours???

(kenbr you cANT run Fiddler while doing the upgrade!, wait until upgrade is complete, then start it!)
(yes jeffnyc! something has changed, Magicjack has changed all their softphone passwords! and they are no longer a numeric 4 digit number!)

I've figured out where they pull the provisioning from now, but the provisioning data is encrypted with something....
and the new version that downloads, decrypts the provisioning data in the software, here is the decrypted HTTPS data (modified a little bit to prevent others from getting my SIP data)...

GET /softphone/provision/?dbkey=blahblahblah&version=blahblahblah&osname=Win HTTP/1.1
User-Agent: SJPhone
Host: prov1.talk4free.com
Connection: Keep-Alive
Cache-Control: no-cache

�����BR�'ǿ��\M�O��O�ר|w.�1eN*(A@��
]^ft�V�Ŷ 4Ž�e��?�i��mM]a�̊z��B


Any Ideas??

magicman wrote:(kenbr you cANT run Fiddler while doing the upgrade!, wait until upgrade is complete, then start it!)
(yes jeffnyc! something has changed, Magicjack has changed all their softphone passwords! and they are no longer a numeric 4 digit number!)

I know they changed it from a 4 digit to a 12 digit. I had my new 12 digit password and I had it working after the change. They changed something again within the past 24 hours.

mabey they changed it from 12 digit to some other length? how did you know it was 12 digit?

I know they changed it from a 4 digit to a 12 digit. I had my new 12 digit password and I had it working after the change. They changed something again within the past 24 hours.[/quote]

Same with me. I had it working in the ATA with the 12 digit password but something changed last night and it quit working.

candlebox1369 wrote:for everyone else with an ATA, does it still work??? cuz i was thinking of getting one...

I guess ya got one . . .
http://cgi.ebay.com/Lot-of-25-SunRocket ... dZViewItem
-
-
-
-
-

magicman wrote:mabey they changed it from 12 digit to some other length? how did you know it was 12 digit?

They changed it to 12 digits when the portal was first introduced and you could change your number. They encrypted it with in the next few days. I retrieved it before they encrypted it. It was working for me fine until today.

In addition, I have received a few private msgs that it is not working with ata as of today from others.

$275 for a Telco AC-211 on EBAY. No way dude. That is a total ripoff.

Oh, I see. That was for 25 units.

does anybody think that maybe magicJack reads the forums here and finds way to make it more troublesome for us? well i mean... it is inexpensive, but if they were to add the $ spent on electricity to power up a pc 24/7... that will add more to the bill... and my pc is quite power hungry unfortunately.

what if we start a screening process... or just post stuff on irc? or....i dunno... well let's see who's the first one to post a working ata with magicjack sip info...

candlebox1369 wrote:does anybody think that maybe magicJack reads the forums here and finds way to make it more troublesome for us?

I'm sure they must be reading this forum. They want to see what security holes they have and patch them. Who wouldn't? I was hoping that they would view the few who already had their passwords before the encryption as "water over the dam" but I guess they decided to make the effort to shut those down too.

Yes...... they are all here.... reading (almost) all our posts....

My ata no longer registers as of today

well i think

1. for helping them figure out where they need to improve their security
2. for being a free tech support for them
3. and for simply being magicJack enthusiasts who have passed the word to others to try

that we should all get a 1 yr free license
or even better... after all we've done, let us use it on an ATA , after all, we can save even more money and electricity this way

oh and lets not forget the posts with users posting how much more clearer the signal was with an ATA instead of the magicJack...
more happy customers = good business...

all magicJack employees read this post!

same asterisk no longer registered.. they changed something..

as of this morning I have noticed can not call out server tells me awaiting auth sent..

Dan said in a post over at http://www.dslreports.com/forum/r187115 ... ~start=280 that in they are going to let people byob and will be selling numbers for 3 dollars a year in march. That be great if they do that.

maybe I did it wrong but I am at 2.9 days and just started it now..
(guessing it will grow in a few days to 14) Any updates from some of you guys out there..

I am getting something like 3928937 pass/sec athlon in a old compaq laptop 1200 mzh

I got magicjack and the cain cracker running with 512 megs ram

it looks maxed

but a call through on it seems to be fine no jitters or anything..

How long do you think it will take with a Pentium D 820 2.8ghz Dual Core with 2MB cache and 2GB RAM? Do you think the magicjackASSES just changed the password or we won't be able to ever get the config for it. Also it would be nice if someone could post a little how to on using this method. I personally can't get cain to work.
Help appreciated!
Kumar

P.S Happy New Year!!

Well, if magicjack guys are reading this, Let it be known, if your software was not so damn buggy, and it didnt crash every day, most of us would not be trying to use an ATA! I only started using one because my unit crashes about every 3 hours, and I even tried to resolve the problem through their tech support, but they are NOT smart enough to write a simple VOIP application, I mean really, this SIP protocol stuff is not hard, their software is so rigged, it is actually of bunch of stupid GDI picture crap on top of the "TigerJet VOIP Hardware Interface Demo Software 11.01" Magicjack needs to hire a few GOOD programmers to get the application working correctly! And quite outsourcing to someone who cant speak english.

Not to suck up or anything but this is still their beta. I would say they're doing a pretty good job for beta even though there are some bugs. For $40 i am not complaining.

kumar wrote:Not to suck up or anything but this is still their beta. I would say they're doing a pretty good job for beta even though there are some bugs. For $40 i am not complaining.

I would pretty much second that opinion. I haven't really had any problem with the USB adapter but I need an ATA so it can be up at all times without having to worry about whether the computer is up or not. I work from home and I do a lot of testing on my PC. This requires quite a bit of shutting down and rebooting which is not really a good thing if you're on the phone with a customer at the same time. Although I really like the Magicjack service I don't know that I can use it if I have to have the PC running to talk.

They know that allowing to use a ATA is a must. They just want to make money. y providers.

kenbr wrote:

kumar wrote:Not to suck up or anything but this is still their beta. I would say they're doing a pretty good job for beta even though there are some bugs. For $40 i am not complaining.

I would pretty much second that opinion.

i third it. i was actually surprised it was working in xp x64! which means it should also works in windows server 2003 x64. not bad....

joecanadian wrote: hey as lovely as that is.. I don't use windows I use Linux thats all..
if they open things up and keep things as cheap as they are I will buy alot more accounts.

i agree. it could be better for both them and us... if magicJack lets users use an ATA, even if they don't provide support for it, then their service will be OS independent, not to mention that once it's up, the connection will be more reliable as we all know hardware beats software any day. why keep this quality away from the customers? plus, they will get less customer support headaches because there will be less people with problems.

joecanadian wrote: I sorta like knowing that all the traffic from my computer actually is..
no hidden tasks no 3 keys for complet backdoor access one the NSA has.. no secrets..

this reminds me of a story i read on betanews... how skype went down due to microsoft's fault (all the super node computers simultaneously rebooting at the same time because of windows update which runs 2nd tues of each month if set an automatic) but then how it wasn't.... and how it was interesting that before that happened the govt. wanted a way in which would require changing their algorithm or something like that... maybe this won't be for magicJack, but these days who knows.