Walk-through to configure a different softphone

magicJack Tips and Tricks

Moderators: Pilot, Bill Smith

Gregg
MagicJack User
Posts: 32
Joined: Thu Nov 15, 2007 11:42 am
Location: New Mexico

Walk-through to configure a different softphone

Post by Gregg »

I've read about a number of people struggling to use Fiddler to obtain their SIP information, so I decided to post a little "How-To" guide for obtaining your SIP information, and configuring a your own softphone.

This tutorial will be broken into two parts. Part one will contain information for discovering your sip credentials, and part two will detail how to configure another softphone (xlite).

NOTE: This method to obtain your SIP credentials is OBSOLETE, and NO LONGER WORKS! You will need to find a new way to get your SIP info. The part 2 (configuring a softphone is still valid, assuming you have your SIP credentials).

Part 1: Discovering your SIP credentials.

When the magicJack starts up, it's first connection is out to one of their provisioning servers to obtain your SIP credentials. Unfortunately, this is a secure (https/ssl) connection, thus a simple network capture does not allow for us to see the underlying information. After your magicJack gets it's SIP credentials, it's second connection is to register with the magicJack proxy server. A network capture will show you that these connections look like:

First Connection (requesting SIP Credentials)

Code: Select all

magicjack                                   provisioning server
          ---- asks for SIP Credentials ---> 
          <--- returns SIP Credentials ----

Second Connection (registering with proxy server)

Code: Select all

magicjack                                       proxy server
          ----- encrypted SIP Credentials ----> 
          <------- Authorized message --------
(This is an overly simplified explanation, but, the general idea is more or less correct.)

So, there are a few different approaches to getting your underlying SIP info. A tool like Fiddler allows us to intercept and decrypt the first connection to the provisioning server, whereas a tool like Cain allows us to brute force the encrypted SIP Credentials in the second connection.

Since the magicJack uses only a 4 digit password, it is very easy to brute force it using Cain. Fiddler is a great tool if you want to actually "fiddle" with the data being passed - in other words, if you want to change the values the provisioning server is sending you.

If all you are looking to do is obtain your SIP info, by far, the easiest way is to simply request that information directly from the provisioning server.

So, without further delay, here one way to do this under windows.
First you need to find your serial number:
  • Right click on "My Computer", and select "Manage"
  • Click on "Device Manager"
  • Click on DVD/CD-Rom drives
  • Right Click on "YMax MagicJack USB Device", and select properties
  • click on the "Details" tab
  • select "Device Instance Id" from the drop down list
    At this point, you will see Information that looks like:

    Code: Select all

    USBSTOR\CDROM&VEN_YMAX&PROD_MAGICJACK&REV_X.XX\A9XXXXXXXXXXXX&1
You need to write down the actual serial number (That is the A9XXXXXXXXXXXX) listed above - this will be a 14 characters long, and a mixture of numbers and letters.

Now that you have your serial number, we simply need to pass it to the provision server, to get your SIP Credentials.

You can do this by simply appending your serial number to the URL:

Code: Select all

https://prov1.talk4free.com/softphone/provision/?serial=
So, if your serial number is A9123456789234, you'd go to the URL: https://prov1.talk4free.com/softphone/p ... 3456789234

Assuming you've done this correctly, when you go to your provisioning URL, you should see something like:

Code: Select all

[SIP 2.0] 
SIPResyncEventsReceiverEnabled=1 
ProxyUserName=E931XXXXXXX01 
ProxyUserPassword=XXXX 
SIPCallerID=E931XXXXXXX01 
RegisterOnProxy=1 
SIPVoiceMailAddress=931XXXXXXX
EnableTelephoneEvents=1 
UserDomain=67.106.133.198 
ProxyDomain=proxy1.nashville.talk4free.com 
ProxyPort=5070 
ProxyStrictOutbound=1 
[CustomFields] 
CustomField17="http://67.106.133.212/upgrade/2007-01-07/magicJackOutlookAddin.exe" CustomField10="http://www.free411.com" 
CustomField11="931XXXXXXX" 
[Customer] 
CustomerBannerURL="http://67.106.133.212/ads/rotate2.html" 
[SoftwareUpdate] 
SoftwareUpdateVersionRequired=20070921151100 SoftwareUpdateURL=http://67.106.133.212/upgrade/2007-09-21/upgrade.exe 
SoftwareUpdateAutoInstall=0 
SoftwareUpdateInstallDelay=1
I've blocked out some of my personal information. The only values above that we'll need, are:

Code: Select all

ProxyUserName=E931XXXXXXX01 
ProxyUserPassword=XXXX 
UserDomain=67.106.133.198 
ProxyDomain=proxy1.nashville.talk4free.com 
ProxyPort=5070 
That's it - you now have your underlying SIP Credentials.

Part 2: Configuring a softphone.

In this part, we'll configure our own softphone. You settings might vary slightly depending on the actual softphone (or ATA) that you are using, but, the idea is the same. The softphone I'll be configuring is XLite, available from CounterPath.

Step by step:
  • Download and install XLite (I've only tested the Windows version.)
  • if your magicjack.exe process is running, stop it, as we'll no longer need that
  • Start up XLite (Start -> Programs -> X-Lite -> X-Lite)
  • Right Click on the softphone, and select Options
  • In the options screen, select devices
  • If you want to use the magicJack hardware, change all of the drop down boxes to be "USB Internet Phone by TigerJet"
  • Click Apply

    Now we need to plug in our SIP Credentials we discovered in Part 1 above:
  • Right click on the X-Lite softphone, and select "SIP Account Settings"
  • we're going to need to add an account with the following values:
    User Details
    Display Name: Gregg (obviously, put your own name here)
    User name: E931XXXXXXX01 (The ProxyUserName value from Part 1)
    Password: XXXX (the ProxyUserPassword value from Part 1)
    Authorization User name E931XXXXXXX01 (The ProxyUserName value from Part 1)
    Domain: 67.106.133.198 (The UserDOmain value from Part 1)
    Domain Proxy
    Check the box labeled "Register with domain and receive incoming calls"
    Check the "proxy" button
    Address: proxy1.nashville.talk4free.com:5070 (ProxyDomain:ProxyPort values from Part 1)
    Dialing Plan
    Configure this to your tastes - I use something like:

    Code: Select all

    \a\a.T|[2-9]xxxxxxxxx|#1\a\a.T;match=1;prestrip=2;
  • Click OK/Apply, and your softphone should start.
Post any problems or comments you may have.

Thanks again to everyone who helped me via PM to understand all of this.

- Gregg
User avatar
laserjobs
Dan Should Pay Me
Posts: 670
Joined: Mon Nov 12, 2007 4:11 pm

Post by laserjobs »

Gregg thanks for posting a step by step.

As everyone can now see MJ is totally insecure and easily exploited and has been this way for at least a couple of months.
ke7doy
magicJack Apprentice
Posts: 16
Joined: Mon Nov 12, 2007 11:14 pm

Post by ke7doy »

Laserjobs, I think you meant unsecure, but I can see how they could be insecure, given the current state of things!
kumar
Dan Should Pay Me
Posts: 806
Joined: Thu Nov 15, 2007 4:29 pm
Contact:

Post by kumar »

ke7doy wrote:Laserjobs, I think you meant unsecure, but I can see how they could be insecure, given the current state of things!
It happens:) so its no biggy. if your going to do that to him you will pick up a lot of mistakes from me.
Peace
ke7doy
magicJack Apprentice
Posts: 16
Joined: Mon Nov 12, 2007 11:14 pm

Post by ke7doy »

Just being a smart @$$. No offence intended.
MagicHack
Dan isn't smart enough to hire me
Posts: 241
Joined: Mon Nov 12, 2007 4:11 pm
Contact:

Post by MagicHack »

Gregg,

Your post is very useful to the Newbie, but I want to point out a few things.

The second 'Connection' to the magicjack proxy server is not really a 'connection'. It is UDP, and thus connectionless. (yes, I am nit-picking. This is an important point if you ever decided to brute force someone elses password, because you have to deal with dropped packets.) If you sniff the wire, you will see that the second 'connection' usually looks something like this:

Code: Select all

    MagicJack                   SIP Server
     |                               |
     |------------REGISTER --------->|
     |                               |
     |<------401 Unauthorized--------|
     |                               |
     |-----------REGISTER----------->|
     |                               |
     |<-----------200 OK-------------|
     |                               |

The data passed across the wire for this second 'connection' is not encrypted either - it is an MD5 checksum. It is just standard WWW-Authentication (see rfc2617). So, the actual calculation for the 'encrypted' password is as follows:

Code: Select all

Calculate A1 = MD5(username:realm:password)
Calculate A2 = MD5(METHOD:uri)
Calculate Final Hash = MD5(A1:nonce:A2)
I looked all of this stuff up a while back because I was writing a tool to brute force the passwords:
Image
(Of course, after writing this, someone pointed out that tools like cain exist, and do this kind of thing automatically for you...)

The serial numbers: You can get this information a few other ways too - from the registry (HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\...), a dump of the magicjack process, or even look at the magicJack log file (simply add "/lf magicjack.log" when starting your magicjack.exe).

The URL you are getting the provisioning information from is correct, but also exploits a hole (which is the 'insecurity' laserjobs it talking about.) If you go the route of using fidder, you will see that there are actually additional arguments passed to that URL (namely email, etc) which magicJack SHOULD be authenticating against. The problem is, that you can simply 'guess' a serial number, and get someone elses SIP information. Clearly this is a bug. I told magicJack about this bug a few months ago, they just haven't fixed it yet...

All in all, good post Gregg... Very userful stuff...

MagicHack
jeffnyc
Dan isn't smart enough to hire me
Posts: 336
Joined: Sat Nov 17, 2007 10:28 am

Post by jeffnyc »

Yeah, its kind of disappointing that magicjack is so unsecure and insecure.

Dialing out on someone else's sip credentials probably does not do too much damage as mj is currently at a fixed price but

The big problem is incoming. It would suck if your incoming calls from your friends and family rang on some scammers phone.

Anyone know if the ability to alter other people's 911 addresses has been fixed?

Hopefully they will resolve these security issues before they embrace prepaid international calling and lnp.
punjabiput
MagicJack Newbie
Posts: 3
Joined: Tue Dec 04, 2007 11:02 pm

Post by punjabiput »

Hello Gregg, great post. I actually tried configuring the Xlite softphone per ur directions. When I put my SIP credentials in the account ,I got " Registration error: 408 - Request Timeout" in my softphone. I actually posted my problem under Technical support forums Username- punjabiput. and so far no luck. This is the 2nd magicjack they have sent me as I was having same problem with my first one. I always have "Please connect to internet...." message inspite of being connected to internet.
oomph
MagicJack Newbie
Posts: 6
Joined: Tue Dec 11, 2007 8:21 pm

Post by oomph »

When i input my serial # into this website it does not reply back with the information mentioned on this site.

Am I doing something wrong?


https://prov1.talk4free.com/softphone/p ... n/?serial=
User avatar
laserjobs
Dan Should Pay Me
Posts: 670
Joined: Mon Nov 12, 2007 4:11 pm

Post by laserjobs »

oomph wrote:When i input my serial # into this website it does not reply back with the information mentioned on this site.

Am I doing something wrong?


https://prov1.talk4free.com/softphone/p ... n/?serial=
No you did it right but MJ has changed their system so that it will no longer work
jeffnyc
Dan isn't smart enough to hire me
Posts: 336
Joined: Sat Nov 17, 2007 10:28 am

Post by jeffnyc »

Yeah, I tried it and got all zeros in the fields but I thought it was because of my failed attempt at number change. My mj wont register now even using their softphone the legit way
oomph
MagicJack Newbie
Posts: 6
Joined: Tue Dec 11, 2007 8:21 pm

Post by oomph »

mine works fine, but ya I get all zero's

Are there any work arounds?
oomph
MagicJack Newbie
Posts: 6
Joined: Tue Dec 11, 2007 8:21 pm

Post by oomph »

is there any other known way to obtain my SIP credentials and use a softphone like Xlite or Gizmo?
oomph
MagicJack Newbie
Posts: 6
Joined: Tue Dec 11, 2007 8:21 pm

Post by oomph »

After a little tinkering w/ Cain.

I was able to quickly crack and obtain my SIP credentials.

Thanks a ton for the post. I much prefer using an Xlite softphone, this will also enable me to use it in Linux :)
MagicHack
Dan isn't smart enough to hire me
Posts: 241
Joined: Mon Nov 12, 2007 4:11 pm
Contact:

Post by MagicHack »

oomph wrote:mine works fine, but ya I get all zero's

Are there any work arounds?
It looks like MJ 'fixed' this issue. Like I said above, this really was a security hole...

It looks like magicJack patched that URL a little... although, you can still obtain SIP information using the URL above, you just need to pass a valid nonce, chkval, and version along with the serial number, and you can still obtain your (or someone elses) SIP info.
Stewart
Dan Should Pay Me
Posts: 663
Joined: Tue Nov 13, 2007 2:58 pm

Post by Stewart »

MagicHack wrote:It looks like magicJack patched that URL a little... although, you can still obtain SIP information using the URL above, you just need to pass a valid nonce, chkval, and version along with the serial number, and you can still obtain your (or someone elses) SIP info.
Nah, that would imply that some actual security was implemented ;)
It's just that old versions are no longer supported -- try http://prov1.talk4free.com/softphone/pr ... xxxxxxxxxx .
MagicHack
Dan isn't smart enough to hire me
Posts: 241
Joined: Mon Nov 12, 2007 4:11 pm
Contact:

Post by MagicHack »

Stewart wrote:
MagicHack wrote:It looks like magicJack patched that URL a little... although, you can still obtain SIP information using the URL above, you just need to pass a valid nonce, chkval, and version along with the serial number, and you can still obtain your (or someone elses) SIP info.
Nah, that would imply that some actual security was implemented ;)
It's just that old versions are no longer supported -- try http://prov1.talk4free.com/softphone/pr ... xxxxxxxxxx .
OK, so they did make some server side changes, they were just not as clever as I gave them credit for.

Very cool find Stewart.
joecanadian
MagicJack Contributor
Posts: 58
Joined: Wed Nov 28, 2007 3:06 am

proxy user password 4 digits

Post by joecanadian »

My proxy user password was alot more then 4 digits?!

do I just use the first 4 digits?
User avatar
laserjobs
Dan Should Pay Me
Posts: 670
Joined: Mon Nov 12, 2007 4:11 pm

Re: proxy user password 4 digits

Post by laserjobs »

joecanadian wrote:My proxy user password was alot more then 4 digits?!

do I just use the first 4 digits?
New passwords are 12 characters now
aone999
MagicJack User
Posts: 42
Joined: Mon Nov 12, 2007 11:50 pm

Post by aone999 »

I am on a 206 area code. Last night I checked fiddler and the password is still the same old 4 digit one.
anant
Dan isn't smart enough to hire me
Posts: 114
Joined: Mon Nov 12, 2007 7:44 pm

proxy user pw is 4 digits only in area code 216

Post by anant »

i just now checked. the proxy user pw is 4 digits only for area code 216


anant
anant
Dan isn't smart enough to hire me
Posts: 114
Joined: Mon Nov 12, 2007 7:44 pm

Use of MJ with SJ phone

Post by anant »

Hi all:

Has anyone sucessfully adapted MJ with SJ phone? I have downloaded SJ phone and also obtained SIP proxy data for my MJ. I am trying to fill in the proxy data into SJ phone options - profile . Can someone help me with this.

anant
aone999
MagicJack User
Posts: 42
Joined: Mon Nov 12, 2007 11:50 pm

Post by aone999 »

I did as it was explained in the first post of this thread and it worked
banstro
MagicJack Newbie
Posts: 4
Joined: Mon Dec 03, 2007 4:27 pm

Post by banstro »

Its not working anymore. Just checked a few times .. the page shows some encrypted text. Looks like they have encrypted the account information, just like Sunrocket used to do.

Stewart any help from you will be appreciated.
Stewart
Dan Should Pay Me
Posts: 663
Joined: Tue Nov 13, 2007 2:58 pm

Post by Stewart »

banstro wrote:Its not working anymore. Just checked a few times .. the page shows some encrypted text. Looks like they have encrypted the account information, just like Sunrocket used to do.
Thanks for the heads up. It looks like they are indeed phasing in encryption. For now, you can use version=20071210000000 (last date before encryption started), though that will obviously soon stop working.
candlebox1369
MagicJack User
Posts: 43
Joined: Fri Dec 21, 2007 2:28 am

Post by candlebox1369 »

Dang it... I just found out about this... and it would so help to use an ATA device instead of the comp... yeah magicJack is pretty inexpensive, but leaving a power hungry pc on 24/7 for the year adds to the bill...

is there ANY other way to get the sip info??? i really would like to get it working on an ata...

thanks!
candlebox1369
MagicJack User
Posts: 43
Joined: Fri Dec 21, 2007 2:28 am

Post by candlebox1369 »

news update...

you can get the username in cain & abel... just start the capture, restart magicjack, and you'll see the sip hash in the sniffer. the only problem is the password, which looks like it needs to be brute forced...

so to save me some time, i know it's 12 characters, but can anyone tell me if it's
-only numbers
-or numbers and letters (and if letters, lower case only or both)?

thanks mucho

-----


MagicHack wrote:Gregg,

Your post is very useful to the Newbie, but I want to point out a few things.

The second 'Connection' to the magicjack proxy server is not really a 'connection'. It is UDP, and thus connectionless. (yes, I am nit-picking. This is an important point if you ever decided to brute force someone elses password, because you have to deal with dropped packets.) If you sniff the wire, you will see that the second 'connection' usually looks something like this:

Code: Select all

    MagicJack                   SIP Server
     |                               |
     |------------REGISTER --------->|
     |                               |
     |<------401 Unauthorized--------|
     |                               |
     |-----------REGISTER----------->|
     |                               |
     |<-----------200 OK-------------|
     |                               |

The data passed across the wire for this second 'connection' is not encrypted either - it is an MD5 checksum. It is just standard WWW-Authentication (see rfc2617). So, the actual calculation for the 'encrypted' password is as follows:

Code: Select all

Calculate A1 = MD5(username:realm:password)
Calculate A2 = MD5(METHOD:uri)
Calculate Final Hash = MD5(A1:nonce:A2)
I looked all of this stuff up a while back because I was writing a tool to brute force the passwords:
Image
(Of course, after writing this, someone pointed out that tools like cain exist, and do this kind of thing automatically for you...)

MagicHack
MagicHack... how did that app of your go... did you finish it? With Cain & Abel set at 12 numbers, it'll take my PC 14 days... it's it's just digits it might be doable, but if not... i think i'll have to find a 64bit multithreated app that will prob go much much faster. Any ideas???
User avatar
SpamBox
Dan isn't smart enough to hire me
Posts: 417
Joined: Fri Dec 14, 2007 4:31 am
Location: Rocky Mountains Front Range

Post by SpamBox »

This sucks.
Just got done ordering my magicjack.
And now it looks like I'm not going to be able to use it the way I wanted too.
joecanadian
MagicJack Contributor
Posts: 58
Joined: Wed Nov 28, 2007 3:06 am

Post by joecanadian »

password in mine is all numbers
anant
Dan isn't smart enough to hire me
Posts: 114
Joined: Mon Nov 12, 2007 7:44 pm

Post by anant »

My password is 4-digit all numbers.
candlebox1369
MagicJack User
Posts: 43
Joined: Fri Dec 21, 2007 2:28 am

Post by candlebox1369 »

joecanadian wrote:password in mine is all numbers
thank you thank you for answering my post. i'll start cracking now that i know my efforts won't be futile
SpamBox wrote:This sucks.
Just got done ordering my magicjack.
And now it looks like I'm not going to be able to use it the way I wanted too.
i know... i wanted to use an ata so i don't use too much electricity with my pc on all the time... i'm kinda sad i just missed it by days... but you can still get your username with cain & abel and the other settings are most likely the same. i wouldn't quite give up yet. all you need is a password, but it's limited to just numbers (12), which cain reports it'll take a little over 14 days... so if there's no power outage or anything (i don't have a ups), i'll post my results when it's done.

it's too bad cain & abel doesn't have a save/resume. eh. but we'll see what happens... if anybody comes up with anything before then, please share :D

but if not, merry christmas everyone... be back soon...
User avatar
SpamBox
Dan isn't smart enough to hire me
Posts: 417
Joined: Fri Dec 14, 2007 4:31 am
Location: Rocky Mountains Front Range

Post by SpamBox »

candlebox1369 wrote:i know... i wanted to use an ata so i don't use too much electricity with my pc on all the time... i'm kinda sad i just missed it by days... but you can still get your username with cain & abel and the other settings are most likely the same. i wouldn't quite give up yet. all you need is a password, but it's limited to just numbers (12), which cain reports it'll take a little over 14 days... so if there's no power outage or anything (i don't have a ups), i'll post my results when it's done.
it's too bad cain & abel doesn't have a save/resume. eh. but we'll see what happens... if anybody comes up with anything before then, please share :D
but if not, merry christmas everyone... be back soon...
Keep me (us) posted. Hopefully by the time I get mine in the mail, your Cain will be done working. And everything will be working.
joecanadian
MagicJack Contributor
Posts: 58
Joined: Wed Nov 28, 2007 3:06 am

Post by joecanadian »

SpamBox how fast is your system ... cpu, ram... ?

so I can rough how long mine will take!

I am 512 amd athlon1200 mobile (laptop )
User avatar
SpamBox
Dan isn't smart enough to hire me
Posts: 417
Joined: Fri Dec 14, 2007 4:31 am
Location: Rocky Mountains Front Range

Post by SpamBox »

joecanadian wrote:SpamBox how fast is your system ... cpu, ram... ?
so I can rough how long mine will take!
I am 512 amd athlon1200 mobile (laptop )
I got a P4 2.8G HT, 2GB ram

I wonder if the new magicjacks still can be used on a thin client?
Don't know if SP2 can be installed on XP embedded...hmmm
candlebox1369
MagicJack User
Posts: 43
Joined: Fri Dec 21, 2007 2:28 am

Post by candlebox1369 »

well it's still about 14 days...
Image


I suppose I could wait 14 days to find out, but i wanted to ask if someone who has a 4 digit password can run cain & abel to verify that it does indeed crack the password.
-Download and install, start the capture (2nd green icon at the top), restart magicJack, under sniffer send the sip hash to the cracker, and under cracker:
-set character set to just 0123456789
-set password length for min & max to just 4
-start cracking...

It will seriously only take less than 1 minute as I've tried it (but obviously didn't work as mine is 12). I'm just curious... if it works on the 4 digit password, then it should work for everyone else who has a 12 digit password.
ir_efrem
magicJack Apprentice
Posts: 18
Joined: Mon Dec 24, 2007 3:56 pm

Yep

Post by ir_efrem »

14 days on mine as well...

I about flipped the first go around - i didn't select custom and left it at predefined (with the whole alphabet and all the numbers), it said 250,000 years...

I feel so stupid sometimes :oops:

would be nice if some one has some fore-knowledge as to whether or not this works.
MagicJacked
MagicJack Expert
Posts: 81
Joined: Tue Nov 13, 2007 1:23 am

Re: Yep

Post by MagicJacked »

ir_efrem wrote:14 days on mine as well...

I about flipped the first go around - i didn't select custom and left it at predefined (with the whole alphabet and all the numbers), it said 250,000 years...

I feel so stupid sometimes :oops:

would be nice if some one has some fore-knowledge as to whether or not this works.
250,000 years! wow, Vista should be stable by then!
kenbr
magicJack Apprentice
Posts: 11
Joined: Thu Dec 13, 2007 6:27 pm

Post by kenbr »

I started out at around 12 days and now I'm down to 10. I figure it'll get down to about a day or two and then the power will go out longer than my UPS can keep the computer up.
MagicJake
MagicJack User
Posts: 48
Joined: Wed Nov 21, 2007 7:39 pm

Post by MagicJake »

kenbr wrote:I started out at around 12 days and now I'm down to 10. I figure it'll get down to about a day or two and then the power will go out longer than my UPS can keep the computer up.
-----Keep us posted. It will be interesting to see if you are successful.
joecanadian
MagicJack Contributor
Posts: 58
Joined: Wed Nov 28, 2007 3:06 am

Post by joecanadian »

Yah I am interested too..

I have a 12 digit one and buying another well waiting to see if you guys can first of course prove successful.
250,000 years! wow, Vista should be stable by then!
naw , Vista is a In between they are already talking about the new OS. They will probably history repeat them selves and abandon it cut support. But no fear they have the biggest linux lab in the world and must be studying Linux possibly build a microsoft flavour cause its the only way they could survive lol!
kenbr
magicJack Apprentice
Posts: 11
Joined: Thu Dec 13, 2007 6:27 pm

Post by kenbr »

I've got a bad feeling about this. I have two MagicJacks. With one of them I had gotten the SIP info using Fiddler before they made change which encrypted the data. I have been using that info in an ATA for the last couple of weeks without a problem. The other I have been using in my USB port on my computer while I've been running Cain trying to get the password. Last night both of them stopped working. The MagicJack software was giving an error 401. There was a software upgrade on the Magicjack USB device and later this morning it started working again but my ATA still does not work. I'm thinking they have changed something else and even if Cain does return a valid password I may not be able to get the ATA to work.
candlebox1369
MagicJack User
Posts: 43
Joined: Fri Dec 21, 2007 2:28 am

Post by candlebox1369 »

for everyone else with an ATA, does it still work??? cuz i was thinking of getting one...
jeffnyc
Dan isn't smart enough to hire me
Posts: 336
Joined: Sat Nov 17, 2007 10:28 am

Post by jeffnyc »

did something change with the past 24 hours???
magicman
magicJack Apprentice
Posts: 19
Joined: Sat Dec 15, 2007 1:40 pm

Post by magicman »

(kenbr you cANT run Fiddler while doing the upgrade!, wait until upgrade is complete, then start it!)
(yes jeffnyc! something has changed, Magicjack has changed all their softphone passwords! and they are no longer a numeric 4 digit number!)

I've figured out where they pull the provisioning from now, but the provisioning data is encrypted with something....
and the new version that downloads, decrypts the provisioning data in the software, here is the decrypted HTTPS data (modified a little bit to prevent others from getting my SIP data)...

GET /softphone/provision/?dbkey=blahblahblah&version=blahblahblah&osname=Win HTTP/1.1
User-Agent: SJPhone
Host: prov1.talk4free.com
Connection: Keep-Alive
Cache-Control: no-cache

�����BR�'ǿ��\M�O��O�ר|w.�1eN*(A@��
]^ft�V�Ŷ 4Ž�e��?�i��mM]a�̊z��B


Any Ideas??
jeffnyc
Dan isn't smart enough to hire me
Posts: 336
Joined: Sat Nov 17, 2007 10:28 am

Post by jeffnyc »

magicman wrote:(kenbr you cANT run Fiddler while doing the upgrade!, wait until upgrade is complete, then start it!)
(yes jeffnyc! something has changed, Magicjack has changed all their softphone passwords! and they are no longer a numeric 4 digit number!)
I know they changed it from a 4 digit to a 12 digit. I had my new 12 digit password and I had it working after the change. They changed something again within the past 24 hours.
magicman
magicJack Apprentice
Posts: 19
Joined: Sat Dec 15, 2007 1:40 pm

Post by magicman »

mabey they changed it from 12 digit to some other length? how did you know it was 12 digit?
kenbr
magicJack Apprentice
Posts: 11
Joined: Thu Dec 13, 2007 6:27 pm

Post by kenbr »

I know they changed it from a 4 digit to a 12 digit. I had my new 12 digit password and I had it working after the change. They changed something again within the past 24 hours.[/quote]

Same with me. I had it working in the ATA with the 12 digit password but something changed last night and it quit working.
MagicJake
MagicJack User
Posts: 48
Joined: Wed Nov 21, 2007 7:39 pm

Post by MagicJake »

candlebox1369 wrote:for everyone else with an ATA, does it still work??? cuz i was thinking of getting one...
I guess ya got one . . . :roll:
http://cgi.ebay.com/Lot-of-25-SunRocket ... dZViewItem
-
-
-
-
-
jeffnyc
Dan isn't smart enough to hire me
Posts: 336
Joined: Sat Nov 17, 2007 10:28 am

Post by jeffnyc »

magicman wrote:mabey they changed it from 12 digit to some other length? how did you know it was 12 digit?
They changed it to 12 digits when the portal was first introduced and you could change your number. They encrypted it with in the next few days. I retrieved it before they encrypted it. It was working for me fine until today.

In addition, I have received a few private msgs that it is not working with ata as of today from others.
dssman
magicJack Apprentice
Posts: 13
Joined: Sat Nov 17, 2007 3:53 pm

Post by dssman »

$275 for a Telco AC-211 on EBAY. No way dude. That is a total ripoff.
Post Reply