Unofficial magicJack Forum

Unofficial magicJack Forum

Your Unofficial magicJack and magicJack Plus phone service information resource
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
Walk-through to configure a different softphone
Goto page 1, 2, 3, 4, 5, 6  Next
 
Post new topic   Reply to topic    Unofficial magicJack Forum -> magicJack Tips, Tricks, and Hacks
View previous topic :: View next topic  
Author Message
Gregg
MagicJack User


Joined: 15 Nov 2007
Posts: 32
Location: New Mexico

PostPosted: Fri Nov 30, 2007 3:21 pm    Post subject: Walk-through to configure a different softphone

I've read about a number of people struggling to use Fiddler to obtain their SIP information, so I decided to post a little "How-To" guide for obtaining your SIP information, and configuring a your own softphone.

This tutorial will be broken into two parts. Part one will contain information for discovering your sip credentials, and part two will detail how to configure another softphone (xlite).

NOTE: This method to obtain your SIP credentials is OBSOLETE, and NO LONGER WORKS! You will need to find a new way to get your SIP info. The part 2 (configuring a softphone is still valid, assuming you have your SIP credentials).

Part 1: Discovering your SIP credentials.

When the magicJack starts up, it's first connection is out to one of their provisioning servers to obtain your SIP credentials. Unfortunately, this is a secure (https/ssl) connection, thus a simple network capture does not allow for us to see the underlying information. After your magicJack gets it's SIP credentials, it's second connection is to register with the magicJack proxy server. A network capture will show you that these connections look like:

First Connection (requesting SIP Credentials)
Code:
magicjack                                   provisioning server
          ---- asks for SIP Credentials --->
          <--- returns SIP Credentials ----



Second Connection (registering with proxy server)
Code:
magicjack                                       proxy server
          ----- encrypted SIP Credentials ---->
          <------- Authorized message --------


(This is an overly simplified explanation, but, the general idea is more or less correct.)

So, there are a few different approaches to getting your underlying SIP info. A tool like Fiddler allows us to intercept and decrypt the first connection to the provisioning server, whereas a tool like Cain allows us to brute force the encrypted SIP Credentials in the second connection.

Since the magicJack uses only a 4 digit password, it is very easy to brute force it using Cain. Fiddler is a great tool if you want to actually "fiddle" with the data being passed - in other words, if you want to change the values the provisioning server is sending you.

If all you are looking to do is obtain your SIP info, by far, the easiest way is to simply request that information directly from the provisioning server.

So, without further delay, here one way to do this under windows.
First you need to find your serial number:
  • Right click on "My Computer", and select "Manage"
  • Click on "Device Manager"
  • Click on DVD/CD-Rom drives
  • Right Click on "YMax MagicJack USB Device", and select properties
  • click on the "Details" tab
  • select "Device Instance Id" from the drop down list
    At this point, you will see Information that looks like:
    Code:
    USBSTOR\CDROM&VEN_YMAX&PROD_MAGICJACK&REV_X.XX\A9XXXXXXXXXXXX&1

You need to write down the actual serial number (That is the A9XXXXXXXXXXXX) listed above - this will be a 14 characters long, and a mixture of numbers and letters.

Now that you have your serial number, we simply need to pass it to the provision server, to get your SIP Credentials.

You can do this by simply appending your serial number to the URL:
Code:
https://prov1.talk4free.com/softphone/provision/?serial=

So, if your serial number is A9123456789234, you'd go to the URL: https://prov1.talk4free.com/softphone/provision/?serial=A9123456789234

Assuming you've done this correctly, when you go to your provisioning URL, you should see something like:
Code:
[SIP 2.0]
SIPResyncEventsReceiverEnabled=1
ProxyUserName=E931XXXXXXX01
ProxyUserPassword=XXXX
SIPCallerID=E931XXXXXXX01
RegisterOnProxy=1
SIPVoiceMailAddress=931XXXXXXX
EnableTelephoneEvents=1
UserDomain=67.106.133.198
ProxyDomain=proxy1.nashville.talk4free.com
ProxyPort=5070
ProxyStrictOutbound=1
[CustomFields]
CustomField17="http://67.106.133.212/upgrade/2007-01-07/magicJackOutlookAddin.exe" CustomField10="http://www.free411.com"
CustomField11="931XXXXXXX"
[Customer]
CustomerBannerURL="http://67.106.133.212/ads/rotate2.html"
[SoftwareUpdate]
SoftwareUpdateVersionRequired=20070921151100 SoftwareUpdateURL=http://67.106.133.212/upgrade/2007-09-21/upgrade.exe
SoftwareUpdateAutoInstall=0
SoftwareUpdateInstallDelay=1


I've blocked out some of my personal information. The only values above that we'll need, are:
Code:
ProxyUserName=E931XXXXXXX01
ProxyUserPassword=XXXX
UserDomain=67.106.133.198
ProxyDomain=proxy1.nashville.talk4free.com
ProxyPort=5070


That's it - you now have your underlying SIP Credentials.

Part 2: Configuring a softphone.

In this part, we'll configure our own softphone. You settings might vary slightly depending on the actual softphone (or ATA) that you are using, but, the idea is the same. The softphone I'll be configuring is XLite, available from CounterPath.

Step by step:
  • Download and install XLite (I've only tested the Windows version.)
  • if your magicjack.exe process is running, stop it, as we'll no longer need that
  • Start up XLite (Start -> Programs -> X-Lite -> X-Lite)
  • Right Click on the softphone, and select Options
  • In the options screen, select devices
  • If you want to use the magicJack hardware, change all of the drop down boxes to be "USB Internet Phone by TigerJet"
  • Click Apply

    Now we need to plug in our SIP Credentials we discovered in Part 1 above:
  • Right click on the X-Lite softphone, and select "SIP Account Settings"
  • we're going to need to add an account with the following values:
    User Details
    Display Name: Gregg (obviously, put your own name here)
    User name: E931XXXXXXX01 (The ProxyUserName value from Part 1)
    Password: XXXX (the ProxyUserPassword value from Part 1)
    Authorization User name E931XXXXXXX01 (The ProxyUserName value from Part 1)
    Domain: 67.106.133.198 (The UserDOmain value from Part 1)
    Domain Proxy
    Check the box labeled "Register with domain and receive incoming calls"
    Check the "proxy" button
    Address: proxy1.nashville.talk4free.com:5070 (ProxyDomain:ProxyPort values from Part 1)
    Dialing Plan
    Configure this to your tastes - I use something like:
    Code:
    \a\a.T|[2-9]xxxxxxxxx|#1\a\a.T;match=1;prestrip=2;

  • Click OK/Apply, and your softphone should start.

Post any problems or comments you may have.

Thanks again to everyone who helped me via PM to understand all of this.

- Gregg
Back to top
View user's profile Send private message Send e-mail
laserjobs
Dan Should Pay Me


Joined: 12 Nov 2007
Posts: 670

PostPosted: Fri Nov 30, 2007 3:32 pm    Post subject:

Gregg thanks for posting a step by step.

As everyone can now see MJ is totally insecure and easily exploited and has been this way for at least a couple of months.
Back to top
View user's profile Send private message
ke7doy
magicJack Apprentice


Joined: 12 Nov 2007
Posts: 16

PostPosted: Fri Nov 30, 2007 9:54 pm    Post subject:

Laserjobs, I think you meant unsecure, but I can see how they could be insecure, given the current state of things!
Back to top
View user's profile Send private message
kumar
Dan Should Pay Me


Joined: 15 Nov 2007
Posts: 806

PostPosted: Fri Nov 30, 2007 10:50 pm    Post subject:

ke7doy wrote:
Laserjobs, I think you meant unsecure, but I can see how they could be insecure, given the current state of things!

It happens:) so its no biggy. if your going to do that to him you will pick up a lot of mistakes from me.
Peace
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger
ke7doy
magicJack Apprentice


Joined: 12 Nov 2007
Posts: 16

PostPosted: Fri Nov 30, 2007 10:52 pm    Post subject:

Just being a smart @$$. No offence intended.
Back to top
View user's profile Send private message
MagicHack
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 241

PostPosted: Sat Dec 01, 2007 9:12 am    Post subject:

Gregg,

Your post is very useful to the Newbie, but I want to point out a few things.

The second 'Connection' to the magicjack proxy server is not really a 'connection'. It is UDP, and thus connectionless. (yes, I am nit-picking. This is an important point if you ever decided to brute force someone elses password, because you have to deal with dropped packets.) If you sniff the wire, you will see that the second 'connection' usually looks something like this:
Code:
    MagicJack                   SIP Server
     |                               |
     |------------REGISTER --------->|
     |                               |
     |<------401 Unauthorized--------|
     |                               |
     |-----------REGISTER----------->|
     |                               |
     |<-----------200 OK-------------|
     |                               |



The data passed across the wire for this second 'connection' is not encrypted either - it is an MD5 checksum. It is just standard WWW-Authentication (see rfc2617). So, the actual calculation for the 'encrypted' password is as follows:

Code:
Calculate A1 = MD5(username:realm:password)
Calculate A2 = MD5(METHOD:uri)
Calculate Final Hash = MD5(A1:nonce:A2)


I looked all of this stuff up a while back because I was writing a tool to brute force the passwords:

(Of course, after writing this, someone pointed out that tools like cain exist, and do this kind of thing automatically for you...)

The serial numbers: You can get this information a few other ways too - from the registry (HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\...), a dump of the magicjack process, or even look at the magicJack log file (simply add "/lf magicjack.log" when starting your magicjack.exe).

The URL you are getting the provisioning information from is correct, but also exploits a hole (which is the 'insecurity' laserjobs it talking about.) If you go the route of using fidder, you will see that there are actually additional arguments passed to that URL (namely email, etc) which magicJack SHOULD be authenticating against. The problem is, that you can simply 'guess' a serial number, and get someone elses SIP information. Clearly this is a bug. I told magicJack about this bug a few months ago, they just haven't fixed it yet...

All in all, good post Gregg... Very userful stuff...

MagicHack
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
jeffnyc
Dan isn't smart enough to hire me


Joined: 17 Nov 2007
Posts: 336

PostPosted: Sat Dec 01, 2007 11:26 am    Post subject:

Yeah, its kind of disappointing that magicjack is so unsecure and insecure.

Dialing out on someone else's sip credentials probably does not do too much damage as mj is currently at a fixed price but

The big problem is incoming. It would suck if your incoming calls from your friends and family rang on some scammers phone.

Anyone know if the ability to alter other people's 911 addresses has been fixed?

Hopefully they will resolve these security issues before they embrace prepaid international calling and lnp.
Back to top
View user's profile Send private message
punjabiput
MagicJack Newbie


Joined: 04 Dec 2007
Posts: 3

PostPosted: Thu Dec 06, 2007 5:42 pm    Post subject:

Hello Gregg, great post. I actually tried configuring the Xlite softphone per ur directions. When I put my SIP credentials in the account ,I got " Registration error: 408 - Request Timeout" in my softphone. I actually posted my problem under Technical support forums Username- punjabiput. and so far no luck. This is the 2nd magicjack they have sent me as I was having same problem with my first one. I always have "Please connect to internet...." message inspite of being connected to internet.
Back to top
View user's profile Send private message
oomph
MagicJack Newbie


Joined: 11 Dec 2007
Posts: 6

PostPosted: Tue Dec 11, 2007 8:59 pm    Post subject:

When i input my serial # into this website it does not reply back with the information mentioned on this site.

Am I doing something wrong?


https://prov1.talk4free.com/softphone/provision/?serial=
Back to top
View user's profile Send private message
laserjobs
Dan Should Pay Me


Joined: 12 Nov 2007
Posts: 670

PostPosted: Tue Dec 11, 2007 9:10 pm    Post subject:

oomph wrote:
When i input my serial # into this website it does not reply back with the information mentioned on this site.

Am I doing something wrong?


https://prov1.talk4free.com/softphone/provision/?serial=


No you did it right but MJ has changed their system so that it will no longer work
Back to top
View user's profile Send private message
jeffnyc
Dan isn't smart enough to hire me


Joined: 17 Nov 2007
Posts: 336

PostPosted: Tue Dec 11, 2007 9:31 pm    Post subject:

Yeah, I tried it and got all zeros in the fields but I thought it was because of my failed attempt at number change. My mj wont register now even using their softphone the legit way
Back to top
View user's profile Send private message
oomph
MagicJack Newbie


Joined: 11 Dec 2007
Posts: 6

PostPosted: Wed Dec 12, 2007 1:25 am    Post subject:

mine works fine, but ya I get all zero's

Are there any work arounds?
Back to top
View user's profile Send private message
oomph
MagicJack Newbie


Joined: 11 Dec 2007
Posts: 6

PostPosted: Wed Dec 12, 2007 1:36 am    Post subject:

is there any other known way to obtain my SIP credentials and use a softphone like Xlite or Gizmo?
Back to top
View user's profile Send private message
oomph
MagicJack Newbie


Joined: 11 Dec 2007
Posts: 6

PostPosted: Wed Dec 12, 2007 4:12 am    Post subject:

After a little tinkering w/ Cain.

I was able to quickly crack and obtain my SIP credentials.

Thanks a ton for the post. I much prefer using an Xlite softphone, this will also enable me to use it in Linux Smile
Back to top
View user's profile Send private message
MagicHack
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 241

PostPosted: Wed Dec 12, 2007 9:41 am    Post subject:

oomph wrote:
mine works fine, but ya I get all zero's

Are there any work arounds?

It looks like MJ 'fixed' this issue. Like I said above, this really was a security hole...

It looks like magicJack patched that URL a little... although, you can still obtain SIP information using the URL above, you just need to pass a valid nonce, chkval, and version along with the serial number, and you can still obtain your (or someone elses) SIP info.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Stewart
Dan Should Pay Me


Joined: 13 Nov 2007
Posts: 663

PostPosted: Wed Dec 12, 2007 10:48 am    Post subject:

MagicHack wrote:
It looks like magicJack patched that URL a little... although, you can still obtain SIP information using the URL above, you just need to pass a valid nonce, chkval, and version along with the serial number, and you can still obtain your (or someone elses) SIP info.

Nah, that would imply that some actual security was implemented Wink
It's just that old versions are no longer supported -- try http://prov1.talk4free.com/softphone/provision/?version=99999999999999&serial=A921xxxxxxxxxx .
Back to top
View user's profile Send private message
MagicHack
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 241

PostPosted: Wed Dec 12, 2007 12:02 pm    Post subject:

Stewart wrote:
MagicHack wrote:
It looks like magicJack patched that URL a little... although, you can still obtain SIP information using the URL above, you just need to pass a valid nonce, chkval, and version along with the serial number, and you can still obtain your (or someone elses) SIP info.

Nah, that would imply that some actual security was implemented Wink
It's just that old versions are no longer supported -- try http://prov1.talk4free.com/softphone/provision/?version=99999999999999&serial=A921xxxxxxxxxx .

OK, so they did make some server side changes, they were just not as clever as I gave them credit for.

Very cool find Stewart.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
joecanadian
MagicJack Contributor


Joined: 28 Nov 2007
Posts: 58

PostPosted: Fri Dec 14, 2007 10:53 am    Post subject: proxy user password 4 digits

My proxy user password was alot more then 4 digits?!

do I just use the first 4 digits?
Back to top
View user's profile Send private message
laserjobs
Dan Should Pay Me


Joined: 12 Nov 2007
Posts: 670

PostPosted: Fri Dec 14, 2007 10:57 am    Post subject: Re: proxy user password 4 digits

joecanadian wrote:
My proxy user password was alot more then 4 digits?!

do I just use the first 4 digits?


New passwords are 12 characters now
Back to top
View user's profile Send private message
aone999
MagicJack User


Joined: 12 Nov 2007
Posts: 42

PostPosted: Fri Dec 14, 2007 5:13 pm    Post subject:

I am on a 206 area code. Last night I checked fiddler and the password is still the same old 4 digit one.
Back to top
View user's profile Send private message
anant
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 114

PostPosted: Sun Dec 16, 2007 4:17 pm    Post subject: proxy user pw is 4 digits only in area code 216

i just now checked. the proxy user pw is 4 digits only for area code 216


anant
Back to top
View user's profile Send private message
anant
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 114

PostPosted: Sun Dec 16, 2007 5:12 pm    Post subject: Use of MJ with SJ phone

Hi all:

Has anyone sucessfully adapted MJ with SJ phone? I have downloaded SJ phone and also obtained SIP proxy data for my MJ. I am trying to fill in the proxy data into SJ phone options - profile . Can someone help me with this.

anant
Back to top
View user's profile Send private message
aone999
MagicJack User


Joined: 12 Nov 2007
Posts: 42

PostPosted: Sun Dec 16, 2007 8:25 pm    Post subject:

I did as it was explained in the first post of this thread and it worked
Back to top
View user's profile Send private message
banstro
MagicJack Newbie


Joined: 03 Dec 2007
Posts: 4

PostPosted: Wed Dec 19, 2007 1:57 pm    Post subject:

Its not working anymore. Just checked a few times .. the page shows some encrypted text. Looks like they have encrypted the account information, just like Sunrocket used to do.

Stewart any help from you will be appreciated.
Back to top
View user's profile Send private message
Stewart
Dan Should Pay Me


Joined: 13 Nov 2007
Posts: 663

PostPosted: Thu Dec 20, 2007 12:12 am    Post subject:

banstro wrote:
Its not working anymore. Just checked a few times .. the page shows some encrypted text. Looks like they have encrypted the account information, just like Sunrocket used to do.
Thanks for the heads up. It looks like they are indeed phasing in encryption. For now, you can use version=20071210000000 (last date before encryption started), though that will obviously soon stop working.
Back to top
View user's profile Send private message
candlebox1369
MagicJack User


Joined: 21 Dec 2007
Posts: 43

PostPosted: Fri Dec 21, 2007 7:46 am    Post subject:

Dang it... I just found out about this... and it would so help to use an ATA device instead of the comp... yeah magicJack is pretty inexpensive, but leaving a power hungry pc on 24/7 for the year adds to the bill...

is there ANY other way to get the sip info??? i really would like to get it working on an ata...

thanks!
Back to top
View user's profile Send private message
candlebox1369
MagicJack User


Joined: 21 Dec 2007
Posts: 43

PostPosted: Fri Dec 21, 2007 9:54 am    Post subject:

news update...

you can get the username in cain & abel... just start the capture, restart magicjack, and you'll see the sip hash in the sniffer. the only problem is the password, which looks like it needs to be brute forced...

so to save me some time, i know it's 12 characters, but can anyone tell me if it's
-only numbers
-or numbers and letters (and if letters, lower case only or both)?

thanks mucho

-----



MagicHack wrote:
Gregg,

Your post is very useful to the Newbie, but I want to point out a few things.

The second 'Connection' to the magicjack proxy server is not really a 'connection'. It is UDP, and thus connectionless. (yes, I am nit-picking. This is an important point if you ever decided to brute force someone elses password, because you have to deal with dropped packets.) If you sniff the wire, you will see that the second 'connection' usually looks something like this:
Code:
    MagicJack                   SIP Server
     |                               |
     |------------REGISTER --------->|
     |                               |
     |<------401 Unauthorized--------|
     |                               |
     |-----------REGISTER----------->|
     |                               |
     |<-----------200 OK-------------|
     |                               |



The data passed across the wire for this second 'connection' is not encrypted either - it is an MD5 checksum. It is just standard WWW-Authentication (see rfc2617). So, the actual calculation for the 'encrypted' password is as follows:

Code:
Calculate A1 = MD5(username:realm:password)
Calculate A2 = MD5(METHOD:uri)
Calculate Final Hash = MD5(A1:nonce:A2)


I looked all of this stuff up a while back because I was writing a tool to brute force the passwords:

(Of course, after writing this, someone pointed out that tools like cain exist, and do this kind of thing automatically for you...)

MagicHack


MagicHack... how did that app of your go... did you finish it? With Cain & Abel set at 12 numbers, it'll take my PC 14 days... it's it's just digits it might be doable, but if not... i think i'll have to find a 64bit multithreated app that will prob go much much faster. Any ideas???
Back to top
View user's profile Send private message
SpamBox
Dan isn't smart enough to hire me


Joined: 14 Dec 2007
Posts: 417
Location: Rocky Mountains Front Range

PostPosted: Fri Dec 21, 2007 10:52 pm    Post subject:

This sucks.
Just got done ordering my magicjack.
And now it looks like I'm not going to be able to use it the way I wanted too.
Back to top
View user's profile Send private message
joecanadian
MagicJack Contributor


Joined: 28 Nov 2007
Posts: 58

PostPosted: Sat Dec 22, 2007 3:07 am    Post subject:

password in mine is all numbers
Back to top
View user's profile Send private message
anant
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 114

PostPosted: Sat Dec 22, 2007 5:17 am    Post subject:

My password is 4-digit all numbers.
Back to top
View user's profile Send private message
candlebox1369
MagicJack User


Joined: 21 Dec 2007
Posts: 43

PostPosted: Sat Dec 22, 2007 7:37 am    Post subject:

joecanadian wrote:
password in mine is all numbers


thank you thank you for answering my post. i'll start cracking now that i know my efforts won't be futile

SpamBox wrote:
This sucks.
Just got done ordering my magicjack.
And now it looks like I'm not going to be able to use it the way I wanted too.


i know... i wanted to use an ata so i don't use too much electricity with my pc on all the time... i'm kinda sad i just missed it by days... but you can still get your username with cain & abel and the other settings are most likely the same. i wouldn't quite give up yet. all you need is a password, but it's limited to just numbers (12), which cain reports it'll take a little over 14 days... so if there's no power outage or anything (i don't have a ups), i'll post my results when it's done.

it's too bad cain & abel doesn't have a save/resume. eh. but we'll see what happens... if anybody comes up with anything before then, please share Very Happy

but if not, merry christmas everyone... be back soon...
Back to top
View user's profile Send private message
SpamBox
Dan isn't smart enough to hire me


Joined: 14 Dec 2007
Posts: 417
Location: Rocky Mountains Front Range

PostPosted: Sat Dec 22, 2007 11:31 am    Post subject:

candlebox1369 wrote:
i know... i wanted to use an ata so i don't use too much electricity with my pc on all the time... i'm kinda sad i just missed it by days... but you can still get your username with cain & abel and the other settings are most likely the same. i wouldn't quite give up yet. all you need is a password, but it's limited to just numbers (12), which cain reports it'll take a little over 14 days... so if there's no power outage or anything (i don't have a ups), i'll post my results when it's done.
it's too bad cain & abel doesn't have a save/resume. eh. but we'll see what happens... if anybody comes up with anything before then, please share Very Happy
but if not, merry christmas everyone... be back soon...


Keep me (us) posted. Hopefully by the time I get mine in the mail, your Cain will be done working. And everything will be working.
Back to top
View user's profile Send private message
joecanadian
MagicJack Contributor


Joined: 28 Nov 2007
Posts: 58

PostPosted: Sat Dec 22, 2007 3:10 pm    Post subject:

SpamBox how fast is your system ... cpu, ram... ?

so I can rough how long mine will take!

I am 512 amd athlon1200 mobile (laptop )
Back to top
View user's profile Send private message
SpamBox
Dan isn't smart enough to hire me


Joined: 14 Dec 2007
Posts: 417
Location: Rocky Mountains Front Range

PostPosted: Sat Dec 22, 2007 9:21 pm    Post subject:

joecanadian wrote:
SpamBox how fast is your system ... cpu, ram... ?
so I can rough how long mine will take!
I am 512 amd athlon1200 mobile (laptop )


I got a P4 2.8G HT, 2GB ram

I wonder if the new magicjacks still can be used on a thin client?
Don't know if SP2 can be installed on XP embedded...hmmm
Back to top
View user's profile Send private message
candlebox1369
MagicJack User


Joined: 21 Dec 2007
Posts: 43

PostPosted: Sun Dec 23, 2007 2:16 am    Post subject:

well it's still about 14 days...



I suppose I could wait 14 days to find out, but i wanted to ask if someone who has a 4 digit password can run cain & abel to verify that it does indeed crack the password.
-Download and install, start the capture (2nd green icon at the top), restart magicJack, under sniffer send the sip hash to the cracker, and under cracker:
-set character set to just 0123456789
-set password length for min & max to just 4
-start cracking...

It will seriously only take less than 1 minute as I've tried it (but obviously didn't work as mine is 12). I'm just curious... if it works on the 4 digit password, then it should work for everyone else who has a 12 digit password.
Back to top
View user's profile Send private message
ir_efrem
magicJack Apprentice


Joined: 24 Dec 2007
Posts: 18

PostPosted: Tue Dec 25, 2007 2:33 am    Post subject: Yep

14 days on mine as well...

I about flipped the first go around - i didn't select custom and left it at predefined (with the whole alphabet and all the numbers), it said 250,000 years...

I feel so stupid sometimes Embarassed

would be nice if some one has some fore-knowledge as to whether or not this works.
Back to top
View user's profile Send private message
MagicJacked
MagicJack Expert


Joined: 13 Nov 2007
Posts: 81

PostPosted: Wed Dec 26, 2007 2:38 pm    Post subject: Re: Yep

ir_efrem wrote:
14 days on mine as well...

I about flipped the first go around - i didn't select custom and left it at predefined (with the whole alphabet and all the numbers), it said 250,000 years...

I feel so stupid sometimes Embarassed

would be nice if some one has some fore-knowledge as to whether or not this works.


250,000 years! wow, Vista should be stable by then!
Back to top
View user's profile Send private message
kenbr
magicJack Apprentice


Joined: 13 Dec 2007
Posts: 11

PostPosted: Wed Dec 26, 2007 3:07 pm    Post subject:

I started out at around 12 days and now I'm down to 10. I figure it'll get down to about a day or two and then the power will go out longer than my UPS can keep the computer up.
Back to top
View user's profile Send private message
MagicJake
MagicJack User


Joined: 21 Nov 2007
Posts: 48

PostPosted: Wed Dec 26, 2007 3:28 pm    Post subject:

kenbr wrote:
I started out at around 12 days and now I'm down to 10. I figure it'll get down to about a day or two and then the power will go out longer than my UPS can keep the computer up.


-----Keep us posted. It will be interesting to see if you are successful.
Back to top
View user's profile Send private message
joecanadian
MagicJack Contributor


Joined: 28 Nov 2007
Posts: 58

PostPosted: Thu Dec 27, 2007 2:26 am    Post subject:

Yah I am interested too..

I have a 12 digit one and buying another well waiting to see if you guys can first of course prove successful.

Quote:
250,000 years! wow, Vista should be stable by then!

naw , Vista is a In between they are already talking about the new OS. They will probably history repeat them selves and abandon it cut support. But no fear they have the biggest linux lab in the world and must be studying Linux possibly build a microsoft flavour cause its the only way they could survive lol!
Back to top
View user's profile Send private message
kenbr
magicJack Apprentice


Joined: 13 Dec 2007
Posts: 11

PostPosted: Thu Dec 27, 2007 9:50 am    Post subject:

I've got a bad feeling about this. I have two MagicJacks. With one of them I had gotten the SIP info using Fiddler before they made change which encrypted the data. I have been using that info in an ATA for the last couple of weeks without a problem. The other I have been using in my USB port on my computer while I've been running Cain trying to get the password. Last night both of them stopped working. The MagicJack software was giving an error 401. There was a software upgrade on the Magicjack USB device and later this morning it started working again but my ATA still does not work. I'm thinking they have changed something else and even if Cain does return a valid password I may not be able to get the ATA to work.
Back to top
View user's profile Send private message
candlebox1369
MagicJack User


Joined: 21 Dec 2007
Posts: 43

PostPosted: Thu Dec 27, 2007 10:43 am    Post subject:

for everyone else with an ATA, does it still work??? cuz i was thinking of getting one...
Back to top
View user's profile Send private message
jeffnyc
Dan isn't smart enough to hire me


Joined: 17 Nov 2007
Posts: 336

PostPosted: Thu Dec 27, 2007 12:01 pm    Post subject:

did something change with the past 24 hours???
Back to top
View user's profile Send private message
magicman
magicJack Apprentice


Joined: 15 Dec 2007
Posts: 19

PostPosted: Thu Dec 27, 2007 12:14 pm    Post subject:

(kenbr you cANT run Fiddler while doing the upgrade!, wait until upgrade is complete, then start it!)
(yes jeffnyc! something has changed, Magicjack has changed all their softphone passwords! and they are no longer a numeric 4 digit number!)

I've figured out where they pull the provisioning from now, but the provisioning data is encrypted with something....
and the new version that downloads, decrypts the provisioning data in the software, here is the decrypted HTTPS data (modified a little bit to prevent others from getting my SIP data)...

GET /softphone/provision/?dbkey=blahblahblah&version=blahblahblah&osname=Win HTTP/1.1
User-Agent: SJPhone
Host: prov1.talk4free.com
Connection: Keep-Alive
Cache-Control: no-cache

�����BR�'ǿ��\M�O��O�ר|w.�1eN*( [email protected]��
]^ft�V�Ŷ 4�e��?�i��mM]a�̊z��B


Any Ideas??
Back to top
View user's profile Send private message
jeffnyc
Dan isn't smart enough to hire me


Joined: 17 Nov 2007
Posts: 336

PostPosted: Thu Dec 27, 2007 12:25 pm    Post subject:

magicman wrote:
(kenbr you cANT run Fiddler while doing the upgrade!, wait until upgrade is complete, then start it!)
(yes jeffnyc! something has changed, Magicjack has changed all their softphone passwords! and they are no longer a numeric 4 digit number!)


I know they changed it from a 4 digit to a 12 digit. I had my new 12 digit password and I had it working after the change. They changed something again within the past 24 hours.
Back to top
View user's profile Send private message
magicman
magicJack Apprentice


Joined: 15 Dec 2007
Posts: 19

PostPosted: Thu Dec 27, 2007 12:40 pm    Post subject:

mabey they changed it from 12 digit to some other length? how did you know it was 12 digit?
Back to top
View user's profile Send private message
kenbr
magicJack Apprentice


Joined: 13 Dec 2007
Posts: 11

PostPosted: Thu Dec 27, 2007 12:47 pm    Post subject:

I know they changed it from a 4 digit to a 12 digit. I had my new 12 digit password and I had it working after the change. They changed something again within the past 24 hours.[/quote]

Same with me. I had it working in the ATA with the 12 digit password but something changed last night and it quit working.
Back to top
View user's profile Send private message
MagicJake
MagicJack User


Joined: 21 Nov 2007
Posts: 48

PostPosted: Thu Dec 27, 2007 1:01 pm    Post subject:

candlebox1369 wrote:
for everyone else with an ATA, does it still work??? cuz i was thinking of getting one...

I guess ya got one . . . Rolling Eyes
http://cgi.ebay.com/Lot-of-25-SunRocket-Gizmo-VoIP-Gateway-AC-211-SR-Router_W0QQitemZ310009502782QQihZ021QQcategoryZ99269QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
-
-
-
-
-
Back to top
View user's profile Send private message
jeffnyc
Dan isn't smart enough to hire me


Joined: 17 Nov 2007
Posts: 336

PostPosted: Thu Dec 27, 2007 1:02 pm    Post subject:

magicman wrote:
mabey they changed it from 12 digit to some other length? how did you know it was 12 digit?


They changed it to 12 digits when the portal was first introduced and you could change your number. They encrypted it with in the next few days. I retrieved it before they encrypted it. It was working for me fine until today.

In addition, I have received a few private msgs that it is not working with ata as of today from others.
Back to top
View user's profile Send private message
dssman
magicJack Apprentice


Joined: 17 Nov 2007
Posts: 13

PostPosted: Thu Dec 27, 2007 1:09 pm    Post subject:

$275 for a Telco AC-211 on EBAY. No way dude. That is a total ripoff.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Unofficial magicJack Forum -> magicJack Tips, Tricks, and Hacks All times are GMT - 4 Hours
Goto page 1, 2, 3, 4, 5, 6  Next
Page 1 of 6

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Powered by phpBB Ultra Turbo Extended Edition Live © 2001-9999, phpBB Group
magicJack and magicJack Plus are trademarks of magicJack LLP. This website is in no way affiliated, endorsed, or sponsored by magicJack LLP, and is an unofficial forum for consumers to openly communicate regarding their experiences with the magicJack products.