magicJack  and magicJack Plus Support, Reviews, FAQs and Hacks Forum Index

magicJack and magicJack Plus Support, Reviews, FAQs and Hacks


magicJack and magicJack Plus Unofficial Technical Support. Your Magic Jack and Magic Jack Plus phone service information resource
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Certificate is a joke does not work


Goto page 1, 2, 3, 4  Next
 
Post new topic   Reply to topic    magicJack and magicJack Plus Support, Reviews, FAQs and Hacks Forum Index -> magicJack Tips, Tricks, and Hacks
View previous topic :: View next topic  
Author Message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Tue Jun 16, 2009 8:22 am    Post subject: Certificate is a joke does not work Reply with quote

who ever said that you need a certficate to now authenticate was dead wrong! this is a witch hunt dont bother wasting your time with this..

shame on the people who started this BS and wasted a lot of peoples time
Back to top
View user's profile Send private message
laserjobs
Dan Should Pay Me


Joined: 12 Nov 2007
Posts: 670

PostPosted: Tue Jun 16, 2009 10:40 am    Post subject: Reply with quote

I agree, the cert information is complete BS. The users who posted that should be banned. Mad
Back to top
View user's profile Send private message
dallasib1485
magicJack Apprentice


Joined: 23 Mar 2009
Posts: 14

PostPosted: Tue Jun 16, 2009 11:09 am    Post subject: Reply with quote

I also agree, I have tried several different certs from several sources and it does not work, the certs only allow for encryption of the call data not the register process which is where the problem lies. I believe the trick is going to be getting TLS support on our ATA's which could be a long time from now if ever. For me i have given up on MJ on the ATA.
Back to top
View user's profile Send private message
admin
MagicJack Contributor


Joined: 12 Nov 2007
Posts: 60

PostPosted: Tue Jun 16, 2009 11:21 am    Post subject: Reply with quote

The certificate post was a total nonsense. My apologies for not realizing it sooner.

There were a bunch of people contributing to those threads. Upon further investigation, 9 of the users posting comments in there all originated from the same IP address.

That address has since been banned.

This is a serious forum. If you come here only to post garbage, your IP will be banned as well.
Back to top
View user's profile Send private message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Tue Jun 16, 2009 12:10 pm    Post subject: Reply with quote

Thank you admin. For the clarification MJ engineers are pretty slick. Looks like it is locked down pretty good now.. MJ is a good service for a 2nd line or people on the go.. by no means should this be your primary service.. there are plenty of posts out there if people are looking for cheaper VOIP service out there.. I personally use Vitelity for trunking and they seem to work great.. Average around 1200 calls a month for around 18 bucks a month and they allow caller id spoofing and lots more
Back to top
View user's profile Send private message
pagemen
Dan isn't smart enough to hire me


Joined: 15 Dec 2008
Posts: 128

PostPosted: Tue Jun 16, 2009 6:11 pm    Post subject: Reply with quote

As I've said, we need to start with a softphone w/TLS support like eyeBeam. The hard part is to get the REAL client certificate from MJ, obviously only the certificate MJ distributes with its own softphone -- which matches the one on their server -- will work, generating your own is just nonsense. Even though, little hope for ATAs but at least we can get some idea of what is REALLY behind the scene.
Back to top
View user's profile Send private message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Tue Jun 16, 2009 9:32 pm    Post subject: Reply with quote

Again callling Bullshit as I have the Certificate! And put this in my Linksys does not register..

I would post the certificate here but most likely my post would be deleted.
Back to top
View user's profile Send private message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Tue Jun 16, 2009 9:48 pm    Post subject: Reply with quote

Actually I know where in the linkys to put the cert Have no idea what you mean by CRCs
Back to top
View user's profile Send private message
dtm
MagicJack Expert


Joined: 27 Jul 2008
Posts: 95
Location: In the hardware.

PostPosted: Wed Jun 17, 2009 12:13 am    Post subject: Reply with quote

It is a joke. If there was any truth to it he would prove it by posting the procedure to get and install the certificate.
Back to top
View user's profile Send private message
gooney
Dan isn't smart enough to hire me


Joined: 09 Feb 2008
Posts: 382
Location: Salt Lake City, Utah

PostPosted: Wed Jun 17, 2009 11:56 am    Post subject: Reply with quote

dtm wrote:
It is a joke. If there was any truth to it he would prove it by posting the procedure to get and install the certificate.

Yes it is a joke, just forget it and move on... this would be better for me and a couple of others.
Back to top
View user's profile Send private message
magicjacktech
magicJack Apprentice


Joined: 20 Jun 2009
Posts: 12

PostPosted: Sat Jun 20, 2009 10:22 am    Post subject: magicjack error 9, 3, 400 , 404 ,please connect to internet Reply with quote

Hi Friends,
I have worked for magicjack for more than one year as a technical executive. Error 9 has started from 24th december 2008 . Our team has upgraded magicjack upgrade. This was for security purpose. Error-9 occurs either your firewall or router is blocking your magic jack to connect wioth magicjack servers.
Error 3 occurs when your router is blocking your magicjack. In both situation you need to open your firewall and router UDP port 5060 and UDP port 5070 for magicjack.

Error -400 and 404 : These errors occurs when you or your magicjack have upgraded but in some cases your magicjack setting has not refreshed from server end. In this case tech guys refresh your account setting from their end.

Many more like ( unable to connect with servers or magicjack servers are down at present please try again later occurs because of firewell , Pop up and due to routers. Well all of you will be familiar with my tech name. Anyone need help then feel free to write. One more thing I would like to share with you . Most of time you see Ready to call on dial pad but you can not make calls then simply open task manager (CTRL+ALT+DELETE) and end magicjack.exe process from there . after that unplug your magicjack and replug after 1 minutes , It will help to refresh your magicjack setting at both ends(your and magicjack servers)
I hope above information will be helpful for you. Dan I am not working any more for your product. However I want to share something with you. Please contact me at
Back to top
View user's profile Send private message Yahoo Messenger
qwer1304
magicJack Apprentice


Joined: 16 Mar 2009
Posts: 15

PostPosted: Sat Jun 20, 2009 12:29 pm    Post subject: Reply with quote

Here's a link to the provisioning guide: https://www.myciscocommunity.com/docs/DOC-3216

Could anyone post the sequence MJ currently uses to connect to the server?

Here're my thoughts:
1.Assuming one can find the certificate MJ uses, and
2.Assuming one can enter that certificate into the ATА, and
3.Assuming one can find the URL MJ uses to connect to the server, then
4.It'd be possible to make an ATA to fake MJ connection, but
5.What does MJ get from the server? I'm skeptical you could emulate that.

Your thoughts/experience will be appreciated.
Back to top
View user's profile Send private message
laserjobs
Dan Should Pay Me


Joined: 12 Nov 2007
Posts: 670

PostPosted: Sat Jun 20, 2009 4:43 pm    Post subject: Reply with quote

Using PMDUMP you can find the registration steps with MJ. I don't know if this helps or not.

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.104:56104;branch=XXXXXbKc0a80168054ac70f226a69410;rport=41175;received=241.53.47.22
To: <sip:[email protected]>
From: "unknown"<sip:[email protected]>;tag=xxxxx4ac6ff
Call-ID: 02DED9B351E14E379A1A4F0B97E10C7D0xcaa80168
CSeq: 1 REGISTER
User-Agent: ENSR2.5.47.0-IS10-RMRG0-RG900-EP313326
WWW-Authenticate: Digest nonce="1210c9678_09785",realm="stratus.com",algorithm=MD5
Content-Length: 0

SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.104:56104;branch=XXXXXbKc0a80168054ac95144e83f201;rport=41175;received=241.53.47.22
Contact: <sip: [email protected]:56104>
To: <sip: [email protected]>;tag=7aa2d790-co9792-INS010
From: "unknown"<sip: [email protected]>;tag= xxxxx4ac6ff
Call-ID: 02DED9B351E14E379A1A4F0B97E10C7D0xcaa80168
CSeq: 2 REGISTER
Expires: 1800
User-Agent: ENSR2.5.47.0-IS10-RMRG0-RG900-EP313326
Content-Length: 0


REGISTER sip:talk4free.com SIP/2.0
Via: SIP/2.0/UDP 192.168.1.104:56104;branch=z9hG4bKc0a80168054ad3f07af91f382;rport
From: "unknown" <sip:[email protected]>;tag=589654ad3e0
To: <sip: [email protected]>
Contact: <sip: [email protected]:56104>
Call-ID: 02DED9B351E14E379A1A4F0B97E10C7D0xcaa80168
CSeq: 3 REGISTER
Expires: 0
Max-Forwards: 70
User-Agent: MagicJack/1.80.484a (SJ Labs)
Authorization: Digest username=" EXXXXXXXXXX01",realm="stratus.com",nonce="1210c9678_09785",uri="sip:talk4free.com",response="1baa8f830261a1238ae3dee501c98292",algorithm=MD5
Content-Length: 0


Last edited by laserjobs on Sat Jul 11, 2009 7:12 pm; edited 1 time in total
Back to top
View user's profile Send private message
az1324
Dan isn't smart enough to hire me


Joined: 20 Feb 2008
Posts: 100

PostPosted: Sun Jun 21, 2009 6:33 am    Post subject: Reply with quote



I don't know what I'm doing so don't ask me.
Back to top
View user's profile Send private message
laserjobs
Dan Should Pay Me


Joined: 12 Nov 2007
Posts: 670

PostPosted: Sun Jun 21, 2009 11:24 am    Post subject: Reply with quote

domingo can you show us some proof that you actually have a PAP2 working or ay other ATA for that matter. From what I can speculate the changes that Magicjack made do not have anything to do with certs. I do not see how any of your riddled soution would work.
Back to top
View user's profile Send private message
dtm
MagicJack Expert


Joined: 27 Jul 2008
Posts: 95
Location: In the hardware.

PostPosted: Sun Jun 21, 2009 12:34 pm    Post subject: Reply with quote

laserjobs:
I don't see it either. I don't see a secure connection between the first registration attempt that fails and the second one that succeeds. I don't see an https:// at all until long after the dongle is is registered. All I see is 147 bytes of data being sent from the dongle to 29.4.236.236 (map.softjoys.com). I have an old WireShark dump from before the update that does a very similar sequence.

I tend to think they are salting our ProxyUserName or ProxyUserPassWord before calculating the MD5 hash. Unless domingo can offer more proof than what I have seen so far, I think he is pulling our leg.
Back to top
View user's profile Send private message
laserjobs
Dan Should Pay Me


Joined: 12 Nov 2007
Posts: 670

PostPosted: Sun Jun 21, 2009 11:37 pm    Post subject: Reply with quote

domingo wrote:
pagemen wrote:
I might give up this completely. Even if I get the certificate, how can I put it in the Linksys firmware? The firmware is compressed(or even encrypted?) so the replacement can't be done with a single hex editor, one has to unpack->replace->repack and I can't find any document about Sipura/Linksys firmware structure...


Easily done. It's not rocket science.

What would you like for proof ? The pictures I posted before of it still connected and registered not enough ?

Bahh I give up on nay sayers , Im enjoying my mj on a pap2t , and a couple folks I emailed are now as well , im done.

I already gave out enough info , good luck.


Sorry I did not see the pics you posted, can you point me to them?
Also could you get another user or two to confirm they got it working with your help?
Back to top
View user's profile Send private message
netdata
magicJack Apprentice


Joined: 09 Jun 2009
Posts: 29

PostPosted: Mon Jun 22, 2009 1:41 am    Post subject: hey guys Reply with quote

I can understand the frustration, but no use in beating up probably the last guy on the forum still around that seems to know something.

The mods have already looked into the situation, in fact they banned
a chunk of accounts that were on the same IP.

They also have cleaned up posts containing rumors or speculation.

A step by step guide posted on here is probably the quickest way to get dan to auto provision or use some other method to stop this fix from working.

You can lead a horse to water, but you can't make him think.

I think domingo doesn't want to sit and hand holds all day.

It's ok to be skeptical but there isn't any need to bash a fellow forum member.

Apparently the people he helped haven't had a need to return to the forum since they are off and running, and that would certainly explain why there hasn't been any 3rd party verification.

I am attempting however to verify if the information presented in the forum is accurate by making a successful session using a TLS authentication compatible softphone program, in theory that will also verify whether or not this works for the linksys ATA adapters you guys are using OR NOT.

My results should put an end to any speculation.

Maybe you guys aren't asking the right questions.

We all have the same goals here, and I don't believe there is any
ulterior motive from any active member on here.

Further more domingo has been a member for a while now you can see
his stats, he isn't some troll. I am pretty new here, but I am going to share what I can and help whoever I can with this.

I still have a bit to catch up on myself however.
Back to top
View user's profile Send private message
az1324
Dan isn't smart enough to hire me


Joined: 20 Feb 2008
Posts: 100

PostPosted: Mon Jun 22, 2009 3:33 am    Post subject: Reply with quote

dtm wrote:
I tend to think they are salting our ProxyUserName or ProxyUserPassWord before calculating the MD5 hash. Unless domingo can offer more proof than what I have seen so far, I think he is pulling our leg.


Yes the Digest Authentication Response does not seem to follow the RFC 2617 standard according to my calculations... that is assuming the password found by Stroth's program is correct. Someone should debug the .exe and see how the Response is calculated.
Back to top
View user's profile Send private message
az1324
Dan isn't smart enough to hire me


Joined: 20 Feb 2008
Posts: 100

PostPosted: Mon Jun 22, 2009 7:40 am    Post subject: Reply with quote

What are you going to do with the secret key? Unless you can figure out how to generate the auth response you can't do anything anyway.
Back to top
View user's profile Send private message
mel2000
MagicJack Contributor


Joined: 31 May 2009
Posts: 67

PostPosted: Mon Jun 22, 2009 9:09 am    Post subject: Reply with quote

That only shows that I'm even more confused than I thought. I think I'll just wait around for other replies to give me more clues to what I'm supposed to be doing.
Back to top
View user's profile Send private message
dtm
MagicJack Expert


Joined: 27 Jul 2008
Posts: 95
Location: In the hardware.

PostPosted: Mon Jun 22, 2009 10:32 am    Post subject: Reply with quote

TLS capable soft phone doesn't work for me.
------
If domingo really knows what is happening he could provide us with a logical sequence of events for the registering process. All I can see in the logs is a register attempt, 401 response, attempt 2 with response MD5. If it is the dongle, it succeeds if it is an ATA it fails. I see no data being sent from the server to the dongle in between registration attempts. No TLS, SSL, or anything else for that matter.

Domingo, you are the expert. Explain in clear detail the sequence of events that leads to a successful register.
Back to top
View user's profile Send private message
netdata
magicJack Apprentice


Joined: 09 Jun 2009
Posts: 29

PostPosted: Tue Jun 23, 2009 4:22 am    Post subject: Tips and Tricks... Reply with quote

Sniffing

From a fresh boot

Start wireshark

Stop ANYTHING that will generate any network traffic

This will help you to avoid generating superfluous data to glean.

You can netstat /an to check and make sure your network is
quiet

Close any: browsers, chat programs, newsreaders, widgets,
anything that goes online...

Dump File

If your dump file isn't around 94-96MB then you do not have a good dump file.

Making Dump File More Manageable

You can use a program called Strings to further truncate your
memory dump to make it more manageable.

For further information, there is a video on securitytube.

Reading MagicJack In RAM

Get HxD Portable

Extras - Open Ram - Pick MagicJack.exe

You will see public token and a little further down
another key also.

p.u.b.l.i.c.K.e.y.T.o.k.e.n.=."xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
etc...


But if you poke around
you might find your profile information / secret phrase.

I will keep editing this post as I have time and add more tips and tricks.
I have to get back to work now - good luck everybody.

I will NOT post information pertaining to the MJ Profile, as it may
violate certain laws in my area. (DCMA law) reverse engineering,
circumventing any sort of protection. DO NOT ASK about anything
related to those things.

I cannot post keys, certs, or anything that would violate the law.

Hoping the mods will close this thread now it's no longer productive.
It's nothing but drama now. Nothing to see here, move along please.

For the neophytes:

Security Certificate
Contains information about who owns the certificate, certificate issuer, a unique serial number or other unique identification, expiration dates, and encrypted information that can be used to verify the information held within the certificate.

Hash
Taking arbitrary block of data and returning a fixed-size bit string
If you understand what a CRC is it's kinda like that

Secret Phrase
A cryptographic key is pretty much synonymous with a secret phrase

RADIUS is a moot point with MJ, it just refers over to kerberos version 1.0
the microsoft flavor.

Ignore anything that says secret its for LSA and not applicable to what you are looking for.

I dump during MJ startup, dump running /idle and also dump starting a call
and during a call to compare what changes


Last edited by netdata on Wed Jun 24, 2009 4:32 am; edited 13 times in total
Back to top
View user's profile Send private message
kp
magicJack Apprentice


Joined: 10 Jun 2009
Posts: 19

PostPosted: Tue Jun 23, 2009 10:02 am    Post subject: Reply with quote

something i find interesting,
if i add the following lines to my host file

127.0.0.1 mls.softjoys.com
127.0.0.1 map.softjoys.com
127.0.0.1 prov1.talk4free.com
127.0.0.1 prov2.talk4free.com
127.0.0.1 prov1.magicjack.com
127.0.0.1 prov2.magicjack.com

the magicjack will still register, which tells me that the cert or secret or hash, etc is stored locally on the machine. It however did want to to connect to the server. So when i blocked prov1.talk4free.com it tried to use prov2, and so on. This leads me to believe that the info stored locally is only a cache of the info.
Back to top
View user's profile Send private message
netdata
magicJack Apprentice


Joined: 09 Jun 2009
Posts: 29

PostPosted: Wed Jun 24, 2009 2:23 pm    Post subject: Fix isnt that hard Reply with quote

All they did is is go TLS, even if they used SRP doesnt matter
the credentials used eventually goes somewhere plaintext.

If you have that you dont need a certificate.

Here is my explaination:

Mentioning about generating your own certs

Why it is BS:

Because your information in the root certification
wouldnt not match MJs since nobody has it (root cert) but them

A certificate exchange does NOT happen.

Its all PKI related. Yes in a way like those satellite cards.

Are certs important then? Not yet, but they could be useful in the
future. So I dont think it was a waste exploring what we can now,
before further obfuscation happens.
Back to top
View user's profile Send private message
dtm
MagicJack Expert


Joined: 27 Jul 2008
Posts: 95
Location: In the hardware.

PostPosted: Wed Jun 24, 2009 3:11 pm    Post subject: Reply with quote

For what it is worth...
I wrote a small php program to calculate the register response hash. I confirmed the program was working properly by sniffing my ATA with Wireshark and plugging the numbers into my program.

The response hash from the dongle on register does not match my program. It gives a different response than the ATA when using the same password. The username, realm,uri, and nounce are all visible so the final hash depends on the password.

This confirms that what we think is the ProxyUserPassword is in fact NOT the password being used to compute the response. They could also be using a non standard method to compute the hash or they could be manipulating the password before computing the hash. Obviously this secret is known to both server and client.

I don't have the debugging tools/skills to figure out what is happening but I think some effort should be concentrated on that level.
Back to top
View user's profile Send private message
srvctek
MagicJack Expert


Joined: 09 Jan 2009
Posts: 76

PostPosted: Wed Jun 24, 2009 5:02 pm    Post subject: Reply with quote

either a salt or its not md5?
Back to top
View user's profile Send private message
netdata
magicJack Apprentice


Joined: 09 Jun 2009
Posts: 29

PostPosted: Wed Jun 24, 2009 6:12 pm    Post subject: Brainstorm Reply with quote

We need a general consensus on several questions.


Help me sort this out:

We know they changed the way the user is authorized.

But did they switch to TLS or SRP and how can we verify without a doubt
they have.

(Well one way is to make a successful registration using either protocol)

Auth method that was used hasnt changed, but proxy authentication has.
(provisioning has changed)

We need to verify this also for sure.

Should we not see this key in memory if we get lucky enough to capture it at the right time? I think we can.

We need to isolate the memory address or at least a general range
so we can narrow our search.

If we can compare the before and after we can figure out the algorithm
used to generate it. And we will already have the key to pass ourself.

Theoretically we just need to put the new key and off we go anyway.
But it would be nice to know, so I can write a stroth style utility
to save people a bunch of hassle.
Back to top
View user's profile Send private message
az1324
Dan isn't smart enough to hire me


Joined: 20 Feb 2008
Posts: 100

PostPosted: Wed Jun 24, 2009 6:57 pm    Post subject: Reply with quote

1. The sip traffic is not encrypted.
2. The only authentication to the proxy is via the digest method.
3. The provisioning file may or may not contain anything useful.

Basically someone who is good at that stuff needs to use a debugger and see what is passed to the md5 hash during a sip transaction.

I tend to believe that it is the password that is salted and not that they are using a modified algorithm. They use the serial number in an md5 hash to generate the dbkey so maybe that is reused somehow though a simple concat of the serial + password does not seem to be it.
Back to top
View user's profile Send private message
laserjobs
Dan Should Pay Me


Joined: 12 Nov 2007
Posts: 670

PostPosted: Wed Jun 24, 2009 7:24 pm    Post subject: Reply with quote

Would it be any easier to try to decompile the latest Mac OS software for magicJack?
Back to top
View user's profile Send private message
az1324
Dan isn't smart enough to hire me


Joined: 20 Feb 2008
Posts: 100

PostPosted: Wed Jun 24, 2009 8:23 pm    Post subject: Reply with quote

Maybe but probably only if you are already experienced with analysing osx programs. Historically there have been some instances of osx programs being easier to analyze for one reason or another but if you know what you're doing it doesn't matter too much.
Back to top
View user's profile Send private message
dtm
MagicJack Expert


Joined: 27 Jul 2008
Posts: 95
Location: In the hardware.

PostPosted: Wed Jun 24, 2009 8:35 pm    Post subject: Reply with quote

srvtec:

It is MD5 as that is specified in the sip register request. The problem is, they could be doing a million things to hide or alter the password. I have tried a few obvious things like MD5ing the password, adding and removing characters from it, and appending things to it. The reality is, I am shooting into the dark. The only hope is to debug it and figure out what is going on.
Back to top
View user's profile Send private message
laserjobs
Dan Should Pay Me


Joined: 12 Nov 2007
Posts: 670

PostPosted: Wed Jun 24, 2009 8:41 pm    Post subject: Reply with quote

dtm wrote:
srvtec:

It is MD5 as that is specified in the sip register request. The problem is, they could be doing a million things to hide or alter the password. I have tried a few obvious things like MD5ing the password, adding and removing characters from it, and appending things to it. The reality is, I am shooting into the dark. The only hope is to debug it and figure out what is going on.


I think you have figured it out but we will probably need to decompile the software and hope we can find the algorithm. That is why I was wondering if the Mac OS version would be easier to deal with than Windows.
Back to top
View user's profile Send private message
dtm
MagicJack Expert


Joined: 27 Jul 2008
Posts: 95
Location: In the hardware.

PostPosted: Wed Jun 24, 2009 9:20 pm    Post subject: Reply with quote

Here is the php code to calculate the response if anyone else wants to play. I have confirmed it works on a sucessful login to a known account with my ATA.

Take a wireshark dump from your MJ and see if you can make the response match the MJ response by manipulating your password. Maybe somebody will get lucky! If you do, you are required to PM me. Wink

<?php

$nonce = "XXXXXXXXXXXXXXXXX";
$user = "EXXXXXXXXXX01";
$password = "XXXXXXXXXXXXXXXXXXXX";
$realm = "stratus.com";
$uri = "sip:talk4free.com";
$method = "REGISTER";

$A1 = ($user.":".$realm.":".$password);
$A2 = ($method.":".$uri);
echo "A1 = ".$A1."<br>";
echo "A2 = ".$A2."<br><br>";

$HA1 = MD5($A1);
$HA2 = MD5($A2);
echo "HA1 = ".$HA1."<br>";
echo "HA2 = ".$HA2."<br><br>";

$response = MD5($HA1.":".$nonce.":".$HA2);
echo "response = ".$response."<br>";

?>
Back to top
View user's profile Send private message
MJuser909909
magicJack Apprentice


Joined: 13 Jun 2009
Posts: 15

PostPosted: Thu Jun 25, 2009 9:30 am    Post subject: Reply with quote

DTM that is pretty sweet, ill play with it and let you know my results...
Back to top
View user's profile Send private message
MJuser909909
magicJack Apprentice


Joined: 13 Jun 2009
Posts: 15

PostPosted: Thu Jun 25, 2009 6:30 pm    Post subject: Reply with quote

deleted due to stewart being smarter and far more superior.

Last edited by MJuser909909 on Fri Jun 26, 2009 9:05 am; edited 2 times in total
Back to top
View user's profile Send private message
Stewart
Dan Should Pay Me


Joined: 13 Nov 2007
Posts: 663

PostPosted: Thu Jun 25, 2009 9:29 pm    Post subject: Reply with quote

MJuser909909 wrote:
here is the Perl version of dtm's script. (run from a unix shell):
The above is not correct; the argument to the final digest must include colon separator characters. Unless you are trying to spread disinformation (like some others here), you should test your code before posting, e.g. on the traffic generated by your ATA.

Also, IMHO, while OOP has its place, it's better to use simple procedural code when explaining a concept or an algorithm to a wide audience.
Code:
#!/usr/local/bin/perl -w

use Digest::MD5 qw(md5_hex);

$nonce = "XXXXXXXXXXX";
$user = "EXXXXXXXXX01";
$password = "XXXXXXXXXXXXXX";
$realm = "stratus.com";
$uri = "sip:talk4free.com";
$method = "REGISTER";

$ha1 = md5_hex($a1 = "$user:$realm:$password");
$ha2 = md5_hex($a2 = "$method:$uri");
$response = md5_hex("$ha1:$nonce:$ha2");

print "a1 = $a1\n";
print "a2 = $a2\n\n";

print "ha1 = $ha1\n";
print "ha2 = $ha2\n\n";

print "response = $response\n\n";
Above tested on ActiveState perl 5.8.7 under Win XP; I would expect it to also work under Linux, Unix, or Mac, all of which normally have perl preinstalled.
Back to top
View user's profile Send private message
dan
Dan isn't smart enough to hire me


Joined: 12 Nov 2007
Posts: 113
Location: Denver

PostPosted: Fri Jun 26, 2009 9:14 am    Post subject: Reply with quote

Stewart did you come out of reitrement?

You going to make an app to pull all the registrations requirments?
Back to top
View user's profile Send private message
srvctek
MagicJack Expert


Joined: 09 Jan 2009
Posts: 76

PostPosted: Fri Jun 26, 2009 9:52 am    Post subject: Reply with quote

Great Idea! Stewart please help us! Very Happy
Back to top
View user's profile Send private message
banstro
MagicJack Newbie


Joined: 03 Dec 2007
Posts: 4

PostPosted: Fri Jun 26, 2009 10:27 am    Post subject: Reply with quote

Ahh finally Stewart. I thought you retired. Now I see some ray of hope.
Back to top
View user's profile Send private message
srvctek
MagicJack Expert


Joined: 09 Jan 2009
Posts: 76

PostPosted: Fri Jun 26, 2009 11:26 am    Post subject: Reply with quote

Yes please come out of retirement, lots of people need your help right now, retirement sux anyway, you can only sip margarita's on a beach for so long before it gets boring Laughing
Back to top
View user's profile Send private message
richardtaur
Dan isn't smart enough to hire me


Joined: 17 Mar 2008
Posts: 123

PostPosted: Fri Jun 26, 2009 11:37 am    Post subject: Reply with quote

same here~ please help us. So, I don't have to look very hard to find any other VOIPs to make it works with sipsorcery, etc...
Back to top
View user's profile Send private message
dtm
MagicJack Expert


Joined: 27 Jul 2008
Posts: 95
Location: In the hardware.

PostPosted: Fri Jun 26, 2009 1:49 pm    Post subject: Reply with quote

Question: How did Ringo get high?

Answer that and you will know how I got this... MJ is dead and so is RFC 2617. It doesn't require any certs or keys or TLS encryption to verify the code below. Just punch in your numbers and see if the response matches the dongle's response. The trick is explained in the code.

The bad news is, an ATA won't do this and even if you modify the firmware to do it, the other side can change it again. They can keep screwing us until the sun don't shine. Once you leave the RFC standards behind (which they have) then you can do as you please.

So I present this here for your discussion. To Mr. Dan the inventor; I ask that you do consider a byod service, premium account, or whatever you want to call it. You now have the ATAs locked out so we can't cheat so charge us a little extra to use them legitimately.
--------------------------------------
<?php

$nonce = "5437837f0_06998";
$callid = "75E16D8104254DB68CFE8CAF8D78DCD60xc0a80504";
$realm = "stratus.com";
$uri = "sip:talk4free.com";
$method = "REGISTER";
$user = "EXXXXXXXXXX01";
$password = "XXXXXXXXXXXXXXXXXXXX";

// Here comes the trick
// $callid is used as a lookup table to append the nonce value
// 75E16D8104254DB68CFE... callid
// 0123456789abcdef....... index
// First an underscore is appended to the nonce
// Now take the first hex character of the nonce which is 5 so get the callid character at index 5
// This is a D since the index is zero based
// Append a D to the nonce and so on
// The final nonce = 5437837f0_06998_D6110116 in this example
// The next block of code does the trick

$newnonce = $nonce."_";
for ($i=0; $i<8; $i++){
$index = hexdec(substr($nonce,$i,1));
$newnonce = $newnonce.substr($callid,$index,1);
}

$A2 = ($method.":".$uri);
$A1 = ($user.":".$realm.":".$password);
$HA1 = MD5($A1);
$HA2 = MD5($A2);
$response = MD5($HA1.":".$newnonce.":".$HA2);

echo "A1 = ".$A1."<br>";
echo "A2 = ".$A2."<br><br>";
echo "response = ".$response."<br>";

// The original nonce is returned to the server but the response
// is actually calculated with the appended nonce.

?>
Back to top
View user's profile Send private message
srvctek
MagicJack Expert


Joined: 09 Jan 2009
Posts: 76

PostPosted: Fri Jun 26, 2009 2:32 pm    Post subject: Reply with quote

Are you 100% sure this is what they did and it cant be emulated?
Back to top
View user's profile Send private message
az1324
Dan isn't smart enough to hire me


Joined: 20 Feb 2008
Posts: 100

PostPosted: Fri Jun 26, 2009 2:37 pm    Post subject: Reply with quote

Nice friends.

Well that is interesting. At least now we can make a proxy server that will run without the dongle for now.
Back to top
View user's profile Send private message
onlinepcfun
magicJack Apprentice


Joined: 21 Apr 2008
Posts: 19

PostPosted: Fri Jun 26, 2009 2:46 pm    Post subject: Reply with quote

az1324 wrote:
Nice friends.

Well that is interesting. At least now we can make a proxy server that will run without the dongle for now.

Exactly...something similar to Stewart's callerid spoof script Smile I see light at the end of tunnel
Stewart...you are next Smile
Back to top
View user's profile Send private message
netdata
magicJack Apprentice


Joined: 09 Jun 2009
Posts: 29

PostPosted: Fri Jun 26, 2009 11:31 pm    Post subject: Quick calculator Reply with quote

Making a quick calculator program to generate your password.

I will put a link to the windows executable and later put up the linux and osx version and maybe a windows mobile version also.

I have a summer cold, and my birthday is tomorrow, but I will try
to put it up tonight.

I am pretty miserable right now.

dtm and stewart if you have anything that needs to be added to the program
please pm me. Thanks guys you are great.
Back to top
View user's profile Send private message
richardtaur
Dan isn't smart enough to hire me


Joined: 17 Mar 2008
Posts: 123

PostPosted: Fri Jun 26, 2009 11:42 pm    Post subject: Reply with quote

I wish you a happy birthday. Take a warm shower then turn it to a cold shower, and you will feel a lot better. Wish you get well.
Back to top
View user's profile Send private message
UncleRunkle
magicJack Apprentice


Joined: 09 Jun 2009
Posts: 27

PostPosted: Fri Jun 26, 2009 11:42 pm    Post subject: Reply with quote

Thanks netdata for your help. You are invaluable as well to this thread...
Back to top
View user's profile Send private message
dtm
MagicJack Expert


Joined: 27 Jul 2008
Posts: 95
Location: In the hardware.

PostPosted: Sat Jun 27, 2009 12:32 am    Post subject: Reply with quote

Quote:
Making a quick calculator program to generate your password.

How can that be done? The nonce and callid changes with each register.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    magicJack and magicJack Plus Support, Reviews, FAQs and Hacks Forum Index -> magicJack Tips, Tricks, and Hacks All times are GMT - 4 Hours
Goto page 1, 2, 3, 4  Next
Page 1 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB Turbo Extended Edition © 2010, phpBB Group