[Asterisk-Users] Galaxy Voice

Greg Hill gregh-asterisk at hillnet.us
Mon Apr 26 11:27:15 MST 2004 

On Mon, 26 Apr 2004, Jay Milk wrote:

> I was afraid Vonage might be looking requests to the MAC address of the
> calling device.  I know I can pull the info using packet sniff and
> ATA186 tools (there's an article on this somewhere on this list). Makes
> more sense to me to run all my lines directly into * once I get this
> done-- reduces my hardware requirements quite a bit, since I only have
> one landline.

I've never worked with vonage, but I did try to unlock an ATA186 a month
ago.  Spoofing an isolated network to provide DHCP, DNS, and the IP
addresses the ATA wants to find is easy enough to do (just use ethereal to
see what the ATA is asking for, then set up a service to fill the request,
then repeat until you have any information you needed). This helps you
find out the name of the config file your ATA wants to get via tftp. Then
you make a change in your vonage dashboard (?)  so that a new config file
will be generated, and since you know what its filename will be, you can
copy it to your workstation via tftp (instead of letting the ATA grab it).
You probably need to arrange for your ATA to have a copy of the file as
well; see discussion about the changing RC4 keys below..

Next you would have to do a brute-force attack on the 64-bit RC4 encrypted
config file. This is as far as I got when something went wrong in my ATA
and it burned itself up. Literally. Several of the ICs have bulges in
their cases, and I smelled the "melting IC" smell. Oh well, it was cheap..
I'll probably replace it with a sipura. Anyway, if you were successful in
finding the RC4 key to decrypt the config file, then you could find the
username/password pair your box uses to connect to vonage. You'll have to
keep track of the key, though, because the password will change the next
time they put out an updated config file. The RC4 key will change, too:
when the ATA downloads a new config, it uses its current key to decrypt.
But the new config file contains a new key, which will be used to decrypt
the next config file, whenever one becomes available.

..or you could use X100Ps etc instead.

Greg

More information about the asterisk-users mailing list