[Asterisk-Users] Galaxy Voice

Mon Apr 26 12:31:35 MST 2004

Vonage may not be a problem much longer (see my post on broadvoice.com)
-- and they could have it so easy, just help the people who paid for the
hardware USE it.  I'll definitely see that I can grab the config before
I cancel service, so I can use MY ATA186s as FXSs.

-----Original Message-----
From: asterisk-users-admin at lists.digium.com
[mailto:asterisk-users-admin at lists.digium.com] On Behalf Of Greg Hill
Sent: Monday, April 26, 2004 1:27 PM
To: asterisk-users at lists.digium.com
Subject: RE: [Asterisk-Users] Galaxy Voice

On Mon, 26 Apr 2004, Jay Milk wrote:

> I was afraid Vonage might be looking requests to the MAC address of 
> the calling device.  I know I can pull the info using packet sniff and

> ATA186 tools (there's an article on this somewhere on this list). 
> Makes more sense to me to run all my lines directly into * once I get 
> this
> done-- reduces my hardware requirements quite a bit, since I only have
> one landline.

I've never worked with vonage, but I did try to unlock an ATA186 a month
ago.  Spoofing an isolated network to provide DHCP, DNS, and the IP
addresses the ATA wants to find is easy enough to do (just use ethereal
to see what the ATA is asking for, then set up a service to fill the
request, then repeat until you have any information you needed). This
helps you find out the name of the config file your ATA wants to get via
tftp. Then you make a change in your vonage dashboard (?)  so that a new
config file will be generated, and since you know what its filename will
be, you can copy it to your workstation via tftp (instead of letting the
ATA grab it). You probably need to arrange for your ATA to have a copy
of the file as well; see discussion about the changing RC4 keys below..

Next you would have to do a brute-force attack on the 64-bit RC4
encrypted config file. This is as far as I got when something went wrong
in my ATA and it burned itself up. Literally. Several of the ICs have
bulges in their cases, and I smelled the "melting IC" smell. Oh well, it
was cheap.. I'll probably replace it with a sipura. Anyway, if you were
successful in finding the RC4 key to decrypt the config file, then you
could find the username/password pair your box uses to connect to
vonage. You'll have to keep track of the key, though, because the
password will change the next time they put out an updated config file.
The RC4 key will change, too: when the ATA downloads a new config, it
uses its current key to decrypt. But the new config file contains a new
key, which will be used to decrypt the next config file, whenever one
becomes available.

..or you could use X100Ps etc instead.

Greg

_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users