Linksys PAP2 hack?

Discussion in 'VOIP' started by Ghazan Haider, Feb 25, 2005.

  1. The PAP2 usually comes preset with the provider's IP, and seeks it
    itself. Only after the provider gives its connection, does the dial
    tone appear on the PAP2.

    Can the PAP2 be hacked to seek another Asterix box for example? I'd be
    interested in a setup where I have the two POTS ports of the PAP2
    available, and I could dial from one to another. I'm sure the PAP2 has
    no pbx capabilities, but would be nice to get it to talk to a
    linux-based pbx at home.... unless its communication protocol (SIP?)
    is too proprietary.

    I'm also not sure if the firmware of the PAP2 is located in a
    different spot from the configuration, or is everything configured,
    compiled and burned? If the config is in a different place, making it
    point elsewhere should be trivial..

    If it speaks standards-based protocols, I could even fake the IP it
    seeks, pointing to a local asterix box for the job.

    Any thoughts?

    This also allows me to roll out my own VOIP joint... or at least
    skype-type joint where people can use their standard phones + PAP2,
    without the use of a computer. Legal issues in reconfiguring the PAP2
    if at all possible?
    Ghazan Haider, Feb 25, 2005
    #1
    1. Advertising

  2. Why not just get a Sipura box that you don't need to hack????

    Mike Schumann

    "Ghazan Haider" <> wrote in message
    news:...
    > The PAP2 usually comes preset with the provider's IP, and seeks it
    > itself. Only after the provider gives its connection, does the dial
    > tone appear on the PAP2.
    >
    > Can the PAP2 be hacked to seek another Asterix box for example? I'd be
    > interested in a setup where I have the two POTS ports of the PAP2
    > available, and I could dial from one to another. I'm sure the PAP2 has
    > no pbx capabilities, but would be nice to get it to talk to a
    > linux-based pbx at home.... unless its communication protocol (SIP?)
    > is too proprietary.
    >
    > I'm also not sure if the firmware of the PAP2 is located in a
    > different spot from the configuration, or is everything configured,
    > compiled and burned? If the config is in a different place, making it
    > point elsewhere should be trivial..
    >
    > If it speaks standards-based protocols, I could even fake the IP it
    > seeks, pointing to a local asterix box for the job.
    >
    > Any thoughts?
    >
    > This also allows me to roll out my own VOIP joint... or at least
    > skype-type joint where people can use their standard phones + PAP2,
    > without the use of a computer. Legal issues in reconfiguring the PAP2
    > if at all possible?
    Mike Schumann, Mar 1, 2005
    #2
    1. Advertising

  3. Ghazan Haider

    mazilo Guest

    > Ghazan Haiderwrote
    The PAP2 usually comes preset with the provider's IP, and seeks i
    > itself. Only after the provider gives its connection, does the dia
    > tone appear on the PAP2


    Who's your PAP2 provider, i.e Vonage

    > Ghazan Haiderwrote

    Can the PAP2 be hacked to seek another Asterix box for example? I'
    b
    > interested in a setup where I have the two POTS ports of the PAP
    > available, and I could dial from one to another. I'm sure the PAP

    ha
    > no pbx capabilities, but would be nice to get it to talk to
    > linux-based pbx at home.... unless its communication protoco

    (SIP?
    > is too proprietary


    I haven't seen one hacked, yet

    > Ghazan Haiderwrote

    I'm also not sure if the firmware of the PAP2 is located in
    > different spot from the configuration, or is everything configured
    > compiled and burned? If the config is in a different place, makin

    i
    > point elsewhere should be trivial.


    I hear from other forums that resetting the PAP2 to its factor
    original will certainly remove the lock; however, during the proces
    of resetting, it will ask you the password if the PAP2 has bee
    registered to some provider

    > Ghazan Haiderwrote

    If it speaks standards-based protocols, I could even fake the IP i
    > seeks, pointing to a local asterix box for the job
    >
    > Any thoughts


    AFAIK, PA2 along with most ATA devices on the market are SI
    compliance; thus, it speaks some standard-base protocols

    > Ghazan Haiderwrote

    This also allows me to roll out my own VOIP joint... or at leas
    > skype-type joint where people can use their standard phones + PAP2
    > without the use of a computer. Legal issues in reconfiguring th

    PAP
    > if at all possible


    How would you do that since Skype is not SIP compliance
    mazilo, Mar 7, 2005
    #3
  4. Ghazan Haider

    VISION Guest

    Ive been told you can sniff out the connection stream for the Pap2 and
    the other linksys vonage routers.

    No firmwares have been posted to convert to the NA models so far as i
    know.

    I personaly would like to make my asterisk box the vonage ATA
    device.... and to use my Linksys rtp "vonage" router as a phone adaptor
    for my network.

    I may have to convert to another phone providor that is more asterisk
    friendly.... but i would still have this linksys gear .... unusable.
    VISION, Mar 11, 2005
    #4
  5. Ghazan Haider

    mcamino Guest

    http://www.vonage-forum.com/ftopic3988.html

    It is an idea. Why doesnt someone call up vonage with their pap2 devic
    (using the old firmware) and have vonage "flag" an update to thei
    device. The way i look at it is this. If vonage can force feed
    firmware update to the boxes, why cant we? If they flag one of th
    boxes, and we have ethercap running, we capture the traffic, we analys
    it, and most likely we get the magical admin password to the pap2. If w
    dont get the admin password atleast we figure out how they feed firmwar
    and we can copy the firmware the same way (through faked dns entries an
    such)

    Its a valid idea, and i have a VIRGIN pap2 to try your ideas on. (i a
    currently trying to brute force the username and password which i
    frankly impossible even at 1000 attempts per second, it will tak
    1million years, no joking, to force the password

    --
    mcamino
    mcamino, Mar 17, 2005
    #5
  6. Ghazan Haider

    mcamino Guest

    http://www.vonage-forum.com/ftopic3988.htm

    It is an idea. Why doesnt someone call up vonage with their pap
    device (using the old firmware) and have vonage "flag" an update t
    their device. The way i look at it is this. If vonage can force fee
    a firmware update to the boxes, why cant we? If they flag one of th
    boxes, and we have ethercap running, we capture the traffic, w
    analyse it, and most likely we get the magical admin password to th
    pap2. If we dont get the admin password atleast we figure out ho
    they feed firmware and we can copy the firmware the same way (throug
    faked dns entries and such

    Its a valid idea, and i have a VIRGIN pap2 to try your ideas on. (i a
    currently trying to brute force the username and password which i
    frankly impossible even at 1000 attempts per second, it will tak
    1million years, no joking, to force the password
    mcamino, Mar 18, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kyler Laird
    Replies:
    55
    Views:
    9,811
    william
    Mar 25, 2005
  2. Shaker

    Unlocking linksys PAP2

    Shaker, Jan 17, 2005, in forum: VOIP
    Replies:
    7
    Views:
    10,228
    walkerchen
    May 23, 2010
  3. Gary Dale
    Replies:
    15
    Views:
    4,655
    Marc H.Popek
    Mar 20, 2005
  4. Vox Humana

    Documentation for Linksys PAP2-NA

    Vox Humana, Mar 17, 2005, in forum: VOIP
    Replies:
    6
    Views:
    11,038
    Kyler Laird
    Mar 21, 2005
  5. Paul -M-

    Linksys PAP2 router

    Paul -M-, May 11, 2005, in forum: VOIP
    Replies:
    6
    Views:
    1,003
    Rick Merrill
    May 12, 2005
Loading...

Share This Page