Softphone for Main Unlimited $24.99 Residential Service

Posts: 8 · Posted: Thu Mar 17, 2005 10:25 pm Post subject:

It is kind of like a gumball machine. You can knock the whole thing down and break the glass and get all the gumballs out. That kind of defeats the purpose.

Or you can realize that 5 cents for a nice sized great tasting gumball will always be there every time you pass that machine.

I think the best thing to do is to get the gumball machine priced right and everyone benefits.

No.....

Eric

Posts: 42 · Posted: Fri Mar 18, 2005 12:34 am Post subject:

paul248: Those MD5 hashes are the key. The problem is that they are some sort of challenge/response system and we don't know the secrets.

As an example of how this sort of thing typically works, something like this would happen.

Server: Generates a token (random chunk of data, serial number, something)

Client: connects to server, and the server tells the client what the challenge (token) is. WIth things like apop, the challenge is the msgid-like string at login. With ppp-chap it is explicitly passed through. I dont know enough about the sip handshake to say what happens here.

Client: takes token from server, and the secret ("password") which is stored internally in the device. client then hashes the combination of token and client secret. Passes the md5 string to the server.

Server: does the same hash operation on the token and what it expects the client to have as the secret. It then compares the two hash values. If they are the same, then the client has proved its identity.

And that is the hard part. The hash is (essentially) irreversible. We will not know what the challenge token will be in advance, it is different each time the client connects. We don't know the secret (password) stored on the client.

We can see the hash each time, but that doesn't help us at all for figuring out the secret password. And we can't reuse the MD5 hash each time, because the server is (or had better be!) using a new challenge token each time.

Of course, the hash can be brute forced and you can try permutations of all possible secrets, but that takes a lot of horsepower. It might be easier to physically attack the device and download the eeprom contents.

If you want to know how hard the secret will be to crack, you might look at existing softphone account passwords. They probably are generated with the same algorithm so you can see how long they might be, what character sets are used, etc.

The interesting weakness in this simple system is that it is completely vulnerable to a man-in-the-middle attack. You can proxy the tokens and responses and neither end will be aware of the computer in the middle.

Anyway, this is not particularly useful to know because you need to figure out how to get the ATA into handshaking mode in order to abuse it to calculate the responses for you. There are so many problems waiting there that it is probably going to be simpler to physically attack the device.

Of course, this is all well into Terms Of Service violation territory if you're a Vonage customer and you could find yourself in hot water.

Interesting thought.. If you are not a Vonage customer and go to a retail store and buy one of the locked retail kits, you haven't yet agreed to the terms of service that you are normally forced to agree to when you activate an account... There isn't even a shrink-wrap license notice on the outside of the box... And the TOS hardcopy inside the box says that "by activating the service, you agree ....." - so in theory if you're not a subscriber, you can do whatever you'd like with it.

It is just a matter of time before somebody pops open a box, extracts the keys and writes a decent sip client emulator that proxies the connections. Sooner or later, somebody will do it and all hell will break loose.

If I was Vonage, I'd be thinking about heading that off that scenario by removing the incentives. ie: providing what their customers want. The attitude of "This is what we provide and you WILL like it!" is part of the reason why people hate their local telcos and why Vonage gets a foot in the door. Finding the same attitudes at the "alternative" is a big let down. Price isn't everything.

Posts: 8 · Posted: Fri Mar 18, 2005 7:09 am Post subject:

Remember, I'm first in line.. Very Happy

Eric

Posts: 42 · Posted: Sat Mar 19, 2005 4:38 pm Post subject:

Actually, I wonder how long this would take if there was a bounty? I have the means (SMD rework station, TSOP-40 eprom/flash reader/writer, etc), but am still bound by the ToS, so I can't participate. And besides, I don't have the time nor the inclination.

The folks that discovered the weakness in the Tivo security system went public for a $5000 bounty. I'm annoyed enough at the stupidity of the current situation that I'd be tempted to contribute $500 or $1000 to a bounty (run by somebody else) for some enterprising individual to extract the keys and passwords from the locked PAP2 flash. All they need is to go and buy a box from staples/compusa/etc and not activate it so that they are not bound by the ToS. (Recall that you only agree to the ToS restrictions by activating service!)

To what end? That information would go a long way towards what would be needed to write a SIP proxy that would look/feel like a PAP2 as far as Vonage was concerned. The keys would enable decrypting the configuration download so that you could have the PAP2 simulator connect to the Vonage service and then you could use your own IP phone or softphone or whatever to connect to the simulator. Vonage would likely never even notice unless you called up tech support. Remember that the only access that Vonage have to the box is via SIP, the box fetches its configuration from the net. There's no snmp or http or anything else to worry about.

The beauty of that is that it wouldn't cost Vonage a cent, and won't deprive them of any income. It would work exactly like a current ATA does except with better sound quality by eliminating the analog leg.

Vonage: remember that we dont want a bigger, badder telco! Your list of 'we could, but wont do that' is rivalling the incumbent telcos! Price doesn't make up for being so pig-headed, especially when there are cheaper alternatives that *do* have the flexibility!

Posts: 1 · New Forum Member Joined: Dec 01, 2004 Posts: 1

Has anyone tried just using the hash that the MPA is sending Vonage as the password? O perhaps just using a hash of your Vonage password?
I can't help but think it'd be awfully easy to get Asterix to do what is needed...

A.

Posts: 42

Part of the authentication handshake is that it gives you some magic number to include in the hash calculations. So the hash result only works with that specific challenge number. And you can bet that it'll be different each time.

Each side does a hash(random number + secret), and they exchange and compare the hashes. If one side has the wrong secret, it can't generate the right hash for the given random number.

So, you either need the secret, or do a man-in-the-middle attack.

-Peter

Posts: 1 · New Forum Member Joined: Apr 23, 2005 Posts: 1

Do you think they check the MAC of the ATA box?
Primus are doing that with their little dlink gateway which uses mgcp.
so how about cloning the mac from the ata?
i am going to try it with both Vonage canada and primus. whichever works is the system i take with me to france. im not paying for a crippled softphone. part of the reason i want it is so that i can sit in a cafe and not have to pay outrageous mobile fees. someone try this, or keep in touch. it can be done, and i dont know if they can do anything about it.

Posts: 42 · Posted: Sun Apr 24, 2005 1:46 pm Post subject: MAC?

Well, they can't really check the MAC, because the MAC isn't visible over the TCP/IP network. The only network that can see your MAC is the local ethernet network as far as your gateway or the cable modem gateway.

So cloning the MAC achieves you nothing.

The MAC is only significant because the ATA devices use it to find their configuration file on their web server. Their MAC is part of the filename. So if you switch ATA devices, then it won't find a config file prepared for it, and it won't be able to authenticate because it won't know what the secret key is.

The bad news is that the config files with the SIP secret keys are encrypted themselves. The good news is that the key to decrypt the config files is stored in the ATA itself somewhere. If you can extract the keys from the hardware, then you can (eventually) decrypt the config files and find the SIP keys. Or the client certificate, whatever it is that they use.

BTW: does anybody know what instruction set the ESS (yes, the sound card folks) use on the CPU on the sipura/linksys boxes? It would appear it is a DSP chip with a general purpose integer cpu core glued in. But I haven't found any obvious hints as to what core it uses.. it could be a MIPS, an ARM7 or 9, or even a small PPC core. That would have to be known in order to even get to square 1 with understanding the firmware or trying to extract keys from the hardware. Its a huge job to say the least. (Actually, I've kinda lost interest in this part. I returned the PAP2 that I wanted to unlock and bought 4 unlocked PAP2-NA's instead. I'd still love to get the keys though.)

I'm still hopeful that a man-in-the-middle proxy attack might be possible. In other words, you create a SIP proxy that fakes the Vonage SIP servers and connect your ATA to it. You could relay all the real authentication requests to it and have it calculate the responses for you. You'd probably have to have a modem to cause the ATA to initiate sessions in order to make outbound calls. Once the sessions are established you can use the clear RTP packets directly. Those dont have to go anywhere near the ATA. A plain old M.I.T.M. attack would be dramatically less work, but would be just.. nasty.. and not elegant at all. But you probably could automate it for an Asterisk server at home and hide it out of the way somewhere.

Posts: 42 · Posted: Wed May 18, 2005 2:05 am Post subject: VT1005 - there may be light...

I stumbled across some interesting information about the internals of the older Motorola ATA, the VT1000/1005. It seems there might be a possibility of adding a serial adapter to the blank spaces on the circuit board and use the integrated VXworks debugger to read the configuration information.

This may potentially include the sip authentication keys. Of course, there are a lot of ifs and buts. For example, its not clear if the configuration information is in a binary or readable ascii form.

I'll refrain from posting links, but I found it while searching for information about unlocking it. For example, I was curious if there was a backdoor like the ATA-186. So far, the information seems to suggest that it is easy to unlock the device, but it is totally useless because you need the motorola provisioning tools to actually configure the settings. Anyway, for the cost, its more useful to just go buy an unlocked PAP2-NA for $50-$70 on eBay or a SPA-1001 or SPA-2000 from one of the many other online retailers.

Anyway, I've found somebody who appears to be able to port my home number away from Vonage, so it might all be a moot point.

Posts: 20 · Vonage Forum Associate Joined: Jun 24, 2005 Posts: 20

This thread is HILARIOUS Lol

Get a life and another provider, people.

Several other providers offer BYOD, softphone, are cheaper and provide better audio quality AND more LNP numbers.

The only real useful application to unlocking would be to refurb old Vonage routers for resale. Anything else would either be illegal or against the Terms and Condintions of the Vonage account, or both.

BTW, even if it did work Vonage blocks SIP peering on the main line. That makes most of the effort useless if you're concerned about LD or International calling.