YESSSSSSSSSSSSSSSSSSSSSS - PAP2'S UNLOCKED NOW

I WOULD LIKE TO THANK DIGGLER FOR ALL HIS EXPERT ADVICE AND SHARING THE INFORMATION.

DIGGLER, YOU ARE A GENIOUS

KEVIN

Thank you Diggler.
A small question, for 3.1.9 or higher, what if we feed xml file directly without factory reset it?

Alen

That depends on what XML file the adapter is trying to grab. If it was never auto-provisioned, it should be asking for the PRIMARY (i.e. ROOT )XML file. A FACTORY RESET w/ the 3.1.9 method:
1) Opens up web access (so that you can set things like DNS Server, etc. in the adapter)
2) Ensures that the adapter requests the PRIMARY XML file

Diggler

TEP 4: Configure your LOCAL LAN's DNS Server to mimic Vonage's Servers:

1) Point httpconfig.vonage.net to the LAN IP address running your HTTP server
2) Point ls.tftp.vonage.net to the LAN IP address running your TFTP server
3) (Optional but recommended) Point *.vonage.net to the LAN IP address running your HTTP/TFTP servers
4) (Optional but recommended) Forward UDP ports 21 & 2400 to Port 69 (so that your TFTP server receives traffic on ports 21, 2400, and the default TFTP port of 69). If you don't know how to configure this, setup a 2nd TFTP server listening on PORT 2400. (Vonage seems to use ports 69 & 2400 the most, but they also use 21).


Diggler I dont get this part of your guide can u please give me a detailed instruction on how to do these steps for example which softwares to use and how to add the info in the softwares or can u point me to the right page if this question has been answered. I am a bit confused everything is straight forward.

I started scanning the posts in this thread from PAGES 4-12 and found the following existing posts which should give you some more info:

Post #129 (Similar question asked)
Post #139 (SimpleDNS Help)
Post #203 (HTTP & TFTP software)
Post #346 (Similar question asked)

These days I recommend going w/ the following unlock method which eliminates having to setup a DNS server program:
Post #326 (Crossover cable method, uses Windows'hosts' file for DNS)

Why do you emphasize PRIMARY (i.e. ROOT )XML? Do you mean that if we don't factory reset it, it may request an xml file other than Primary? Is so, won't it request FW?

In the unlock guide for 3.1.7+, the first step is "STEP 1: Factory Reset the adapter:". The only thing we do with that is remove the dns server. Actually, this could be done with IVR like in step 3. So, if we don't factory reset, we can still proceed our unlock process by feeding the xml file and it'll request FW, then feed the plain txt file to set user and admin password. It's not like in step 1 "If not, you’re pretty much “stuck” at this point and need to find a working Vonage USER Password."
Right?

If we don't do the factory reset, we can still open the web interface, but we can't access because we don't have the password for user. Right? But it won't stop us from unlocking it.

The reason why I'm asking this is because I see a post on broadbandreport as follows



So, if we don't factory reset it, we'll be able to feed FW again and again.

Hi,

I recently unlocked pap2 v2 and successfully setup line1 for Stanaphone. I get the dial tone but I am not able to dial any phone number. I use stana-to-stana calling only (08xxxxxx phone numbers). What is the dial plan setup in pap2 v2. I tried the below pap2 v1 settings for dial plan and it did not work. Could someone please help me out ?

Dial Plan: (08xxxxxxS0|<:1ZZZ>[2-9]xxxxxx|1[2-9]xx[2-9]xxxxxxS0|<:1>[2-9]xx[2-9]xxxxxxS0|011xx.)
Replace ZZZ with your area code.
This dial plan handles calling: Stana-to-Stana : 08xxxxxx

A new lesson I learned - if you can't get one service to connect (Voipbuster in my case) even though the other service is working (FWD in my case) check if there is a new firmware available for your ROUTER, yes, router and update if there is, after struggling for 3, 4 hours updating the router firmware to newest one fixed the "can't connect to server" problem the moment router rebooted with the new firmware.

If you didn't put any money in your account, you are not able to dial any phone number. But you call 08xxxxxx OK.

I don't think the dial plan from v1 can work for v2.
The default dial plan for v2 is:

*xxT|*1xx|[349]11|1xxx[2-9]xxxxxx|[2-9]xxxxxxT|[2-9]xxxxxxxxx|011x.T

How do dial a number with stanaphone?
Maybe it'll be helpful to put |x.T at the end.
So the whole dial plan will be

*xxT|*1xx|[349]11|1xxx[2-9]xxxxxx|[2-9]xxxxxxT|[2-9]xxxxxxxxx|011x.T|x.T

By the way, post about v2 is here:
http://www.bargainshare.com/index.php?showtopic=87504

The only Vonage XML who's GPP_K value remains constant is the PRIMARY XML file. An adapter fresh out of the box should be asking for its PRIMARY XML file, but in the event it's not, a factory reset will ensure that it does.

Correct. The 3.1.7+ unlock guide was written back when USED PAP2's connected to the internet could still be unlocked. Those PAP2's needed to be FACTORY RESET to ensure that they'd request their PRIMARY (i.e. ROOT) XML file.

There may not necessarily be a USER password defined on a virgin PAP2 v1 (Vonage), so you may in fact be able to access USER mode of the web interface.

Interesting theory, but I'm skeptical about its outcome. The last BRAND NEW PAP2v1 3.1.9 I unlocked took several "rounds" to complete. This was a PAP2 I had purchased due to numerous posters in this thread claiming that the unlock process was no longer working. (It was also what led me to come up with the CROSSOVER CABLE method). Anyway, I didn't have my HTTP directory structure setup correctly for several "rounds," but my TFTP structure was in place. Each time the adapter loaded the XML file, it made an HTTP request to load the firmware but failed. After each failure, I would FACTORY RESET the adapter and start all over. This happened 2 or 3 times, with each time HTTP requesting a firmware file, until I finally had my directory structure setup correctly. Thereafter the adapter loaded firmware (SPA2K 2.0.9), after which I finished the unlock process, extracted the GPP_K, and finally loaded true PAP2 3.1.6 firmware onto the adapter. Since this PAP2 was purchased for testing purposes only (and was anyway going to return when done), after it was unlocked, I FACTORY RESET it and connected it to the internet just to see what would happen. The adapter loaded its PRIMARY XML FILE from Vonage but DID NOT attempt a firmware upgrade to 3.1.9 even though it was now loaded w/ 3.1.6! Thus, this adapter had made multiple HTTP attempts to automatically load in firmware until it finally succeeded in loading a firmware file. Thereafter, it no longer attempted any automatic firmware upgrades with Vonage's XML files, even when communicating directly w/ Vonage's servers.

Diggler

This is a little different from another post of yours, although you said "likely".


And it's different from my experience. I unlocked a unit. I feed spa2K, then 3.1.3. I forgot to turn off provisioning. Then it was provisioned by vonage. Then the firmware became 3.1.9.

If you are right, it'll stay at 3.1.3 which will make it very safe and make us happy, because we could use spatool to do a URL tftp upgrade.

The post in which I said "likely" may also have been posted before Vonage implemented the more stringent 3.1.9 settings. It's also possible that after a certain amount of time, the PAP2 of mine which DID NOT perform an automatic firmware upgrade (once provisioned by Vonage itself) would eventually have. I didn't keep that adapter connected to the internet for more than an hour, so I didn't give full / thorough test. I do know though that the adapter got re-locked by virtue of it loading Vonage's XML file from Vonage's server. I had to use the extracted GPP_K value to re-unlock it by feeding it my own encryted XML file w/ known user/admin pws.

If your PAP2 was unlocked using the original/easy method (i.e. POST #4), then your PAP2 never performed a successful automatic firmware upgrade. Thus, when you connected it to the internet and it provisioned w/ Vonage, it performed its one automatic firmware upgrdae. If yours was initially a 3.1.7 (or higher) adapter, perhaps you unlocked it before Vonage implemented the more stringent settings.

Diggler

Either I hosed my unit by letting it phone home for about five seconds, or I have a new enough unit that it's actually shipped in a more locked state than normal.

Anyway, I have an idea. Taking a look at the html form at http://x.x.x.x/advanced, I noticed that all of the fields are numbered. For example, my PAP2 2.0's fields are numbered:

User password: P34415
DHCP: 30383
Static IP: 29743
Netmask: 29807
etc...

The form itself is submitted to linksys.pap. All of this is viewable in the HTML source.

If the programming of the firmware is less than perfect, it might be possible to submit data to linksys.pap to replace, say, the admin password. For that, I'd just need to know what the "Admin password" field is called in the admin section, assuming there is one. Or any other fields that might assist in recovering from a locked device?

Just a thought. If you feel like digging in an unlocked unit and sending me field names from the admin setup pages (or even just do a save_as and save the html file, though you should edit that to remove any VOIP account info before sending it to me), I'd do the dirty work of trying to get it to accept incorrect form data.

It's a long shot, but maybe it's possible...

I don't think 5 seconds is long enough for it to download, extract, and load in new firmware. If it was on-line for at least a minute though, you may be SOL. As long as you can FACTORY RESET the adapter, it's worth trying to unlock it using the documented methods in this thread.

Admin Passwd: P31023

I just sent you a PM requesting your e-mail address so that I can e-mail you a complete HTML capture of an unlocked PAP2. I once tried the exact thing you're contemplating but wasn't successful. Don't let my lack of success stop you from trying though.

Diggler

Er, Diggler, your PMs are either full or off, so I can't reply to yours.

That makes things challenging, doesn't it?

*EDIT* Sent you a follow-up PM w/ alternate instructions.

Aright heres a tought one for you Diggler. My PAP2 router does try to receive some kind of file but idk whats wrong wit my tftp. I took a screen shot of SIMPLE DNS of the PAP2 activity. Now how do i get it so it downloads from the tftp and not just keeps requesting.

I think there's something wrong with small dns plus.
Look up ls.tftp.vonage.net or ping ls.tftp.vonage.net see if the dns is working.
If you are using a router, suggest you switch to crossover cable. When you are using a crossover cable, set a static ip for your computer manually. When you open small dns plus, turn on dhcp server also.

I got this problem long time ago. From my experience, in the unlock process, most of the problem were due to dns server.

Alen

hey how do i set up a static ip i mean i dont know anything about crossover cable.

I have no idea what's wrong w/ your TFTP server either. You didn't provide enough details, such as what is the IP ADDRESS you have setup your TFTP server at?


1.1.1.4 doesn't sound like a proper internal0 IP address for DNS. I've never used SimpleDNS, so I'm not in a position to provide instructions on it.


Configure your DNS properly or switch over to the crossover cable method where I provided detailed instructions on setting up your PC's 'hosts' file.

A CROSSOVER cable looks like a normal ethernet cable; however, inside a few of the wires are switched around. You can buy one at most retailers which sell computer equipment, cables, etc. (i.e. CompUSA, BestBuy, and so on).

Diggler

1.1.1.4 is actually my pap2 my dns server is the computer iam using right now which is 1.1.1.2
Diggler what information do you need? I do use a router diggler and thats the method i used for DHCP.

From this section of the OP:

See posts #326, 557, and 578.

Need urgent help!

It seems that my PAP2 has been successfully upgraded to v3.1.3 first, then to 3.16 finally by a thread in barginshare.com, but I am not 100% sure. I saw the firmware version from the web interface page of my PAP2. But after configuration of my VoipStunt account on line 1, the line 1 area of “Info” page in the we interface of PAP2 shows: can not connect to log in server.

To my knowledge, the possible problems are:

1) during whole unlock process, the "LED of Power Stutus" has never been SOLID Blue as indicated in the unlock instruction. Since 2-nd TFTP upgrade (to upgrade to v3.13) until the final step (i.e. normal use when connected with Internet with v3.16), it always blinks in stead of Solid Blue. However, the blink is not a quick and continuous blue blink, which MAY mean firmware upgrade/self-testing, but it blinks in this way -- dark for 2 second, then quickly blinks for 3 times, then dark for another 2 second and keep going on.
2) when I use IE to access the PAP2, user/1234 is still needed for logging in. But when click “admin log in” on the top-right, it does not require any password.
3) I am not sure whether my configuration in "line 1" tab is right or not (voipstunt).

TheDiggler or any expert else, would you please give some suggestions?

Thanks

"Can not connect to log in server" doesn't mean that your PAP2 is necessarily bad. You may not have it configured correctly. Thus, you should provide your configuration settings to see if anybody who's successfully configured VoipStunt sees anything wrong w/ those settings. I've never configured VoipStunt, so I'm not in a position to help w/ that.

All of my PAP2s are in SPA1001 mode, so I'm not in a position (at the moment) to comment on how the LED's should look/blink.

Ok, so there's a USER password set in your adapter but no admin pw. What's the problem? Log into the adapter's web interface, switch to ADMIN MODE, switch to ADVANCED MODE, go to the SYSTEM TAB and set your USER and ADMIN passwords to whatever you want. You can make them both blank if you don't want to have to login w/ a username/password.

If VoipStunt is the only VoIP service you've attempted to configure, trying configuring a differnet VoIP service to your adapter. If you create a FreeWorldDialup account, I can offer assistance on configuring that on a PAP2.

Depending on what country you're in, another possibility is that your ISP may be blocking VoIP.

Diggler

P.S. I'm going to ask the mods if they think this thread should be merged in w/ the existing PAP2 Unlocking thread. This topic isn't about unlocking, but it could be caused by unlocking if the hardware has, in the process of unlocking, gone bad (i.e. the "blinking led" issue).

Diggler i just got a new PAP2 from WAlmart and i got it to the step where the indicater light went red. But when i tried to load up the xml file it didnt work. any suggestions? And iam using a router btw. WRT54G Also anyone who has done this before can im me on aim pls? my screen name is: ArabInvasion Ty for your time

You'll need to clarify what didn't work. Did your TFTP server receive a request to send the XML file to the PAP2? If so, did the TFTP server indicate that it sent the XML file to the PAP2?

If your TFTP server didn't receive a request for the XML file, you're dealing w/ a DNS issue. The easiest way to move forward is to use the crossover cable method (where you can use your router as a switch + 2 ethernet cables if you don't have a crossover cable).

Diggler

Aright well i used the solarwinds tftp and it had nothing in its log basically it didnt use the tftp iam guessing . I have a wrt54g how can i turn it intoa switch. Ill be waiting for ur response.

Please scroll up to post 873 (then to post 578) for the answer.

Hey Diggler,

Add my thanks to your collection dude . I've got two PAP2s v1.0 unlocked and of course I have the factory GPP_K keys for both saved just in case. In the process I faced most of the problems noted here but I always found the right solution within this forum. All but one until I had to configure an account with my voip provider. The problem was that the phone rang shortly once every one minute. My Line Settings / Register Expires are set to 60 as required by the subscription. If I changed the value to 120 then the phone was ringing once every two minutes, or once every one hour if the parameter was set to 3600. I had been using pap2 Firmware Version: 3.1.6(LS). I heard before about this problem from one of my friends who experienced the same problem. His solution was to upgrade to 3.1.9.(LSc) I did the same thing and now the stray rings are gone and everything works just fine. Now my problem is that I am not sure what should I expect by using 3.1.9(LSc) So far everything is under control, I have full access to all options in the interface and I set provision Enable to No. Is anything else I should do to protect my pap2 against of a fatal unlock? Any other comments if using 3.1.9(LSc) outside Vonage is a healthy configuration or if there is another solution to the 3.1.6 problem?
The second thing, I noticed that Linksys has posted on their site a pap2 firmware upgrade to 3.1.12 (PAP2-03-01-12-LS.bin) Did anyone try this firmware and with what results?

Thanks!

Hi, TheDiggler

Thanks for your reply to my questios. I think I will get a reference configuration for VoIPstunt soon. Hope my problem is just caused by configuration rather than the blinking Power LED. Fast blinking means firware upgrade, but I do have no idea what means the blinking I saw on my PAP2. Anyway, I would post issues if a right VoIPStunt configuration still can not help.

Thanks again.

Windman

You should also set "Resync on Reset" to "NO" and clear out the various "Profile Rule(s)." Since you've saved your Factory GPP_K values (which I hope you verified by downloading and decrypting each adapter's Primary XML file), as long as you don't lose those values, you're in great shape to re-unlock your adapters should they get relocked.

If 3.1.6 causes problems for you which 3.1.9 solves, you're in a position to safely continue using 3.1.9 (or higher).

3.1.12 has been out for a while. If you're going to use firmware higher than 3.1.6, you may as well go for the latest 'n greatest. See how things behave w/ 3.1.12.

Diggler

Hey Diggler,

Thanks for your reply dude.

Yes I did verify indeed the XML decryption using the factory keys and they both work.
What about "Resync From SIP", "Resync After Upgrade Attempt", "Resync Fails On FNF" should they all stay "Yes"?

Thanks again!

Disable all of the resyncs. Resyncs are another method for the adpater to be auto-provisioned.

any posible to unlock PAP2 3.1.9 non virgen, connect internet? i got few pap2 that has been provision it, i dont have gpp-k .

diggler,

your PM is not working.

Thanks

I have the most unique problem. I have a neat Linksys PAP that I purchased a while ago and set up stanpahone on one line and voipbuser on the other for my parents in India. It was working perfectly when I shipped it and yesterday when I plugged it in I heard a nice dialtone but I did not remember the password set in the device to configure it with the stanaphone number I had just obtained.

So I did a hard reset of the device using the typical 73738 press 1 . I only hear something that sounds like a elongated beep after the 1 and then nothing. The item did somewhat reset from what I can see and then I tried to upload the firmware etc and now it still asks me for the admin password. Now obviously I have no idea what the password is , which is why I started this procedure. The firmware is still 3.1.3LS. I can get to the user webpage without any problem , soon as i click on the admin page it asks me for a password that I do not have. I have not connected this adapter to the internet even once after the reset. I tried the sipura reset code and still nothing , still asks me for the admin password. I tried the tftp file option and it never picked up the file although I can manually get the file if i use the command line ( meaning no problem with the server config). What do I do. Am i screwed?

That's intentional. I've been getting hit w/ too many PM's from people wanting personalized help w/ their PAP2's. I don't mind helping people, but I do require that any help I offer benefit everybody. This is my way of ensuring that people don't PM me for personalized help.

Set a USER PASSWORD, then use "user" for the username and whatever user password you set. Firmware 3.1.6 and lower permit USER MODE firmware upgrades (even though they prompt for an admin password).

hellow all, I have a PAP2-3.1.9(LSc).I am stuck did the solarwind, cross cable,IIS setup. It loaded the encrypted xml and PAP2-bin-03-01-09-LSc.bin fine light stuck on RED. the tftp is showing the request for the xml text file but it says error, it wont grab it. i can here the menu of the sip but everything ask for password and no web login. Thank you all in advance.

If you cannot get the IP once flashed to the Sepura, you can download an IP Scanner and scan the range of IPs. Works every time. I suggest Advanced IP Scanner.

I am about to use wireshark now . the pap2 DNS is on 216.115.24.230 when i do the ip scann what are all the changes i need to make so it could grab the xml txt?

Please post what the specific TFTP ERROR MESSAGE says. My guess is that it's asking for the plain-text XML file in the "randomly named" directory and you've either failed to create that directory name or didn't create the correct directory name. In SolarWinds, the letter "l" and the number "1" are often difficult to discern.

As for finding out the IP ADDRESS of your PAP2, the following two ways should both work:
1) IVR MODE should not ask for a password just to lookup the adapter's IP address (i.e. ****110#)
2) Windows 'hosts.ics' file (in the same directory as the Windows 'hosts' file)

With the crossover cable method, each time the adapter reboots, ICS assigns it a new IP Address.

Diggler

Thank you for replying. the message says FILE DOES NOT EXIST, I will check for typo's.

Is that the entire message, or does it show where it's attempting to grab the file from as well? If so, include the complete text of what's happening right before that error message too.

TFTP Error from 192.168.0.48 requesting 58YDhJdVYi\spa0016B65E3417.xml :File does not exist.
I did created the sub folder. The thing is it took the encrypted file with same name.

When it took the encrypted file, was it from the "TFTP ROOT" or from the "TFTP ROOT\58YDhJdVYi" folder? If it took the encrypted file from the latter, then it very much sounds like you named the PLAIN TEXT XML FILE incorrectly. If it only took it from the TFTP ROOT, to determine whether the random directory name of "58YDhJdVYi" is correct, put the encrypted XML file in that directory. Even if your PAP2 grabs that encrypted file, it won't successfully process it as that file encrypted can only be decrypted w/ PRIMARY GPP_K; however, your PAP2 is now loaded w/ a CHILD GPP_K which it received when it successfully processed your PRIMARY XML FILE from the TFTP ROOT.

Diggler

The encrypted file was taken from TFTP-root Should i switch the box out

Success . I went back and check my TFTP default folder I had it set on 58YDhJdVYi not TFTP ROOT. BIG THANK YOU DIGGLER

You're not the first person to get confused w/ the TFTP process, and I'm sure you won't be the last. It didn't dawn on me to consider a changed TFTP ROOT folder location (as the instructions never said to do so); however, based on the above, it's another area of failure I can have others check should they err in the same way. Thus, I'm glad you were honest with what happened and especially in posting above. Congrats on getting it unlocked.

Diggler

I understand and agree. However, I want to chat with you what I have in mind and it is for the good of all general public. Please turn on the PM and send me Pm when you have done so. After receivnig my PM, you can turn ift off, if you wish.

Thanks

P: I heard rumors that you are planning to throw your PAP2 in the the ring for the 2008 Presdential race