NSLU2-Linux
view · edit · print · history

WRP400.ProvisionedDevice History

Hide minor edits - Show changes to markup

September 03, 2010, at 12:14 AM by krim --
Deleted lines 0-14:

You can not reset the voice part to factory defaults even if you change the admin_pwd which is believed to be pulled from the service provider config file. This is hard to confirm since we have to crack the password (single/traditional DES crypt).

Possible ways to overcome this:

- Make a custom uboot.bin excluding crypt_key and hash_dir

- Copy the ca files (config.xml is probably pulled from a https server), load it into your browser, switch your browsers useragent to the linksys one (extra security feature known to be used by many SPs?) and get your encrypted config file from your service provider, then decrypt it with what? Maybe crypt_key, hash_dir, nvram spvp variable or a combination? Then trick it to download a flat profile from your own environment.

- Hardware reset button dont work for the voice, maybe other secret hw-reset options?

also spr_voip is depending on custom cybertan modules

-- krim

September 02, 2010, at 09:35 PM by krim --
Changed line 1 from:

You cant reset the voip part to factory defaults even if you change the admin_pwd

to:

You can not reset the voice part to factory defaults even if you change the admin_pwd

Changed lines 11-12 from:

- Hardware reset button dont work, maybe other secret hw-reset options?

to:

- Hardware reset button dont work for the voice, maybe other secret hw-reset options?

September 02, 2010, at 07:47 PM by krim --
Added lines 1-15:

You cant reset the voip part to factory defaults even if you change the admin_pwd which is believed to be pulled from the service provider config file. This is hard to confirm since we have to crack the password (single/traditional DES crypt).

Possible ways to overcome this:

- Make a custom uboot.bin excluding crypt_key and hash_dir

- Copy the ca files (config.xml is probably pulled from a https server), load it into your browser, switch your browsers useragent to the linksys one (extra security feature known to be used by many SPs?) and get your encrypted config file from your service provider, then decrypt it with what? Maybe crypt_key, hash_dir, nvram spvp variable or a combination? Then trick it to download a flat profile from your own environment.

- Hardware reset button dont work, maybe other secret hw-reset options?

also spr_voip is depending on custom cybertan modules

-- krim

view · edit · print · history · Last edited by krim.
Originally by krim.
Page last modified on September 03, 2010, at 12:14 AM