Welcome to Our Dreambox World - Japhar Sim - SuperSim
Forum Stats
12422 Members
237 Forums
7731 Topics
23826 Posts

Max Online: 4756 @ 02/20/20 11:12 PM
Newest Members
talat1000, vu+vu, Ramaka, MECEDES, DrNaf
12422 Registered Users
Who's Online
8 registered (Toysoft, Admin, kry, Smokey, haki, peppi, orlik0, b1i2s3h4a5), 485 Guests and 502 Spiders online.
Key: Admin, Global Mod, Mod
Shout Box

Top Posters
Admin 9885
Toysoft 2639
satsedhu 1713
fairbird 765
ludo19 442
Top Posters (30 Days)
Admin 11
Rome125 7
Toysoft 6
Sasillo 3
Bobo360 1
April
M Tu W Th F Sa Su
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30
Topic Options
#25183 - 01/08/24 12:28 PM RT31P2/WRT54GP2 Alternate Unlock - Long Method
Toysoft Online   content
Japhar Member
Carpal Tunnel

Registered: 10/22/10
Posts: 2639
RT31P2/WRT54GP2 Alternate Unlock - Long Method

This is the Long Method unlock instructions which involve extra tasks like loading an encrypted xml file w/o using internet provisioning.

Please Note: This is an advanced unlock process. meister_sd's original methods in Post 4/Post 5 or the Guides in Post 10 may be easier.

Pre-Unlock Setup:

RT31P2 - See Post #2 (Link)
WRT54GP2 - See Post #3 (Link)

STEP 0 : Factory Reset the adapter (Optional):

1) This step probably isn't necessary unless you had a number of problems with your adapter or your adapter has already been on the internet. You could probably skip it unless you have further issues during the unlock process.
2) There are two methods of reset if you need to use it:

- Hold the reset button on the back for 5 seconds (Some say 30 seconds)
- In the Web Interface at 192.168.15.1, reset to factory defaults under the administration tab.

STEP 1: Setup the HTTP/TFTP/DNS/DHCP servers to load encrypted xml file and firmware:

1) See Server Setup Post #8 (Link)

STEP 2: Prepare your local file structure:

Encrypted XML:

1) In your TFTP ROOT directory (or directories if running multiple TFTP servers), copy your adapter's ENCRYPTED config file to that directory as spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2)

To download it: >>http://httpconfig.vonage.net/spa000000000000.xml (where 000000000000 is the MAC ADDRESS)

2.0.9 Unlocking Firmware:

2) In your HTTP ROOT directory (typically htdocs for Apache, docs for IPlanet/Netscape, wwwroot for IIS), create sub-directory: +000000000000 (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2)
3) Rename Unlocking Firmware 2.0.9 filename:

RT31P2: RT31P2_v1.17.02_000_combin_code.bin to "RT31P2_v1.30.01_000_VM_3.1.06_LI_combin_code.bin"

WRT54GP2: wrt54gp2_v1.27.02_209_combin_code.bin to "wrt54gp2_v1.30.01_000_VM_3.1.06_LI_combin_code.bin"

4) Copy the modified unlocking v2.0.9 firmware to the HTTP-ROOT/+000000000000/ directory (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2)
5) Double check to make sure that the renaming of the modified 2.0.9 unlocking firmware filename was completed.

STEP 3: Start the UNLOCK PROCESS (i.e. load the unlocking 2.0.9 firmware into your RT31P2/WRT54GP2):

1) Disconnect the ethernet cable from the PC running the HTTP/TFTP/DNS servers
2) Disconnect the POWER cable from the RT31P2/WRT54GP2
3) Reconnect the standard ethernet cable between the WRTGP2 WAN port and the PC ethernet port. (I don't think you'll need a crossover cable.)
4) Make sure the PC is powered up and that the DNS, TFTP and HTTP servers are running
5) Power on the RT31P2/WRT54GP2
6) If all goes well, your TFTP server's log will show the RT31P2/WRT54GP2 grabbing the encrypted file.
7) Shortly thereafter, the HTTP server's log should show the RT31P2/WRT54GP2 grabbing the modified SPA2000 v2.0.9 firmware file.
Cool Once the RT31P2/WRT54GP2 has loaded the 2.0.9 Unlocking Firmware, you may want to double check that the firmware is updated by checking the web interface.
9) You should now be ready to proceed with re-opening the Voice Section of the Web Interface

STEP 4: Setup Dummy XML file in TFTP Folder to (Re-)Open WEB access:

1) Create a TEXT FILE called spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2) as follows:
CODE
<flat-profile>

<Restricted_Access_Domains ua="na"></Restricted_Access_Domains>
<Enable_Web_Server ua="na">Yes</Enable_Web_Server>
<Web_Server_Port ua="na">80</Web_Server_Port>
<Enable_Web_Admin_Access ua="na">Yes</Enable_Web_Admin_Access>

<Admin_Passwd ua="na"></Admin_Passwd>
<User_Password ua="na"></User_Password>

<Protect_IVR_FactoryReset ua="na">No</Protect_IVR_FactoryReset>

</flat-profile>
2) Copy the new dummy spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2) file to your TFTP ROOT directory (or directories if running multiple TFTP servers)
3) Make sure the encrypted xml config file is REMOVED from your TFTP root. You only want the dummy file now.
4) Reconnect the standard ethernet cable between the RT31P2/WRT54GP2 WAN port and the PC ethernet port. (I don't think you'll need a crossover cable.)
5) Make sure all your servers are still started and then power cycle the RT31P2/WRT54GP2.
6) Check your TFTP Server's log to see when the file has been grabbed

If the TFTP Server's log shows a FILE NOT FOUND error message, and if the file attempting to be grabbed was requested from an obscurely named sub-directory (i.e. /a12BcdeFgH/spa000000000000.xml), create that sub-directory (a12BcdeFgH) underneath the TFTP Root and move (or copy) the spa000000000000.xml file to that sub-directory. Then re-Power Cycle the RT31P2/WRT54GP2 and re-check the TFTP Server's log.

7) You should now have access to the Voice_adminPage.htm of your adapter.
RT31P2/WRT54GP2 Voice Web Interface: >>http://192.168.15.1/Voice_adminPage.htm
Cool At this point, you don't want to make any changes in the Voice Tab as the modified RT31P2/WRT54GP2 firmware is unstable.

Note: The unlocking 2.0.9 firmware allows PLAIN TEXT config files to be loaded and processed. That is why this unlock "trick" works.

STEP 5: Obtain the FACTORY FRESH GPP_K key (recommended)

Why do I need the GPP_K value? (Linked Post for Details)

1) On the Provision page in the Voice section of your Web Interface copy down the Vonage GPP_K value. This is NOT the value you need, but it may be worth writing down in a text file for future reference.
RT31P2/WRT54GP2 Voice Web Interface: >>http://192.168.15.1/Voice_adminPage.htm
2) In STEP 3, the encrypted Vonage Config File got loaded into the adapter. This caused the adapter's FACTORY FRESH GPP_K value to be overwritten w/ one supplied by Vonage.
3) With the adapter disconnected from the internet and loaded with the 2.0.9 unlocking firmware, FACTORY RESET THE ADAPTER (Using Web Interface if possible). This will cause the FACTORY FRESH GPP_K value to be re-loaded, but it will also re-lock the adapter. Before FACTORY RESETTING the adapter though, delete your Vonage Encrypted spa000000000000.xml file from your TFTP ROOT! Otherwise, upon performing a FACTORY RESET, your adapter will request and process this file, a file which DISABLES THE ADAPTER'S WEB INTERACE! dry.gif
4) Repeat STEP 1 (Setup Servers) and STEP 4 (Load Dummy XML file) to Re-Open your Web Interface. (Step 1 and Step 4 ONLY)
5) After the adapter has been re-unlocked, extract the GPP_K value and save it!
6) Copy down the GPP_K value into a text file and save. This GPP_K should be the Factory Fresh value.

How do you tell the difference beween the FACTORY FRESH GPP_K value and a Vonage assigned one? (Link)

7) To verify that this is the Factory Fresh value, use VuckFonage to download and decrypt the XML file.

How do I use VuckFonage? (Link)

STEP 6: Upgrade to a Stable Firmware:

1) Go to the Firmware Update page of the Web Interface
2) Update to the Latest Stable Firmware

RT31P2 Stable Firmware: (Latest Firmware Link)
WRT54GP2 Stable Firmware: (Latest Firmware Link)

3) After the firmware update, you should still have access to the Voice Admin page.
4) You should now be able to disable provisioning and remove the Vonage DNS entries as this is a stable firmware.

--------------------------------------

1.) login to the router normally at 192.168.15.1
2.) Open 192.168.15.1/update.html
3.) Enter username: user, password: tivonpw
4.) You should now be presented with the firmware update page.

I've verified that this works with firmware versions 1.0.18, 1.0.37 and 1.0.43, 1.00.52 (the newest).

--------------------------------------

https://ubuntuforums.org/showthread.php?t=1435723

user / 7756112 (Tested working to flash/downgrade the firmware)
user / 8995533
user / 50274537

- Do NOT connect the adapter to the internet especially if it has been out of service for a while.

- Connect an ethernet cable to one of the lan ports on the adapter and in a browser go to 192.168.15.1, this is the default lan gateway address. When prompted to log in use admin/admin again that's the default

- First thing needed is to flash a special unlocking firmware that allows the adapter to acquire clear text configuration file (as opposed to the encrypted vonage one). After downloading the unlocking firmware from guide above, go to the Administration page then the tab for flashing firmware. Select the firmware file you just saved and let it flash, you'll be prompted to log in, I used user/7756112 , more can be found in the guide, if successful, you'll get a message to that effect. Now firmware version should be 1.17.02 and voice 2.09 LId

- Next we need to get the adapter to get our configuration file, create one as mentioned in the guide above, meister_sd method, put the file in a folder of your choice, we'll need to use that as our tftp root folder later

- Now we configure the adapter to talk to the pc, under the setup page of the adapter set "Internet Connection Type" to Static IP and assign the adapter a static IP address, e.g. 192.168.1.88, then set the default gateway and DNS1 to a static IP address that you'll later assign to your PC, make sure it's on the same subnet as the IP address you assigned to the adapter, e.g. 192.168.1.99, save the changes

- Switch the ethernet cable to the wan port of the adapter, so it's connected directly to the pc, no crossover cable needed in my experience, turn off the adapter until we setup the pc

Code:
sudo netstat -anlp | grep -w 53
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      804/systemd-resolve
udp        0      0 127.0.0.53:53           0.0.0.0:*                           804/systemd-resolve

sudo systemctl stop systemd-resolved

sudo dnsmasq -q --enable-tftp --tftp-root=/home/ --address=/ls.tftp.vonage.net/vonage.net/voncp.com/192.168.1.100

sudo netstat -anlp | grep -w 53
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1311/dnsmasq
tcp6       0      0 :::53                   :::*                    LISTEN      1311/dnsmasq
udp        0      0 127.0.0.1:54351         127.0.0.53:53           ESTABLISHED 708/systemd-timesyn
udp   160512      0 0.0.0.0:53              0.0.0.0:*                           1311/dnsmasq
udp6       0      0 :::53                   :::*                                1311/dnsmasq

sudo netstat -anlp | grep -w 69
udp        0      0 0.0.0.0:69              0.0.0.0:*                           1311/dnsmasq
udp6       0      0 :::69                   :::*                                1311/dnsmasq

ping ls.tftp.vonage.net

dnsmasq-tftp[1304]: sent /home/xW19Ej5ydS/spa000F66DDF2EA.xml to 192.168.1.102


and for firmware RT31P2_v1.17.02_000_combin_code.bin, the unencrypted file spaxxxxxxxxxxxx.xml...

Code:
<flat-profile>

<Restricted_Access_Domains ua="na"></Restricted_Access_Domains>
<Enable_Web_Server ua="na">Yes</Enable_Web_Server>
<Web_Server_Port ua="na">80</Web_Server_Port>
<Enable_Web_Admin_Access ua="na">Yes</Enable_Web_Admin_Access>

<Admin_Passwd ua="na"></Admin_Passwd>
<User_Password ua="na"></User_Password>

<Protect_IVR_FactoryReset ua="na">No</Protect_IVR_FactoryReset>

</flat-profile>


Attachments
RT31P2_v1.17.02_000_combin_code.zip (1 downloads)
RT31P2_v1.30.01_000_VM_3.1.06_LI_combin_code.zip (1 downloads)
RT31P2_NA_v1.30.03_003_VM_3.1.07_LIa_combin_code.zip (1 downloads)
RT31P2_NA_v1.30.07_000_VM_3.1.09_LId_combin_code.zip (1 downloads)
spaxxxxxxxxxxxx.zip (1 downloads)

_________________________
DM8000, DM800se, DM500HD, DM800HD, DM7025, DM7020s, DM7000, DM500s
VU+ Solo, VU+ Uno, VU+ Duo, Kathrein UFS910
Tivusat, TNTSat, Fransat, SSR/TSR, BBC1-2-3/ITV
DE-OpenBlackHole 1.4 image : http://www.openblackhole.com/

Top
#25184 - 01/09/24 01:34 PM Re: RT31P2/WRT54GP2 Alternate Unlock - Long Method [Re: Toysoft]
Toysoft Online   content
Japhar Member
Carpal Tunnel

Registered: 10/22/10
Posts: 2639
Success... result is great, unlocked and fully working, so you need the 1.17.02 version of the firmware (that accepts the unencrypted spaxxxxxxxxx.xml file to unlock it, using the tftp for the RT31P2 to download it, circumventing the DNS to point to your ubuntu doing DNS with false IP for ls.tftp.vonage.net).

TS



Attachments
System.jpg

Line1.jpg

Line2.jpg

status.jpg


_________________________
DM8000, DM800se, DM500HD, DM800HD, DM7025, DM7020s, DM7000, DM500s
VU+ Solo, VU+ Uno, VU+ Duo, Kathrein UFS910
Tivusat, TNTSat, Fransat, SSR/TSR, BBC1-2-3/ITV
DE-OpenBlackHole 1.4 image : http://www.openblackhole.com/

Top



New Topics
Les principaux fournisseurs d'accès à internet...
by Toysoft
04/19/24 05:38 PM
Dish receives financing offers from credit compani
by Admin
04/12/24 02:33 PM
USB on your DM500HD v1/v2 box...
by Toysoft
04/12/24 12:24 AM
dm500hdv2 original
by Rome125
04/08/24 08:23 PM
Telecom Italia sticks up for NetCo sale
by Admin
04/08/24 02:44 PM
Iliad founder eyes major Ukraine play as deal near
by Admin
04/08/24 02:43 PM
DM500HD : OpenPLi 8.xStar fully installed...
by Admin
04/03/24 02:08 AM
DM800HDse : OpenPLi 8.xStar fully installed...
by Admin
04/03/24 02:08 AM
ERROR after flashing OpenPLi 8.X star 20230624
by Sasillo
03/25/24 06:27 PM
Google voice USA
by Bobo360
01/26/24 04:32 PM