meister_sd
Premium
join:2006-01-29
La Mesa, CA
| reply to SadMan6
Re: RT31P2 Unlock thoughts??
OK, to end the day - I'm going to post the firmware and a very brief way to get it to run. I will make a more detailed guide later.
The router must be provisioned in order to access the firmware upgrade. Let it sit on the internet for a few minutes if it has never been provisioned or it's been a while.
You will need a couple of things before you start. One is your XML file from vonage before you hook the RT31P2 to your network. You will also need Solar Winds TFTP server (or your choice) and Simple DNS Pro (or your choice). Install and configure these programs. Also, you will need two NICs. One NIC will be for the connection to your home network router and the other will connect to the WAN side of the RT31P2 using ICS (Internet Connect Sharing). Remember to turn off XP's firewall.
1) Before connecting the RT31P2 to your network, grab your XML file from vonage. Put this into your TFTP Server directory.
2) Disconnect your outside internet cable from your firewall/router so the RT31P2 doesn't access the internet.
3) Log into your router (not the rt31p2) and set a static IP and also program the DNS to your computers IP.
4) Start the TFTP server and with it running, plug the RT31P2 in and wait for the provisioning file to load if this has never been connected to the internet.
5) Log into the RT31P2 with what ever normal login you have, the Linksys default is admin/admin. Go to the Administration tab and then click on Firmware Upgrade. Search for the upgrade file and click the Upgrade button. After some time it will ask for a username nad password. Since it's been on the internet the username and password will be:
user/8995523
or
user/7756112
These are the same as the PAP2. If these don't work - try others for the pap2 factory reset. After a couple of minutes, the upgrade will be sucessful. You will now have Router version 1.17.02 and Voice version 2.0.9(LId).
6) You may notice the XML file loading into the rt31p2 again - that's fine. Pay attention to the 2nd download in the directory that is a set of random numbers and letters. Now you will have to feed your router the XML file that is plain text and has new passwords and screen permissions. I used Simple DNS Pro (14 day trial) to point DNS of "ls.tftp.vonage.net" back to my box. From there Solar Winds TFTP server fed the router.
Here is the flat file needed:
<flat-profile>
<Restricted_Access_Domains ua="na"></Restricted_Access_Domains>
<Enable_Web_Server ua="na">Yes</Enable_Web_Server>
<Web_Server_Port ua="na">80</Web_Server_Port>
<Enable_Web_Admin_Access ua="na">Yes</Enable_Web_Admin_Access>
<Admin_Passwd ua="na"></Admin_Passwd>
<User_Password ua="na"></User_Password>
<Protect_IVR_FactoryReset ua="na">No</Protect_IVR_FactoryReset>
</flat-profile>
This file will need to be the same as the XML file downloaded from vonage, example: spa00121722CA00.xml
and this file goes into the second directory.
As you can see by the flat file - there are no passwords to the voice section. You click the Voice tab and you are in. The hidden directory is:
hxxp://192.168.15.1/Voice_adminPage.htm
This is a fast tutorial and is only intended for people with advanced unlocking knowledge. A more detailed description will be written soon.
-Enjoy! |
|
rcilink
Premium
join:2003-12-15
Manchester, NH
| After done unlocking.. do this to get current firmware loade
Thanks for the v17 firmware..
One thing to add.. If you get through all that and want to upgrade to current firmware... do this:
1. Go to Voice_adminPage.htm
2. In provision tab, change UPGRADE RULE to:
http://httpconfig.vonage.net/RT31P2_v1.30.01_000_VM_3.1.06_LI_combin_code.bin
3. If you did not do it already, set provsion to NO (or clear the tftp "provision rule")
4. Save Settings
5. Reboot
6. Wait. Power led will flash and eventually whole router reboots.
Done. |
|
vladimir0
join:2006-08-30
| there might be an easier way for people who have dd-wrt loaded on their routers.. dd-wrt comes with it's dns server (override). So you can assign vonage.net (it will resolve all subdomains like tftp.vonage.net ls.tftp.vonage.net etc.) to your computer which is running solarwinds.. so no need to have multiple NIC's.. I will try that on my wrt54gp2 once firmware for that is released tomorrow.. i had fed the xml/firmware to my other devices in similar fashion earlier.
or other alternative is to run DNS and solarwinds on same computer and just set dns as your computer's IP on your router.. then connect the rtp to router..
one another thought is if the wrt53gp2 (and hence maybe rtp31p2 also) is 'reset' to factory default by pressing the pin in back, then it doesn't ask the password when upgrading the firmware.. |
|
floriantet
join:2006-03-04
Rochester, MI
4 edits | reply to meister_sd
Re: RT31P2 Unlock thoughts??
>The router must be provisioned in order to access the >firmware upgrade.
There is another option: use a http server.
Download spaMAC.xml (using VuckFonage for example) and disconnect from internet. Connect the virgin RT31P2 (WAN) and the computer running TFTP, HTTP and DNS servers (using another router). The RT31P2 will grab the spaMAC.xml file from TFTP, and after that will try to upgrade the firmware from HTTP. Just rename the firmware file from meister_sd (wish him all the best and a very long and happy life) and put it in the requested directory. No password is requested for firmware upgrade. Continue with step 6 |
|
mazilo
From Mazilo
Premium
join:2002-05-30
Lilburn, GA
| said by floriantet  :There is another option: use a http server. Download spaMAC.xml (using VuckFonage for example) and disconnect from internet. Connect the virgin RT31P2 (WAN) and the computer running TFTP, HTTP and DNS servers (using another router). The RT31P2 will grab the spaMAC.xml file from TFTP, and after that will try to upgrade the firmware from HTTP. Just rename the firmware file from meister_sd (wish him all the best and a very long and happy life) and put it in the requested directory. No password is requested for firmware upgrade. Continue with step 6 Good advice and one thumb up!.
This approach should do and expects your RTP31P2 requests a firmware upgrade; therefore, it is important that you rename the firmware name exactly to the one your RT31P2 asks (you may need to use any packets sniffer program to find out about this). This approach is similar to unlocking a PAP2 running firmware v3.1.7 and/or newer.
--
Mazi (UK Non-Geo Phone: +44-703-194-2574) |
|
ogammo
join:2006-08-25
Markham, ON | reply to meister_sd
"One is your XML file from vonage before you hook the RT31P2 to your network."
how do we get this please. |
|
no workie
@telus.net | Followed instructions to the letter and dosnt work.
I did a TCPDUMP to see whats going on and the RT31P2 does not use tftp to grab the spaMAC.xml, it uses HTTP.
Anyone get this to work? |
|
mazilo
From Mazilo
Premium
join:2002-05-30
Lilburn, GA
| said by no workie :
I did a TCPDUMP to see whats going on and the RT31P2 does not use tftp to grab the spaMAC.xml, it uses HTTP. This makes sense.
--
Mazi (UK Non-Geo Phone: +44-703-194-2574) |
|
no workie
@telus.net | mazilo, have you gotten it to work on a RT31P2?
Was thinking i might need redirect the HTTP server. But by reading everyones instructions it seems that im the only one who see's it using HTTP instead of TFTP.
...confused. |
|
mazilo
From Mazilo
Premium
join:2002-05-30
Lilburn, GA
| Yup. I was one of the very first few to perform this task. Many thanks go to Meister_SD to provide the modded firmware for me to unlock my RT31P2.
--
Mazi (UK Non-Geo Phone: +44-703-194-2574) |
|
Vonage_Hater
@unicef.org
| reply to no workie
+++++++++++++++++
no workie(anon)
@telus.net
reply to ogammo
Followed instructions to the letter and dosnt work.
I did a TCPDUMP to see whats going on and the RT31P2 does not use tftp to grab the spaMAC.xml, it uses HTTP.
Anyone get this to work?
+++++++++++++++++
Not exactlyyyyyyyyyy...!!!
It's surely using tftp...to update its parameters via "spa$MAC.xml" file.
Anyway, I just got my RT31P2 modded lastnight.
(Thanks a million to Meister_SD for his time, effort & brain power....You are da Mannnnnn!!!)
**** Here are interesting pts:
a. Profile Rule C: it has a strings of "tftp ..blah...blah....."
(Don't forget to clean up this strings !!!)
b. In GPP area (don't remember the letter), there are 2 place that list a parameter for "Folder name" that it specifically looks for the "spa$MAC.xml" file.
(That's why Meister_SD told us to keep looking on the tftp-log & pay attention to the error message which will give us a clue for the strings. Then, you just copy the strings from the tftp-log & create a folder under the tftp-root folder. Well, I wasted almost an hour to figure it out. After I got the right folder name, my sucker RT31P2 bit the xml bait w/in less than 2 mins...Duhhh !!!)
c. Also, it's a very good idea to backup GPP K: strings...for the peace of mind.
Good lucks !!! |
|
no workie
@telus.net
| here is my ethereal output. HTTP get request. see? |
|
no workie
@telus.net
| Ive watched it for a long time doing hard resets and never seen it go for TFTP and nothing was in my TFTP logs. That is what made me suspect that something was up. When I monitor the traffic it always is always trying to grab it off HTTP.
thanks for any help  |
|
Vonage_Hater
@mindspring.com
| +++++++++++++++++++++++++++++
no workie(anon)
@telus.net
Ive watched it for a long time doing hard resets and never seen it go for TFTP and nothing was in my TFTP logs. That is what made me suspect that something was up. When I monitor the traffic it always is always trying to grab it off HTTP.
thanks for any help
+++++++++++++++++++++++++++++
Dude,
Just keep reset the box a couple times...I did about 3-4 times. Then, you will see the error message pop up on the tftp-server log screen. Remember to make a note on the "strings"...!!!
Also, pls check your homey spa$MAC.xml file.
Remember...you MUST use "notepad" to create the above file.
Also, leave all spaces between the lines & EOL mark (no "enter" at the end of the line...
Just make it as a "ONE" line text !!!
It should look like the sample below.
.....................................................
Good luck !!! |
|
Vonage_Hater
@mindspring.com
| reply to no workie
+++++++++++++++
no workie(anon)
@telus.net
Attachments:
[del]
here is my ethereal output. HTTP get request. see?
+++++++++++++++
Pls look at the line #10 (that you tried to blank out) that line showed a GET command from the TFTP program.
Also, take note on the "strings" in the the FRONT of spaXXXXXXXXXXXX.xml filename. That is a clue for the name of the folder you must create under "tftp-root" folder & move the spaXXXXXXXXXXXX.xml file to that folder.
Good luck !!! |
|
no workie
@telus.net
| I'll keep trying. thanks.
Not sure what you mean though. That was a port 80 HTTP GET request. Not port 69 TFTP request.
I actually programmed IPTABLES to forward all HTTP requests to my apache http server and made a folder to match the get request and put the custom spaMAX.xml file in it. It requested and it was served 3 times. Perhaps I need to take line feeds out. But its HTTP not TFTP!!! lol
 |
|
no workie
@telus.net | reply to Vonage_Hater
When you say REST IT. Do you mean just power off and on... or do a hard reset by holding the rest button in for ~30secs during power on?
THANKS |
|
gverdii
@rr.com | reply to Vonage_Hater
So you've decrypted the xml file right? If so, could you please give us more details how you did it? Thanks. |
|
Ciel
join:2006-12-18
Palo Alto, CA
1 edit | reply to rcilink
Re: After done unlocking.. do this to get current firmware loade
edit: whoops, I think this is the wrong post, delete if so. :-/
I did a brief bit of reading, but can someone kindly inform me as to what is so good about NA-izing the RT31P2, and why it's so useful given that we are already able to unlock units and prevent them against reset button issues? Thanks for all the help!
-still lovin' the unlock, thanks so much DogFace! |
|
Ambarsaria
@bell.ca
| reply to meister_sd
Re: RT31P2 Unlock thoughts??
Hi Guys,
I just bought the Locked RT31P2 from ebay and started unlocking according to meister_sd method. I made one mistake of NOT grabbing xml file from Vonage. I had 1.30 firmware version and I downgraded it to Unlocking Firmware version v1.17.02 w/2.09. BUT now I am not able to Grab my XML file from Vonage, whenever I type »httpconfig.vonage.net/spa00131038300B.xml ( My RT31P2 has MAC address 00-13-10-38-30-0B) in Internet Explorer I get this message-
QUOTE
The XML page cannot be displayed
Cannot view XML input using style sheet. Please correct the error and then click the Refresh button, or try again later.
--------------------------------------------------------------------------------
An invalid character was found in text content. Error processing resource '»httpconfig.vonage.net/spa00131038300B.xml...
Salted__
Could you please tell me where I am wrong ?? Do I need to upgrade it to 1.30 before grabbing my xml file from Vonage or is there another way of grabbing that file ?? Im lost
Please help.
Big Thanks in advance. ambarsaria
|
|
