RT31P2/WRT54GP2 Alternate Unlock - Long Method
This is the Long Method unlock instructions which involve extra tasks like loading an encrypted xml file w/o using internet provisioning.
Please Note: This is an advanced unlock process. meister_sd's original methods in Post 4/Post 5 or the Guides in Post 10 may be easier.
Pre-Unlock Setup:
RT31P2 - See Post #2 (Link)
WRT54GP2 - See Post #3 (Link)
STEP 0 : Factory Reset the adapter (Optional):
1) This step probably isn't necessary unless you had a number of problems with your adapter or your adapter has already been on the internet. You could probably skip it unless you have further issues during the unlock process.
2) There are two methods of reset if you need to use it:
- Hold the reset button on the back for 5 seconds (Some say 30 seconds)
- In the Web Interface at 192.168.15.1, reset to factory defaults under the administration tab.
STEP 1: Setup the HTTP/TFTP/DNS/DHCP servers to load encrypted xml file and firmware:
1) See Server Setup Post #8 (Link)
STEP 2: Prepare your local file structure:
Encrypted XML:
1) In your TFTP ROOT directory (or directories if running multiple TFTP servers), copy your adapter's ENCRYPTED config file to that directory as spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2)
To download it: >>http://httpconfig.vonage.net/spa000000000000.xml (where 000000000000 is the MAC ADDRESS)
2.0.9 Unlocking Firmware:
2) In your HTTP ROOT directory (typically htdocs for Apache, docs for IPlanet/Netscape, wwwroot for IIS), create sub-directory: +000000000000 (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2)
3) Rename Unlocking Firmware 2.0.9 filename:
RT31P2: RT31P2_v1.17.02_000_combin_code.bin to "RT31P2_v1.30.01_000_VM_3.1.06_LI_combin_code.bin"
WRT54GP2: wrt54gp2_v1.27.02_209_combin_code.bin to "wrt54gp2_v1.30.01_000_VM_3.1.06_LI_combin_code.bin"
4) Copy the modified unlocking v2.0.9 firmware to the HTTP-ROOT/+000000000000/ directory (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2)
5) Double check to make sure that the renaming of the modified 2.0.9 unlocking firmware filename was completed.
STEP 3: Start the UNLOCK PROCESS (i.e. load the unlocking 2.0.9 firmware into your RT31P2/WRT54GP2):
1) Disconnect the ethernet cable from the PC running the HTTP/TFTP/DNS servers
2) Disconnect the POWER cable from the RT31P2/WRT54GP2
3) Reconnect the standard ethernet cable between the WRTGP2 WAN port and the PC ethernet port. (I don't think you'll need a crossover cable.)
4) Make sure the PC is powered up and that the DNS, TFTP and HTTP servers are running
5) Power on the RT31P2/WRT54GP2
6) If all goes well, your TFTP server's log will show the RT31P2/WRT54GP2 grabbing the encrypted file.
7) Shortly thereafter, the HTTP server's log should show the RT31P2/WRT54GP2 grabbing the modified SPA2000 v2.0.9 firmware file.
Cool Once the RT31P2/WRT54GP2 has loaded the 2.0.9 Unlocking Firmware, you may want to double check that the firmware is updated by checking the web interface.
9) You should now be ready to proceed with re-opening the Voice Section of the Web Interface
STEP 4: Setup Dummy XML file in TFTP Folder to (Re-)Open WEB access:
1) Create a TEXT FILE called spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2) as follows:
CODE
<flat-profile>
<Restricted_Access_Domains ua="na"></Restricted_Access_Domains>
<Enable_Web_Server ua="na">Yes</Enable_Web_Server>
<Web_Server_Port ua="na">80</Web_Server_Port>
<Enable_Web_Admin_Access ua="na">Yes</Enable_Web_Admin_Access>
<Admin_Passwd ua="na"></Admin_Passwd>
<User_Password ua="na"></User_Password>
<Protect_IVR_FactoryReset ua="na">No</Protect_IVR_FactoryReset>
</flat-profile>
2) Copy the new dummy spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2) file to your TFTP ROOT directory (or directories if running multiple TFTP servers)
3) Make sure the encrypted xml config file is REMOVED from your TFTP root. You only want the dummy file now.
4) Reconnect the standard ethernet cable between the RT31P2/WRT54GP2 WAN port and the PC ethernet port. (I don't think you'll need a crossover cable.)
5) Make sure all your servers are still started and then power cycle the RT31P2/WRT54GP2.
6) Check your TFTP Server's log to see when the file has been grabbed
If the TFTP Server's log shows a FILE NOT FOUND error message, and if the file attempting to be grabbed was requested from an obscurely named sub-directory (i.e. /a12BcdeFgH/spa000000000000.xml), create that sub-directory (a12BcdeFgH) underneath the TFTP Root and move (or copy) the spa000000000000.xml file to that sub-directory. Then re-Power Cycle the RT31P2/WRT54GP2 and re-check the TFTP Server's log.
7) You should now have access to the Voice_adminPage.htm of your adapter.
RT31P2/WRT54GP2 Voice Web Interface: >>http://192.168.15.1/Voice_adminPage.htm
Cool At this point, you don't want to make any changes in the Voice Tab as the modified RT31P2/WRT54GP2 firmware is unstable.
Note: The unlocking 2.0.9 firmware allows PLAIN TEXT config files to be loaded and processed. That is why this unlock "trick" works.
STEP 5: Obtain the FACTORY FRESH GPP_K key (recommended)
Why do I need the GPP_K value? (Linked Post for Details)
1) On the Provision page in the Voice section of your Web Interface copy down the Vonage GPP_K value. This is NOT the value you need, but it may be worth writing down in a text file for future reference.
RT31P2/WRT54GP2 Voice Web Interface: >>http://192.168.15.1/Voice_adminPage.htm
2) In STEP 3, the encrypted Vonage Config File got loaded into the adapter. This caused the adapter's FACTORY FRESH GPP_K value to be overwritten w/ one supplied by Vonage.
3) With the adapter disconnected from the internet and loaded with the 2.0.9 unlocking firmware, FACTORY RESET THE ADAPTER (Using Web Interface if possible). This will cause the FACTORY FRESH GPP_K value to be re-loaded, but it will also re-lock the adapter. Before FACTORY RESETTING the adapter though, delete your Vonage Encrypted spa000000000000.xml file from your TFTP ROOT! Otherwise, upon performing a FACTORY RESET, your adapter will request and process this file, a file which DISABLES THE ADAPTER'S WEB INTERACE! dry.gif
4) Repeat STEP 1 (Setup Servers) and STEP 4 (Load Dummy XML file) to Re-Open your Web Interface. (Step 1 and Step 4 ONLY)
5) After the adapter has been re-unlocked, extract the GPP_K value and save it!
6) Copy down the GPP_K value into a text file and save. This GPP_K should be the Factory Fresh value.
How do you tell the difference beween the FACTORY FRESH GPP_K value and a Vonage assigned one? (Link)
7) To verify that this is the Factory Fresh value, use VuckFonage to download and decrypt the XML file.
How do I use VuckFonage? (Link)
STEP 6: Upgrade to a Stable Firmware:
1) Go to the Firmware Update page of the Web Interface
2) Update to the Latest Stable Firmware
RT31P2 Stable Firmware: (Latest Firmware Link)
WRT54GP2 Stable Firmware: (Latest Firmware Link)
3) After the firmware update, you should still have access to the Voice Admin page.
4) You should now be able to disable provisioning and remove the Vonage DNS entries as this is a stable firmware.
--------------------------------------
1.) login to the router normally at 192.168.15.1
2.) Open 192.168.15.1/update.html
3.) Enter username: user, password: tivonpw
4.) You should now be presented with the firmware update page.
I've verified that this works with firmware versions 1.0.18, 1.0.37 and 1.0.43, 1.00.52 (the newest).
--------------------------------------
https://ubuntuforums.org/showthread.php?t=1435723user /
7756112 (Tested working to flash/downgrade the firmware)user / 8995533
user / 50274537
- Do NOT connect the adapter to the internet especially if it has been out of service for a while.
- Connect an ethernet cable to one of the lan ports on the adapter and in a browser go to 192.168.15.1, this is the default lan gateway address. When prompted to log in use admin/admin again that's the default
- First thing needed is to flash a special unlocking firmware that allows the adapter to acquire clear text configuration file (as opposed to the encrypted vonage one). After downloading the unlocking firmware from guide above, go to the Administration page then the tab for flashing firmware. Select the firmware file you just saved and let it flash, you'll be prompted to log in, I used user/7756112 , more can be found in the guide, if successful, you'll get a message to that effect. Now firmware version should be 1.17.02 and voice 2.09 LId
- Next we need to get the adapter to get our configuration file, create one as mentioned in the guide above, meister_sd method, put the file in a folder of your choice, we'll need to use that as our tftp root folder later
- Now we configure the adapter to talk to the pc, under the setup page of the adapter set "Internet Connection Type" to Static IP and assign the adapter a static IP address, e.g. 192.168.1.88, then set the default gateway and DNS1 to a static IP address that you'll later assign to your PC, make sure it's on the same subnet as the IP address you assigned to the adapter, e.g. 192.168.1.99, save the changes
- Switch the ethernet cable to the wan port of the adapter, so it's connected directly to the pc, no crossover cable needed in my experience, turn off the adapter until we setup the pc
sudo netstat -anlp | grep -w 53
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 804/systemd-resolve
udp 0 0 127.0.0.53:53 0.0.0.0:* 804/systemd-resolve
sudo systemctl stop systemd-resolved
sudo dnsmasq -q --enable-tftp --tftp-root=/home/ --address=/ls.tftp.vonage.net/vonage.net/voncp.com/192.168.1.100
sudo netstat -anlp | grep -w 53
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1311/dnsmasq
tcp6 0 0 :::53 :::* LISTEN 1311/dnsmasq
udp 0 0 127.0.0.1:54351 127.0.0.53:53 ESTABLISHED 708/systemd-timesyn
udp 160512 0 0.0.0.0:53 0.0.0.0:* 1311/dnsmasq
udp6 0 0 :::53 :::* 1311/dnsmasq
sudo netstat -anlp | grep -w 69
udp 0 0 0.0.0.0:69 0.0.0.0:* 1311/dnsmasq
udp6 0 0 :::69 :::* 1311/dnsmasq
ping ls.tftp.vonage.net
dnsmasq-tftp[1304]: sent /home/xW19Ej5ydS/spa000F66DDF2EA.xml to 192.168.1.102
and for firmware RT31P2_v1.17.02_000_combin_code.bin, the unencrypted file spaxxxxxxxxxxxx.xml...
<flat-profile>
<Restricted_Access_Domains ua="na"></Restricted_Access_Domains>
<Enable_Web_Server ua="na">Yes</Enable_Web_Server>
<Web_Server_Port ua="na">80</Web_Server_Port>
<Enable_Web_Admin_Access ua="na">Yes</Enable_Web_Admin_Access>
<Admin_Passwd ua="na"></Admin_Passwd>
<User_Password ua="na"></User_Password>
<Protect_IVR_FactoryReset ua="na">No</Protect_IVR_FactoryReset>
</flat-profile>