Welcome to Our Dreambox World - Japhar Sim - SuperSim
Forum Stats
12528 Members
237 Forums
7811 Topics
24004 Posts

Max Online: 9115 @ 08/24/24 07:30 PM
Newest Members
Bilawal, Zweistein, didond, OLIANI, sergiu75
12528 Registered Users
Who's Online
13 registered (Admin, Toysoft, haki, bobot, karimkaki15, Smokey, goode men, Franco89, OMEGA, raffsif1234, didond, gerolamo, bori), 980 Guests and 148 Spiders online.
Key: Admin, Global Mod, Mod
Shout Box

Top Posters
Admin 9993
Toysoft 2649
satsedhu 1713
fairbird 765
ludo19 442
Top Posters (30 Days)
Admin 15
OMEGA 8
samh 3
Hum@xel 1
Smokey 1
November
M Tu W Th F Sa Su
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30
Topic Options
#25183 - 01/08/24 04:28 AM RT31P2/WRT54GP2 Alternate Unlock - Long Method
Toysoft Online   content
Japhar Member
Carpal Tunnel

Registered: 10/21/10
Posts: 2649
RT31P2/WRT54GP2 Alternate Unlock - Long Method

This is the Long Method unlock instructions which involve extra tasks like loading an encrypted xml file w/o using internet provisioning.

Please Note: This is an advanced unlock process. meister_sd's original methods in Post 4/Post 5 or the Guides in Post 10 may be easier.

Pre-Unlock Setup:

RT31P2 - See Post #2 (Link)
WRT54GP2 - See Post #3 (Link)

STEP 0 : Factory Reset the adapter (Optional):

1) This step probably isn't necessary unless you had a number of problems with your adapter or your adapter has already been on the internet. You could probably skip it unless you have further issues during the unlock process.
2) There are two methods of reset if you need to use it:

- Hold the reset button on the back for 5 seconds (Some say 30 seconds)
- In the Web Interface at 192.168.15.1, reset to factory defaults under the administration tab.

STEP 1: Setup the HTTP/TFTP/DNS/DHCP servers to load encrypted xml file and firmware:

1) See Server Setup Post #8 (Link)

STEP 2: Prepare your local file structure:

Encrypted XML:

1) In your TFTP ROOT directory (or directories if running multiple TFTP servers), copy your adapter's ENCRYPTED config file to that directory as spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2)

To download it: >>http://httpconfig.vonage.net/spa000000000000.xml (where 000000000000 is the MAC ADDRESS)

2.0.9 Unlocking Firmware:

2) In your HTTP ROOT directory (typically htdocs for Apache, docs for IPlanet/Netscape, wwwroot for IIS), create sub-directory: +000000000000 (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2)
3) Rename Unlocking Firmware 2.0.9 filename:

RT31P2: RT31P2_v1.17.02_000_combin_code.bin to "RT31P2_v1.30.01_000_VM_3.1.06_LI_combin_code.bin"

WRT54GP2: wrt54gp2_v1.27.02_209_combin_code.bin to "wrt54gp2_v1.30.01_000_VM_3.1.06_LI_combin_code.bin"

4) Copy the modified unlocking v2.0.9 firmware to the HTTP-ROOT/+000000000000/ directory (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2)
5) Double check to make sure that the renaming of the modified 2.0.9 unlocking firmware filename was completed.

STEP 3: Start the UNLOCK PROCESS (i.e. load the unlocking 2.0.9 firmware into your RT31P2/WRT54GP2):

1) Disconnect the ethernet cable from the PC running the HTTP/TFTP/DNS servers
2) Disconnect the POWER cable from the RT31P2/WRT54GP2
3) Reconnect the standard ethernet cable between the WRTGP2 WAN port and the PC ethernet port. (I don't think you'll need a crossover cable.)
4) Make sure the PC is powered up and that the DNS, TFTP and HTTP servers are running
5) Power on the RT31P2/WRT54GP2
6) If all goes well, your TFTP server's log will show the RT31P2/WRT54GP2 grabbing the encrypted file.
7) Shortly thereafter, the HTTP server's log should show the RT31P2/WRT54GP2 grabbing the modified SPA2000 v2.0.9 firmware file.
Cool Once the RT31P2/WRT54GP2 has loaded the 2.0.9 Unlocking Firmware, you may want to double check that the firmware is updated by checking the web interface.
9) You should now be ready to proceed with re-opening the Voice Section of the Web Interface

STEP 4: Setup Dummy XML file in TFTP Folder to (Re-)Open WEB access:

1) Create a TEXT FILE called spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2) as follows:
CODE
<flat-profile>

<Restricted_Access_Domains ua="na"></Restricted_Access_Domains>
<Enable_Web_Server ua="na">Yes</Enable_Web_Server>
<Web_Server_Port ua="na">80</Web_Server_Port>
<Enable_Web_Admin_Access ua="na">Yes</Enable_Web_Admin_Access>

<Admin_Passwd ua="na"></Admin_Passwd>
<User_Password ua="na"></User_Password>

<Protect_IVR_FactoryReset ua="na">No</Protect_IVR_FactoryReset>

</flat-profile>
2) Copy the new dummy spa000000000000.xml (where 000000000000 is the MAC ADDRESS of your RT31P2/WRT54GP2) file to your TFTP ROOT directory (or directories if running multiple TFTP servers)
3) Make sure the encrypted xml config file is REMOVED from your TFTP root. You only want the dummy file now.
4) Reconnect the standard ethernet cable between the RT31P2/WRT54GP2 WAN port and the PC ethernet port. (I don't think you'll need a crossover cable.)
5) Make sure all your servers are still started and then power cycle the RT31P2/WRT54GP2.
6) Check your TFTP Server's log to see when the file has been grabbed

If the TFTP Server's log shows a FILE NOT FOUND error message, and if the file attempting to be grabbed was requested from an obscurely named sub-directory (i.e. /a12BcdeFgH/spa000000000000.xml), create that sub-directory (a12BcdeFgH) underneath the TFTP Root and move (or copy) the spa000000000000.xml file to that sub-directory. Then re-Power Cycle the RT31P2/WRT54GP2 and re-check the TFTP Server's log.

7) You should now have access to the Voice_adminPage.htm of your adapter.
RT31P2/WRT54GP2 Voice Web Interface: >>http://192.168.15.1/Voice_adminPage.htm
Cool At this point, you don't want to make any changes in the Voice Tab as the modified RT31P2/WRT54GP2 firmware is unstable.

Note: The unlocking 2.0.9 firmware allows PLAIN TEXT config files to be loaded and processed. That is why this unlock "trick" works.

STEP 5: Obtain the FACTORY FRESH GPP_K key (recommended)

Why do I need the GPP_K value? (Linked Post for Details)

1) On the Provision page in the Voice section of your Web Interface copy down the Vonage GPP_K value. This is NOT the value you need, but it may be worth writing down in a text file for future reference.
RT31P2/WRT54GP2 Voice Web Interface: >>http://192.168.15.1/Voice_adminPage.htm
2) In STEP 3, the encrypted Vonage Config File got loaded into the adapter. This caused the adapter's FACTORY FRESH GPP_K value to be overwritten w/ one supplied by Vonage.
3) With the adapter disconnected from the internet and loaded with the 2.0.9 unlocking firmware, FACTORY RESET THE ADAPTER (Using Web Interface if possible). This will cause the FACTORY FRESH GPP_K value to be re-loaded, but it will also re-lock the adapter. Before FACTORY RESETTING the adapter though, delete your Vonage Encrypted spa000000000000.xml file from your TFTP ROOT! Otherwise, upon performing a FACTORY RESET, your adapter will request and process this file, a file which DISABLES THE ADAPTER'S WEB INTERACE! dry.gif
4) Repeat STEP 1 (Setup Servers) and STEP 4 (Load Dummy XML file) to Re-Open your Web Interface. (Step 1 and Step 4 ONLY)
5) After the adapter has been re-unlocked, extract the GPP_K value and save it!
6) Copy down the GPP_K value into a text file and save. This GPP_K should be the Factory Fresh value.

How do you tell the difference beween the FACTORY FRESH GPP_K value and a Vonage assigned one? (Link)

7) To verify that this is the Factory Fresh value, use VuckFonage to download and decrypt the XML file.

How do I use VuckFonage? (Link)

STEP 6: Upgrade to a Stable Firmware:

1) Go to the Firmware Update page of the Web Interface
2) Update to the Latest Stable Firmware

RT31P2 Stable Firmware: (Latest Firmware Link)
WRT54GP2 Stable Firmware: (Latest Firmware Link)

3) After the firmware update, you should still have access to the Voice Admin page.
4) You should now be able to disable provisioning and remove the Vonage DNS entries as this is a stable firmware.

--------------------------------------

1.) login to the router normally at 192.168.15.1
2.) Open 192.168.15.1/update.html
3.) Enter username: user, password: tivonpw
4.) You should now be presented with the firmware update page.

I've verified that this works with firmware versions 1.0.18, 1.0.37 and 1.0.43, 1.00.52 (the newest).

--------------------------------------

https://ubuntuforums.org/showthread.php?t=1435723

user / 7756112 (Tested working to flash/downgrade the firmware)
user / 8995533
user / 50274537

- Do NOT connect the adapter to the internet especially if it has been out of service for a while.

- Connect an ethernet cable to one of the lan ports on the adapter and in a browser go to 192.168.15.1, this is the default lan gateway address. When prompted to log in use admin/admin again that's the default

- First thing needed is to flash a special unlocking firmware that allows the adapter to acquire clear text configuration file (as opposed to the encrypted vonage one). After downloading the unlocking firmware from guide above, go to the Administration page then the tab for flashing firmware. Select the firmware file you just saved and let it flash, you'll be prompted to log in, I used user/7756112 , more can be found in the guide, if successful, you'll get a message to that effect. Now firmware version should be 1.17.02 and voice 2.09 LId

- Next we need to get the adapter to get our configuration file, create one as mentioned in the guide above, meister_sd method, put the file in a folder of your choice, we'll need to use that as our tftp root folder later

- Now we configure the adapter to talk to the pc, under the setup page of the adapter set "Internet Connection Type" to Static IP and assign the adapter a static IP address, e.g. 192.168.1.88, then set the default gateway and DNS1 to a static IP address that you'll later assign to your PC, make sure it's on the same subnet as the IP address you assigned to the adapter, e.g. 192.168.1.99, save the changes

- Switch the ethernet cable to the wan port of the adapter, so it's connected directly to the pc, no crossover cable needed in my experience, turn off the adapter until we setup the pc

Code:
sudo netstat -anlp | grep -w 53
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      804/systemd-resolve
udp        0      0 127.0.0.53:53           0.0.0.0:*                           804/systemd-resolve

sudo systemctl stop systemd-resolved

sudo dnsmasq -q --enable-tftp --tftp-root=/home/ --address=/ls.tftp.vonage.net/vonage.net/voncp.com/192.168.1.100

sudo netstat -anlp | grep -w 53
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1311/dnsmasq
tcp6       0      0 :::53                   :::*                    LISTEN      1311/dnsmasq
udp        0      0 127.0.0.1:54351         127.0.0.53:53           ESTABLISHED 708/systemd-timesyn
udp   160512      0 0.0.0.0:53              0.0.0.0:*                           1311/dnsmasq
udp6       0      0 :::53                   :::*                                1311/dnsmasq

sudo netstat -anlp | grep -w 69
udp        0      0 0.0.0.0:69              0.0.0.0:*                           1311/dnsmasq
udp6       0      0 :::69                   :::*                                1311/dnsmasq

ping ls.tftp.vonage.net

dnsmasq-tftp[1304]: sent /home/xW19Ej5ydS/spa000F66DDF2EA.xml to 192.168.1.102


and for firmware RT31P2_v1.17.02_000_combin_code.bin, the unencrypted file spaxxxxxxxxxxxx.xml...

Code:
<flat-profile>

<Restricted_Access_Domains ua="na"></Restricted_Access_Domains>
<Enable_Web_Server ua="na">Yes</Enable_Web_Server>
<Web_Server_Port ua="na">80</Web_Server_Port>
<Enable_Web_Admin_Access ua="na">Yes</Enable_Web_Admin_Access>

<Admin_Passwd ua="na"></Admin_Passwd>
<User_Password ua="na"></User_Password>

<Protect_IVR_FactoryReset ua="na">No</Protect_IVR_FactoryReset>

</flat-profile>


Attachments
RT31P2_v1.17.02_000_combin_code.zip (1 downloads)
RT31P2_v1.30.01_000_VM_3.1.06_LI_combin_code.zip (1 downloads)
RT31P2_NA_v1.30.03_003_VM_3.1.07_LIa_combin_code.zip (1 downloads)
RT31P2_NA_v1.30.07_000_VM_3.1.09_LId_combin_code.zip (1 downloads)
spaxxxxxxxxxxxx.zip (1 downloads)

_________________________
DM8000, DM800se, DM500HD, DM800HD, DM7025, DM7020s, DM7000, DM500s
VU+ Solo, VU+ Uno, VU+ Duo, Kathrein UFS910
Tivusat, TNTSat, Fransat, SSR/TSR, BBC1-2-3/ITV
DE-OpenBlackHole 1.4 image : http://www.openblackhole.com/

Top
#25184 - 01/09/24 05:34 AM Re: RT31P2/WRT54GP2 Alternate Unlock - Long Method [Re: Toysoft]
Toysoft Online   content
Japhar Member
Carpal Tunnel

Registered: 10/21/10
Posts: 2649
Success... result is great, unlocked and fully working, so you need the 1.17.02 version of the firmware (that accepts the unencrypted spaxxxxxxxxx.xml file to unlock it, using the tftp for the RT31P2 to download it, circumventing the DNS to point to your ubuntu doing DNS with false IP for ls.tftp.vonage.net).

TS



Attachments
System.jpg (12 downloads)
Line1.jpg (12 downloads)
Line2.jpg (12 downloads)
status.jpg (13 downloads)

_________________________
DM8000, DM800se, DM500HD, DM800HD, DM7025, DM7020s, DM7000, DM500s
VU+ Solo, VU+ Uno, VU+ Duo, Kathrein UFS910
Tivusat, TNTSat, Fransat, SSR/TSR, BBC1-2-3/ITV
DE-OpenBlackHole 1.4 image : http://www.openblackhole.com/

Top


New Topics
DM52xUHD : OpenATV 7.4 20241125 (Japhar)
by Admin
11/26/24 10:08 AM
DM52xUHD : OpenATV 7.4 20241125 (Original)
by Admin
11/26/24 10:00 AM
Dreambox 500HD ferrari sim ???
by OMEGA
11/25/24 04:28 PM
EchoStar left in limbo as DirecTV ditches Dishdeal
by Admin
11/22/24 02:52 PM
ZX Spectrum ZX81 Emulation : Experience with R36S
by Admin
11/21/24 02:13 AM
Grand chambardement autour des numéros de la TNT
by Admin
11/17/24 05:10 PM
OPENATV 7.5 VOD not possible
by samh
11/03/24 08:37 PM
How to exclude ProvID & Channels from OSCam to CI+
by Admin
11/03/24 12:34 PM
DreamTV Mini Ultra HD Android 9.0 IPTV Streamer...
by Admin
12/04/19 04:06 AM
Satellites.xml for Enigma² by Hum@xel
by Hum@xel
02/02/19 08:37 AM
Spark 7162 : OpenPLi 4.0 IPTV Japhar (April 2016)
by Admin
04/11/16 03:21 PM