真佩服自己,居然破解o2的homebox2(6641)的上网密码和voip帐号密码 -- 附教程
本帖最后由 峰少 于 2015-11-30 23:31 编辑刚刚搬家,“被”升级到vdsl+voip,没有analoge的电话了,送来一个o2的home box 2,想继续使用fritzbox 7360,打电话去热线,被告知了上网的账号和密码,使用internet没有问题,可是voip账号不能告诉我。
所以现在我的问题是,能破解那个6641吗?读出机子voip的数据。
多日来,仔细研究ip-phone-forum上的帖子,终于搞定了
相信越来越多的人会被o2提供这个home box 2,所以写个教程分享一下
------------------------------下面是教程 --------------------------------------
前提:
准备一U盘。格式化成ext3的格式,比如用win下面的分区助手专业版5.2,或者Linux里的GParted.
o2的白盒子上按reset,重新初始话,重新输入Inrternetzugang-Pin, 让白盒子可以上网和打电话,这样得到一干净的白盒子。插上前面格式化的u盘。
教程1:(简单版本)
从这里下载脚本,在Linux环境里运行该脚本
-- 够简练吧!{:5_396:}
教程2:(详细版本)
1. 下载Linux系统Ubuntu CD,这个可以在CD上运行Linux
ftp://ftp.uni-bayreuth.de/pub//linux/ubuntu/releases/14.10/ubuntu-14.10-desktop-amd64.iso
2. 下载后烧碟,从cd启动, 进入Ubuntu系统, (下面的图片是网络下载的,可能会有出入)
3. 打开firefox上网,由下面链接下载破解脚本:6641-own-20150105-03.sh,
http://pan.baidu.com/s/1eQ6Xit8
4. 打开左边栏上第三个图标,file,文件管理器,把Recent下刚刚下载的6641-own-20150105-3.sh文件拷贝或者移到Documents下面
5. 点击左上角的类似win里的“开始”按键,在搜索栏里输入terminal,找到并打开terminal。
以此输入下面三行命令:
cd Documents (进入Documents目录)
chmod u+x 6641-own-20150105-3.sh (使文件可执行)
sudo ./6641-own-20150105-3.sh (运行文件)
接下来,该程序问问提问三次问题,依次是box host地址,和两次sip-proxy地址,和你的电话号码,前面三个问题,使用默认值,直接回车就行,你自己的号码用49+区号+号码形式输入,z.B. 49PPPNNNNNN.
再下来就自动运行,最后出结果,如下:
sudo ./6641-own-20150105-1.sh
Please enter the IP address or hostname of your HomeBox 2 (Zyxel 6641)
or just press enter to use the default value
Host :
Please enter the registrar of your VoIP connection
or just press enter to use the default value
Registrar :
Please enter the sip-proxy of your VoIP connection
or just press enter to use the default value
SIP-proxy : sip.alice.voip.de
Please enter the phone numbers to search for.
Seperate numbers with space and use the format
CCPPPPPPPNNNN
or
0PPPPPPPNNNN
(CC=Country-Code, PPPPP=Prefix, NNNN=Number)
For example: 498005900050 498005251378 08005900050 08005251378
If you are not sure which format is correct for your account,
simply specify both formats for your phone numbers!
Phone numbers: 49123456789 0123456789 4999988877766 4955554444333
- trying to ping the box (o2.box)... SUCCESS
- trying to mount the box: //o2.box/DRIVE1_1... SUCCESS
- trying to create symlink (0_link_to_r00t_31474) to root directory... SUCCESS
- trying to unmount /tmp/tmp.gz79qPgkiv... SUCCESS
- trying to mount the box a second time for exploit preparation... SUCCESS
- trying to append "postexec" code... SUCCESS
- trying to create a user called "bob" with password "alice" SUCCESS
- trying to unmount /tmp/tmp.gz79qPgkiv... SUCCESS
- trying to mount the box a third time for exploit execution... SUCCESS
- trying to unmount /tmp/tmp.gz79qPgkiv... SUCCESS
- checking for open port on o2.box:23000... SUCCESS
- dumping memory from box to usb drive
please be patient: this takes at least 62 seconds...
- trying to mount the box a fourth time to download the memory dump... SUCCESS
- trying to copy PPP username (<BOX-SERIAL>-CC5D4E@.*\.de), a failure here is OK... FAILURE
- trying to copy PPP password (your PIN)...
If this fails, extraction of PPP data will fail! SUCCESS
- downloading the memory dump to /tmp/tmp.4w23OaGCmn... SUCCESS
- trying to unmount /tmp/tmp.gz79qPgkiv... SUCCESS
- looking for PPP username in memory dump, since I dind't get it from the box
This may fail in a lot of cases - you may have to get the data from
o2's hotline instead!
- looking for phone number + proxy name in memory dump...
- No password for 0123456789 found, retrying with sip proxy registrar..\.alice-voip\.de
- No password for 0123456789 found
~~~~~~~~~~~~~~~~ FINISHED, RESULTS FOLLOW ~~~~~~~~~~~~~~~~
Your PPP (internet) login data is:
Username: SNOCHANCEPAL-CC5D4E@sXY.bbi-o2.de
Password: xxxxxxxxxxxx
For phone number 49123456789, please use the following
data to configure your router:
Phone number: your telephone number without prefixes
Username: 49123456789
Password: GONNA
Registrar: sip.alice-voip.de
SIP-proxy: sip.alice-voip.de
For phone number 4999988877766, please use the following
data to configure your router:
Phone number: your telephone number without prefixes
Username: 4999988877766
Password: xxxxxxxxxxxxxxx
Registrar: sip.alice-voip.de
SIP-proxy: sip.alice-voip.de
For phone number 4955554444333, please use the following
data to configure your router:
Phone number: your telephone number without prefixes
Username: 4955554444333
Password: xxxxxxxxxxxxxxx
Registrar: sip.alice-voip.de
SIP-proxy: sip.alice-voip.de
Please note:
You may have to reconfigure you FritzBox slightly.
o2 uses rtp_priority = 26 and rtp_port >51000
in their box.
In case of problems with voice quality, try to edit
/var/flash/voip.cfg
on your FritzBox accordingly.
- cleaning up...
Please note: Files on the USB-Stick of the Box are left intact!
You may use them to further debug your results.'
Bye!
有了上面的数据,我就可以自己设置fritzbox了
破解 ,比较麻烦,我现在用的自己的73901.无损开盖。 2.接ttl读猫的flash,记下。3.设置fritzbox http://www.ip-phone-forum.de/showthread.php?t=264942&s=6392270a418c9fcb6ee373833bcf8601
好像是这个帖子, 你具体看一下吧 yb_london 发表于 2014-12-16 23:34
http://www.ip-phone-forum.de/showthread.php?t=264942&s=6392270a418c9fcb6ee373833bcf8601
好像是这个 ...
谢谢,我要仔细研究一下。 yb_london 发表于 2014-12-16 23:30
破解 ,比较麻烦,我现在用的自己的73901.无损开盖。 2.接ttl读猫的flash,记下。3.设置fritzbox
6641也能这么弄吗? 峰少 发表于 2014-12-29 00:39
6641也能这么弄吗?
这个不太清楚,你看看其他帖子有没有6641的 yb_london 发表于 2014-12-29 11:03
这个不太清楚,你看看其他帖子有没有6641的
6641到目前好像还不能破解 重新更新了,新加教程 voip帐号拿到也没用,只能在家用,也就是如果想换自己的 FritzBox 的话可以折腾一下,而且不是所有的 FritzBox 都支持。 峰少 发表于 2015-1-10 00:38
重新更新了,新加教程
太佩服啦
看来电脑弄个外置光驱还是有必要