All telecom fundamentals on SIP protocol, VOIP, RTP, RTCP knowledge, Technical Youtube Videos, Linux material, Android, SSCA certification information,the sip school videos.

Saturday, 13 October 2012

How to obtain NetTalk SIP information

How to obtain NetTalk SIP information:

The NetTalk configuration information is retrieved via tftp.

The name of your specific config file is 00_11_22_33_44_55_ABCD.cfg.
00_11_22_33_44_55 corresponds to the mac address of your NetTalk device.
ABCD corresponds to the last 4 digits of your NetTalk Serial number.

Assuming you have tftp enabled on your machine, you can obtain your NetTalk configuration like:

tftp -i tftp.tktelco.net GET 00_11_22_33_44_55_ABCD.cfg

In the returned file, you will see a 10 digit number. This is your NetTalk username. Directly after that, you will see 10 alphabetic characters (e through n). This is your encoded NetTalk password.

The encoding is a simple substitution where
e=0, f=1, g=2, h=3, i=4, j=5, k=6, l=7, m=8, n=9

On the back of your NetTalk Device, you will find your serial number, and MAC address.

I have automated the process of retrieving this information.

1) Enter your NetTalk Serial number in the first box (Note: we only need the last 4 digits)
2) Enter your NetTalk MAC Address
3) Press "Get SIP"

You can obtain the source code, and executable here: *mod edit deleted link. Brute force? Seriously dude? WTF*
(The executable is in the bin\Debug directory.)

Because simply getting one set of credentials is not that interesting, I added the ability to brute force as well.
Note: This tool is for educational use only. Do not use it to mass gather SIP credentials.

To brute force, choose the second tab:

Any fields left blank, will be brute forced.

For example, to brute force all SIP credentials for the MAC addresses in the range of:
00:25:12:34:56:00 through 00:25:12:34:56:FF

Leave the Serial Number blank, and enter the mac 00:25:12:34:56

The sleep time is the number of milliseconds to wait between packets.

Keep in mind that brute forcing can be very time consuming, as we need to try every possible 4 digit serial number 0000 through 9999 for every MAC address.

The tool runs fine under Linux using mono, as you can see from the above screen capture.

Let me know if this works for you, or if you encounter bugs.



Post a Comment

Note: only a member of this blog may post a comment.

Page Navigation Widget