Password for WRTP54G Firmware v1.00.37

Discussion in 'Other Linksys Equipment' started by mazilo, Sep 9, 2005.

  1. mazilo

    mazilo Network Guru Member

    I don't know if the following will work; however, if you find it working, please report back here.

    If you have a WRTP54G with a running firmware v1.00.37 (preferably a virgin one/non-activated), see the following passwords will unlock the Voice section (Username/Password):
    1. Admin/AB2ChJScbtR5I
    2. Admin/ABsFuZ3PufkXY
    3. Admin/x
    4. Admin/1 <=== a "ONE" not "L".

    If the above fails, try to replace Admin with admin to see if that will work. Good luck.
  2. Manning

    Manning Network Guru Member

    Dude, where did you get this and why do you think it will work? Those look suspiciously like encrypted strings from a passwd file, and I'm betting you got that 'x' from the config.xml file in the 1.0.37 firmware sourcecode.
  3. ydef

    ydef Network Guru Member

    It's all from the config.xml file, and no, none of them work on anything since they are encrypted strings.
  4. rfv3

    rfv3 Network Guru Member


    Lol, a dictionary attack on the 'encrypted strings' took less than a second :rofl: (on a p3 650 no less).


    Of course who hasn't already tried these?
  5. ydef

    ydef Network Guru Member

    Hey rfv3, had a few questions on your original post.

    This whole process you documented makes more sense now that I understand that snet-management-sensor is the vonage specific method for access/control of your router remotely. Kind of like the linux webmin web administration interface, this is how vonage always has the keys to your house should they need them. 8O Especially in light of the recent FCC ruling that voip providers should have the capability to wiretap any of their customers should the phedz require one this port is what makes the ease of it all possible. In fact, they could just save the traffic of all your conversations and have them to listen to any their convenience. How nice.

    When I downgrade my firmware to .00.37 from .00.45 from the web interface, within the first minute of connecting my WAN port to the internet my firmware is pushed back up to 1.00.45.

    So the sequence you mentioned that router performs on first power cycling makes pefect sense. It immediately seeks mission control (vonage tftp servers) and request the latest firmware update should it exist. It also requests the xml configuration files that are in /etc to be used live. This also explains why the usename and password in the config.xml on the firmware doesn't work, because the router looks to replace its default versions immediately by requesting fresh ones from vonage. In fact, as you document above, this is the first file that is requested. Do you remember the name of the config it requested? Probably just config.xml, but maybe all the xml files also in /etc?

    Seeing this is how it works, there seem to be a couple possibilities here. One is to customize the xml files and to spoonfeed them to the router directly ... setting up a tftp server to act as

    The other, is that this is the surefire method for replacing the firmware on the router is by tftp'ing an image to it over the WAN port at boot. Doh. All without ever needing to even crack the case open. D0h ...How could i have been so blind to this for so long!
  6. jagboy

    jagboy Network Guru Member

  7. jagboy

    jagboy Network Guru Member

    ooooooooops posted the wronglink sorry this is what i ment to post
    WRTP54G Unlocked?
  8. rfv3

    rfv3 Network Guru Member

    Return to original thread

    ydef: Moving back to original thread as mentioned above.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice