Monthly Archives: February 2015

Extracting PPP/SIP passwords from the Netcomm “White Genius” NF4V router

So for a while, Orcon has been distributing the Netcomm NF4V to replace the old Black Genius. Unfortunately, it’s not so easy to extract passwords from this new model, as the config dumps from the Web UI are encrypted in some way, and the passwords are not present in the DOM, so you can’t get them with browser dev tools. Fear not, however! The NF4V is not fort Knox.

  1.     First up, open your router webui. By default, this is 192.168.20.1.
  2.     Log in, then click Management, Access Control, Service Control.
  3.     Click “Enable” under the LAN column beside “Telnet”. Do NOT select the WAN column (this would open your router up to attacks from the internet!)
  4.     Click Save.
  5.     Now you need a telnet client. Windows has one built in, but it’s disabled by default from Win7 and up. To enable it again, follow these instructions. Alternatively, you can use the Putty telnet client.
  6.     Hit Win+R, and type CMD, then press enter.
  7.     Type “telnet 192.168.20.1 -f C:\telnetlog.txt”, press enter. If your router has a different IP for the webUI, then enter that instead.
  8.     Log in with your usual router login.
  9.     Type “dumpsysinfo” and press enter.
  10.     When that finishes, type quit and close the command prompt.
  11.     Type “notepad C:\telnetlog.txt”
  12.     For PPP, Ctrl+F, “<Username>genius@orcon.net.nz</Username>”, your password is right below that. There may be more than one, so search through until you find both and try them until one works.
  13.     For SIP, search “<AuthPassword>”. Again, there appear to be two, I’d like to know what the difference is. Trial and error.
  14.     For the MAC address, search “eth0: MAC Address”. You’ll need this to replace the genius for UFB.
  15.     Get back into your router webui and disable telnet for security purposes.

Replacing the Genius:

  •     UFB: Uses DHCP, so put your new router into DHCP mode on the WAN port, enable VLAN10 on the WAN port, and set the MAC address to the same one as your genius.
  •     ADSL/VDSL: Put your new router into PPPoE mode, enable VLAN10 on the DSL port (I think), and give it your PPP username and password as extracted from your genius. This is untested, I don’t have DSL.

[Mod edit (MF): adding below a disclaimer by Orcon]

  • It is not Orcon policy to make Genius SIP passwords available to users of the Genius service.
  • Connection of a non-Genius device to a Genius service breaks Orcon Terms and Conditions.
  • We don’t support any non-Genius devices on Genius connections in any way whatsoever.
  • Orcon will not provide any explanation of any settings used to provide the Genius Data or SIP services.
  • Our device and software provisioning platform uses automated provisioning and updating procedures. Orcon is not responsible for any interaction with any non-Genius device or responsible for any damage or loss incurred in connection with any such interaction.
  • Orcon cannot block automated actions provisioning platform actions by account or mac address.
  • If you need to report a service issue please replace the Orcon Genius device and ensure the issue still exists while using the Orcon Genius device prior to logging any support calls. Should the fault be diagnosed later to be due to the non-Genius device then the user will be responsible for any costs incurred by Orcon.
  • Should the SIP service be compromised in the non-Genius device then Orcon has no liability for any resulting fraudulent call charges.