Unlock instructions:
—————
How to identify if unlockable - Check serial number: FH900Exxxx, starts at x, if it’s a number. (0~9) it’s OK to unlock. if it’s a char (A~Z), most likely it’s 3.1.7. or higher.Serial Number ranges/firmware version:
FH9004xxxxxx 2.10
FH900ECxxxxx 3.1.8
FH900F10xxxx 3.1.8
FH900F11xxxx 3.1.9
FH900F5xxxxx 3.1.9cInstructions are provided for the benefit of Competent persons who are capable of following instructions. DO NOT PM people if you can’t get it working. Double check that you have followed all instructions exactly and try again. The instructions work. If they don’t work for you, you are doing something wrong.
Unlock instructions:
1) Print these instructions. Read them twice before beginning and do not connect your PAP2 to your network until told to, or you’ll be very sorry.
2) Download, install, start and configure a TFTP server from here if you don’t already have one: link. Some users have reported that they have to reboot after installng this software before it will work correctly. (alternate TFTP program: Pumpkin TFTP)
3) Download the following file: link (do NOT click - use right click, save file as)
4) Rename the file to pap2sp2kzip3vn.zip and unzip it into the TFTP Service\TFTPRoot folder you configured in step two. (TFTP product, not Pumpkin)
5) Download the following file: link (do NOT click - use right click, save file as)
6) Rename the file to sp2kpap2zip1pm.zip and unzip it into the TFTP Service\TFTPRoot folder you configured in step two. (TFTP product, not Pumpkin)
7) Disconnect your internet access now by disconnecting your cable/dsl modem. Leave your router connected to your PC. (very important)
Connect the PAP2 unit to your router, connect a phone to line 1 then plug the PAP2 in to a power outlet.
9) Pick up the phone, press the star (*) button four times (you will not hear a dial tone)
10) Dial 73738#. If needed, use password 7756112# or 8995523# or 50274537#. Press 1 to confirm, press #, Hang up. (This number is used to reset the device to factory setting. If you’ve already hacked your device, do not press this number again)
11) Determine the PAP2 IP address by picking up the phone and dialing four stars (*), then 110# and write it down. My PAP2 IP address is:____________________
12) Determine your PC’s IP address by going to a DOS window and type IPCONFIG, write it down. My PC IP address is:____________________
13) Shut down Zone Alarm or other software firewalls, including the Windows XP built-in firewall if you’re using Windows XP. You may have to forward ports 5060 & 5061 (UDP) to your PAP2’s IP address if step 18 doesn’t work. (check your router’s manual for instructions)
14) Browse to the configuration page of the PAP2 by typing the IP address of the PAP2 unit (from step 11) into Internet Explorer.
15) Go to the SYSTEM tab and set a User password of 1234.
16) Click the SAVE SETTINGS button, then close the window.
17) Browse to the configuration page of the PAP2 by typing the IP address of the PAP2 unit (from step 11) into Internet Explorer and login with ID “user” and password “1234″ (don’t type qotes)
18) Cut and paste the bold link and add it to the end of the PAP2 address that is currently in the Internet Explorer window (make sure to get the / in front):
/upgrade?tftp://xxx.xxx.xxx.xxx/PAP2SP2K.bin
(replace xxx’s with Computer IP address from step 12)
19) Watch the status LEDs. The power LED will turn RED when it is done. Give it a minute or two, don’t interrupt it.
20) Once the power LED is red, browse to the configuration web page of the PAP2 by typing the IP address of the PAP2 unit into Internet Explorer.
21) Click the “admin login” link near the top-right.
22) Click the PROVISIONING tab and set PROVISION ENABLE=NO.
23) Under the SYSTEM tab, Optional Network Configuration section, DNS Server Order: box, select “DHCP, Manual” and enter 68.87.64.196 in Primary DNS, & 68.87.66.196 in Secondary DNS.
24) Click SAVE SETTINGS.
25) Browse to the configuration web page of the PAP2 by typing the IP address of the PAP2 unit into Internet Explorer.
26) Now, cut and paste the bold link and add it to the end of the PAP2 address that is currently in the Internet Explorer window (make sure to get the / in front):
/upgrade?tftp://xxx.xxx.xxx.xxx/SP2KPAP2.bin
(replace xxx’s with Computer IP address from step 12)
27) The PAP2 will eventually reboot (Power LED and Ethernet LED will be solid blue) BE PATIENT. When complete, you can click the “admin login” near the top-right and no password will be needed.
28) Configure line 1 and/or line 2 with your favorite VOIP provider(s).
29) Re-connect your internet access if all steps worked.
If you have trouble in step 18, then try this:
Open a DOS window. Type:
TFTP xxx.xxx.xxx.xxx get pap2sp2k.bin test.bin
Where xxx.xxx.xxx.xxx is the IP address of your computer from step 12. If that works, then you have a firewall issue. If it does not work, then you have a TFTP server configuration issue.
Stanaphone Setup Instructions:Stanaphone web page1) Follow unlock instructions above.
2) Log into your adapter, click on ADMIN link, click on Advanced View link, go to Line 1 tab (or Line 2) and enter the following values in each parameter:Line enable : yes
nat mapping enable : yes
Username : XXXXXXXXXX (use your StanaPhone telephone number)
Authorization User : XXXXXXXXXX (use your StanaPhone telephone number)
Password : UUUUUUUUUUUU (use your Stanaphone password - different from your StanaPhone account password - login to Stanaphone and click Account Information link, then Config SIP link to get this)
Domain/Realm SIP Proxy : sip.stanaphone.com
Outbound Proxy : (leave empty)
Dial Plan: (08xxxxxxS0|<:1AAA>[2-9]xxxxxx|1[2-9]xx[2-9]xxxxxxS0|<:1>[2-9]xx[2-9]xxxxxxS0|011xx.)Replace AAA with your area code.
This dial plan handles three types of calling:
Stana-to-Stana : 08xxxxxx
Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number
Other parameters use default values.
SIP tab:
Handle VIA received: Yes Handle VIA rport: Yes
Insert VIA received: Yes Insert VIA rport: Yes
STUN Enable: Yes
STUN Server: stun.fwdnet.net:3478
Line 1 Tab:
NAT Mapping Enable: Yes
SIP Port: 5061
Proxy: sip.stanaphone.com
Register Expires: 400
Preferred Codec: G.711a
Leave everything else as is.
VoipBuster Setup instructions:Voipbuster requires you to pay 5 Euros to get free calls in the USA. If you do not pay, all calls are limited to one miunte for free, then it will disconnect you.Vopibuster configurationVoipbuster web page1) Follow unlock instructions above.
2) Log into your adapter, click on ADMIN link, click on Advanced View link, go to Line 1 tab (or Line 2) and enter the following values in each parameter:
Line enable : yes
nat mapping enable : yes
proxy : stun.voipbuster.com
outbound proxy : leave blank
use outbound proxy : no
register : yes
display name : leave blank (Voipbuster does not support CallerID Name anyways)
user id : voipbuster username
password : voipbuster password
On SIP tab
STUN enable: yes
STUN server: sip.voipbuster.com (or any other public STUN server)
For USA residents, add the following line to Dial Plan field:
(<:001aaa>[2-9]xxxxxx|<:00>1[2-9]xx[2-9]xxxxxxS0|<:001>[2-9]xx[2-9]xxxxxxS0|<011:00>xx.)
Replace aaa with your area code.
This dial plan handles three types of calling:
Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number
An alternative dial plan is as follows:
(<:001>[2-9]xxxxxxxxx|<:00>x.T)
This dial plan handles two types of calling:
Local, Long distance, and of course - toll free: 1 xxx xxx-xxxx or xxx xxx-xxxx
International : country code + area code + number
If your get a message that the PAP2 cannot establish a connection, double check the settings, then leave the adapter plugged into your router and wait until it connects (a few hours or overnight)
If PAP2 adapter is behind a router, there are two options. For non-symmetric NAT router, STUN server outlined as above works fine. For symmetric NAT router, you need to set up port-forwarding:
1. UDP 5060/5061
2. UDP port range specified from “SIP > RTP Parameters > RTP Port Min” until “SIP > RTP Parameters > RTP Port Max”
Run netcheck to find out what kind of router you have.
Voicestick Setup Instructions:Voicestick web page1) Follow unlock instructions above.
2) Log into your adapter, click on ADMIN link, click on Advanced View link, go to Line 2 tab and enter the following values in each parameter:You must use line 2/SIP port 5061Line enable : yes
nat mapping enable : yes
Username : XXXXXXXXXXX (use your Voicestick telephone number, including the 1 prefix, no dashes, no parenthesis)
Authorization User : XXXXXXXXXXX (use your Voicestick telephone number, including the 1 prefix, no dashes, no parenthesis)
Password : UUUUUUUUUUUU (use your Voicestick password)
Domain/Realm SIP Proxy : i2telecom.com
Use Outbound Proxy : Yes
Outbound Proxy : 206.165.50.116
Preferred Codec: G711u
Dial Plan: (<:001aaa>[2-9]xxxxxx|<:00>1[2-9]xx[2-9]xxxxxxS0|<:001>[2-9]xx[2-9]xxxxxxS0|<011:00>xx.)
Replace aaa with your area code.
This dial plan handles three types of calling:
Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number
Other parameters use default values.
Leave everything else as is.
CallPacket Setup InstructionsCallpacket web pageMore details in This ThreadLine1 or Line2
Proxy: voip.callpacket.com
User ID: cpxxxxxxxx (sip username)
Password: xxxxxx (sip password)Dial Plan: (*xx|<:1aaa>[2-9]xxxxxx|1[2-9]xx[2-9]xxxxxxS0|<:1>[2-9]xx[2-9]xxxxxxS0|011xx.)
Replace aaa with your area code.
This dial plan handles three types of calling:
Local : xxx-xxxx or xxx xxx-xxxx
Long distance : 1 xxx xxx-xxxx or xxx xxx-xxxx
International : 011 + country code + area code + number
Regional:
Remove Call Back Deact Code: *86, this way you could use *86 to check your VM
Automated configuration system for PAP2 and popular VOIP providers: Voxilla web page linkMore unlock info here at broadbandreports.comBROWSE to page 9 of the thread in case you don’t have the zip files which were available for download earlier. ‘rcilink’ posted a workaround to make it legal. It is the fifth post from the bottom. Here’s a link to the page Updated procedureFirmware: 2.0.9 (LSd) Troubles: For those who have had troubles unlocking at step 18) because the Linksys prompts for an admin password, clunk found a way to get by this problem….let Vonage upgrade the firmware to 3.1.6 by letting it connect to the internet. Once you see the Linksys reset after download (fast blinking lights stop and the adapter resets), disconnect the LInksys and start at Step 9 in the unlock process again.If you questions about VOIP or anything related to VOIP - get started here
DSLREPORTS VOIP FORUM
Most of your questions will be answered there. Enjoy VOIP!
Sphere: Related Content
I tried this on my 3.1.9 and everything went ok until it was supposed to grab the firmware from the http server. It never even makes a request to the dns server for anything other than the ls.tftp.vonage.net. Any further help would be greatly appreciated.Comment by MS — November 29, 2006 @ 
How did you make the connections between your computer and adapter? What’s your computer’s ip and adapter’s. I think you need double check your DNS server if all addresses are really ok. Ping 
I have the same problem as MS; but I stupidly connected the device to the internet before ever starting research. (I was naive and didn’t think it would be locked…) As far as I can see, if you’ve been online with a 3.1.9(Lsc) device - then you’re out of luck. My device grabs the XML from my TFTP server but does not attempt a firmware update. From what I can read, it wont happen until Vonage pushes a firmware update (and updates your XML file on their TFTP server?)Comment by Al — December 19, 2006 @ 
I followed the procedure and now it has sipura 2000 firmware. now I cant get to the web interface - cant change the DNS entries to point it to my local dNS and when I try 161#, its asking me for a password and none of the above passwords are working.I am pretty much screwed I guess. THE mistake i made was….Connected the pap2 adapter to the internet after upgrading it to sipura 2000 firmware - now i think vonage has locked everything -is there any way I can recover my device and unlock it???Would really appreciate it.Thanks
Hoy much time takes the firmware upgrade? Only request ls.tftp.vonage.net in the DNS server and no http server queryComment by drnet — January 18, 2007 @ 
I am stuck at RED Led light. I have power cycled it many times so it would take plain text xml file but no luck. It does not reuqest the file. It only requested first time when it took the .bin file. It asked for u1Q2i8biMs folder. I created the folder and put plain xml file there. Then did the power recycle but it does not ask for it.Any help????TIAComment by ch — January 29, 2007 @ 
Comment by Tia — January 30, 2007 @ 
Need help making sure things are right for the PAP2…
Like the first comment, I did the following:
Problem reported. So we changed the plain text to the new one:
I can run TFTP on my PC, I don’t know how to run an HTTP server (help required here). Then in step 4, how do you “1) Point httpconfig.vonage.net to the LAN IP address running your HTTP server 2) Point ls.tftp.vonage.net to the LAN IP address running your TFTP server. ??PeterComment by Peter — March 18, 2007 @ 
hello how can i unlock my pap2 is the 3.1.9c versioncan you help me for the i can voipbluster service??please thanksComment by samchamo — March 27, 2007 @ 
1) Point httpconfig.vonage.net to the LAN IP address running your HTTP server
Hello, You can unlock a pap2 the vonage 3.1.9(LSc), thanksComment by Alex CAmacho — October 31, 2007 @ 
Jonathan, you do these settings in the Simple DNS Plus.
#Alex, yes this post is to unlock 3.1.7+ including 3.1.9.
Hi there,I seem to have the same problem as Alan above. Namely, the unit fetches the XML file via TFTP but never makes an HTTP request for the bin. I was just wondering if anyone was able to get that problem resolved…Thanks!AnthonyComment by Anth — November 13, 2007 @ 
Trying to unlock a 3.1.9LSc firmware unit. Never been on the Net. It grabs the xml file from my tftp, and then grabs the firmware from my http, but never flashes it. The power light blinks blue and ethernet light flashes indicating it’s grabbing the file, then it just stops, and both lights go back to blue. I can reset it using one of the passwords to get the web UI back but it still is running the 3.1.9 firmware. How do I get this thing to take the Sipura firmware?…Comment by flint — December 13, 2007 @ 
It follows the steps of this procedure and my PAP2 vonage 3.19 Lsc gets to read the xml, but later in everything he asks for password admin and no it accepts value some. I believe that this is only applied for old versions of the firmware. Mine here is going to the garbage.Comment by
Is it possible to unlock FH900F11xxxx?Thank you very much.Comment by min — July 23, 2006 @ 4:02 pm
Mine is Firmware Version: 3.1.9(LSc)
Serial number is FH900F14xxxx
Steps 9 and 10 don’t really work for me. After I type * 4 times, I type 73738# and still no sound/feedback through the phone.
I tried the following steps anyway but on step 18, when I enter the URL for the tftp update, it asks for the admin password.Maybe this new firmware needs a different approach? Thanks.
–mqmComment by mqm — October 31, 2006 @ 2:06 am
It does not register on the network and does not respond to any phone commands.Is there ant way to salvage it
Please post your experience and related links.Comment by aqan — April 30, 2007 @ 11:40 am
If it’s ver 1.0 with firmware 3.1.7+, you need the GPP_K value to re-unlock it: http://nyworldphone.wordpress.com/2006/10/29/how-to-re-unlock-your-adapter-using-the-factory-fresh-gpp_k-value/ . Without GPP_K, you’re kind of stuck here unless you would like to pay for an unlock service.
If it’s ver 2.0, then you just need the CYT tool to re-unlock it again:http://nyworldphone.wordpress.com/2006/08/27/linksys-wrtp54g-rtp300-pap2-v20-unlock-info-cyt-devices-from-bargainshare-by-cron/ .
Hope this helps.
Alen
Comment by cunyalen — April 30, 2007 @ 8:19 pm
Jak
Comment by need linksys pap 2 admin password , — July 13, 2007 @ 9:40 pm
If the firmware is 3.1.6 or lower, then you just need follow the basic unlock process in this post or http://nyworldphone.wordpress.com/2006/10/29/pap2-unlock-guide-for-316-firmwares-and-earlier/. If the firmware is 3.1.7 or higher, then you need the GPP_K key to re-unlock. Otherwise, you are pretty much stuck.
Alen
Comment by alen — July 14, 2007 @ 8:06 pm
JakComment by need linksys pap 2 admin password , — July 15, 2007 @ 8:33 pm
plain.txt: No such file or directory
676:error:02001002:system library:fopen:No such file or directory:./crypto/bio/b
ss_file.c:278:fopen(’plain.txt’,’rb’)
676:error:20074002:BIO routines:FILE_CTRL:system lib:./crypto/bio/bss_file.c:280
:
error in aes-256-cbc
OpenSSL>
Thanks
Jak
Comment by need linksys pap 2 admin password , — July 16, 2007 @ 12:32 am
now i get this massage ,please help me where my mistake ,OpenSSL> aes-256-cbc -k -in plain.txt -out spa001217FD3CF5.xml -k “”
unknown option ‘plain.txt’
please ,
Comment by need linksys pap 2 admin password , — July 16, 2007 @ 2:08 am
We can’t get it now. You can only get it if it’s unlocked. This sounds contradictory. The thing is we don’t need the GPP_K when we first time unlock it which is never connected to internet.So, if you can’t get the GPP_K, you are almost stuck unless you pay somebody for an unlock service.
People mentioned before if Vonage(I assume it was originally for vonage) updated their xml config file, we would be able to re-unlock it again without GPP_K key. Even though there’re many higher version firmwares, still it may not work for a unit because the xml file on the server may not be updated yet. But you can try if you would like to. If it’s first time you try this, it may take a while and you may encounter problems. And you may end up without nothing. If you want to try it, follow this: http://nyworldphone.wordpress.com/2006/09/27/unlock-pap2-firmware-317-and-above-including-319-quoted/.
Good luck!
Alen
Comment by alen — July 16, 2007 @ 2:37 am