Chris,
Sorry I didn't get back to you sooner. I didn't see a reply on the
mailing list until I changed my view from ultimate to threaded.
On Thu, May 29, 2008 at 12:22:50AM -0500, Andy Herkey wrote:
My barry is a Sprint 8703e using BES connected to my corporate network.
12 days ago I saw that you updated pppob.cc and associated programs, so
I uploaded the CVS and compiled. Wow, big changes since 0.12. Nice code
btw.
Thanks very much for testing this!
I couldn't get the ipmodem to work, probably because the device is
password protected, but I did get the serial modem working by adding the
password support to ppppb.cc and adding my password to the pty command.
pty "/home/aherkey/src/barry/tools/pppob -vsP passwd"
$ diff pppob.cc pppob.cc.cvs
Your patch didn't apply, but it was simple enough to do myself. In the
future, you'll want to create your patch like this:
# if just changes
diff -ru barry-old-dir barry-new-dir
# if there are new files (make sure your tree is clean)
diff -ruN barry-old-dir barry-new-dir
Or, since you're already using CVS:
cd barry-workdir
cvs diff -u > patch
Thanks for the info, I wasn't expecting you to accept the patch so I
just did a simple diff to show you what I was doing.
I've added code to enable the desktop mode on the device, even in ipmodem
mode, if there is a password provided. Could you checkout the latest
CVS and test whether this works for you? You're the first person to
report that a password controls ipmodem.
I haven't tested password support in detail yet, so thanks for your report.
I would be glad to help out testing the password support.
During my testing I also added the desktop/password to the ipmodem mode,
but it didn't work, so I removed it. I think the desktop for the ipmodem
mode should be removed since it will tie up the desktop. Then add the
password to modem.Open(password.c_str());.
Last week I saw that Michael Stokes was also using a 8703e, but he
didn't say if he was using BES or what mode his modem was using. Just
curious if his is also password protected. Anyway I did a few usbsnoops
at work using XP and Sprint's connection manager (CM). Each time the CM
asked twice for my password (maybe for each modem mode), but I never saw
the BB request a password challenge. If I canceled entering the
password the CM said that it couldn't find any devices. I did manage to
wipe my BB by playing back a snoop dump. Thank goodness for backups. :)
Oh well, I'll keep digging though.
I'm surprised you could wipe a BES'd device! Usually the databases
become read-only, in my experience.
Yes, all the databases were wiped except for the basic enterprise info.
All my apps were still there, but the setups and data were gone.
Can you tell from the snoop logs which endpoint is being used for the
modem. I'm curious how it handles the password if it is using ipmodem
mode.
The snoop logs show that the connection manager starts using the usual
enpoints 3 and 131 then it sends the password hash to the endpoints
2,130 and 4,132. After a lot of digging I think I got the basic
sequence. I'll try to detail the flow.
The connection manager sends this sequence to both sets of endpoints.
BulkWrite to endpoint 2:
00000000: 01 00 00 00 00 00 00 00 78 56 34 12
BulkRead (130): if the read times out retry.
BulkWrite to endpoint 2:
00000000: 01 00 00 00 00 00 00 00 78 56 34 12
if it times out again send this:
BulkWrite to endpoint 2:
00000000: 01 00 00 01 00 00 00 00 78 56 34 12
This is the record we are looking for.
It contains the PIN and seed for the password hash.
BulkRead (130):
00000000: 02 00 00 00 8c 2a e0 02 0a 00 00 00 0a 00 00 00
00000010: 67 de 8e 31 1c 00 00 00 78 56 34 12
password = asdfgh00
seed = 0x02e02a8c
PIN = 0x318ede67
Use this seed the same way you hash the password for the desktop.
hash password
hash seed + password
In this case the hash is:
bd ec 7d a2 39 97 aa 0e 91 f2 d2 55 02 d5 7d e8 53 62 71 87
BulkWrite to endpoint 2:
00000000: 03 00 00 00 bd ec 7d a2 39 97 aa 0e 91 f2 d2 55
00000010: 02 d5 7d e8 53 62 71 87 78 56 34 12
BulkRead (130):
00000000: 04 00 00 00 8d 2a e0 02 0a 00 00 00 0a 00 00 00
00000010: 01 00 00 00 1c 00 00 00 78 56 34 12
It looks like the first 0x000a is the remaining password tries.
BulkWrite to endpoint 2:
00000000: 01 00 00 00 01 00 00 00 78 56 34 12
BulkRead (130):
00000000: 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 00 00 00 1c 00 00 00 78 56 34 12
BulkWrite to endpoint 2:
00000000: 00 00 00 00 00 00 00 00 03 00 00 00 00 c2 01 00
00000010: 02 d5 7d e8 53 62 71 87 78 56 34 12
This is part of the password hash: 02 d5 7d e8 53 62 71 87
BulkWrite to endpoint 2:
00000000: 00 00 00 00 b0 00 00 00 b0 00 00 00 00 00 00 00
00000010: 18 00 00 00 78 56 34 12
Now the modem is ready to accept AT commands.
This is as far as I got. I'm not sure why the CM sets up both sets of
endpoints. I haven't had a chance to implement any patches just
standalone tests.
Also, since you're using Sprint (I assume), which ppp options file and
chatscript did you use?
Yes, I am using Sprint. I used your original rogers script and just
changed the connect and pty lines.
connect "chat -v 'ABORT' 'ERROR' '' 'AT&F' 'OK' 'ATZ' 'OK' 'ATI' 'OK'
'ATDT#777' 'CONNECT'"
pty "/usr/local/sbin/pppob -sP passwd"
I was surprised how fast the connection was. I was able to connect to my
office's VPN using the Cisco VPN client. There wasn't any problems
connecting to any of my servers using ssh and doing any of the usual
admin tasks. I haven't had to use it much though.
The only problem I had was with one web site. Every time I connected to
it the BB would reboot. The -v option just showed the device was gone.
My wife's web site is www.thepasionatedarter.com. I miss typed it and
got www.passionatedarter.com. (She missed renewing her domain by one day
and enom snatched up.) That's the site that crashes the BB.
Thanks,
- Chris
Andy
begin:vcard
fn:Andy Herkey
n:Herkey;Andy
email;internet:[EMAIL PROTECTED]
version:2.1
end:vcard
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Barry-devel mailing list
Barry-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/barry-devel
