Andy Herkey
Sun, 01 Jun 2008 01:00:48 -0700
Chris,Sorry I didn't get back to you sooner. I didn't see a reply on the mailing list until I changed my view from ultimate to threaded.
On Thu, May 29, 2008 at 12:22:50AM -0500, Andy Herkey wrote:My barry is a Sprint 8703e using BES connected to my corporate network. 12 days ago I saw that you updated pppob.cc and associated programs, so I uploaded the CVS and compiled. Wow, big changes since 0.12. Nice code btw.Thanks very much for testing this!I couldn't get the ipmodem to work, probably because the device is password protected, but I did get the serial modem working by adding the password support to ppppb.cc and adding my password to the pty command. pty "/home/aherkey/src/barry/tools/pppob -vsP passwd" $ diff pppob.cc pppob.cc.cvsYour patch didn't apply, but it was simple enough to do myself. In the future, you'll want to create your patch like this: # if just changes diff -ru barry-old-dir barry-new-dir # if there are new files (make sure your tree is clean) diff -ruN barry-old-dir barry-new-dir Or, since you're already using CVS: cd barry-workdir cvs diff -u > patch
Thanks for the info, I wasn't expecting you to accept the patch so I just did a simple diff to show you what I was doing.
I've added code to enable the desktop mode on the device, even in ipmodem mode, if there is a password provided. Could you checkout the latest CVS and test whether this works for you? You're the first person to report that a password controls ipmodem. I haven't tested password support in detail yet, so thanks for your report.
I would be glad to help out testing the password support.During my testing I also added the desktop/password to the ipmodem mode, but it didn't work, so I removed it. I think the desktop for the ipmodem mode should be removed since it will tie up the desktop. Then add the password to modem.Open(password.c_str());.
Last week I saw that Michael Stokes was also using a 8703e, but he didn't say if he was using BES or what mode his modem was using. Just curious if his is also password protected. Anyway I did a few usbsnoops at work using XP and Sprint's connection manager (CM). Each time the CM asked twice for my password (maybe for each modem mode), but I never saw the BB request a password challenge. If I canceled entering the password the CM said that it couldn't find any devices. I did manage to wipe my BB by playing back a snoop dump. Thank goodness for backups. :) Oh well, I'll keep digging though.I'm surprised you could wipe a BES'd device! Usually the databases become read-only, in my experience.
Yes, all the databases were wiped except for the basic enterprise info. All my apps were still there, but the setups and data were gone.
The snoop logs show that the connection manager starts using the usual enpoints 3 and 131 then it sends the password hash to the endpoints 2,130 and 4,132. After a lot of digging I think I got the basic sequence. I'll try to detail the flow.Can you tell from the snoop logs which endpoint is being used for the modem. I'm curious how it handles the password if it is using ipmodem mode.
The connection manager sends this sequence to both sets of endpoints.
BulkWrite to endpoint 2:
00000000: 01 00 00 00 00 00 00 00 78 56 34 12
BulkRead (130): if the read times out retry.
BulkWrite to endpoint 2:
00000000: 01 00 00 00 00 00 00 00 78 56 34 12
if it times out again send this:
BulkWrite to endpoint 2:
00000000: 01 00 00 01 00 00 00 00 78 56 34 12
This is the record we are looking for.
It contains the PIN and seed for the password hash.
BulkRead (130):
00000000: 02 00 00 00 8c 2a e0 02 0a 00 00 00 0a 00 00 00
00000010: 67 de 8e 31 1c 00 00 00 78 56 34 12
password = asdfgh00
seed = 0x02e02a8c
PIN = 0x318ede67
Use this seed the same way you hash the password for the desktop.
hash password
hash seed + password
In this case the hash is:
bd ec 7d a2 39 97 aa 0e 91 f2 d2 55 02 d5 7d e8 53 62 71 87
BulkWrite to endpoint 2:
00000000: 03 00 00 00 bd ec 7d a2 39 97 aa 0e 91 f2 d2 55
00000010: 02 d5 7d e8 53 62 71 87 78 56 34 12
BulkRead (130):
00000000: 04 00 00 00 8d 2a e0 02 0a 00 00 00 0a 00 00 00
00000010: 01 00 00 00 1c 00 00 00 78 56 34 12
It looks like the first 0x000a is the remaining password tries.
BulkWrite to endpoint 2:
00000000: 01 00 00 00 01 00 00 00 78 56 34 12
BulkRead (130):
00000000: 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 00 00 00 1c 00 00 00 78 56 34 12
BulkWrite to endpoint 2:
00000000: 00 00 00 00 00 00 00 00 03 00 00 00 00 c2 01 00
00000010: 02 d5 7d e8 53 62 71 87 78 56 34 12
This is part of the password hash: 02 d5 7d e8 53 62 71 87
BulkWrite to endpoint 2:
00000000: 00 00 00 00 b0 00 00 00 b0 00 00 00 00 00 00 00
00000010: 18 00 00 00 78 56 34 12
Now the modem is ready to accept AT commands.
This is as far as I got. I'm not sure why the CM sets up both sets of
endpoints. I haven't had a chance to implement any patches just
standalone tests.
Yes, I am using Sprint. I used your original rogers script and just changed the connect and pty lines. connect "chat -v 'ABORT' 'ERROR' '' 'AT&F' 'OK' 'ATZ' 'OK' 'ATI' 'OK' 'ATDT#777' 'CONNECT'"Also, since you're using Sprint (I assume), which ppp options file and chatscript did you use?
pty "/usr/local/sbin/pppob -sP passwd"I was surprised how fast the connection was. I was able to connect to my office's VPN using the Cisco VPN client. There wasn't any problems connecting to any of my servers using ssh and doing any of the usual admin tasks. I haven't had to use it much though.
The only problem I had was with one web site. Every time I connected to it the BB would reboot. The -v option just showed the device was gone. My wife's web site is www.thepasionatedarter.com. I miss typed it and got www.passionatedarter.com. (She missed renewing her domain by one day and enom snatched up.) That's the site that crashes the BB.
Thanks, - Chris
Andy
begin:vcard fn:Andy Herkey n:Herkey;Andy email;internet:[EMAIL PROTECTED] version:2.1 end:vcard
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Barry-devel mailing list Barry-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/barry-devel