Magic Jack SIP auth proxy
by trixter on Aug.22, 2009, under Telephony
Magicjack has changed the way they authenticate SIP calls in an effort to break 3rd party devices. Sometimes its not the best thing to have a computer running, sometimes you want to use something other than Windows, sometimes you just want to use different software. Whatever the case, this proxy will let you have choice and options.
I wrote MagicCrack specifically to address this problem. MagicCrack is a proxy written in Perl, and uses iptables to modify the packets so that the authentication can occur. This lets you forward packets to whatever proxy you configure in your device. Because MagicJack uses port 5070 that means you can have most sip traffic untouched and only do this to MagicJack traffic. The Perl script works as a transparent proxy allowing you to quickly and easily configure your gateway without having to reconfigure any other systems that may exist on your network.
In essence MagicJack changed the way they calculate the nonce for MD5 authentication. They add a little bit of extra information, which is calculated off the Call-ID header. This is not that complex, although it is somewhat effective since most devices are unable to do this.
The transparent proxy Perl script will add the extra data to the nonce, and after it is hashed by the SIP UA it will be stripped. I used the iptables QUEUE target to accomplish this.
In order to run this script you must execute as root:
modprobe ip_queue iptables -I OUTPUT -p udp --dport 5070 -j QUEUE iptables -I INPUT -p udp --sport 5070 -j QUEUE
Then run the script (also as root) and it should just magically work. Your SIP UA will haave the right data when it does the MD5 hash, and you can have different proxies used, and all that good stuff.
February 17th, 2010 on 2:55 pm
Trixter,
I really need some help with getting this perl script working. I do not mind paying someone for the assitance.
James
February 21st, 2010 on 7:26 pm
trixter: thanks for the script. I have it running and can see the modified nonce arriving at my ATA. It seems my ATA is having issue with the modified nonce, though. It appears to drop the modified packet, and resend it’s original request sans auth info. Any way to make the script generate the proper MD5 hash and replace it in the outgoing packet rather than modifying the nonce?
I’m not a programmer or I would attempt myself, though I have played with some code before. If this is possible, but you don’t have time can you point me in the right direction to start?
Thanks.
March 11th, 2010 on 6:09 pm
HI Trister,
I am using DD-WRT on a router box. I really liked your approach and i would like to use in DD-WRT. Is it possible for you to make it work as a simple executable? I am askin because DD-WRT is a small linux distribution and i don’t think that most of the steps required to run the perl script are feasable on DD-WRT (ex. modprobe ip_queue). i am not a geek of linux if possible could you post the steps also ?
March 21st, 2010 on 6:44 pm
Im using windows vista guys and not to techie. I need to install the sip credentials on my linksys PAP2T i need the steps please
June 21st, 2010 on 10:11 am
magiccrack.pl choking on line 7 no iptables/ip4/something.pm
need win32 version.