FRITZ!Box VoIP password extraction
Many providers send you the preconfigured FRITZ!Box containing all settings, whereas passwords are not visible in the webinterface. Some providers, such as Sunrise in Switzerland, argue they wont give you the password due to “safety reasons” when you call their helpdesk. m) – To extract your VoIP password from your FRITZ!Box follow these steps:
1.) Enable Telnet
Open the webinterface of your FRITZ!Box an choose > Telephony > Telephonebook
Add two new entries:
Name: Telnet On
Number: #96*7*
and
Name: Telnet Off
Number: #96*8*
Dial #96*7* on your connected DECT phone to enable telnet on your FRITZ!Box. If you don’t have a phone connected to the Box, enable “click to dial” in telephony > calls > click to dial and dial the number by clicking on the number in the phonebook on the webinterface.
2.) Extract VoIP password in telnet
Access your router via telnet in the command line (aka Terminal). Use the IP of your router and your FRITZ!Box password.
user@host:~$ telnet 192.168.1.1
password: ***********BusyBox v1.20.2 (2013-05-13 12:53:07 CEST) built-in shell (ash)
Enter ‘help’ for a list of built-in commands.#
Then use the following two commands to extract the VoIP password:
# allcfgconv -C voip -o /var/tmp/temp -c
# cat /var/tmp/temp |grep passwd
passwd = “23f00b4R”;
passwd = “”;
#
Done 😎
Now disable telnet again, – for security reasons, – by dialing #96*8* on your DECT. – Have phun!
For further reading:
Update (11. November 2016):
AVM secret FritzBox Key
Hi lx
what version of FritzOS is your FritzBox running?
The newest Labor Version (FRITZ!OS 06.10-28247 BETA) doesn’t seem to recognize the -c parameter:
# allcfgconv -C voip -o /var/tmp/temp -c
illegal option ‘c’
Hi M.S.
The “-c” option is the decrypt option, without it you’ll only see the encrypted password. Check this page for all explanations on allcfgconv.
Regarding the box version I will tell you in a couple of days, as soon as I can access the box again.
Best, Lx
Thanks for your info,
I was aware, what the -c switch does, however with the Labor-Version FRITZ!OS 06.10-28247 BETA the allcfgconv command didn’t recognize the switch, it was compiled out i guess. It didn’t even show up in the help file.
I reverted back to the official firmware (FRITZ!OS 06.03) and updated to the newest (06.04) (as of 07. Jul. 2014) version, in both cases the -c switch worked as intended, exactly as you described.
As to why it was disabled/removed in the Labor-Version, i have no clue. I’m curious if the next Labor-Version will include it. Also it would be interesting how the decryption worked without the command, and if they will depreciate the -c switch in future versions.
-M.S.
I didn’t yet fiddle around with the Lab-version, so I didn’t know. – Thanks for the information likewise!
Makes no sense to me the “-c” option isn’t there in that version.
And I totally agree with you, we’ll have to find out how to decrypt the stored info in an alternative way. – Please let me know, in case you find a way…
[Update]
This and this link might illuminate the issue.
Hi Lx,
Thanks for your howto. I am trying to follow your steps from a remote location. I can do everything over the webinterface (using my MyFritz account) except that I cannot fire up telnet from a shell, because I have no running SSH server over which I could access my home network.
Do you know a workaround?
(I have firmware 06.05 so I wonder if it will work at all, but I wanted to give it a try nonetheless)
Best,
jens
AFAIK the specified command can only be executed from the shell.
Best, Lx
Thank bro worked perfectly.