If the provisioning is in the form of plain text XML file, you should look for Admin_Passwd
If it is the compiled but unencrypted SPC file, you should be kind of hacker to be able to read it.
If it is the compiled SPC file encrypted by phone-specific password, you should be very experienced hacker to be able to decrypt it (phone-specific password is derived from either MAC or serial number and derivation algorithm is not public, but it can be extracted from SPC compiler by experienced reverse engineer).
As I don't expect the 2Talk file will be readable, you should consider another approach. Forget the automatic provisioning and follow 2Talk guide to configure SPA122 manually. Note that guide for SPA122 should work for SPA112 with just slight differences.
Rate useful advices. It will help others to found solutions.
Article ID:1966 Network Address Translation (NAT) Settings for Lines on
PAP2T and SPA3102 Phone Adapters Objective The objective of this
document is to configure Network Address Translation (NAT) settings for
the lines of communication on the PAP2T and SP...
Article ID:2742 Speed Dial Settings on SPA100 Series Objective Speed
Dial Buttons are often used to make the process of calling regularly
used contacts quicker and with one button. This option is used in place
of dialing the entire phone number in. This h...
Article ID:2676 Firmware Upgrade on SPA112 and SPA122 Objective To
upgrade the firmware a specific file must be downloaded from the
Internet and uploaded to the device. Upgrading your devices can be very
useful. Firmware upgrades can fix software bugs, im...