Help me please to clear admin password on SPA 303
For now I can't to configure the phone because admin password defined
Factory reset also impossible to do....
How to perform factory reset without admin password? by some keys press or other procedure?
FW version 7.4.5
HW ver 1.0.0
There is no factory reset avail without that admin pw.
What you can do is, run a wireshark trace when the phone is restarted. If the phone is trying to hit the provisioning server for its resync, you can find out what file the phone is trying to pull. Then modify that file on the provisioning server and change or blank out the admin password. When the phone has completed downloading that file, the admin password will have been changed.
Thank you for answer.
I tried to do it but unsuccessful
When SPA303 coming up after reset it takes configuration ("hostname".cnf.xml) file from TFTP
I put renamed to "hostname" template configuration file on TFTP there is admin passwd is empty
Phone download this file but do nothing after
Maybe something wrong in file?
Can you give me sample of xml file?
SW version of SPA303 is 7.4.5
The following link shows an example which contains the Admin_Passwd in xml file.
I did it step by step but there is some trouble
SPC have no version 7.4.5. It start from 7.4.6
I prepared xml manualy like below:
After I put this file on TFTP and capture TCP traffic for look what happens
I saw that phone download this file from TFTP and do nothing after
When I trying to perform Factory reset via phone MENU ADMIN password required again
The filename for "hostname".cnf.xml is for the spcp setup.
The default filename that it looks for the sip setup is spa$PSN.cfg, in this case it should be spa303.cfg. Do you see that in the trace? If so, rename the file to spa303.cfg and see if that works.
As an addition to what Nelson said, the phone, in SIP-mode looks for /spa$PSN.cfg
Take note that there is a forward slash "/" meaning the root of the server offering the /spa303.cfg file.
You must have a DHCP server on the network that will respond to the phone when the phone sends out a DHCP DISCOVER. The DHCP server must supply OPTION 66 [or 150, 159, or 160] which points to the server. [TFTP to keep things simple]
When the phone receives a DHCP offer that contains an OPTION 66, the phone knows that it can get its provisioning file/s from a server and will then send out a request.
As Nelson said, a factory-fresh phone will look for /spa303.cfg
A phone that may have been previously provisioned will look for whatever file it has been previously configured to look for. This is why you would run a Wireshark trace to monitor the phone's requests during boot up. [It will not request SIP-based configuration files if no DHCP OPTION 66 [or 150, 159, or 160] with a valid IP address are received.
This may help you better understand the phone's boot process:
Use this reference document to locate SPA phone resources
Thank you for detailed information how it should to boot up
But in my case phone (SPA303) doesn't like to do it
In DHCP discover he asking TFTP name/address - options 66 & 150
DHCP server sent him correct TFTP name (my PC addr there is TFTP server activated)
but SPA303 asking TFTP on my router's address in the LAN
OK., I activated TFTP server on our router and put config file there
SPA303 asking the file and download it but admin password doesn't clear.
I read your writing to the SPA5x phones.
There are many things I learned excellent writing.
Unfortunately not helped to solve the admin password problem.
How to open pass locked, forgot admin pass SPA502G and 504G phones?
The phone asks for and receives an IP address.
But do not try to download anything.For example spa504G.cfg.
I'm looking at the phone's IP traffic, but there does not seem to ask for the phone trying to file.
Please help me.
Phone my be configured not to load a remote configuration. In such case you can't reconfigure it this way. Unfortunately, if "reset to factory defaults" is password protected and phone load no remote configuration you are out of luck.
Brute force is your only chance.
"Brute force" method is "try all possible passwords one by one". You need to create script that will try to login to real phone.
It may take very long time. Even many years. So you may consider it no solution for you.
If you have just few phones, forgot them and buy new one. If you have many phones, call your previous administrator and offer them a money if he will disclose the password he configured.
So sorry for those bad news ...
The device can be configured and locked the way preventing unauthorized user to use it. I consider it valuable feature, not bug.
The phone administrator decided to configure the lock of such kind and it's decision is just honored. No way the unauthorized person can override the decision.