MagicJack Hacking

MagicJack is a great device for those traveling abroad or anyone needing an occasional extra phone.  The only real problem is when you happen to forget the MagicJack adapter or in situations when it’s just not possible to plug in a USB device. There are ways to overcome this problem and access your MagicJack service without the USB adapter. Before I show you how, I must note that this is a violation of the terms of service (TOS ) of the MagicJack service and is discussed here as a proof of concept.

MagicJack adapters are basic SIP devices and employ the same session control protocols to set-up and tear-down calls just like other VoIP soft phones. To use the MagicJack service without the physical USB devices, you will need to complete a couple of steps.

1. Grab the username and password via a memory dump. You can identify the username by its format, EXXXXXXXXXX01. This is E, your phone number, and 01. So your username will be  E<YourMJPhoneNumber>01. Your password will be a 20 character value.  I would recommend using PMdump to extract this information.

2. Save these values as you will need them later.

3. Identify the gateway being used by MagicJack for your specific phone prefix.
The MagicJack service uses the www.talk4free.com site. The format for the entry you will need to make for your softphone to work without the adapter will take the format of proxy01.<yourcity>.talk4free.com.  You can capture this information with Wireshark.

Hacking MagicJack

4. Place this information into the softphone of your choice such as iCall, X-Lite, SJPhone, etc.

This used to be all that was required until MagicJack realized that some clever users discovered this hack. Security measures have now been added to make this a little more difficult.  MagicJack modified the method in which they calculate the nonce for MD5 authentication.  This additional information uses a value in the Call-ID header.  While not complex, this adds an additional barrier for users attemting to use their MagicJack service without the required USB dongle. The easiest way to get around this restriction is to use MJMD5. It is available for free at Mediafire.com.

While MagicJack is a great device and is reasonably priced, it’s a pain to always have the USB device installed to maintain service. For whatever reason, MagicJack does not want its customers to use their service as a softphone. However, if you like to hack, there’s ways to bypass this restriction.  Has anyone else tried this? How have you hacked your MagicJack?

This entry was posted in Ethical Hacking, Smart Phone Hacking and tagged , , , . Bookmark the permalink.

Comments are closed.