I am trying to get into the firmware of an office phone for a school project. The professor gave us a few hints and I figured out how to ssh into the VoIP phone and get to the directory he wants us to get to. This is where I'm stuck.
The phone gives me a challenge of a 16 bit hex string and asks for a response. Example:
Challenge: 0d2e2d824e024c7f
Response:
I was also told this is a CRAM-MD5. We were never given a password. Otherwise, I could have concatenated the password and ran echo 0d2e2d824e024c7f | md5sum and fed it back into the response. How do I get past this authentication and figure out what the response is?
Another hint was that this could be done as a hardware-hack. Is there something I can do to the hardware to get into the firmware?
Please let me know if I'm on the right track or going about this the wrong way. I'm very new to network security/embedded security.
