VP5500

Aus LaborWiki
Wechseln zu: Navigation, Suche

The Philips VP5500 is a WLAN VOIP- & Video Phone sold by KPN in the netherlands. Some of the features, such as configuration settings for the VOIP connection are usually hidden from the user, but can be revealed through a fake firmware image (description here). Thanks to this restriction the device was rendered useless when KPN decided to disconnect the VOIP services this phone was relieing on.

This article intends to collect all relevant information about the hard- & software on the telephone and to provide information to actually reuse the hardware.

Hardware

Pinning

Serial

Vp5500 serial.png

VCC: 3.3V, Rate 115200 Baud

Setting the "TIN" Pin to low or pressing keys while the bootloader is waiting will redirect first Console to the serial device. Fortunately the bootloader allows editing the kernel command line, so you're able to directly "chroot" the device by setting a different initrc (sh). Type the following at the bootloader prompt:

boot root=/dev/mtdblock2 init=/bin/sh

Boot Log of the standard installation

JTAG

Vp5500 jtag.jpg

Pins are at the back of the circuit board.

Partitionen

0x00000000-0x00014000 : "bootloader"    blob version 2.0.5-pre2
0x00014000-0x00100000 : "kernel"        /boot (?)
0x00100000-0x01ce0000 : "fs #1"         rootfs (?)
0x01ce0000-0x01fe0000 : "fs #2"
0x01fe0000-0x02000000 : "fs #3"

Drivers & Software

Audio

  • Looks as if the audio codec in use needs a proprietary driver

MPEG en/decoder

  • Hantrop MPEG EN- DECODER, kernel module: hmp4e

Camera

Wlan

Links

Software

Bootloader (Blob)

Root FS & Toolchain

According to the boot log, the root fs is derived from some sample source code for the iMX21 development platform.

Kernel

Version: 2.4.20

Networking stuff

R.H. (snapper) intercepted & posted a sip register request sent by the device:

INVITE,ACK,BYE,CANCEL,OPTIONS,REFER,SUBSCRIBE,NOTIFY,MESSAGE,INFO,SERVICE,UPDATE,PRACK
Accept: application/sdp
Accept-Encoding: identity
Accept-Language: en
Supported: 100rel,replaces
Date: Mon, 15 Mar 2010 22:17:28 GMT
User-Agent: VP5500 (VeriCall Edge)
Content-Length: 0
REGISTER sip:192.168.2.1:5060 SIP/2.0
Via: SIP/2.0/UDP
192.168.178.20:5060;branch=z9hG4bK7576a67c231d790cc8c04075
Max-Forwards: 70
From: <sip:103@192.168.2.1

Configuration

For Sipgate:

SIP1 Display Name: your Name

User Name: your SIP-ID

Telephone Number: Tel.Nr.

Auth

Authentification UserName: your SIP-ID

Password: Sipgate Password

Server

SIP register address:port: sipgate.de:5060

Proxy

SIP proxy1 address:port: sipgate.de:5060

SIP2

SIP Port Listen

for UDP: 5062

for TCP: 5062

for TCP TLS: 5053

SIP Outbound needs to be empty.