Sbhacker Cable Modems at PLUG HackFest RoundUp
Lisa Kachold
lisakachold at obnosis.com
Sun Mar 13 23:13:20 MST 2011
On Sun, Mar 13, 2011 at 6:49 PM, Bryan O'Neal <
Bryan.ONeal at theonealandassociates.com> wrote:
> Ok - school me - what benefit would I get from flashing my cable modem?
>
> Wait! Scratch head! Because you can?
Here's my current cable modem (without diagnostics) DOCSIS 1.0.
http://98.165.44.173/
Oh, no seriously, replacing any manufacturer firmware with upgraded versions
always improves it. ....And because various diagnostic features and
functions become available to you, like speed tools, since you have
essentially "opened up" some of the bandwidth limitations throttled at the
cable modem level.
See:
http://www.phx2600.org/forum-archive/viewtopic.php?p=5086&sid=fd4a9eb61f8470a62ea8e148e67ba867(referencing
speed, etc)
Excerpt:
Different firmwares provide different features and a different feel, as
well. It would be best for you to scroll through
http://www.sbhacker.net/forum/ and look at all the different firmware there
are and find one for you.
Some different firmwares are:
Original Sigma firmware - Supports DOCSIS 1.0 and many modems. If your ISP
only supports DOCSIS1.1 and above this is not for you.
Sigma X2 - There are many versions of this firmware floating around and it
supports a decent number of modems. Also note, when many connections are
used at once (like bit torrent) this firmware tends to crash on most modems.
If you're looking for stability imho this isn't for you unless you want to
upgrade the memory on the modem.
FERCSA Sigma X2 - A popular version of Sigma X2. The red on black firmware
looks awful. :P
Haxorware - Newer firmware that seems to be getting a lot of attention.
Arguably the best firmware to date for any cable modem.
SB5100Mod - Newer firmware that had wonderful development for a short amount
of time but now looks discontinued. (Only the future will will really tell.)
This is probably the best firmware on the sb5100.
Now that you've found what cable modem you want to buy another question pops
up, "Should I buy a pre modded modem?" If you've never soldered anything
before then the answer is probably yes. Compare prices between pre modded
and not modded + soldering kit + items to make a JTAG cable. To purchase a
premod modem visit www.sbhacker.net
-------------------------------------------------------------------------
USING THE FIRMWARE
This can vary greatly depending on what firmware you're using. Because of
this, this section will be a list of terminology and will be firmware
independent. This way if you find an option in your firmware and you don't
know what it is this section can help you regardless what setup you have.
Connecting to your firmware:
http://192.168.100.1 This is the default modem firmware.
sb5100mod is http://192.168.100.1:666
Sigma based firmware and most everything else is http://192.168.100.1:1337
Downstream/Upstream Frequency - The areas in the coaxial cable used to
connect to the ISP. Think of it like FM radio. The range for FM is 87.5 to
108.0. "What frequency is such-en-such radio station on?" Coaxial cables
work the same way.
Signal to Noise Ratio - Anything above 30dB is good. The lower the number
the less signal and the more noise.
Downstream Power Level - Anything from 10 to -10 is good but generally
connection can be obtained from 15 to -15. If your connection level is lower
than -10.
Channel ID - Just like cable TV, cable internet has channels. If you're in a
congested bandwidth area (during certain times of the day your internet
slows down) then it might just be an over used channel. Switching to another
channel can sometimes have surprising benefits.
Upstream power level - Anything below 50dBmV is good. Most ISPs aim for low
or mid 40s. This is how loud your cable modem shouts so your ISP can hear
it. The max power level a modem is allowed to broadcast at is 58. If your
power level is 58 this can be like a death sentence.
-If any of your numbers are outside of the ordinary then check out this
excellent guide here http://www.sbhacker....showtopic=10528
Serial Number - This is your modems serial number and can be used to trace
you. However, it is relatively pointless. When changing your mac address
make sure to change the serial number at the same time.
HFC MAC Address - This is your modems mac address. It identifies your modem
to your isp and ultimately who you are must like a mailing address. Remember
to never hack a modem with a mac address tied to you!
CPE USB MAC Address - Some cable modems get online via USB instead of
ethernet. This can be thought of just like the FC MAC Address.
Known CPE MAC Address - This obtains the mac address of the router or
computer connected to your cable modem. Your ISP can see this! and therefor
it is highly recommended you do not plug in any routers or computers
associated with any legit internet into your hacked modem without changing
their mac address first!
Disable firmware updates - This should most likely be enabled. It restricts
your ISP from automatically changing your modems firmware to something
legit.
Factory Mode - "Factory mode, when enabled, gives you access via snmp to the
factory mib. the factory mib is a list of oid's, each oid having a uniq
function. Here is a very small list of things you can do remote via snmp
when in factory mode, *get/set the hfc, ethernet and usb mac addresses.
*get/set the modem serial number. *get/set the modem certs (cm,vendor, and
secure code). *ping ip addreses. *execute shell commands *execute injected
code (see cmFactoryBCMGroup 'CommandType, AddressOrOpcode, ByteCount and
Data')" http://www.sbhacker....hp?showtopic=17
Configuration Page Changeable - This allows you to alter some of the
settings on http://192.168.100.1
Reboot Disabler - Some ISPs auto try to reboot modems. This disables that.
Enabling this can be extremely helpful.
Force Network Access - Gain network access without authorization. Some ISPs
might need this.
Embedded Telnet Server - When enabled you can log into the modems shell via
telnet and type in different advanced commands. If you're on windows check
out putty (using google) and try the telnet version of that app.
SNMP Deamon - SNMP is a protocol that broadcasts information about your
modem to your ISP and anyone who scans for it. Disabling this will remove
your ISP from seeing you. I recommend disabling it.
SNMP Port - Changing the SNMP broadcast port can generally have the same
effect as disabling SNMP. I recommend changing the port. Default is 161.
Community String Miner - This helps find the a community string for your
ISP. Community strings are used for SNMP scanning.
Full Flash Backup - I highly recommend you do this and save the file
somewhere so that it will not be lost. If anything bad happens to your modem
you can then use this.
Disable firmware updates - This should most likely be enabled. It restricts
your ISP from automatically changing your modems firmware to something
legit.
Factory Mode - "Factory mode, when enabled, gives you access via snmp to the
factory mib. the factory mib is a list of oid's, each oid having a uniq
function. Here is a very small list of things you can do remote via snmp
when in factory mode, *get/set the hfc, ethernet and usb mac addresses.
*get/set the modem serial number. *get/set the modem certs (cm,vendor, and
secure code). *ping ip addreses. *execute shell commands *execute injected
code (see cmFactoryBCMGroup 'CommandType, AddressOrOpcode, ByteCount and
Data')" http://www.sbhacker....hp?showtopic=17
Configuration Page Changeable - This allows you to alter some of the
settings on http://192.168.100.1
Reboot Disabler - Some ISPs auto try to reboot modems. This disables that.
Enabling this can be extremely helpful.
Force Network Access - Gain network access without authorization. Some ISPs
might need this.
Embedded Telnet Server - When enabled you can log into the modems shell via
telnet and type in different advanced commands. If you're on windows check
out putty (using google) and try the telnet version of that app.
SNMP Deamon - SNMP is a protocol that broadcasts information about your
modem to your ISP and anyone who scans for it. Disabling this will remove
your ISP from seeing you. I recommend disabling it.
SNMP Port - Changing the SNMP broadcast port can generally have the same
effect as disabling SNMP. I recommend changing the port. Default is 161.
Community String Miner - This helps find the a community string for your
ISP. Community strings are used for SNMP scanning.
Full Flash Backup - I highly recommend you do this and save the file
somewhere so that it will not be lost. If anything bad happens to your modem
you can then use this.
CM Certification - This allows you to backup your cert file. I highly
recommend you do this and a place that you will not loose it. My hdd fried
and I lost some data and my modem fried in the same week. I lost my cert for
my modem. Don't let this happen to you!
Config file - When your modem turns on it downloads a config file from
either a default TFTP server or from one of your choosing. Some firmwares
give options to save the config file onto your modem to skip this step.
Also, some firmwares allow for downloading and config files.
Hardware Changer MAC/Serial - This allows you to change your modems mac and
serial. This is quite useful.
Firmware / Config Down - This updates the firmware on your modem. Caution!
Backup your 2MB flash and certification file before doing this! IP is the
STATIC address of your computer you manually setup hosting a TFTP server.
Filename is the name of the .bin file for the firmware you're updating.
sysDescr - Information given to your ISP about your modem.
docsDevSwCurrentVers - Current version of standard firmware (bios) your
modem is running.
NonVol Config - A file that contains all everything about your modem. This
file contains certificates in your modem.
-------------------------------------------------------------------------
GETTING ONLINE
This step varies drastically depending not only on what ISP you're trying to
connect to but what area you live in as well. For example, in some areas
comcast supports DOCSIS 1.0/1.1 only and in other areas comcast might
support DOCSIS 1.1/2.0 only. Keep this in mind that everyone's situation is
unique regardless what ISP you're on.
Before getting online I have an important question to ask you, "Do you
already have cable internet or/and cable TV?" If you do not then there might
be a filter on your coaxial line running into your house, or the wires may
not even be plugged in at all. A good page to checkout topic=8143 (on
sbhacker.net forums) and make sure nothing physically is obstructing the
internets, or series of tubes, running to your house.
IMHO you should sign up for legit internet if you haven't already for at
least a couple of months if not permanently. Cable internet is a service. If
you sign up for internet they will make sure not only that any modem in your
house can get online, but your ISP will also make sure the signal is strong
enough for the internet to work well.
--> End excerpt
The newer flashable Motorola SB6120 provides Interface bonding - which makes
it scream (when the cable company supports DOCSIS 3.0):
http://wn.com/Flashing_SB6120_via_U-Boot
> On Sun, Mar 13, 2011 at 5:24 PM, Lisa Kachold <obnosis at gmail.com> wrote:
> > SBHacker Surfboard 5100/5101 RoundUp Report:
> >
> > With a great deal of "can-do attitude" from Kaia Taylor, hardware
> expertise
> > from Brad Blanette, and equipment provided by Don (not his real name),
> our
> > HackFesters were able to work with three modems:
> >
> > 0) Kaia Taylor 5100 {successfully added Lite Version haxorware}
> >
> > 1) Don's 5101 {successfully flashed but appearing with error (see below)}
> >
> > 2) Don's 5100 (no JTAG)
> >
> > I worked more with #1 Motorola Surfboard 5101, reflashed it with diag
> > version from here:
> > http://www.haxorware.com/
> >
> > It says:
> > Error: No CFG area Found!
> >
> > References to AMD Chip SBoards:
> >
> >
> http://www.sbhacker.net/forum/index.php/topic/16152-blackcat-usb-flashes-intel-fine-amd-verification-errors/
> >
> > Assumption: Bricked or memory toasted Cable Modem.
> > Action: Get $newer model that works before I attempt to flash it?
> >
> > We will be continuing the Sbhacker games next Saturday at Noon [now that
> we
> > know how to do it more or less] over at Gangplankhq.com, so bring your
> cable
> > modems!
> > --
> > Office: (480)307-8712
> > AT&T: (503)754-4452
> >
> > lkachold at incentivelogic.com
> >
> > Senior Systems Administration
> > SOMEPLACE REALLY Good
> >
> > "The war of good and evil present in all religions does not always end,
> in
> > every faith, with the victory of good, but in every one it establishes a
> > clear order of existence. The sacred as well as the profane rests on that
> > universal order.."
> > --Stanislav Lem
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
(503) 754-4452 iPhone
(623) 239-3392 Skype
(623) 688-3392 Google Voice
http://www.obnosis.com
Senior Systems Administrator
IncentiveLogic,com
*Catch My MetaSploit & IP CAM Surveillance
Presentations @ ABLEConf.com in April!*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110313/35678b0d/attachment.html>
More information about the PLUG-discuss
mailing list