Sbhacker Cable Modems at PLUG HackFest RoundUp

Bryan O'Neal Bryan.ONeal at TheONealAndAssociates.com
Mon Mar 14 22:28:16 MST 2011


Ok I have a stock surfboard. I already have most of the diags, (Save
upstream power level). Now - it would be cool to walk the tree, that I
will admit. As far as increased speed.... Well, I would like to know
how that is obtained unless you are by passing an artificial lock set
by the ISP - unfortunately that is not my case - I get crap speed no
matter what package I am on.

On Sun, Mar 13, 2011 at 11:13 PM, Lisa Kachold <lisakachold at obnosis.com> wrote:
>
>
> On Sun, Mar 13, 2011 at 6:49 PM, Bryan O'Neal
> <Bryan.ONeal at theonealandassociates.com> wrote:
>>
>> Ok - school me - what benefit would I get from flashing my cable modem?
>>
> Wait!  Scratch head!  Because you can?
>
> Here's my current cable modem (without diagnostics) DOCSIS 1.0.
> http://98.165.44.173/
>
> Oh, no seriously, replacing any manufacturer firmware with upgraded versions
> always improves it.  ....And because various diagnostic features and
> functions become available to you, like speed tools, since you have
> essentially "opened up" some of the bandwidth limitations throttled at the
> cable modem level.
>
> See:
> http://www.phx2600.org/forum-archive/viewtopic.php?p=5086&sid=fd4a9eb61f8470a62ea8e148e67ba867
> (referencing speed, etc)
>
> Excerpt:
>
> Different firmwares provide different features and a different feel, as
> well. It would be best for you to scroll through
> http://www.sbhacker.net/forum/ and look at all the different firmware there
> are and find one for you.
>
> Some different firmwares are:
> Original Sigma firmware - Supports DOCSIS 1.0 and many modems. If your ISP
> only supports DOCSIS1.1 and above this is not for you.
> Sigma X2 - There are many versions of this firmware floating around and it
> supports a decent number of modems. Also note, when many connections are
> used at once (like bit torrent) this firmware tends to crash on most modems.
> If you're looking for stability imho this isn't for you unless you want to
> upgrade the memory on the modem.
> FERCSA Sigma X2 - A popular version of Sigma X2. The red on black firmware
> looks awful. :P
> Haxorware - Newer firmware that seems to be getting a lot of attention.
> Arguably the best firmware to date for any cable modem.
> SB5100Mod - Newer firmware that had wonderful development for a short amount
> of time but now looks discontinued. (Only the future will will really tell.)
> This is probably the best firmware on the sb5100.
>
> Now that you've found what cable modem you want to buy another question pops
> up, "Should I buy a pre modded modem?" If you've never soldered anything
> before then the answer is probably yes. Compare prices between pre modded
> and not modded + soldering kit + items to make a JTAG cable. To purchase a
> premod modem visit www.sbhacker.net
> -------------------------------------------------------------------------
> USING THE FIRMWARE
> This can vary greatly depending on what firmware you're using. Because of
> this, this section will be a list of terminology and will be firmware
> independent. This way if you find an option in your firmware and you don't
> know what it is this section can help you regardless what setup you have.
>
> Connecting to your firmware:
> http://192.168.100.1 This is the default modem firmware.
> sb5100mod is http://192.168.100.1:666
> Sigma based firmware and most everything else is http://192.168.100.1:1337
>
>
> Downstream/Upstream Frequency - The areas in the coaxial cable used to
> connect to the ISP. Think of it like FM radio. The range for FM is 87.5 to
> 108.0. "What frequency is such-en-such radio station on?" Coaxial cables
> work the same way.
> Signal to Noise Ratio - Anything above 30dB is good. The lower the number
> the less signal and the more noise.
> Downstream Power Level - Anything from 10 to -10 is good but generally
> connection can be obtained from 15 to -15. If your connection level is lower
> than -10.
> Channel ID - Just like cable TV, cable internet has channels. If you're in a
> congested bandwidth area (during certain times of the day your internet
> slows down) then it might just be an over used channel. Switching to another
> channel can sometimes have surprising benefits.
> Upstream power level - Anything below 50dBmV is good. Most ISPs aim for low
> or mid 40s. This is how loud your cable modem shouts so your ISP can hear
> it. The max power level a modem is allowed to broadcast at is 58. If your
> power level is 58 this can be like a death sentence.
> -If any of your numbers are outside of the ordinary then check out this
> excellent guide here http://www.sbhacker....showtopic=10528
> Serial Number - This is your modems serial number and can be used to trace
> you. However, it is relatively pointless. When changing your mac address
> make sure to change the serial number at the same time.
> HFC MAC Address - This is your modems mac address. It identifies your modem
> to your isp and ultimately who you are must like a mailing address. Remember
> to never hack a modem with a mac address tied to you!
> CPE USB MAC Address - Some cable modems get online via USB instead of
> ethernet. This can be thought of just like the FC MAC Address.
> Known CPE MAC Address - This obtains the mac address of the router or
> computer connected to your cable modem. Your ISP can see this! and therefor
> it is highly recommended you do not plug in any routers or computers
> associated with any legit internet into your hacked modem without changing
> their mac address first!
> Disable firmware updates - This should most likely be enabled. It restricts
> your ISP from automatically changing your modems firmware to something
> legit.
> Factory Mode - "Factory mode, when enabled, gives you access via snmp to the
> factory mib. the factory mib is a list of oid's, each oid having a uniq
> function. Here is a very small list of things you can do remote via snmp
> when in factory mode, *get/set the hfc, ethernet and usb mac addresses.
> *get/set the modem serial number. *get/set the modem certs (cm,vendor, and
> secure code). *ping ip addreses. *execute shell commands *execute injected
> code (see cmFactoryBCMGroup 'CommandType, AddressOrOpcode, ByteCount and
> Data')" http://www.sbhacker....hp?showtopic=17
> Configuration Page Changeable - This allows you to alter some of the
> settings on http://192.168.100.1
> Reboot Disabler - Some ISPs auto try to reboot modems. This disables that.
> Enabling this can be extremely helpful.
> Force Network Access - Gain network access without authorization. Some ISPs
> might need this.
> Embedded Telnet Server - When enabled you can log into the modems shell via
> telnet and type in different advanced commands. If you're on windows check
> out putty (using google) and try the telnet version of that app.
> SNMP Deamon - SNMP is a protocol that broadcasts information about your
> modem to your ISP and anyone who scans for it. Disabling this will remove
> your ISP from seeing you. I recommend disabling it.
> SNMP Port - Changing the SNMP broadcast port can generally have the same
> effect as disabling SNMP. I recommend changing the port. Default is 161.
> Community String Miner - This helps find the a community string for your
> ISP. Community strings are used for SNMP scanning.
> Full Flash Backup - I highly recommend you do this and save the file
> somewhere so that it will not be lost. If anything bad happens to your modem
> you can then use this.
> Disable firmware updates - This should most likely be enabled. It restricts
> your ISP from automatically changing your modems firmware to something
> legit.
> Factory Mode - "Factory mode, when enabled, gives you access via snmp to the
> factory mib. the factory mib is a list of oid's, each oid having a uniq
> function. Here is a very small list of things you can do remote via snmp
> when in factory mode, *get/set the hfc, ethernet and usb mac addresses.
> *get/set the modem serial number. *get/set the modem certs (cm,vendor, and
> secure code). *ping ip addreses. *execute shell commands *execute injected
> code (see cmFactoryBCMGroup 'CommandType, AddressOrOpcode, ByteCount and
> Data')" http://www.sbhacker....hp?showtopic=17
> Configuration Page Changeable - This allows you to alter some of the
> settings on http://192.168.100.1
> Reboot Disabler - Some ISPs auto try to reboot modems. This disables that.
> Enabling this can be extremely helpful.
> Force Network Access - Gain network access without authorization. Some ISPs
> might need this.
> Embedded Telnet Server - When enabled you can log into the modems shell via
> telnet and type in different advanced commands. If you're on windows check
> out putty (using google) and try the telnet version of that app.
> SNMP Deamon - SNMP is a protocol that broadcasts information about your
> modem to your ISP and anyone who scans for it. Disabling this will remove
> your ISP from seeing you. I recommend disabling it.
> SNMP Port - Changing the SNMP broadcast port can generally have the same
> effect as disabling SNMP. I recommend changing the port. Default is 161.
> Community String Miner - This helps find the a community string for your
> ISP. Community strings are used for SNMP scanning.
> Full Flash Backup - I highly recommend you do this and save the file
> somewhere so that it will not be lost. If anything bad happens to your modem
> you can then use this.
> CM Certification - This allows you to backup your cert file. I highly
> recommend you do this and a place that you will not loose it. My hdd fried
> and I lost some data and my modem fried in the same week. I lost my cert for
> my modem. Don't let this happen to you!
> Config file - When your modem turns on it downloads a config file from
> either a default TFTP server or from one of your choosing. Some firmwares
> give options to save the config file onto your modem to skip this step.
> Also, some firmwares allow for downloading and config files.
> Hardware Changer MAC/Serial - This allows you to change your modems mac and
> serial. This is quite useful.
> Firmware / Config Down - This updates the firmware on your modem. Caution!
> Backup your 2MB flash and certification file before doing this! IP is the
> STATIC address of your computer you manually setup hosting a TFTP server.
> Filename is the name of the .bin file for the firmware you're updating.
> sysDescr - Information given to your ISP about your modem.
> docsDevSwCurrentVers - Current version of standard firmware (bios) your
> modem is running.
> NonVol Config - A file that contains all everything about your modem. This
> file contains certificates in your modem.
> -------------------------------------------------------------------------
> GETTING ONLINE
> This step varies drastically depending not only on what ISP you're trying to
> connect to but what area you live in as well. For example, in some areas
> comcast supports DOCSIS 1.0/1.1 only and in other areas comcast might
> support DOCSIS 1.1/2.0 only. Keep this in mind that everyone's situation is
> unique regardless what ISP you're on.
>
> Before getting online I have an important question to ask you, "Do you
> already have cable internet or/and cable TV?" If you do not then there might
> be a filter on your coaxial line running into your house, or the wires may
> not even be plugged in at all. A good page to checkout topic=8143 (on
> sbhacker.net forums) and make sure nothing physically is obstructing the
> internets, or series of tubes, running to your house.
>
> IMHO you should sign up for legit internet if you haven't already for at
> least a couple of months if not permanently. Cable internet is a service. If
> you sign up for internet they will make sure not only that any modem in your
> house can get online, but your ISP will also make sure the signal is strong
> enough for the internet to work well.
>
> --> End excerpt
>
> The newer flashable Motorola SB6120 provides Interface bonding - which makes
> it scream (when the cable company supports DOCSIS 3.0):
> http://wn.com/Flashing_SB6120_via_U-Boot
>
>
>
>>
>> On Sun, Mar 13, 2011 at 5:24 PM, Lisa Kachold <obnosis at gmail.com> wrote:
>> > SBHacker Surfboard 5100/5101 RoundUp Report:
>> >
>> > With a great deal of "can-do attitude" from Kaia Taylor, hardware
>> > expertise
>> > from Brad Blanette, and equipment provided by Don (not his real name),
>> > our
>> > HackFesters were able to work with three modems:
>> >
>> > 0) Kaia Taylor 5100 {successfully added Lite Version haxorware}
>> >
>> > 1) Don's 5101 {successfully flashed but appearing with error (see
>> > below)}
>> >
>> > 2) Don's 5100 (no JTAG)
>> >
>> > I worked more with #1 Motorola Surfboard 5101, reflashed it with diag
>> > version from here:
>> > http://www.haxorware.com/
>> >
>> > It says:
>> > Error: No CFG area Found!
>> >
>> > References to AMD Chip SBoards:
>> >
>> >
>> > http://www.sbhacker.net/forum/index.php/topic/16152-blackcat-usb-flashes-intel-fine-amd-verification-errors/
>> >
>> > Assumption:  Bricked or memory toasted Cable Modem.
>> > Action: Get $newer model that works before I attempt to flash it?
>> >
>> > We will be continuing the Sbhacker games next Saturday at Noon [now that
>> > we
>> > know how to do it more or less] over at Gangplankhq.com, so bring your
>> > cable
>> > modems!
>> > --
>> > Office: (480)307-8712
>> > AT&T: (503)754-4452
>> >
>> > lkachold at incentivelogic.com
>> >
>> > Senior Systems Administration
>> > SOMEPLACE REALLY Good
>> >
>> > "The war of good and evil present in all religions does not always end,
>> > in
>> > every faith, with the victory of good, but in every one it establishes a
>> > clear order of existence. The sacred as well as the profane rests on
>> > that
>> > universal order.."
>> > --Stanislav Lem
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>> >
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> --
> (503) 754-4452 iPhone
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
>
>  http://www.obnosis.com
>
> Senior Systems Administrator
> IncentiveLogic,com
>
> Catch My MetaSploit & IP CAM Surveillance
> Presentations @ ABLEConf.com in April!
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>


More information about the PLUG-discuss mailing list