+- Haxorware Forums (http://www.haxorware.com/forums)
+-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6)
+--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7)
+--- Thread: Arris TG2492 (VM Super hub 3) (/showthread.php?tid=6860)
RE: Arris TG2492 (VM Super hub 3) - vmu19 - 20-01-2019
Something like this:
$ mkdir /tmp/mmc;chmod 777 /tmp/mmc
$ sudo in.tftpd -cls /tmp/mmc
$ ssh root2@192.168.0.1 /bin/bash -i
root2@192.168.0.1's password:
/bin/bash: can't access tty; job control turned off
# cd /dev
# for p in mmc*;do tftp -p -l $p 192.168.0.100;done
RE: Arris TG2492 (VM Super hub 3) - eltremendo - 20-01-2019
But would you be able to extract the certs this way?
RE: Arris TG2492 (VM Super hub 3) - vmu19 - 20-01-2019
I imagine so. However the modem I'm using hasn't been used to connect to the ISP. I think this is the cert stuff here, but not sure:
# find /nvram/1/security
/nvram/1/security
/nvram/1/security/cm_key_prv.bin
/nvram/1/security/root_pub_key.bin
/nvram/1/security/mfg_cert.cer
/nvram/1/security/download
/nvram/1/security/download/40_0d_10_af_cb_f3_ED_EncCertFile.bin
/nvram/1/security/download/TI_NA_Cert_400d10afcbf3.key
/nvram/1/security/download/40_0d_10_af_cb_f3_ND_EncCertFile.bin
/nvram/1/security/download/TI_EU_Cert_400d10afcbf3.key
/nvram/1/security/download/TI_NA_Cert_400d10afcbf3.cer
/nvram/1/security/download/TI_EU_Cert_400d10afcbf3.cer
/nvram/1/security/cm_cert.cer
/nvram/1/security/mfg_key_pub.bin
RE: Arris TG2492 (VM Super hub 3) - danman - 25-02-2019
Hi guys, I'm working on very similar device CH7465 with NOSH firmware.
I was able to make a full dump and have convenient way to modify the internal eMMC.
My device doesn't display almost any messages on its console (just a few messages from bootloader) so no shell access is available.
I was also able to order another device from ebay and after clonning eMMC also the copy works Ok for accessing my internet connection.
I'd like to enable telnet/ssh access on this device. Did you make any progress with this?
RE: Arris TG2492 (VM Super hub 3) - danman - 25-02-2019
![[Image: wikAHI2.jpg]](https://i.imgur.com/wikAHI2.jpg)
RE: Arris TG2492 (VM Super hub 3) - danman - 25-02-2019
@vmu19 : can you share your flash dump?
RE: Arris TG2492 (VM Super hub 3) - danman - 02-03-2019
I'm getting PMs about how did I extract the FW. It's easy, you need a "better" SD card reader, in my case Transcend TS-RDF5K, SD or microSD breakout board:
https://github.com/danielkucera/MicroSD_Sniffer
and connect corresponding pins on the board:
https://blog.danman.eu/wp-content/uploads/2019/03/router-upc-pinout-desc.jpg
Then you just insert the breakout board, connect pins to your board and you can extract, e.g. via dd:
Code:
dd if=/dev/sdc of=dump.dd bs=1MRE: Arris TG2492 (VM Super hub 3) - eltremendo - 02-03-2019
(20-01-2019, 10:12 AM)vmu19 Wrote: Something like this:
$ mkdir /tmp/mmc;chmod 777 /tmp/mmc
$ sudo in.tftpd -cls /tmp/mmc
$ ssh root2@192.168.0.1 /bin/bash -i
root2@192.168.0.1's password:
/bin/bash: can't access tty; job control turned off
# cd /dev
# for p in mmc*;do tftp -p -l $p 192.168.0.100;done
(02-03-2019, 12:06 PM)danman Wrote: I'm getting PMs about how did I extract the FW. It's easy, you need a "better" SD card reader, in my case Transcend TS-RDF5K, SD or microSD breakout board:
https://github.com/danielkucera/MicroSD_Sniffer
and connect corresponding pins on the board:
https://blog.danman.eu/wp-content/uploads/2019/03/router-upc-pinout-desc.jpg
Then you just insert the breakout board, connect pins to your board and you can extract.
Can i pm you?
RE: Arris TG2492 (VM Super hub 3) - danman - 02-03-2019
(02-03-2019, 02:10 PM)eltremendo Wrote:Why not ask here?(20-01-2019, 10:12 AM)vmu19 Wrote: Something like this:
$ mkdir /tmp/mmc;chmod 777 /tmp/mmc
$ sudo in.tftpd -cls /tmp/mmc
$ ssh root2@192.168.0.1 /bin/bash -i
root2@192.168.0.1's password:
/bin/bash: can't access tty; job control turned off
# cd /dev
# for p in mmc*;do tftp -p -l $p 192.168.0.100;done
(02-03-2019, 12:06 PM)danman Wrote: I'm getting PMs about how did I extract the FW. It's easy, you need a "better" SD card reader, in my case Transcend TS-RDF5K, SD or microSD breakout board:
https://github.com/danielkucera/MicroSD_Sniffer
and connect corresponding pins on the board:
https://blog.danman.eu/wp-content/uploads/2019/03/router-upc-pinout-desc.jpg
Then you just insert the breakout board, connect pins to your board and you can extract.
Can i pm you?
RE: Arris TG2492 (VM Super hub 3) - eltremendo - 02-03-2019
i have another board, from a 1602A arris . how can i trace or find the corresponding pins ?