+- Haxorware Forums (http://www.haxorware.com/forums)
+-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6)
+--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7)
+--- Thread: extracting certs via Telnet - on modems that don't respond to Fastcert (/showthread.php?tid=3545)
extracting certs via Telnet - on modems that don't respond to Fastcert - jofre - 07-05-2015
hello, world
has anyone had success extracting certs via Telnet using 'diag readmem' command?
I could find some kind of pvt key using (on SVG1202)
diag readmem -s 1 -n 16384 0x80bd60dc
(but it did not work as expected)
I saw some posts using this address instead
diag readmem -s 4 -n 5838 0x83fa8b80
can it be done?
RE: extracting certs via Telnet - drewmerc - 07-05-2015
read the entire memory then extract with http://www.haxorware.com/forums/showthread.php?tid=1156&pid=16207#pid16207
untested but i done see why it would not work
RE: extracting certs via Telnet - jofre - 07-05-2015
thank you
you mean 'extract with CMnOnVol_Extractor', right?
cmnonexp needs a .bin file to work
how can I convert the output - that goes like this below - to a .bin file?
"
Console/system> diag readmem -s 1 -n 16384 0x80bd60dc
80bd60dc: 20 d8 d9 00 00 00 00 00 2d 2d 2d 2d 2d 42 45 47 | .......-----BEG
80bd60ec: 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b | IN RSA PRIVATE K
80bd60fc: 45 59 2d 2d 2d 2d 2d 0a 4d 49 49 43 57 77 49 42 | EY-----.MIICWwIB
80bd610c: 41 41 4b 42 67 51 43 39 59 43 57 37 52 31 48 64 | AAKBgQC9YCW7R1Hd
80bd611c: 31 55 78 72 57 44 59 78 77 50 6a 39 76 68 52 57 | 1UxrWDYxwPj9vhRW
80bd612c: 6f 57 4c 53 77 31 39 74 73 39 70 57 74 44 2b 69 | oWLSw19ts9pWtD+i
80bd613c: 50 2f 49 78 6d 53 61 5a 0a 34 42 46 30 49 78 70 | P/IxmSaZ.4BF0Ixp
...etc "
RE: extracting certs via Telnet - ricktendo - 07-05-2015
If you can telnet then you can activate factory mode, once you have done this you can use snmp to grab the certs
RE: extracting certs via Telnet - jofre - 07-05-2015
I must be unaware of the OIDs to achieve this
In old modems - i.e. sb5100 and sb5101 - I can get the certs easily via fastcert
Newer modems will not respond to fastcert although I can access them via telnet
Any ideas on how to find those OIDs?
Using solarwinds SNMP Walk I can get some of the certs but not the pvt key
Maybe the community string for newer modems is different,
But I'd bet on a different OID
Thank you
RE: extracting certs via Telnet - geoneo111 - 31-08-2016
(07-05-2015, 06:01 AM)drewmerc Wrote: read the entire memory then extract with http://www.haxorware.com/forums/showthread.php?tid=1156&pid=16207#pid16207
untested but i done see why it would not work
What is the command to read the entire memory?
diag readmem ?