SBG901 memory dump - Printable Version +- Haxorware Forums (http://www.haxorware.com/forums) +-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6) +--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7) +--- Thread: SBG901 memory dump (/showthread.php?tid=3725) |
SBG901 memory dump - key_rookie - 15-08-2015 Wats up modem modding junkies, So I flashed my sb5100 with sb5100mod firmware. Now I'm trying to extract certs from sbg901 sub modem. The only problem is most threads i find are outdated for instance this thread: http://www.haxorware.com/forums/showthread.php?tid=885&highlight=sbg901 Seemed very helpful and somewhat still is because it proves that the certs can be extracted. But before even trying to extract the cert i need to get the memory dump. Which I don't know how to do as yet. So I was wondering if anyone has ever gotten the memory dump from this modem using these headers: if not then I'll have to solder on the pins of the chip and extract the dump. Thanks RE: SBG901 memory dump - key_rookie - 18-08-2015 I have successfully extracted the memory dump: SBG901 flashcat screenshot I'm not sure if cmnonexp would successfully extract the certs but sheeeeeeeet its worth a try. So can someone provided me with the download to the latest version of cmnonexp. I download this version: http://www.haxorware.com/forums/attachment.php?aid=580 from drewmerc's post: http://www.haxorware.com/forums/showthre...7#pid16207 dunno if its the latest version but if not can someone provide me with a download link and a small tutorial. Thanks When I used the above version of cmnonexp this was the result: Results The README file stated that it would extract 5 files and I can seem them there but I see more. I believe its because I ran it with the full 8MB .bin dump. Should I use the first 5 files extracted? And one more question can SB5100mod firmware import certs? RE: SBG901 memory dump - drewmerc - 18-08-2015 1st 5 is fine RE: SBG901 memory dump - key_rookie - 18-08-2015 Thanks merc, I had a few more questions I've been searching the forum for tools to insert my certs in a sb5100 modem with sb5100mod firmware running on it. I've notice that you can use sbtools to insert the certs but that seems to take a standard 2MB dump to do so. And it seem that I extracted 8MB which is the size of my modem's flash. So instead I wanted to uses something like IPFull I notice its a program you used way back to insert single files. So my first question would be is it even possible for me to insert the certs I extracted from my SBG901 (received from my cable company) into this SB5100 modem? If so can you provide me with the latest download for sbtools and ip tools? I asked if its possible because my understanding (from some small reading on certs) is that certs are mainly use to ID a device and/or encryption (maybe BPI in this case?). So I'm viewing it as a file that can be be extracted from any one modem and placed any other modem (or device for that sake). But I'm not sure if I'm right? thanks RE: SBG901 memory dump - drewmerc - 19-08-2015 they may work, no clue, latest iptools/sbtools can be found on forocable (hows your Spanish) RE: SBG901 memory dump - key_rookie - 21-08-2015 yo hablo pocito pero es muy mal. I managed to insert them via snmp but I think I uploaded with the wrong header for my cm_cert. This video from kelvinhbo: showed how to insert them via snmp. I wasn't aware of the header hex code for the certs, you know the 008c, 027B and so forth and I wasn't aware of the letter count either (324 for private and 1300 for public, etc...). I did an snmpget for the OIDs that were to be overwritten with their corresponding key and I notice that the private key and public response had the 2 hex headers so I'm assuming thats why its placed in there (maybe it was removed by the extract program for some reason I dunno). But I notice for the cm_cert there had a different hex header. But I didn't use that instead I use the hex header from the video now I'm kinda regretting that shit. So I believe I might have fucked up because I didn't save the one I got in respond from the query to the MIB for the cm_cert. And still count figure out where they got those letter count from 324,1300,1800 anywayz I'll try to figure it out. The videos also only uploaded 3 files the private key, public key, and cm_cert. But the extract program also extracts the root_key and the ca_cert. On forocable forums I got the understanding that the other two didn't matter, but I'm not sure. I'll continue reading and see what I find. Thanks for the help drew |