A little bit of help - infyenyte - 17-08-2010
I need a little help.
have read a lot of guides and followed them. this is how i have my max232 adaptor and ambit 255 modem.
And this is the output i get from hyperterminal/putty.
i don't get any of the searching for frequecny like in the guides and videos.
Code: Control: 0005
Major Rev: 0000
Minor Rev: 0000
Build Time: 2009/3/6 08:54:53 Z
File Length: 935469 bytes
Load Address: 80010000
Filename: ecram_sto.bin
HCS: a64f
CRC: 8c35e82b
Performing CRC on Image 2...
Detected LZMA compressed image... decompressing...
Target Address: 0x80010000
..............
Decompressed length: 3670227
Executing Image 2...
eCos - hal_diag_init
Init device '/dev/ttydiag'
Init tty channel: 8035d1e0
Init device '/dev/tty0'
Init tty channel: 8035d200
Init device '/dev/haldiag'
HAL/diag SERIAL init
Init device '/dev/ser0'
BCM 33XX SERIAL init - dev: 0.2
Set output buffer - buf: 80391af0 len: 2048
Set input buffer - buf: 803922f0 len: 2048
BCM 33XX SERIAL config
Current Boot Image : 2
file length= 935469
program header length :92
Flash driver opened.
Total Parse 25 element
ParseTLV Successd !
Reading Permanent settings from non-vol...
Checksum for permanent settings: 0x74a5028e
*
*
* One or more of the settings groups was upgraded.
*
*
Settings were read and verified.
Reading Dynamic settings from non-vol...
Checksum for dynamic settings: 0x6f50a5b6
Settings were read and verified.
boot loader version = 3164
Tag : 11, Length : 1, Value =1
Tag : 12, Length : 1, Value =1
Tag : 13, Length : 1, Value =1
Tag : 14, Length : 1, Value =0
Tag : 15, Length : 1, Value =0
Tag : 16, Length : 1, Value =0
Tag : 17, Length : 1, Value =0
Tag : 18, Length : 1, Value =1
Tag : 19, Length : 1, Value =1
Tag : 1a, Length : 1, Value =1
Tag : 1b, Length : 1, Value =0
Tag : 1c, Length : 1, Value =0
Tag : 1d, Length : 1, Value =0
Tag : 1e, Length : 1, Value =0
Tag : 29, Length : 1, Value =1
Tag : 2d, Length : 1, Value =3
Tag : 64, Length : 120, Value =41 4d 42 49 54 20 45 75 72 6f 20 44 4f 43 53 4 9 53 20 32 2e 30 20 43 61 62 6c 65 20 4d 6f 64 65 6d 20 3c 3c 48 57 5f 52 45 56 3a 20 31 2e 31 39 3b 20 56 45 4e 44 4f 52 3a 20 41 4d 42 49 54 3b 20 42 4f 4f 54 52 3a 20 33 2e 31 2e 36 64 3b 20 53 57 5f 52 45 56 3a 20 32 2e 39 34 2e 31 30 3 1 35 3b 20 4d 4f 44 45 4c 3a 20 45 30 38 43 30 30 37 3e 3e 0 0 0 0 0
Tag : 6a, Length : 8, Value =33 2e 31 2e 36 64 0 0
Tag : 6b, Length : 8, Value =31 2e 31 39 0 0 0 0
Tag : 65, Length : 16, Value =32 2e 39 34 2e 31 30 31 35 0 0 0 0 0 0 0
Tag : 66, Length : 16, Value =32 2e 39 34 2e 31 30 31 35 0 0 0 0 0 0 0
Tag : 67, Length : 24, Value =31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 36 38 34 2e 32 2e 31 2e 36 0 0
Tag : 68, Length : 44, Value =41 6d 62 69 74 20 63 61 62 6c 65 6d 6f 64 65 6d 20 61 67 65 6e 74 20 76 65 72 73 69 6f 6e 20 32 0 0 0 0 0 0 0 0 0 0 0 0
Tag : 69, Length : 28, Value =31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 36 38 34 2e 32 2e 33 2e 31 2e 31 2e 32 2e 31
vvv Interface creation and driver startup beginning vvv
-> Begin DOCSIS CM WAN interface
Creating HAL object for the DOCSIS CableModem interface
numFreqPlan 4
Registering DOCSIS CableModem driver
0000000 - The DS Channel List is being updated (RFI-N-03.0086).
0000001 - The list is empty; adding a single default scanning entry.
-> End DOCSIS CM WAN interface
-> Begin Ethernet LAN interfaces
Creating HAL object for the Ethernet interface
Registering Ethernet driver
-> End Ethernet LAN interfaces
-> Begin USB LAN interface
Creating HAL object for the USB 1.1 interface
Registering USB driver
0000002 - CM HAL reports h/w support for PHS, bitmask=3
0000003 - CM HAL reports h/w support for PHS, size=64
-> End USB LAN interface
-> Begin IP Stack interfaces
-> Starting V2 DHCP Client subsystem...
Creating HAL object for IP Stack1 (MAC Addr=00:14:a4:c2:86:9f)
Registering IP Stack1 driver
Creating HAL object for IP Stack2 (MAC Addr=00:02:8a:de:ad:02)
Registering IP Stack2 driver
IP Stack3 not enabled or failed to create and start interface; no other stacks will be loaded.
-> End IP Stack interfaces
^^^ Interface creation and driver startup complete ^^^
Propane version: 2.0.1 (28 Oct 2002)
DON'T think we need to go here - so don't:::: init_mib !!!!
WARNING: netsnmp_brcm_create_tstring called with no address!
Creating SNMP agent cablemodem agent
Creating SNMP agent CPE diag agent
0000004 - Successfully added MAC Management address to CAM
0000005 - Interface 10 additional registration w/ SNMP agent OK.
************************************
*** Start up CPU load monitor module
************************************
*
* *
* *
* *
* *
* *
* *
* *
* *
* *
* *
* *
* *
* *
* *
* *
* * * *
* * * * * * ***
* * * * * * * * *******************
* * * * * *
* *
Broadcom Corporation Reference Design
+----------------------------------------------------------------------------+
| _/_/ _/_/_/_/ _/_/ |
| _/ _/ _/ _/ _/ Broadband |
| _/ _/ _/ _/ |
| _/_/ _/_/_/ _/ Foundation |
| _/ _/ _/ _/ |
| _/ _/ _/ _/ _/ Classes |
| _/_/_/ _/ _/_/ |
| |
| Copyright (c) 1999 - 2005 Broadcom Corporation |
| |
| Revision: 3.9.32 RELEASE |
| |
| Features: MinimalConsole Nonvol Slim HeapManager SNMP Networking USB1.1 |
+----------------------------------------------------------------------------+
| Standard Embedded Target Support for BFC |
| |
| Copyright (c) 2003-2004 Broadcom Corporation |
| |
| Revision: 3.0.1 RELEASE |
| |
| Features: PID=0xa603 Bootloader-Rev=3.1.6d |
| Features: Bootloader-Compression-Support=0x19 |
+----------------------------------------------------------------------------+
| eCos BFC Application Layer |
| |
| Copyright (c) 1999 - 2004 Broadcom Corporation |
| |
| Revision: 3.0.2 RELEASE |
| |
| Features: eCos Console Cmds, (no Idle Loop Profiler) |
+----------------------------------------------------------------------------+
| _/_/ _/ _/ |
| _/ _/ _/_/ _/_/ DOCSIS Cable Modem |
| _/ _/ _/ _/ |
| _/ _/ _/ |
| _/ _/ _/ |
| _/ _/ _/ _/ |
| _/_/ _/ _/ |
| |
| Copyright (c) 1999 - 2005 Broadcom Corporation |
| |
| Revision: 3.9.32 RELEASE |
| |
| Features: AckCel(tm) DOCSIS 1.0/1.1/2.0 Propane(tm) CM SNMP w/Factory MIB |
| Features: Support CM Vendor Extension |
+----------------------------------------------------------------------------+
| Broadcom Data-Only CM Vendor Extension |
| |
| Copyright (c) 1999 - 2004 Broadcom Corporation |
| |
| Revision: 3.6.2 RELEASE |
| |
| Features: DHCP Server HTTP Server OSS2-N-03025 Visualization LED |
| Features: Controller |
+----------------------------------------------------------------------------+
| Build Date: Mar 6 2009 |
| Build Time: 16:54:37 |
| Built By: betty |
| Firmware version : 2.94.1015 |
| Hidden version : 2.94.1015 |
+----------------------------------------------------------------------------+
Disable console output
[/code]
RE: A little bit of help - drewmerc - 17-08-2010
thats a silent bootloader try using console unlocker
RE: A little bit of help - infyenyte - 17-08-2010
i used console unlocker it said it was successful. but i am still getting the same thing on putty.
RE: A little bit of help - drewmerc - 17-08-2010
Code: this guide is by kind permission of the exploit mker`water aka anonymous` or whatever you know him as.
--------------------------------------------------------------------------
1. Apply serial(max 232 lead) and Ethernet connection between your PC and the modem
2. Set your PC IP parameters to:
IP: 192.168.100.10
Subnet: 255.255.255.0
Gateway: 192.168.100.1
3. Power on the modem and wait for it to startup (10 secs)
4. Open the exploit application and hit “Execute Exploit”
5. If it says its successful, then the console is now ready to accept connections!
If it fails, power cycle the modem and try the application again.
At this point, if you want to restore your bootloader to the original 2.1.6d that has the re-flashing menu etc,
you need a copy of SoftJTAG and the 2.1.6d bootloader.
**BE CAREFUL WHEN USING SOFTJTAG - As you can brick your modem if your not careful**
1. Open SoftJTAG,3.10 and connect via your serial port.
2. On the right hand side, click on “Write Bootloader” and select the 2.1.6d bootloader file
3. Wait till its done (this takes 10 – 15 minutes). Once it’s done, close SoftJTAG
4. Start HyperTerminal/TeraTerm and connect to your serial port
5. Reset the modem
Upon resetting the modem, you will now be given the option to stop at P as it is now booting with the 2.1.6d bootloader.
You MUST press the button and stop then, as if you miss it and let it fully boot, your bootloader will be over-written again
with the 3.1.6d, in which case you will have to repeat these steps again and be quicker not to miss it next time.
If you are successful in entering the menu, you can now re-flash or whatever you wish to do with your modem from this menu!
software required :
console unlocker (exploit)v1.1b
softjtag v3.10
2.1.6d bootloader file
************************************************** **************
yes but are you flashing a new bootloader like the guide says?
RE: A little bit of help - infyenyte - 18-08-2010
(17-08-2010, 07:20 PM)drewmerc Wrote: Code: this guide is by kind permission of the exploit mker`water aka anonymous` or whatever you know him as.
--------------------------------------------------------------------------
1. Apply serial(max 232 lead) and Ethernet connection between your PC and the modem
2. Set your PC IP parameters to:
IP: 192.168.100.10
Subnet: 255.255.255.0
Gateway: 192.168.100.1
3. Power on the modem and wait for it to startup (10 secs)
4. Open the exploit application and hit “Execute Exploit”
5. If it says its successful, then the console is now ready to accept connections!
If it fails, power cycle the modem and try the application again.
At this point, if you want to restore your bootloader to the original 2.1.6d that has the re-flashing menu etc,
you need a copy of SoftJTAG and the 2.1.6d bootloader.
**BE CAREFUL WHEN USING SOFTJTAG - As you can brick your modem if your not careful**
1. Open SoftJTAG,3.10 and connect via your serial port.
2. On the right hand side, click on “Write Bootloader” and select the 2.1.6d bootloader file
3. Wait till its done (this takes 10 – 15 minutes). Once it’s done, close SoftJTAG
4. Start HyperTerminal/TeraTerm and connect to your serial port
5. Reset the modem
Upon resetting the modem, you will now be given the option to stop at P as it is now booting with the 2.1.6d bootloader.
You MUST press the button and stop then, as if you miss it and let it fully boot, your bootloader will be over-written again
with the 3.1.6d, in which case you will have to repeat these steps again and be quicker not to miss it next time.
If you are successful in entering the menu, you can now re-flash or whatever you wish to do with your modem from this menu!
software required :
console unlocker (exploit)v1.1b
softjtag v3.10
2.1.6d bootloader file
************************************************** **************
yes but are you flashing a new bootloader like the guide says?
done it's done thanks for your help. i found out i wasn't seeing the p thing i just started pressing it and it worked.
|