Haxorware Forums General Modems v
SBG901 memory dump

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
SBG901 memory dump
key_rookie Offline
ǝıʞooɹ ‾ʎǝʞ
***
Posts: 21
Threads: 5
Joined: Jun 2015
Reputation: 0
#1
15-08-2015, 03:58 PM (This post was last modified: 15-08-2015, 04:57 PM by key_rookie.)
Wats up modem modding junkies,

So I flashed my sb5100 with sb5100mod firmware. Now I'm trying to extract certs from sbg901 sub modem. The only problem is most threads i find are outdated for instance this thread:

http://www.haxorware.com/forums/showthre...ght=sbg901

Seemed very helpful and somewhat still is because it proves that the certs can be extracted. But before even trying to extract the cert i need to get the memory dump.

Which I don't know how to do as yet. So I was wondering if anyone has ever gotten the memory dump from this modem using these headers:

[Image: id7e.png]

if not then I'll have to solder on the pins of the chip and extract the dump.

Thanks
Find
Reply
key_rookie Offline
ǝıʞooɹ ‾ʎǝʞ
***
Posts: 21
Threads: 5
Joined: Jun 2015
Reputation: 0
#2
18-08-2015, 02:14 AM (This post was last modified: 18-08-2015, 02:38 AM by key_rookie.)
I have successfully extracted the memory dump:

SBG901 flashcat screenshot

Big GrinBig GrinBig Grin

I'm not sure if cmnonexp would successfully extract the certs but sheeeeeeeet its worth a try. So can someone provided me with the download to the latest version of cmnonexp. I download this version:

http://www.haxorware.com/forums/attachment.php?aid=580

from drewmerc's post:

http://www.haxorware.com/forums/showthre...7#pid16207

dunno if its the latest version but if not can someone provide me with a download link and a small tutorial.

Thanks
When I used the above version of cmnonexp this was the result:

Results

The README file stated that it would extract 5 files and I can seem them there but I see more. I believe its because I ran it with the full 8MB .bin dump. Should I use the first 5 files extracted?

And one more question can SB5100mod firmware import certs?
Find
Reply
drewmerc Offline
Prefect
******
Posts: 3,900
Threads: 19
Joined: Oct 2008
Reputation: 158
#3
18-08-2015, 07:05 PM
1st 5 is fine
__________________________________________________________________________________
******new discord chat link https://discord.gg/5BQQbsb*******
Website Find
Reply
key_rookie Offline
ǝıʞooɹ ‾ʎǝʞ
***
Posts: 21
Threads: 5
Joined: Jun 2015
Reputation: 0
#4
18-08-2015, 09:39 PM (This post was last modified: 19-08-2015, 07:31 AM by key_rookie.)
Thanks merc,

I had a few more questions I've been searching the forum for tools to insert my certs in a sb5100 modem with sb5100mod firmware running on it. I've notice that you can use sbtools to insert the certs but that seems to take a standard 2MB dump to do so. And it seem that I extracted 8MB which is the size of my modem's flash.

So instead I wanted to uses something like IPFull I notice its a program you used way back to insert single files.

So my first question would be is it even possible for me to insert the certs I extracted from my SBG901 (received from my cable company) into this SB5100 modem? If so can you provide me with the latest download for sbtools and ip tools?

I asked if its possible because my understanding (from some small reading on certs) is that certs are mainly use to ID a device and/or encryption (maybe BPI in this case?). So I'm viewing it as a file that can be be extracted from any one modem and placed any other modem (or device for that sake). But I'm not sure if I'm right?

thanks
Find
Reply
drewmerc Offline
Prefect
******
Posts: 3,900
Threads: 19
Joined: Oct 2008
Reputation: 158
#5
19-08-2015, 05:23 AM
they may work, no clue, latest iptools/sbtools can be found on forocable (hows your Spanish)
__________________________________________________________________________________
******new discord chat link https://discord.gg/5BQQbsb*******
Website Find
Reply
key_rookie Offline
ǝıʞooɹ ‾ʎǝʞ
***
Posts: 21
Threads: 5
Joined: Jun 2015
Reputation: 0
#6
21-08-2015, 03:45 AM
yo hablo pocito pero es muy mal.

I managed to insert them via snmp but I think I uploaded with the wrong header for my cm_cert.

This video from kelvinhbo:



showed how to insert them via snmp.

I wasn't aware of the header hex code for the certs, you know the 008c, 027B and so forth and I wasn't aware of the letter count either (324 for private and 1300 for public, etc...).

I did an snmpget for the OIDs that were to be overwritten with their corresponding key and I notice that the private key and public response had the 2 hex headers so I'm assuming thats why its placed in there (maybe it was removed by the extract program for some reason I dunno). But I notice for the cm_cert there had a different hex header. But I didn't use that instead I use the hex header from the video now I'm kinda regretting that shit. So I believe I might have fucked up because I didn't save the one I got in respond from the query to the MIB for the cm_cert. And still count figure out where they got those letter count from 324,1300,1800 anywayz I'll try to figure it out.

The videos also only uploaded 3 files the private key, public key, and cm_cert. But the extract program also extracts the root_key and the ca_cert. On forocable forums I got the understanding that the other two didn't matter, but I'm not sure. I'll continue reading and see what I find.

Thanks for the help drew
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)