Hello,
I have Haxorware (Version 1.1 Revision 39) installed on my modem, however my ISP sends me a dynamic configuration file each time I connect on the internet.
When I am connecting on the internet, the name of the dynamic configuration files are some random garbage (e.g. "HSUBsgvca69834ncxv9873254k")
By doing ip_initialize in the telnet-mode of the modem, I can see the static configuration file (e.g. "folder/...cm").
Me and my friend used cmtsMICcracker and modified it a bit in a distributive manner, so we connected about 30 machines in our laboratory and ran cmtsMICcracker for about 3 weeks.
After that, we finally found out the HMAC-MD5 hash for the original CM file, and now I know the password to it so I can edit stuff with VultureWare DOCSIS Config Editor.
However, each of the dynamic configuration files are not using the same password that the original (static) .CM file is using.
I want to modify some stuff from the CM file and use those modifications. What are the next steps that I can do in order to achieve this? Is there a way to bypass the TFTP registration?
I tried most combinations of using force config file and tftp enforce bypass, but I always get "Neg Or Bad Reg Rsp - Reinitialize MAC..." (in the error log through telnet we have kRejAuthFailureBadHmac)
I have Haxorware (Version 1.1 Revision 39) installed on my modem, however my ISP sends me a dynamic configuration file each time I connect on the internet.
When I am connecting on the internet, the name of the dynamic configuration files are some random garbage (e.g. "HSUBsgvca69834ncxv9873254k")
By doing ip_initialize in the telnet-mode of the modem, I can see the static configuration file (e.g. "folder/...cm").
Me and my friend used cmtsMICcracker and modified it a bit in a distributive manner, so we connected about 30 machines in our laboratory and ran cmtsMICcracker for about 3 weeks.
After that, we finally found out the HMAC-MD5 hash for the original CM file, and now I know the password to it so I can edit stuff with VultureWare DOCSIS Config Editor.
However, each of the dynamic configuration files are not using the same password that the original (static) .CM file is using.
I want to modify some stuff from the CM file and use those modifications. What are the next steps that I can do in order to achieve this? Is there a way to bypass the TFTP registration?
I tried most combinations of using force config file and tftp enforce bypass, but I always get "Neg Or Bad Reg Rsp - Reinitialize MAC..." (in the error log through telnet we have kRejAuthFailureBadHmac)