Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SBG901 memory dump
#1
Wats up modem modding junkies,

So I flashed my sb5100 with sb5100mod firmware. Now I'm trying to extract certs from sbg901 sub modem. The only problem is most threads i find are outdated for instance this thread:

http://www.haxorware.com/forums/showthre...ght=sbg901

Seemed very helpful and somewhat still is because it proves that the certs can be extracted. But before even trying to extract the cert i need to get the memory dump.

Which I don't know how to do as yet. So I was wondering if anyone has ever gotten the memory dump from this modem using these headers:

[Image: id7e.png]

if not then I'll have to solder on the pins of the chip and extract the dump.

Thanks
Reply
#2
I have successfully extracted the memory dump:

SBG901 flashcat screenshot

Big GrinBig GrinBig Grin

I'm not sure if cmnonexp would successfully extract the certs but sheeeeeeeet its worth a try. So can someone provided me with the download to the latest version of cmnonexp. I download this version:

http://www.haxorware.com/forums/attachment.php?aid=580

from drewmerc's post:

http://www.haxorware.com/forums/showthre...7#pid16207

dunno if its the latest version but if not can someone provide me with a download link and a small tutorial.

Thanks

When I used the above version of cmnonexp this was the result:

Results

The README file stated that it would extract 5 files and I can seem them there but I see more. I believe its because I ran it with the full 8MB .bin dump. Should I use the first 5 files extracted?

And one more question can SB5100mod firmware import certs?
Reply
#3
1st 5 is fine
__________________________________________________________________________________
******new discord chat link https://discord.gg/5BQQbsb*******
Reply
#4
Thanks merc,

I had a few more questions I've been searching the forum for tools to insert my certs in a sb5100 modem with sb5100mod firmware running on it. I've notice that you can use sbtools to insert the certs but that seems to take a standard 2MB dump to do so. And it seem that I extracted 8MB which is the size of my modem's flash.

So instead I wanted to uses something like IPFull I notice its a program you used way back to insert single files.

So my first question would be is it even possible for me to insert the certs I extracted from my SBG901 (received from my cable company) into this SB5100 modem? If so can you provide me with the latest download for sbtools and ip tools?

I asked if its possible because my understanding (from some small reading on certs) is that certs are mainly use to ID a device and/or encryption (maybe BPI in this case?). So I'm viewing it as a file that can be be extracted from any one modem and placed any other modem (or device for that sake). But I'm not sure if I'm right?

thanks
Reply
#5
they may work, no clue, latest iptools/sbtools can be found on forocable (hows your Spanish)
__________________________________________________________________________________
******new discord chat link https://discord.gg/5BQQbsb*******
Reply
#6
yo hablo pocito pero es muy mal.

I managed to insert them via snmp but I think I uploaded with the wrong header for my cm_cert.

This video from kelvinhbo:



showed how to insert them via snmp.

I wasn't aware of the header hex code for the certs, you know the 008c, 027B and so forth and I wasn't aware of the letter count either (324 for private and 1300 for public, etc...).

I did an snmpget for the OIDs that were to be overwritten with their corresponding key and I notice that the private key and public response had the 2 hex headers so I'm assuming thats why its placed in there (maybe it was removed by the extract program for some reason I dunno). But I notice for the cm_cert there had a different hex header. But I didn't use that instead I use the hex header from the video now I'm kinda regretting that shit. So I believe I might have fucked up because I didn't save the one I got in respond from the query to the MIB for the cm_cert. And still count figure out where they got those letter count from 324,1300,1800 anywayz I'll try to figure it out.

The videos also only uploaded 3 files the private key, public key, and cm_cert. But the extract program also extracts the root_key and the ca_cert. On forocable forums I got the understanding that the other two didn't matter, but I'm not sure. I'll continue reading and see what I find.

Thanks for the help drew
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)