Login

maximus64 · 16-08-2013, 03:12 AM

I bricked my modem accidentally erase image1 and image2 which is the firmware partitions Angry

. Lucky i still got all the certs and config backup. I need a firmware dump that it. I can't find anything backup on the net. Can someone send me a firmware dump of their modem. I would REALLY appreciate your help!! also I can send you some reward if you want. Smile

davidle · (This post was last modified: 16-08-2013, 04:08 AM by davidle.)

(16-08-2013, 03:12 AM)maximus64 Wrote: I bricked my modem accidentally erase image1 and image2 which is the firmware partitions . Lucky i still got all the certs and config backup. I need a firmware dump that it. I can't find anything backup on the net. Can someone send me a firmware dump of their modem. I would REALLY appreciate your help!! also I can send you some reward if you want.

give me your email I'll sent it to you

maximus64 · 16-08-2013, 12:53 PM

(16-08-2013, 04:04 AM)davidle Wrote:
(16-08-2013, 03:12 AM)maximus64 Wrote: I bricked my modem accidentally erase image1 and image2 which is the firmware partitions . Lucky i still got all the certs and config backup. I need a firmware dump that it. I can't find anything backup on the net. Can someone send me a firmware dump of their modem. I would REALLY appreciate your help!! also I can send you some reward if you want.
give me your email I'll sent it to you

PM sent! if you don't get it let me know.

maximus64 · 17-08-2013, 02:12 PM

I still need the firmware. Let me know if you have it. Thank you very much.

nycc · 17-08-2013, 04:23 PM

I have SBG6580-3.5.8.2-GA-01-488-01-NOSH.bin, need your email , I will send it to you.

ABMJR · 17-08-2013, 05:23 PM

NOSH=No Shell = No TELNET access

maximus64 · (This post was last modified: 17-11-2014, 12:54 PM by maximus64.)

Thank you

nycc · 18-08-2013, 12:37 AM

telnet is not the only way to cotrol sbg6580.

ABMJR · (This post was last modified: 18-08-2013, 02:06 AM by ABMJR.)

it is after registration...

Use spell check...Its as if half of you are retarded...

CONTROL

Rickz · 23-11-2013, 05:56 PM

anyone knows or has any clue about this firmware:

Standard Specification Compliant DOCSIS 3.0
Hardware Version 2
Software Version SBG6580-3.3.1.0-GA-09-058-NOSH

i had telnet access but while testing don't know what happen.. for some reason it locked me from my machine to logging..

it's strange how this firmware has a no shelled firmware but it has telnet.. it's a hidden feature.. and most have a hidden security.. all i did was reading some parts of the memory to confirm where it loads the certificates
there's a tut at surfboard hacker about this that you can remotely extract the certs.. but it looks for some reason after reading the memory, when you disconnect from power source and connect again the port is closed silently or some how it blocks access from the ip the connection was stablished

i used Nmap - Zenmap GUI to scan tcp ports and tells me the port 23 is filtered, which means is not closed but some how it locks receiving the correct replies from the port or is unable to stablished communication ... but hey.. the port is there!

note: the isp did not push any firmware update, and the same has happend scanning the nodes at the isp i'm connected.. if i telnet some other modem and reboot it.. after rebooting can't longer stablish connection..

i have snmp access to my personal modem and made a walk ... it has many information.. but can't figure out so far if there's any oid that disable the telnet feature.. i would send it to anyone that would like to help me with this.

btw i figure out the oid that can extract all the certs (bpi) locally, i have the oid that enables factory mode.. some oids don't accept to write, only read

for older model like SB5100/01 there's an oid that enable telnet (1.3.6.1.4.1.4413.2.2.2.1.1.1.4.0 i 1)
i saw it there and already has a value of 1 so there's most be other things missing...
any ideas????

My Best Regards

Login
Username:
Password:	Lost Password?
	Remember me