Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
A little bit of help
#1
I need a little help.

have read a lot of guides and followed them. this is how i have my max232 adaptor and ambit 255 modem.

[Image: image0012c.jpg]

And this is the output i get from hyperterminal/putty.

i don't get any of the searching for frequecny like in the guides and videos.

Code:
Control: 0005
   Major Rev: 0000
   Minor Rev: 0000
  Build Time: 2009/3/6 08:54:53 Z
File Length: 935469 bytes
Load Address: 80010000
    Filename: ecram_sto.bin
         HCS: a64f
         CRC: 8c35e82b


Performing CRC on Image 2...
Detected LZMA compressed image... decompressing...
Target Address: 0x80010000
..............
Decompressed length: 3670227

Executing Image 2...


eCos - hal_diag_init
Init device '/dev/ttydiag'
Init tty channel: 8035d1e0
Init device '/dev/tty0'
Init tty channel: 8035d200
Init device '/dev/haldiag'
HAL/diag SERIAL init
Init device '/dev/ser0'
BCM 33XX SERIAL init - dev: 0.2
Set output buffer - buf: 80391af0 len: 2048
Set input buffer - buf: 803922f0 len: 2048
BCM 33XX SERIAL config
Current Boot Image : 2
file length= 935469
program header length :92
Flash driver opened.
Total Parse 25 element
ParseTLV Successd !

Reading Permanent settings from non-vol...
Checksum for permanent settings:  0x74a5028e

*
*
* One or more of the settings groups was upgraded.
*
*
Settings were read and verified.


Reading Dynamic settings from non-vol...
Checksum for dynamic settings:  0x6f50a5b6
Settings were read and verified.

boot loader version = 3164
Tag    : 11, Length : 1, Value =1
Tag    : 12, Length : 1, Value =1
Tag    : 13, Length : 1, Value =1
Tag    : 14, Length : 1, Value =0
Tag    : 15, Length : 1, Value =0
Tag    : 16, Length : 1, Value =0
Tag    : 17, Length : 1, Value =0
Tag    : 18, Length : 1, Value =1
Tag    : 19, Length : 1, Value =1
Tag    : 1a, Length : 1, Value =1
Tag    : 1b, Length : 1, Value =0
Tag    : 1c, Length : 1, Value =0
Tag    : 1d, Length : 1, Value =0
Tag    : 1e, Length : 1, Value =0
Tag    : 29, Length : 1, Value =1
Tag    : 2d, Length : 1, Value =3
Tag    : 64, Length : 120, Value =41 4d 42 49 54 20 45 75 72 6f 20 44 4f 43 53 4                                             9 53 20 32 2e 30 20 43 61 62 6c 65 20 4d 6f 64 65 6d 20 3c 3c 48 57 5f 52 45 56                                              3a 20 31 2e 31 39 3b 20 56 45 4e 44 4f 52 3a 20 41 4d 42 49 54 3b 20 42 4f 4f 54                                              52 3a 20 33 2e 31 2e 36 64 3b 20 53 57 5f 52 45 56 3a 20 32 2e 39 34 2e 31 30 3                                             1 35 3b 20 4d 4f 44 45 4c 3a 20 45 30 38 43 30 30 37 3e 3e 0 0 0 0 0
Tag    : 6a, Length : 8, Value =33 2e 31 2e 36 64 0 0
Tag    : 6b, Length : 8, Value =31 2e 31 39 0 0 0 0
Tag    : 65, Length : 16, Value =32 2e 39 34 2e 31 30 31 35 0 0 0 0 0 0 0
Tag    : 66, Length : 16, Value =32 2e 39 34 2e 31 30 31 35 0 0 0 0 0 0 0
Tag    : 67, Length : 24, Value =31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 36 38 34                                              2e 32 2e 31 2e 36 0 0
Tag    : 68, Length : 44, Value =41 6d 62 69 74 20 63 61 62 6c 65 6d 6f 64 65 6d                                              20 61 67 65 6e 74 20 76 65 72 73 69 6f 6e 20 32 0 0 0 0 0 0 0 0 0 0 0 0
Tag    : 69, Length : 28, Value =31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 36 38 34                                              2e 32 2e 33 2e 31 2e 31 2e 32 2e 31

vvv Interface creation and driver startup beginning vvv

-> Begin DOCSIS CM WAN interface
        Creating HAL object for the DOCSIS CableModem interface
numFreqPlan 4
        Registering DOCSIS CableModem driver
0000000 - The DS Channel List is being updated (RFI-N-03.0086).
0000001 - The list is empty; adding a single default scanning entry.
-> End DOCSIS CM WAN interface

-> Begin Ethernet LAN interfaces
        Creating HAL object for the Ethernet interface
        Registering Ethernet driver
-> End Ethernet LAN interfaces

-> Begin USB LAN interface
        Creating HAL object for the USB 1.1 interface
        Registering USB driver
0000002 - CM HAL reports h/w support for PHS, bitmask=3
0000003 - CM HAL reports h/w support for PHS, size=64
-> End USB LAN interface

-> Begin IP Stack interfaces
-> Starting V2 DHCP Client subsystem...
        Creating HAL object for IP Stack1 (MAC Addr=00:14:a4:c2:86:9f)
        Registering IP Stack1 driver

        Creating HAL object for IP Stack2 (MAC Addr=00:02:8a:de:ad:02)
        Registering IP Stack2 driver

        IP Stack3 not enabled or failed to create and start interface; no other                                              stacks will be loaded.
-> End IP Stack interfaces

^^^ Interface creation and driver startup complete ^^^

Propane version: 2.0.1 (28 Oct 2002)
DON'T think we need to go here - so don't:::: init_mib !!!!
WARNING: netsnmp_brcm_create_tstring called with no address!
Creating SNMP agent cablemodem agent
Creating SNMP agent CPE diag agent
0000004 - Successfully added MAC Management address to CAM
0000005 - Interface 10 additional registration w/ SNMP agent OK.
************************************
*** Start up CPU load monitor module
************************************


                          *
                         * *
                         * *
                        *   *
                        *   *
                       *     *
                       *     *
                       *     *
                      *       *
                      *       *
                      *       *
                     *         *
                     *         *
                     *         *
                     *         *
                    *           *
          *         *           *         *
        *   *       *           *       *   *          ***
*     *      *     *             *     *      *     *       *******************
   *          *   *               *   *          *
                *                   *

Broadcom Corporation Reference Design

+----------------------------------------------------------------------------+
|       _/_/     _/_/_/_/    _/_/                                            |
|      _/  _/   _/        _/    _/   Broadband                               |
|     _/  _/   _/        _/                                                  |
|    _/_/     _/_/_/    _/           Foundation                              |
|   _/  _/   _/        _/                                                    |
|  _/   _/  _/        _/    _/       Classes                                 |
| _/_/_/   _/          _/_/                                                  |
|                                                                            |
| Copyright (c) 1999 - 2005 Broadcom Corporation                             |
|                                                                            |
| Revision:  3.9.32 RELEASE                                                  |
|                                                                            |
| Features:  MinimalConsole Nonvol Slim HeapManager SNMP Networking USB1.1   |
+----------------------------------------------------------------------------+
| Standard Embedded Target Support for BFC                                   |
|                                                                            |
| Copyright (c) 2003-2004 Broadcom Corporation                               |
|                                                                            |
| Revision:  3.0.1 RELEASE                                                   |
|                                                                            |
| Features:  PID=0xa603 Bootloader-Rev=3.1.6d                                |
| Features:  Bootloader-Compression-Support=0x19                             |
+----------------------------------------------------------------------------+
| eCos BFC Application Layer                                                 |
|                                                                            |
| Copyright (c) 1999 - 2004 Broadcom Corporation                             |
|                                                                            |
| Revision:  3.0.2 RELEASE                                                   |
|                                                                            |
| Features:  eCos Console Cmds, (no Idle Loop Profiler)                      |
+----------------------------------------------------------------------------+
|         _/_/    _/     _/                                                  |
|      _/    _/  _/_/ _/_/   DOCSIS Cable Modem                              |
|     _/        _/  _/ _/                                                    |
|    _/        _/     _/                                                     |
|   _/        _/     _/                                                      |
|  _/    _/  _/     _/                                                       |
|   _/_/    _/     _/                                                        |
|                                                                            |
| Copyright (c) 1999 - 2005 Broadcom Corporation                             |
|                                                                            |
| Revision:  3.9.32 RELEASE                                                  |
|                                                                            |
| Features:  AckCel(tm) DOCSIS 1.0/1.1/2.0 Propane(tm) CM SNMP w/Factory MIB |
| Features:  Support CM Vendor Extension                                     |
+----------------------------------------------------------------------------+
| Broadcom Data-Only CM Vendor Extension                                     |
|                                                                            |
| Copyright (c) 1999 - 2004 Broadcom Corporation                             |
|                                                                            |
| Revision:  3.6.2 RELEASE                                                   |
|                                                                            |
| Features:  DHCP Server  HTTP Server  OSS2-N-03025 Visualization LED        |
| Features:  Controller                                                      |
+----------------------------------------------------------------------------+
| Build Date:  Mar  6 2009                                                   |
| Build Time:  16:54:37                                                      |
| Built By:    betty                                                         |
| Firmware version : 2.94.1015                                               |
| Hidden version : 2.94.1015                                                 |
+----------------------------------------------------------------------------+

Disable console output

[/code]
Reply
#2
thats a silent bootloader try using console unlocker
__________________________________________________________________________________
******new discord chat link https://discord.gg/5BQQbsb*******
Reply
#3
i used console unlocker it said it was successful. but i am still getting the same thing on putty.
Reply
#4
Code:
this guide is by kind permission of the exploit mker`water aka anonymous` or whatever you know him as.

--------------------------------------------------------------------------

1. Apply serial(max 232 lead) and Ethernet connection between your PC and the modem
2. Set your PC IP parameters to:

IP: 192.168.100.10
Subnet: 255.255.255.0
Gateway: 192.168.100.1

3. Power on the modem and wait for it to startup (10 secs)
4. Open the exploit application and hit “Execute Exploit”
5. If it says its successful, then the console is now ready to accept connections!
If it fails, power cycle the modem and try the application again.

At this point, if you want to restore your bootloader to the original 2.1.6d that has the re-flashing menu etc,
you need a copy of SoftJTAG and the 2.1.6d bootloader.

**BE CAREFUL WHEN USING SOFTJTAG - As you can brick your modem if your not careful**

1. Open SoftJTAG,3.10 and connect via your serial port.
2. On the right hand side, click on “Write Bootloader” and select the 2.1.6d bootloader file
3. Wait till its done (this takes 10 – 15 minutes). Once it’s done, close SoftJTAG
4. Start HyperTerminal/TeraTerm and connect to your serial port
5. Reset the modem

Upon resetting the modem, you will now be given the option to stop at P as it is now booting with the 2.1.6d bootloader.
You MUST press the button and stop then, as if you miss it and let it fully boot, your bootloader will be over-written again
with the 3.1.6d, in which case you will have to repeat these steps again and be quicker not to miss it next time.

If you are successful in entering the menu, you can now re-flash or whatever you wish to do with your modem from this menu!


software required :

console unlocker (exploit)v1.1b
softjtag v3.10
2.1.6d bootloader file


************************************************** **************

yes but are you flashing a new bootloader like the guide says?
__________________________________________________________________________________
******new discord chat link https://discord.gg/5BQQbsb*******
Reply
#5
(17-08-2010, 07:20 PM)drewmerc Wrote:
Code:
this guide is by kind permission of the exploit mker`water aka anonymous` or whatever you know him as.

--------------------------------------------------------------------------

1. Apply serial(max 232 lead) and Ethernet connection between your PC and the modem
2. Set your PC IP parameters to:

IP: 192.168.100.10
Subnet: 255.255.255.0
Gateway: 192.168.100.1

3. Power on the modem and wait for it to startup (10 secs)
4. Open the exploit application and hit “Execute Exploit”
5. If it says its successful, then the console is now ready to accept connections!
If it fails, power cycle the modem and try the application again.

At this point, if you want to restore your bootloader to the original 2.1.6d that has the re-flashing menu etc,
you need a copy of SoftJTAG and the 2.1.6d bootloader.

**BE CAREFUL WHEN USING SOFTJTAG - As you can brick your modem if your not careful**

1. Open SoftJTAG,3.10 and connect via your serial port.
2. On the right hand side, click on “Write Bootloader” and select the 2.1.6d bootloader file
3. Wait till its done (this takes 10 – 15 minutes). Once it’s done, close SoftJTAG
4. Start HyperTerminal/TeraTerm and connect to your serial port
5. Reset the modem

Upon resetting the modem, you will now be given the option to stop at P as it is now booting with the 2.1.6d bootloader.
You MUST press the button and stop then, as if you miss it and let it fully boot, your bootloader will be over-written again
with the 3.1.6d, in which case you will have to repeat these steps again and be quicker not to miss it next time.

If you are successful in entering the menu, you can now re-flash or whatever you wish to do with your modem from this menu!


software required :

console unlocker (exploit)v1.1b
softjtag v3.10
2.1.6d bootloader file


************************************************** **************

yes but are you flashing a new bootloader like the guide says?

done it's done thanks for your help. i found out i wasn't seeing the p thing i just started pressing it and it worked.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)