Thread Rating:
  • 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Fastsnmp certs cloning my own sub modem sb5101
#1
Sorry for the title guys, but I have a huge clustered amount of confusion, and search has only yielded few results. If you guys would please help out I'd greatly appreciate it.

First off what I'm trying to do is clone my own subbed SB5101 oem firmware on Comc**t so I can run the haxorware'd sb5101 when im at my moms instead of taking down my network at my house.

Basically, im trying at this moment to scan with fastsnmp (only program i have) for the certs? i don't know what to do when i get them, or if im doing it right so far it hasn't had anything but a bunch of "no response from remote host". ip range is 10.40.0.0-10.40.255.255, and it is plugged directly into my pc.
Please critique if im doing this wrong, or if its not even possible to get the certs from an oem fw modem.

Additional info:

I'm in Albuquerque, New Mexico on Comc**t I don't know if this has any affect on getting this to work.

the sb5101 with haxorware was bought premodded because i could not, for the life of me get my comp to work with the serial jtag cable and 10pin i soldered into my oem modem. So if i need to capture the certs via jtag somehow, then i'll have to do a usb jtag setup i guess...

Sorry for the verbose writing, don't mean to wast time, just want to put out there every issue so it can be addressed correctly.

Thanks very much guys,

Dom
Reply
#2
simple dump your sub and and install it on the new one and might want to stay away from using hax
but if you are getting a 10. hfc range there with comcast something is way different you should be getting a range of 24 or 98 or something not 10 nobody that ive talked to gets a private ip for hfc anymore so might want double check your hfc ip
Reply
#3
Sorry i don't understand how i'm supposed to dump the sub, if not with a jtag. Is there anyway to just get the certs from my sub via Ethernet? btw, here is a log of what the hax sb5101 is doing when i have all of the info cloned except the certs. It just boot loops

1970-01-01 00:00:11 Critical R002.0 No Ranging Response received - T3 time-out (US 3)
1970-01-01 00:00:10 Information T501.0 Acquired Downstream (669000000 Hz)........ SUCCESS
1970-01-01 00:00:06 Notice M571.1 Ethernet link up - ready to pass packets
2013-01-07 22:24:17 Notice M573.0 Modem Is Shutting Down and Rebooting...
2013-01-07 22:24:17 Critical R004.0 Received Response to Broadcast Maintenance Request, But no Unicast Maintenance o
2013-01-07 22:23:33 Error B301.8 Auth Reject - Permanent Authorization Failure
2013-01-07 22:23:33 Critical I402.0 TLV-11 - Illegal Set operation failed
2013-01-07 22:23:33 Information D507.0 Retrieved Time....... SUCCESS
2013-01-07 22:23:29 Information D509.0 Retrieved TFTP Config d11_m_sb5101_silver_c01.cm SUCCESS
1970-01-01 00:00:19 Information D511.0 Retrieved DHCP .......... SUCCESS
1970-01-01 00:00:18 Critical D003.0 DHCP WARNING - Non-critical field invalid in response.
1970-01-01 00:00:14 Information T500.0 Acquired Upstream .......... SUCCESS
1970-01-01 00:00:10 Critical R002.0 No Ranging Response received - T3 time-out (US 3)
1970-01-01 00:00:09 Information T501.0 Acquired Downstream (669000000 Hz)........ SUCCESS
1970-01-01 00:00:06 Notice M571.1 Ethernet link up - ready to pass packets
2013-01-07 22:23:02 Notice M573.0 Modem Is Shutting Down and Rebooting...
2013-01-07 22:23:02 Critical R004.0 Received Response to Broadcast Maintenance Request, But no Unicast Maintenance o
2013-01-07 22:22:00 Error B301.8 Auth Reject - Permanent Authorization Failure
2013-01-07 22:22:00 Critical I402.0 TLV-11 - Illegal Set operation failed
2013-01-07 22:22:00 Information D507.0 Retrieved Time....... SUCCESS
2013-01-07 22:21:57 Information D509.0 Retrieved TFTP Config d11_m_sb5101_silver_c01.cm SUCCESS
1970-01-01 00:00:22 Information D511.0 Retrieved DHCP .......... SUCCESS
1970-01-01 00:00:22 Critical D003.0 DHCP WARNING - Non-critical field invalid in response.
1970-01-01 00:00:16 Information T500.0 Acquired Upstream .......... SUCCESS
1970-01-01 00:00:10 Critical R002.0 No Ranging Response received - T3 time-out (US 3)
1970-01-01 00:00:10 Information T501.0 Acquired Downstream (669000000 Hz)........ SUCCESS
1970-01-01 00:05:43 Critical T001.0 SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing
1970-01-01 00:05:43 Notice M573.0 Modem Is Shutting Down and Rebooting...
1970-01-01 00:05:42 Critical Resetting the cable modem due to docsDevResetNow
1970-01-01 00:00:06 Critical T001.0 SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing
1970-01-01 00:00:06 Notice M571.1 Ethernet link up - ready to pass packets
1970-01-01 00:00:06 Critical T001.0 SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing


2013-01-07 22:24:48 Error B301.8 Auth Reject - Permanent Authorization Failure
2013-01-07 22:24:48 Critical I402.0 TLV-11 - Illegal Set operation failed
2013-01-07 22:24:48 Information D507.0 Retrieved Time....... SUCCESS
2013-01-07 22:24:44 Information D509.0 Retrieved TFTP Config d11_m_sb5101_silver_c01.cm SUCCESS
1970-01-01 00:00:20 Information D511.0 Retrieved DHCP .......... SUCCESS
1970-01-01 00:00:19 Critical D003.0 DHCP WARNING - Non-critical field invalid in response.
1970-01-01 00:00:15 Information T500.0 Acquired Upstream .......... SUCCESS
1970-01-01 00:00:11 Critical R002.0 No Ranging Response received - T3 time-out (US 3)
1970-01-01 00:00:10 Information T501.0 Acquired Downstream (669000000 Hz)........ SUCCESS
1970-01-01 00:00:06 Notice M571.1 Ethernet link up - ready to pass packets
2013-01-07 22:24:17 Notice M573.0 Modem Is Shutting Down and Rebooting...
2013-01-07 22:24:17 Critical R004.0 Received Response to Broadcast Maintenance Request, But no Unicast Maintenance o
2013-01-07 22:23:33 Error B301.8 Auth Reject - Permanent Authorization Failure
2013-01-07 22:23:33 Critical I402.0 TLV-11 - Illegal Set operation failed
2013-01-07 22:23:33 Information D507.0 Retrieved Time....... SUCCESS
2013-01-07 22:23:29 Information D509.0 Retrieved TFTP Config d11_m_sb5101_silver_c01.cm SUCCESS
1970-01-01 00:00:19 Information D511.0 Retrieved DHCP .......... SUCCESS
1970-01-01 00:00:18 Critical D003.0 DHCP WARNING - Non-critical field invalid in response.
1970-01-01 00:00:14 Information T500.0 Acquired Upstream .......... SUCCESS
1970-01-01 00:00:10 Critical R002.0 No Ranging Response received - T3 time-out (US 3)
1970-01-01 00:00:09 Information T501.0 Acquired Downstream (669000000 Hz)........ SUCCESS
1970-01-01 00:00:06 Notice M571.1 Ethernet link up - ready to pass packets
2013-01-07 22:23:02 Notice M573.0 Modem Is Shutting Down and Rebooting...
2013-01-07 22:23:02 Critical R004.0 Received Response to Broadcast Maintenance Request, But no Unicast Maintenance o
2013-01-07 22:22:00 Error B301.8 Auth Reject - Permanent Authorization Failure
2013-01-07 22:22:00 Critical I402.0 TLV-11 - Illegal Set operation failed
2013-01-07 22:22:00 Information D507.0 Retrieved Time....... SUCCESS
2013-01-07 22:21:57 Information D509.0 Retrieved TFTP Config d11_m_sb5101_silver_c01.cm SUCCESS
1970-01-01 00:00:22 Information D511.0 Retrieved DHCP .......... SUCCESS
1970-01-01 00:00:22 Critical D003.0 DHCP WARNING - Non-critical field invalid in response.
1970-01-01 00:00:16 Information T500.0 Acquired Upstream .......... SUCCESS
1970-01-01 00:00:10 Critical R002.0 No Ranging Response received - T3 time-out (US 3)
1970-01-01 00:00:10 Information T501.0 Acquired Downstream (669000000 Hz)........ SUCCESS
1970-01-01 00:05:43 Critical T001.0 SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing
1970-01-01 00:05:43 Notice M573.0 Modem Is Shutting Down and Rebooting...
1970-01-01 00:05:42 Critical Resetting the cable modem due to docsDevResetNow
1970-01-01 00:00:06 Critical T001.0 SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing
1970-01-01 00:00:06 Notice M571.1 Ethernet link up - ready to pass packets
1970-01-01 00:00:06 Critical T001.0 SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing
Reply
#4
Quote:2013-01-07 22:22:00 Error B301.8 Auth Reject - Permanent Authorization Failure
2013-01-07 22:22:00 Critical I402.0 TLV-11 - Illegal Set operation failed
Knowledge=Power
Reply
#5
Right, I just need to get the certs from my subbed modem, and upload them to the haxorware modem right? Problem is I don't know how to get the certs, or if its even possible via Ethernet.
Reply
#6
Ok, so from a lot more reading and coming across some stuff drewmerc posted, i've tried using putty to telnet into my unmoded modem, but all it does is return the issue "could not open connection to the host on port 23". Now like i said i did try this on my stock FW 5101, so maybe its not possible to do that. I also tried using fastsnmp, and snmp_admin to "capture the certs" i guess... Both of which just finished scanning, and it came back with nothing.
I'm guessing i scanned on the wrong ip range, or something... but any help with just capturing the certs from my subbed oem fw modem would be appreciated guys. even links of more shit to read, that can help.

thanks all
Reply
#7
only way to dump a stock 5101 is jtag, so do that
__________________________________________________________________________________
******new discord chat linkĀ https://discord.gg/5BQQbsb*******
Reply
#8
(08-01-2013, 11:53 AM)drewmerc Wrote: only way to dump a stock 5101 is jtag, so do that

Thank you, I couldn't find this answer anywhere, either that or I was way too tired, and skimming over it.

can you link an ebay jtag usb that i could use, i don't mind soldering in the 10pin, but like i said before i can't get my serial port to work.

Thanks

Just kidding, i found the sticky of recommended tools >.>
Reply
#9
Ok guys, got it! thank you all for the helpBig Grin

Got my flashcat usb in, dumped my subbed modem's nonvol, and pretty much every thing i could dump because i didn't know what all i should do.

Flashed it with hax lite, then basically did a few steps on the clone, and they're both working online at my mums, and at my house at the same time i guess. Kinda far away so hard to tell, but im guessing if they weren't working i'd know.

Silly question, but can running a tracert let me know which hub i'm connected to, like looking at the first hop?
Reply
#10
so are you saying only way we can flash a pre modded modem is by flashcat usb? man i am such a noob.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)