i forget to add something
those private passwords manufacturer modem type
to use them as for certificates read you need a modem with factory mode on
isp do not need to see private details of certificates only public details are exchanged beetwen cmts so there is no oid writen by manufacturer which allow you to read certs if modem do not have factory mode on
the reason that ISP can overwrite the modem software using manufacturer private pass is.... because there are enterprises oids added to the config by ISP those enteprises oids will allow you to write details to the modem specified in config as enterprise by sending second oid to the modem
is thats how isp update firmware without factory mode on
using enteprise oids detailed in config you can write anything you want to the modem with factory mode off - if previously config have valid permissions added
theoritically you can write some enterprise oid for allow you to read private keys from modem even if is with factory mode off and after sent externall oid will do that job
but how you will pool your patched config to second neighbour modem
i dissasembly sb5101 firmware and look at factory mode stage
there are some calls from uart receiver only.... there are not any externall calls from network port
this means factory mode on cannot be turned on remote by any issuer including isp
also by creating some of enteprise oids into the config you can turn off/on telnet/ssh web on cable modems
is this how isp manage the modems without factory mode on
as for example if you call to isp and say my modem freeze reboot etc... he prepare for you diagnostic config (with enterprise oids included) sent it /reboot or no reboot if config is dynamic and after he can manage it completly as R/W
so basically the ^key^ for open modems can be only specified in config as enterprise
i didnt have enterprise oid for allow you to read certs from the modem... i didnt enter to that stage yet and even doubt i will try to enter... the reason is simply
you cannot pool your config to victim modem config remote
those private passwords manufacturer modem type
to use them as for certificates read you need a modem with factory mode on
isp do not need to see private details of certificates only public details are exchanged beetwen cmts so there is no oid writen by manufacturer which allow you to read certs if modem do not have factory mode on
the reason that ISP can overwrite the modem software using manufacturer private pass is.... because there are enterprises oids added to the config by ISP those enteprises oids will allow you to write details to the modem specified in config as enterprise by sending second oid to the modem
is thats how isp update firmware without factory mode on
using enteprise oids detailed in config you can write anything you want to the modem with factory mode off - if previously config have valid permissions added
theoritically you can write some enterprise oid for allow you to read private keys from modem even if is with factory mode off and after sent externall oid will do that job
but how you will pool your patched config to second neighbour modem
i dissasembly sb5101 firmware and look at factory mode stage
there are some calls from uart receiver only.... there are not any externall calls from network port
this means factory mode on cannot be turned on remote by any issuer including isp
also by creating some of enteprise oids into the config you can turn off/on telnet/ssh web on cable modems
is this how isp manage the modems without factory mode on
as for example if you call to isp and say my modem freeze reboot etc... he prepare for you diagnostic config (with enterprise oids included) sent it /reboot or no reboot if config is dynamic and after he can manage it completly as R/W
so basically the ^key^ for open modems can be only specified in config as enterprise
i didnt have enterprise oid for allow you to read certs from the modem... i didnt enter to that stage yet and even doubt i will try to enter... the reason is simply
you cannot pool your config to victim modem config remote