Thread Rating:
  • 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Just dumped a Arris TG862A, what next?
#1
Hi there! I'm very new to cable modem hacking. I just made a dump of the SPI flash inside a TG862A. Using binwalk and the firmware-mod-kit, I managed to extract the two filesystems. I also tried to modify /etc/passwd and point the root shell to /bin/sh, but of course it didn't work...
What's the next step? I got the full image, should I upload it somewhere?
Cheers

Ciaby Big Grin
Reply
#2
Have you tried connecting to serial port yet?
Sometimes they ship their firmwares with unlocked busybox.
Reply
#3
(22-09-2014, 08:47 PM)kapec Wrote: Have you tried connecting to serial port yet?
Sometimes they ship their firmwares with unlocked busybox.
No, I haven't tried yet, but I'm going to do it next.
Although I've been looking around a bit and it seems that Arris doesn't do that... they ship their own CLI (which is crap).
I'll try to track down the serial TTL and see what comes out of it.
Btw, is it normal to encounter two bootable images (kernel + filesystem) in the same firmware dump?
Reply
#4
On normal basis puma firmwares consist of boot script + kernel + filesystem.
After i started poking around arris firmware there were 2 filesystems, one containing typical "modem" type stuff, and the second one had router software and scripts.
I do not own on of these boxes, but considering the above firmware ships with a lot of modem+router binaries included it might be a bit overwhelming trying to dissect it. I thought that it might be a good idea to try and put something simple like forceware on it, see if it works.
Reply
#5
(22-09-2014, 11:09 PM)kapec Wrote: On normal basis puma firmwares consist of boot script + kernel + filesystem.
After i started poking around arris firmware there were 2 filesystems, one containing typical "modem" type stuff, and the second one had router software and scripts.
I do not own on of these boxes, but considering the above firmware ships with a lot of modem+router binaries included it might be a bit overwhelming trying to dissect it. I thought that it might be a good idea to try and put something simple like forceware on it, see if it works.
Mmm, putting a different firmware on top of it without knowing the platform/hardware seems a bit risky to me. I think I'll keep working on the stock firmware, half of the fun is just in learning new stuff Wink
I'm not really sure if it can be uncapped, I'm currently in Mexico, on Cablemas. Still have to figure out if BPI is enabled...
Anyway, thanks for the info!
Reply
#6
Who cares just make a good backup and write forceware over it been there done that.
Reply
#7
(23-09-2014, 04:08 AM)sixteen Wrote: Who cares just make a good backup and write forceware over it been there done that.
AFAIK, Forceware is not supported on the TG862A.
Am I wrong?
Reply
#8
(23-09-2014, 04:09 AM)ciaby Wrote:
(23-09-2014, 04:08 AM)sixteen Wrote: Who cares just make a good backup and write forceware over it been there done that.
AFAIK, Forceware is not supported on the TG862A.
Am I wrong?

Its a puma5 and since you mention uncapping, all you need to know is the source code.
Reply
#9
(23-09-2014, 04:21 AM)sixteen Wrote: Its a puma5 and since you mention uncapping, all you need to know is the source code.
Ok, now I'm lost. A couple of questions:
- Is it supported or not?
- Where can I find it?
I won't bother you about flashing (I can do that) or certificates (already got them). Just need these 2 infos Wink
Reply
#10
If you or talking a bout forceware it self, its not supported.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)