01-07-2015, 03:00 AM
(This post was last modified: 01-07-2015, 03:23 AM by Canis-Major.)
Yeah, I know, we cant manipulate cert's, or at least, so they say: We must have originonal cert's.. or do we? What if we could force the cmts itself, to make legit, our illegitimate cert's?
I know at the start of d3, I did, in fact, get online on d1.1, Bpi enforced, using invalid cert's by forcing the cmts to see my illegitimate as genuine, and this is how it was done:
First, Grab this:
SB6120-1.0.2.0-ENG00-SH.NNEMN.rar (Size: 2.94 MB / Downloads: 204)
Now, for the first lesson on knowing what is what, rename this file p7b.
Now double click it. You now see your cvc time has expired. What you cant see is what I just showed you, that you can see your cvc with a simple renaming of the file. Undo rename.
Now, using prefered hex editor, remove the p7 header. This is done in hex editor by removing approx 1604 bytes for docsis, and 1527 bytes for euro docsis, sorry I dont know the west's (US) byte's to remove. It is best to save a copy of what you remove for the next stage.
What you have saved is an old p7 header, the cvc start-end time. Here's the kicker: Grab this config:
V4b90676b7b571b44.rar (Size: 2.57 KB / Downloads: 128) and open it with vultureware. Scroll down until you see the 4 line's:
Manufacturer Code Verification Certificate (32) 30 82 03 81 blah blah..
Replace these with your updated cvc start/end time.
How do you get this new cvc?
Try downloading config from your isp, preferably while attempting a bpi23/secure software download, and this WILL contain the NEW start end time for the MAC you are using, now rename this config to p7b, and double click.. ya get me? Now open said config in vultureware, add those four lines like you see in the config I posted to the config you create, in particular, your signed firmware.. Now you know why I posted it. Dont use config I posted, use your's. Done correctly, your modem will validate with the cmts, invalid cert's.
I guess you all forget the most crucial aspect of the docsis network. There is only ONE.. mac check in place throughout the entire system, they're too busy securing bullshit cert's.
Did you ever consider uploading your downloaded config to the cert page in haxorware? I did..
Remember, I used the eng bin for testing, the config is just for show, do not use it.. I just posted it for demo purposes.
Post cause and effect's here for all to see..
Ps, for noobs, if you cant save config cause it asks for a string, use private string found in the config your trying to save
Keep in mind, these 4 lines can only be altered in modem from coax input, ie, config.. ?????
I know at the start of d3, I did, in fact, get online on d1.1, Bpi enforced, using invalid cert's by forcing the cmts to see my illegitimate as genuine, and this is how it was done:
First, Grab this:
SB6120-1.0.2.0-ENG00-SH.NNEMN.rar (Size: 2.94 MB / Downloads: 204)
Now, for the first lesson on knowing what is what, rename this file p7b.
Now double click it. You now see your cvc time has expired. What you cant see is what I just showed you, that you can see your cvc with a simple renaming of the file. Undo rename.
Now, using prefered hex editor, remove the p7 header. This is done in hex editor by removing approx 1604 bytes for docsis, and 1527 bytes for euro docsis, sorry I dont know the west's (US) byte's to remove. It is best to save a copy of what you remove for the next stage.
What you have saved is an old p7 header, the cvc start-end time. Here's the kicker: Grab this config:
V4b90676b7b571b44.rar (Size: 2.57 KB / Downloads: 128) and open it with vultureware. Scroll down until you see the 4 line's:
Manufacturer Code Verification Certificate (32) 30 82 03 81 blah blah..
Replace these with your updated cvc start/end time.
How do you get this new cvc?
Try downloading config from your isp, preferably while attempting a bpi23/secure software download, and this WILL contain the NEW start end time for the MAC you are using, now rename this config to p7b, and double click.. ya get me? Now open said config in vultureware, add those four lines like you see in the config I posted to the config you create, in particular, your signed firmware.. Now you know why I posted it. Dont use config I posted, use your's. Done correctly, your modem will validate with the cmts, invalid cert's.
I guess you all forget the most crucial aspect of the docsis network. There is only ONE.. mac check in place throughout the entire system, they're too busy securing bullshit cert's.
Did you ever consider uploading your downloaded config to the cert page in haxorware? I did..
Remember, I used the eng bin for testing, the config is just for show, do not use it.. I just posted it for demo purposes.
Post cause and effect's here for all to see..
Ps, for noobs, if you cant save config cause it asks for a string, use private string found in the config your trying to save
Keep in mind, these 4 lines can only be altered in modem from coax input, ie, config.. ?????