Newbie willing & ready to learn - with a question

[blackout.king]

Hi ... just got into the craft .. and starting to learn alot ...

My main goal so far = JUST TO GET ONLINE lol ( yea of course i pay for my internet , no thieving desire , Just wanna learn )

I recently got a pre modded 5101 in addition to my stock modem and am seeking alittle help to get my self up in running with this new modem. After Hours/days of reading n learning i feel i have a pretty goo understanding of wats going on with my modem & the ends and outs of the firmware ( which i love thank u for this awesome work). Yet i still havent been able to get online with my information ( from my stock cm ).

My isp is one i hear that have some of the stronger security measures in use. I have tryed every combination configurations with this modem ... it seems i just get stuck in a reboot loop once i get anywhere.The only thing ive gotten working is using my friends ( whom got me hooked ) Certs + Mac (testing only ). Shockingly i go operational .. 2 sec no prob ( on most basic configs). Yet when i set my mac ... i get NO WHERE. No critical errors just stuck in a boot loop right after ip complete.

My last idea/resort is extracting the certs from my stock (functional) cm as i hear some companies have forced valid certs (and to my knowledge these certs have a mac tied in them ). Tho my stock cm is not flashable with haxorware, and one i def. dont want to destroy it lol.

He might have gotten lucky as he flashed his ORIGINAL cm and was up and running with 2 setting changes..... y can i ? lol

Questions:
1) Dose this sound like the correct approach or will this not help?
2) I have NO soldering experience but with the magic of utube lol i kinda got the idea i could use solderless pin headers and get running (ironic i work in an electronics store and sell them to people all the time ... dosent mean i know how to use um lol
3/4) Can i even extract them with out flashing it
3/4) tho i know its possible WILL I RUIN my functioning cm doing so (with out obvious mistakes)

ps: If any ones willing to take me under there wing n teach me alittle somin somin im more then willing to learn and more then computer savey .... Flash learning these years of combined info is really overwhelming (more so when ur not making progress and no one wants to help u). Please pm if u willing to help (or dont want to post ur help in public as i do understand the nature or some of this info and how people can abuse it )

Thanks in advance ( wow i talk to much)

[drewmerc]

1 you can never talk to much
2 you never said what your stock modem model is
3 i'll give you whatever guidance i can (but to be honest i dont like giving straight answers, pointers are more of my thing)

answers to your questions
1 sounds fine
2 soldering dont worry about it (it is not hard at all and not needed much if at all, depends on your modem but then theres normally a way around it)
3 maybe depends on the stock modem
4 ruin your stock, i doubt it (tho never say never)

[blackout.king]

1 you can never talk to much
2 you never said what your stock modem model is
3 i'll give you whatever guidance i can (but to be honest i dont like giving straight answers, pointers are more of my thing)

answers to your questions
1 sounds fine
2 soldering dont worry about it (it is not hard at all and not needed much if at all, depends on your modem but then theres normally a way around it)
3 maybe depends on the stock modem
4 ruin your stock, i doubt it (tho never say never)

thanx 4 the reply the stock cm is a 5101u.. i think i heard u can flash it with sigma but not haxorware compatible (could be wrong) .. im not apposed to flashing it now that ive taken the premod apart n seen how simple the mb is on these things lol.

and pointers r fine exsactly what im looking for lol

ive read and seen tuts on dumping cm's but have never done it and kinda unsure of the process ... to my knowledge it seems u just need to get the pin headers placed , need an interface cable and just get ur read out from the stock modem . Without modifing it at all (software based) is this correct ?

and in doing so im sure ill end up with this dump file ... then what ? lol can u point me in the direction of extracting the certs from that . Was kinda my goal of the morning but sbhackers went down for hardware matainence , kinda spoiled my plans lol

one more thing .. im not apposed to just calling my provider n letting them know i have a new modem ( cop out lol) but of course with the advanced functions of this firmeware i would like to play with the settings and bypass them all together , and in doing so learn alittle. The question is : im under the assumption haxorware software is created using the stock modems firmware + some mods , Will this modem behave any differently then a regular modem ( other then the settings i force it to change). Will anyone without physical access to the modem be able to tell the difference once i get it to clone my stock ? (will i end up calling the isp and getting the modem registered anyway lol)

[drewmerc]

haxor is 100% compatible with the 5101u (like the ambit256 it's spi based)
5101u are rare, well i've never seen/had one. so now were on the first problem there is no jtag on this modem
you need an spi programmer or a usbjtagnt (and clip if you dont want to solder) to dump the firmware/certs
anyways like i said it's like a ambit256 so guides for that will help you

extracting certs theres a guide in my sig (not working at the moment tho as sbhacker is down)

haxor is based on sb5102 shelled firmware and some cool shit by raj
i've never registered any of my modems other than my stock one


while writing all this bullshit i've thought of a another way to dump your certs (you'll need to flash it tho) as i think there is a telnet/tty port one the 5101u (may need a bit of soldering i honestly dont know) and flash haxor via telnet and then backup the certs with haxor


can i ask if you could take a picture of your 5101u board (just cause i could not locate one and i'm a picture nerd)

[cayman]

I do not know what ISP you are on.
but it is possible to get on line without extracting certificates from the working subbed modem.

first of all it is different way on each nod for each ISP usually.

Why do not you try to simplest way at first ???

Try to get 'sniffed" MAC on another nod together with modem serial #.
Try MACcollector first, it is easiest one, you may try other sniffers too.

Then put your sniffed MAC in haxor and serial #, do not put any cfg, leave it blank, it should get cfg by itself of the clonned modem.

Avoid any MAC's of 4200, 5100, 5101, generally avoid any MAC's of the modems, which are easy hackable.
Those MAC's are on 'shit list' for the most providers.

Then put the 'spoof string', which is recent software name used by that modem.
U may find the spoof string in the cfg using for example vultureware, it s gonna be almost at the end of the cfg file.

Then set BPI+ in the haxor, experiment with all options.
For me for example, if I load my cfg , same name as assigned by ISP, but older, downloaded last year, then I put BPI+ bypass.
Remember, although cfg file loaded recently from ISP has the same name, but it is actually slightly different, then those files from last year, when they upgrade their network.

Thats is why older cfg files works with BPI+ bypass.
On your node might be different, you have to experiment a lot.
And lot of depends how you set up options in haxorware.

It is hard to give you specific advice, without knowing on what provider you are on, and without seeing your log.

And at the begining, its a steep learning curve.

Ah, forgot to add: your IP is usually given on the base of your MAC of your NIC card and MAC of your modem, sometimes serial # is taken under consideration too.
MAC of your NIC card of your comp is usually used for the billing purposes by your provider.

So with your experiments, every time you change MAC of your modem, change MAC of your NIC card, for example by using :
Technitium MAC address changer v5 release 3

Hope this gives you some directions in your experiments

[blackout.king]

I do not know what ISP you are on.
but it is possible to get on line without extracting certificates from the working subbed modem.

first of all it is different way on each nod for each ISP usually.

Why do not you try to simplest way at first ???

Try to get 'sniffed" MAC on another nod together with modem serial #.
Try MACcollector first, it is easiest one, you may try other sniffers too.

Then put your sniffed MAC in haxor and serial #, do not put any cfg, leave it blank, it should get cfg by itself of the clonned modem.

Avoid any MAC's of 4200, 5100, 5101, generally avoid any MAC's of the modems, which are easy hackable.
Those MAC's are on 'shit list' for the most providers.

Then put the 'spoof string', which is recent software name used by that modem.
U may find the spoof string in the cfg using for example vultureware, it s gonna be almost at the end of the cfg file.

Then set BPI+ in the haxor, experiment with all options.
For me for example, if I load my cfg , same name as assigned by ISP, but older, downloaded last year, then I put BPI+ bypass.
Remember, although cfg file loaded recently from ISP has the same name, but it is actually slightly different, then those files from last year, when they upgrade their network.

Thats is why older cfg files works with BPI+ bypass.
On your node might be different, you have to experiment a lot.
And lot of depends how you set up options in haxorware.

It is hard to give you specific advice, without knowing on what provider you are on, and without seeing your log.

And at the begining, its a steep learning curve.

Ah, forgot to add: your IP is usually given on the base of your MAC of your NIC card and MAC of your modem, sometimes serial # is taken under consideration too.
MAC of your NIC card of your comp is usually used for the billing purposes by your provider.

So with your experiments, every time you change MAC of your modem, change MAC of your NIC card, for example by using :
Technitium MAC address changer v5 release 3

Hope this gives you some directions in your experiments

Thanx for the replies
Firstly im on Cox , nevada area

I*ve actualy read alot the teqs, ur describing while i was always told change the serial numbers last few characters.Are u saying that the serial number is tied to the mac or am i reading this wrong ?

also the odd thing is as far as settings when i use my friends mac (seems were on the same nod even tho hes across town) i get online ... which is wat is throwing me for a loop and today he tested mines ... and got online... im doing somthing wrong ... he recomended i try a diff spoof string as i just used the one for my modem:
Modle: sb5101nu
Software Version: SB5101NU-2.1.7.0-GA-00-388-NOSH
this was an assumption and i didnt think it would come into facter at all other than looking similar to mines im goin to experiment today.

Ive bypassed the config all together untell i can get running

i recently started changing my mac to thanks for the info funny thing is im using the exsact software u suggested ... tho ive dont alot of network auditing and used alot of mac changers this one is real advanced n i love the interface ...

hopefully ill have so sucess to report soon lol


ps: drew ur have ur pic soon lol

---

one more thing ... the config files im looking at do not list a specific modle ... these r ones ive downloaded tho ill try to get one downloaded from cox and see if that gives ne clues ...

last think i see r CVC values but there in some wierd numerical code nothing that have a module string on it

[blackout.king]

While playing with spoof strings i found this out :

If it dose not include a U somewhere in the string i get STOPPED AT RANGING COMPLETE ... Even if i leave the stealth string U only i get to registration complete and followed by this log :

2010-10-10 17:52:10 Error B301.8 Auth Reject - Permanent Authorization Failure
2010-10-10 17:52:10 Error E207.0 Configuration File CVC Validation Failure
2010-10-10 17:52:10 Critical I402.0 TLV-11 - Illegal Set operation failed
2010-10-10 17:52:09 Notice I401.0 TLV-11 - unrecognized OID
1970-01-01 00:00:13 Critical D003.0 DHCP WARNING - Non-critical field invalid in response.
1970-01-01 00:00:05 Notice M571.1 Ethernet link up - ready to pass packets
2010-10-10 17:51:44 Notice M573.0 Modem Is Shutting Down and Rebooting...

With out the u i dont get an error yet i never get to past sending my registration .... so seems like my spoof string might just be the prob downloading the config file i receive after this error ... give me no info about a spoof string

[drewmerc]

well i'd fire up dchpforce and use the haxorware downloader to get as many configs as possible and then start testing the different spoofs from the configs (there probably a better way of doing this )

[blackout.king]

Can i get an exsample of were it would b n the config , i have combed the configs ive downloaded threw haxorware i am not finding a softwRe string at all im confused ill upload a pic of the configs when i get home .


-android

[drewmerc]