Quantcast
Channel: Haxorware Forums - All Forums
Viewing all articles
Browse latest Browse all 3635

Looking for a nudge in the right direction

$
0
0
Hi,
My haxorware modem went offline a couple years ago with the new cc security, and i gave up and put it away. I have been interested in getting it going lately and am looking for some advice. I am very interested in learning how it works and don't mind reading and studying DOCSIS but I'm not sure where to go. I have also switched ISPs and don't use cc anymore. Here is my telnet log:
Code:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.09.13 11:02:04 =~=~=~=~=~=~=~=~=~=~=~=
Haxorware integrated telnet daemon

Username: root
Password: ****
Welcome.

CM>
CM> DHCPc:  Sending Discover packet; client id htype=1, value=00:15:9a:d9:51:64
DHCPc:  Received an Offer from DHCP server XX:XX:XX:XX:XX:XX (172.29.255.121); lease client id htype=1, value=XX:XX:XX:XX:XX:XX

CM> runDHCPc:  Timed out waiting for offers for lease with client id htype=1, value=XX:XX:XX:XX:XX:XX
DHCPc:  Sending Request packet; client id htype=1, value=XX:XX:XX:XX:XX:XX
DHCPc:  Received an Ack from DHCP server XX:XX:XX:XX:XX:XX(172.29.255.121); lease client id htype=1, value=XX:XX:XX:XX:XX:XX
Current IP address is default 0.0.0.0.
0x0000f686 [DHCP Client Thread] BcmEcosIpHalIf::ConfigureLeaseImpl:  (IP Stack1 HalIf)
Configuring IP stack 1:
  IP Address = 10.137.232.220 (primary IP address)
   Subnet Mask = 255.255.248.0
   Router = 10.137.232.1
   IsPrimaryInterface = 1

Logging event: DHCP WARNING - Non-critical field invalid in response.
0x0000f6ae [DHCP Server Thread] BcmDhcpServerThread::ThreadMain:  (DHCP Server Thread) Callback request expired:
timerDuration secs = 1
current time secs = 63
elapsed time secs = 1
ARPing for default GW IP = 10.137.232.1
MAC = 00:01:5c:69:de:46
DHCP completed successfully!

DHCP Settings:
                     Client Id = htype=1, value=XX:XX:XX:XX:XX:XX
                         State = Renewing (5)
                  Static Lease = 0
               AutoConfig Mode = IP, Subnet and Router
                           XID = 0x7a7fe81e
               Number of Tries = 0
            Max Discover Tries = 6
             Max Request Tries = 6
          DHCP server MAC addr = 00:01:5c:69:de:46
                   Ignore NAKs = 0
         My offered IP address = 10.137.232.220 (primary IP address)
               (1) Subnet Mask = 255.255.248.0
         (3) Router IP address = 10.137.232.1
   (54) DHCP Server IP address = 172.31.15.244
   (82) Relay Agent IP address = 172.29.255.121
        TFTP Server IP address = 172.31.15.244
         CM Configuration file = 'unknown.bin'
           (2) UTC Time Offset = -28000 seconds
    (4) Time Server IP address = 172.31.15.244
        (6) Domain Name Server = 172.31.15.162; 172.31.15.244
     (7) Log Server IP address = 0.0.0.0
               (51) Lease time = 604800 seconds
               (58) T1 (renew) = 302400 seconds
              (59) T2 (rebind) = 529200 seconds
             Lease is infinite = 0


  CmSnmpAgent::IpAddressAcquiredEvent for SB5102 CM Agent w/ BRCM Factory Support
    IP addr = 10.137.232.220
Starting Time Of Day...
0x0000f71c [CmDocsisIpThread] BcmDocsisTimeOfDayThread::SetTodServerIpAddress:  (Time Of Day Thread) ToD servers:  172.31.15.244
Connecting to ToD server 172.31.15.244...
Sending UDP ToD request to server...
Not logging event ID 2291949724, control  for level 7 is 0.
UTC returned by ToD server 3619609332; UTC offset -28000
Current system time -> Sat Sep 13 07:15:32 2014

System start time -> Sat Sep 13 07:14:29 2014

Starting Tftp of configuration file...
Opening file 'unknown.bin' on 172.31.15.244 for reading...
Resuming SNMP Thread
tftp-enforce bypass is DISABLED
SB5102 CM Agent w/ BRCM Factory Support IpStackEvent: Ip=10.137.232.220, Subnet=255.255.248.0, Gateway=10.137.232.1
  Ip addr is the same, not rebinding.
SB5102 CM Agent w/ BRCM Factory Support IpStackEvent: Ip=10.137.232.220, Subnet=255.255.248.0, Gateway=10.137.232.1
  Ip addr is the same, not rebinding.
Storing received cfg of size 1108 to memory
Tftp read < 512 bytes, we have reached end of file.
Tftp transfer complete!
TFTP Settings:
            Stack Interface = 1
          Server Ip Address = 172.31.15.244
         Server Port Number = 32794
          Total Blocks Read = 3
           Total Bytes Read = 1108

Config file was read!  IP Initialization completed...
MAX CPE per CM is being set to 32
TLV-11[1]: 1.3.6.1.2.1.69.1.2.1.4.1 -> public
TLV-11[2]: 1.3.6.1.2.1.69.1.2.1.5.1 -> 3 (i32)
TLV-11[3]: 1.3.6.1.2.1.69.1.2.1.6.1 -> HEX:40 00
TLV-11[4]: 1.3.6.1.2.1.69.1.2.1.7.1 -> 4 (i32)
Time Of Day completed...
  DefaultSnmpAgentClass::SystemTimeChangeEvent for SB5102 CM Agent w/ BRCM Factory Support
Not logging event ID 2291949524, control  for level 7 is 0.
Not logging event ID 2291949324, control  for level 7 is 0.
SB5102 CM Agent w/ BRCM Factory Support processing TLV-11's
SNMP packet sent to 10.137.232.220:225
  4 TLV-11's OK.
Sending a REG-REQ to the CMTS...
Received a REG-RSP message from the CMTS...
0x0000f942 [CmDocsisCtlThread] BcmCmDocsisCtlThread::RegRspMsgEvent:  (CmDocsisCtlThread) We registered with a DOCSIS 1.0 config file!
Adding DOCSIS 1.0 CoS Settings for SID 0xaf8

Class Of Service Settings:
                        SID = 0xaf8
               Max Us Burst = 3044 bytes
                Max Us Rate = 131072 bits per second
            Max Bucket size = 24288 bits
             Bits In Bucket = 24288
    Last Bucket Update Time = 64810 ms
     Last Bucket Flush Time = 64810 ms
          Packet Delay Time = 0 ms

Global CONCAT has been disabled for all upstream queues (either from NonVol settings or CMTS override).
Fragmentation is ENABLED in DOCSIS 1.0 mode!
0x0000f94c [CmDocsisCtlThread] BcmCmDocsisCtlThread::TestAndApplyRegAckHack:  (CmDocsisCtlThread) DOCSIS 1.0 reg on us phy type 3 channel.  --> perform REG-ACK hack!
Registration complete!
Process CVC
CmDownloadMatchBuffer - length comparison failed
0x0000f9a6 [CmDocsisCtlThread] CmSecureDownload::ProcessConfigFileSpecifiedCvc:  (Secure Software Download) ERROR - Config File manufacturer CVC Subject organizationName does not match the CM's manufacturer name.
0x0000f9a6 [CmDocsisCtlThread] CmSecureDownload::ProcessConfigFileManufAndCosignerCvcs:  (Secure Software Download) ERROR - Reject config file MFG CVC!
0x0000f9a6 [CmDocsisCtlThread] BcmCmDocsisCtlThread::ProcessCVC:  (CmDocsisCtlThread) ERROR - Config file does not include a valid CVC!
DOCSIS CoS/QoS rate shaping enable is now 1
  CmSnmpAgent::CmOperationalEvent for SB5102 CM Agent w/ BRCM Factory Support
CmSnmpAgent operating in 1.0 mode, including docsBpi, excluding docsQos
+++ No DH kickstart profiles or snmpCommunityTable entries installed.
    We will operate in NMACCESS mode.
SB5102 CM Agent w/ BRCM Factory Support setting V1/V2 view to docsisNmAccessView
SB5102 CPE Agent w/ BRCM Factory Support setting V1/V2 view to docsisNmAccessView
0x0000f9a6 [CmDocsisCtlThread] BcmCmDocsisCtlThread::TestAndLaunchBpkm:  (CmDocsisCtlThread) BPKM disabled via provisioned config file setting.
Enabling network access for all CPE ports.

mot_scanList: Writing to Flash!
0x0000f9e2 [CmDocsisCtlThread] BcmDocsisCmHalIf::ConfigOperational:  (DOCSIS CableModem HalIf) Running IGMP in DOCSIS 1.0 mode!
BcmCmDocsisStatusEventCodes::kCmIsOperational
Suspending SNMP Thread
0x0000f9ec [CmDocsisCtlThread] BcmVendorCmApplication::StopDhcpServer:  (VendorExtension CmApp) Shutting down DHCP Server...
0x0000f9ec [CmDocsisCtlThread] BcmStandbySwitchThread::CmIsOperational:  (Motorola Standby Switch Thread) Simulating a press of the standby switch to get the state configured properly.
0x0000f9f6 [IGMP Thread] BcmIgmpThread::Starting Igmp Thread...:  (IGMP Thread)
0x0000fa00 [Motorola Standby Switch Thread] BcmStandbySwitchThread::ThreadMain:  (Motorola Standby Switch Thread) Standby switch was pressed!
0x0000fa00 [Motorola Standby Switch Thread] BcmStandbySwitchThread::ProcessSwitchEvent:  (Motorola Standby Switch Thread) Standby switch disabled in nonvol; ignoring event.
Logging event: Improper Configuration File CVC Format
SB5102 CM Event Log w/ BRCM Factory Support sending deferred async messages...
Done w/ deferred msgs
Not logging event ID 2296948624, control  for level 7 is 0.

CM>

Since my mac is not provisioned I get the unknown.bin config file which fails the CVC check.

First, my subbed modem is an Arris mg5225g which is a modem and router in one. I don't think I can scan for macs, because you're supposed to be connected directly to modem, not behind a router. I tried putting my pc in dmz and scanning but it doesn't seem to work. Is there a way to scan with my equipment, or is that the wrong approach altogether? I was thinking if I could see macs and config files on my network I could play around with those to at least get more information on the security my cmts is running.

I don't know a whole lot about snmp but it seems like that might hold a key for me? Problem is I can't get any information with the unknown.bin config file sent to my modem. I think I would at least need a community string, but where can i get that if its not in the config file?

I keep reading that I need to understand the handshake and learn how to make my cm send what the cmts is wanting to see, but I can't get past this unknown.bin problem.

I really do want to learn more about this and I like to read and understand these things (I basically taught myself c++ just from reading online), I'm just hoping someone can point me in the right direction.

Viewing all articles
Browse latest Browse all 3635

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>