Haxorware Modem Firmware

This book is intended to be a manual for Haxorware which is a custom cable modem firmware. This is a legal firmware change. This book is NOT intended to demonstrate or condone any illegal practices. DO NOT add information to this book regarding ANY theft of service!

Overview
Current Revision: 1.1 R39 Compatibility: All BCM3349 chipset based modems (Including SB5101/E/i, SB5102/E/i, Webstar DPC2100R2, RCA DCM425, Ambit 250/255/256) Versions: DIAG & LITE. DIAG • • • • • LITE Based on sb5101e firmware Does not support SPI flash based modems. Crippled shell & much less diagnostic output in telnet/serial. Static IP option is missing because there is no ipconfig command in the shell anymore (and the entire /ip page is missing too). • The standby button on a 5101 works in LITE • • • • Might not perform optimally on a 8MB ram modem (16/32mb upgrade recommended). Based on sb5102u/n firmware (which includes diagnostic output, console and SPI support) Much more Verbose to troubleshoot issues. Standby button does not work Memory leak on SPI modems fixed in Rev39

Haxorware Modem Firmware/Installation
Installation varies based on your available method. Some methods require different hardware modifications such as a Jtag or serial connector (outside the scope of this pdf) ALWAYS backup current firmware. If you flash a 2mb dump over the existing firmware you will lose the modems original certificates forever.

JtagUtility Instructions:
If your modem is currently running infinite firmware it is recommended to restore it to stock, like it was out of the box. To do this you restore your 2MB backup that i hope you made before flashing infinite. The commands are as follows:
detect ldram 9fc00000 (A File Open dialog will appear, find your 2MB backup file and click open) program 9fc00000 200000

It is recommended you make a backup before flashing haxorware (or any other hacked firmware) onto your modem. To create a 2MB backup with JtagUtility, enter the following commands:
detect getram 9fc00000 200000 save 9fc00000 200000 (A save as dialog will appear, choose where to save your 2MB backup)

To program haxorware to your modem using JtagUtility, issue the following commands:
detect ldram 9fc10000 A File Open dialog will appear, find the haxorware firmware file you want (haxorware11revXX-XXXX.bin) and click open program 9fc10000 130000

After the flashing is complete, reboot your modem and enjoy Haxorware

Flashing over serial:
Diagnostic cable instructions (requires noisy bootloader):
Set your computers ip to 192.168.100.10 Set up a TFTP server with haxorware11revXX-XXXX.bin in its root Connect to modem with hyperterminal or putty (with changed CR/LF to LF) While modem is turning on press p (you should get a prompt) If you do not get a prompt for pressing p, your modem does not have a noisy bootloader, and you will have to use JTAG Set the Modem IP to 192.168.100.1 Leave everything else at their defaults (just press enter) When you get at the bootloader menu press d Enter 192.168.100.10 as TFTP IP Enter haxorware11revXX-XXXX.bin as filename It should download (the dots indicate progress) When asked what image to save to, answer 1 Answer y to the "Store uncompressed image" prompt press b once you are back at the menu to boot the modem

The commands are as follows: detect ldram 9fc00000 (A File Open dialog will appear. choose where to save your 2MB backup) To program haxorware to your modem using USBJTAGNT Start USBJTAGNT and choose the SB5101Mod profile (Tools->Config will open the profile selection dialog) Then issue the following commands: detect ldram Firmware (A File Open dialog will appear. After that. To do this you restore your 2MB backup that i hope you made before flashing infinite. To create a 2MB backup with usbjtag enter the following commands: detect getram 9fc00000 200000 save 9fc00000 200000 (A save as dialog will appear.bin and click open) program Firmware After the flashing is complete. choose where to save your 2MB backup) To program haxorware to your modem using USBJTAG. find your 2MB backup file and click open) program 9fc00000 200000 It is recommended you make a backup before flashing haxorware (or any other hacked firmware) onto your modem. find haxorware11revXX-XXXX. To do this you restore your 2MB backup that i hope you made before flashing infinite. reboot your modem and enjoy Haxorware . reboot your modem and enjoy Haxorware USBJTAGNT Instructions: If your modem is currently running infinite firmware it is recommended to restore it to stock. like it was out of the box. like it was out of the box. To create a 2MB backup with usbjtag enter the following commands: detect getram 9fc00000 200000 save 9fc00000 200000 (A save as dialog will appear. The commands are as follows: detect ldram 9fc00000 (A File Open dialog will appear.def with the one from this archive. please overwrite your usbjtag. find haxorware11revXX-XXXX.USBJTAG Instructions: If your modem is currently running infinite firmware it is recommended to restore it to stock. find your 2MB backup file and click open) program 9fc00000 200000 It is recommended you make a backup before flashing haxorware (or any other hacked firmware) onto your modem.bin and click open) program Firmware After the flashing is complete. start USBJTAG and choose the SB5101 profile (Tools->Config will open the profile selection dialog) Then issue the following commands: detect ldram Firmware (A File Open dialog will appear.

10 Set up a TFTP server with haxorware11revXX-XXXX.100. Then use the Firmware Upgrade page on the WebGUI.0 Set your computers ip to 192.1 Enter your username and password cd /ip ipconfig 1 release y dload -i 1 -l -f 192.168. find haxorware11revXXXXXX.bin y cd / reset Haxorware 1.Upgrading from previous shelled firmware (infinite) or Haxorware 1.bin in its root Make sure the haxorware webgui isn't currently open Connect to modem with hyperterminal or telnet to the IP 192.100.10 haxorware11revXX-XXXX. and the new version of Haxorware should now boot . so if it's currently scanning for downstream make it stop by going to the web shell and doing cd /docsis scan_stop The safest time to do the Firmware Upgrade is when the modem is fully operational and online.1 Make sure the modem's cpu usage is low.1 should now boot Upgrading from Haxorware 1.100.bin and upload it to the modem in the Firmware section Reboot the modem using the WebGUI or otherwise.168.168.

when using one different from what was assigned by the ISP the filename shows here. Configuration file Name "Actual" Config file name in use.Haxorware Status/Overview HFC Parameters Mode DHCP assigned address or Static IP Address Your currently assigned IP address Subnet Subnet mask applied to your IP address TFTP Server "Provisioned" Config file name assigned by your isp TFTP Filename “Provisioned" Config file name assigned by your isp ToD Server "Provisioned" Time Of Day server IP assigned by your isp to synchronize against. . Size Config file size 'Compliance ' DOCSIS version compliance of this config file.

Symbol Rate Number of symbols per second. (ATDMA is faster) Symbol Rate Number of symbols per second. Higher is faster. Transmit Power Broadcast signal strength to the head end at your ISP measured in dBmV .Haxorware Status/Signal Downstream Frequency This is the frequency your downstream channel is on Status Whether the channel is locked or in process Annex DOCSIS or EURODOCSIS Modulation Modulation rate such as QAM256. Receive Power Downstream channel signal strength measured in dBmV. QAM16. etc. Signal to Noise ratio SNR measured in Decibles (Higher is better) Upstream Frequency This is the frequency your upstream channel is on Channel ID Upstream channel number Status Whether the channel is locked or in process Mode TDMA or ATDMA.

Haxorware Status/Event Log Displays Events and errors in operation .

Disable IP Filters on startup IP filters are used by some ISP's to block traffic of certain types on certain ports (such as if your ISP blocks port 80 to prevent you from hosting a web server). Unchecking this could compromise your Haxorware install.even if you are using another one. Force Network Access Tftp Enforce Bypass If your ISP enforces Tftp config file this option will tell the modem to download the supplied config file at the right point . Disable Firmware Upgrades This option will force Haxorware to ignore new modem firmware pushes from the ISP.Haxorware Configuration/Settings settings Factory Mode This forces the modem to behave as if it was supplied by the ISP and bypasses customs settings. This option bypasses them entirely .

or only when manually enabled. Uncheck this ONLY if you have it set manually.Timeouts Ignore T1 (No valid UCDs) Ignore T2 (Ranging Opportunity) Ignore T3 (Ranging Response) Ignore T4 (Station Maintenance) Administration Control Panel IP Address Set a different IP than standard here if necessary DHCP Server Check this to assign the IP to WAN on router or to PC. WebGUI Password protection enable or disable Password protecting the GUI from tampering. Telnet Server Current state Whether Telnet services are running Run on startup Whether Telnet should start when the modem is booted. .

.Choose DOCSIS or EURODOCSIS based on your region. Upstream Channel This is the preferred upstream channel to try before scanning for available channels. Preferred DS Freq 1.600mhz would actually be entered as 600000000) These are the frequencies checked first before scanning.Haxorware Configuration/Frequency Annex . & 3 is displayed in "Hz" not "mhz" (for example . 2. Plan Choose the type matching your region.

1 mode.Haxorware Configuration/Addresses Addresses HFC MAC This is the Mac address your ISP will see for this modem. Click copy from certificate to change back to mac for current certificate. Ethernet MAC This is the mac address your computer or router sees when querying the modem via ethernet USB MAC This is the mac address your computer or router sees when querying the modem via usb Serial Number This is the Serial number for the modem presented upon query Certificate generation Certificate type When generating certificates this is the type of certificate preferred . Most ISP's do not accept self signed certificate in BPI+ docsis 1. Changing this to a number that does not have factory certificates loaded will generate a self signed certificate.

Some ISP's can be tricked to allow you online using a config file saved directly to your modem instead. Store new config Where you upload a stored config file. . File name This is the filename of the config file you want to pull from the above IP Autoserve Autoserve Config File Disabled until new config is uploaded.Haxorware Configuration/Config File Force Config File Server IP This is the IP address of the TFTP server hosting the config file you want to run.

1 must be enabled to use docsis 1. BPI 1. Bypass must be enabled to use 1.1 config files with valid certificates.1 configs with self signed certificates but will not work on all providers Backup/Restore Backup Backup your current certificate set Restore from filesystem Restore uploaded or previously backed up certificate sets Restore from file Certificate Download Download individual certificates Certificate Upload Upload individual certificates here .Haxorware Configuration/Baseline Privacy Baseline Privacy BPI Baseline privacy version running.

Suppress DHCP Requests Check this to ignore any requests from the provider to provide your modem with a DHCP lease IP Address Enter your desired IP Address here Subnet Mask Enter the applicable subnet mask here Gateway Enter the appropriate gateway here TFTP IP Enter your desired TFTP server IP address here TFTP Filename Enter the Configuration filename on the TFTP server provided you wish to run ToD IP Enter your desired Time Of Day server address here. This is generally the same as the TFTP server IP . Note that this does not stop your provider from assigning your IP to another user since you did not pull from their pool.Haxorware Advanced/Static IP Force Static IP Check this to force your modem to override any DHCP assigned Information to the contents below.

Hardware Version Enter the hardware version you want to supply here Override Bootloader Revision Check this to override the default bootloader revision sent to your ISP Bootloader Revision Enter revision information here SNMP Agent Server Port Port number for snmp scans Disable SNMP Agent after registration Check this to disable snmp probe requests from your isp after initial registration when the modem goes online (recommended) Redirect SNMP Traps When SNMP requests are sent redirect them to another device and port (such as another modem on the network) IP IP address to redirect to Port Destination port at redirected IP .Haxorware Advanced/Stealth Modem Identifiers Vendor Enter the manufacturer you want to emulate or tell the ISP you are running Model This is where you enter the Model number information you want to supply Software Version This is where you enter the firmware version you want to supply Override Hardware Version Check this to supply a different hardware version to the vendor other than what it is.

Haxorware Advanced/Downloader This page allows you to download config files from your ISP's TFTP server to examine them with programs such as vultureware or autoserve them from the modem. The IP address and Filename may be entered here. and clicking download will prompt you with a file save dialog box. .

tar (size in bytes) (option)Download Delete Upload New File Choose file dialog prompted when this is clicked. Click upload after picking file to upload .Haxorware Advanced/File Manager Free Space Before Defragmentation Size in KB before a defragmentation is performed After Defragmentation Size in KB after a defragmentation is performed Haxorware Configuration Config File This allows you to Download or Delete the existing config file stored in the modem File Size Filesize of config file in Bytes Entries Number of entries in the config file Restore From File 'Files' Previous backup files or uploaded files are shown here which can be downloaded or deleted in the following format: CMXXXXXXXXXXXX.

.Haxorware Web Shell Any Shell commands can be entered here. These are generally commands you might use when at a file system shell (such as telnet) without having to open an actual session.

You also can restore a previously backed up Nonvol here in case of issues . When you click backup you get prompted with a file save dialog. or do a FULL firmware backup (2MB) to a file.Haxorware Backup and Restore Here you can Backup either your nonvol information.

Haxorware DOES however have provisions to prevent drastically wrong choices (such as accidentally picking a 10kb text file) Bootloader upgrade Bootloader Image Update the bootloader only (such as if you need to load the noisy bootloader to diagnose issues) .Haxorware Firmware upgrade Firmware upgrade Firmware Image Pick the file you want to upload. Be sure to pick the right one.

Haxorware Factory Defaults clears all dynamic settings such as preferred downstream frequencies. . upstream channel IDs and their power levels.

Haxorware About Information about Haxorware .

haxorware.org/wiki/Haxorware_Modem_Firmware .sbhacker.wikibooks.net • http://www.com Original idea educate taken from the wiki article here http://en.Haxorware Reboot Modem reboot page Relevant Links • http://www.

Sign up to vote on this title
UsefulNot useful