Professional Documents
Culture Documents
First let me explain that extracting the certificates from Haxorware from the Baseline Privacy tab do
NOT work, (either from the .tar or by downloading certificates separately). You will need to extract them
from the 32 KB nonvol or 2MB dump. So please make sure you always keep a backup of your modem at
all times.
Here's why:
The length of the keys (in hex) when you extract them from haxorware are as follows:
1. public.key 8B
2. private.key 289
3. root.key 10D
4. cm_cert.key 326
5. ca_cert.key 403
This is actually incorrect. If you use the nonvol explorer and extract the keys from your nonvol, the
lengths will be as so:
1. public.key 8D
2. private.key 289
3. root.key 110
4. cm_cert.key 32F
5. ca_cert.key 409
These inconsistencies will give rise to this error when trying to start BPI:
[ERROR] [DOCSIS.BPI(pid=267)]: Decrypt Auth Key: Couldn't format PKCS#8 private key into PKCS#1 format!
This is a step-by-step tutorial on how to both extract the needed keys from your SB5101 running
Haxorware and import them into your SB6120 with shelled firmware.
1) Open Haxorware on your SB5101 and go to backup tab. Select download nonvol (32 KB). This will download
a nonvol.bin file.
2) Get the nonvol explorer program (cmnonexp.exe) by qingpu. Version 1.1.1 -> (google search)
1 of 2
3) Place nonvol.bin and cmnonexp.exe in same folder. Open CMD and navigate to that folder. Run
"cmnonexp.exe -e -f nonvol.bin". This will extract 5 files and they will appear in the folder with these names:
non01_1_public.key
non01_2_private.key
non01_3_root.key
non01_4_cm_cert.cer
non01_5_ca_cert.cer
5) Setup FTP server. Set the directory to whatever has those files you just renamed.
6) In SB6120 shell, navigate to "cd /nvram/1/security". Use the "ls" command to list the contents and you
should see the certs in there already.
8) Download the new ones (assuming your FTP server has no user/pass and using port 21, adjust accordingly):
wget ftp://192.168.100.2/mfg_key_pub.bin
wget ftp://192.168.100.2/cm_cert.cer
wget ftp://192.168.100.2/mfg_cert.cer
wget ftp://192.168.100.2/cm_key_prv.bin
wget ftp://192.168.100.2/root_pub_key.bin
Regardless if you need the root cert or not this method can be used for all 5 and works fine. I have confirmed
that BPI+ works using this method with the matching MAC of course.
www.modempremodz.net
2 of 2