Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

RCA / Thomson Modem Hack Discovered

Hemos posted more than 9 years ago | from the the-joy-of-hacking dept.

Hardware Hacking 182

An anonymous reader writes "Those un-employed modem hackers are at it again. The group known as TCNiSO has released a very interesting hardware modification for RCA / Thomson cable modems. The modification is done by grounding the bus clock on the serial EEPROM which throws the device into a diagnostic panic mode. Then by using the debug tools from the embedded console to reprogram the EEPROM, a user can permanently enable a developers menu which gives complete control of the modem, such as modifying the hardware addresses or flashing new firmware. Now if only these guys can figure out how to enable the Bluetooth features on my v710 phone..."

Sorry! There are no comments related to the filter you selected.

Don't fuck around w/your modem's MAC. (5, Interesting)

garcia (6573) | more than 9 years ago | (#11191600)

Just remember that some cable ISPs use modem MAC authentication and changing your MAC address could possibly disable your access to the Internet. Some cable ISPs use "bottom-up" provisioning which allows you to re-register your modem's MAC address and tie it to your account (useful if you buy your own modem) but others could still be using manual provisioning which could cause delays in regaining block-sync.

Personally, don't fuck around w/your cable modem. It works just fine the way it is. Hacks are a wonderful educational/mental exercise but I wouldn't exactly be trying this if you don't want to lose connectivity to your ISP.

Re:Don't fuck around w/your modem's MAC. (4, Insightful)

Saxton (34078) | more than 9 years ago | (#11191686)

That, and is there any real functionality you are able to get from this hack? Didn't seem like it. I am guessing for 95% of the people that do it are going to follow the directions, say "yay I did it" and then forget all about it other than being able to tell their friends that they owned their own cable modem.

*yawn*

-Aaron

Re:Don't fuck around w/your modem's MAC. (3, Interesting)

Sc00ter (99550) | more than 9 years ago | (#11191716)

You could hack the bootp config file and get faster upload/download speeds.

Re:Don't fuck around w/your modem's MAC. (4, Informative)

garcia (6573) | more than 9 years ago | (#11191756)

So? You can do that w/o a hardware hack using a TFTP server and a text editor. Most cable ISPs already scan their networks for modified cable modem config files and disable them for ToS violations.

Re:Don't fuck around w/your modem's MAC. (3, Insightful)

Sc00ter (99550) | more than 9 years ago | (#11191888)

Some versions of the firmware won't allow bootp files to be recived from the ethernet interface. This hack lets you change the firmware to a version that does allow it. So it may still be a required step.

Re:Don't fuck around w/your modem's MAC. (4, Interesting)

DigiShaman (671371) | more than 9 years ago | (#11192273)

As a Time Warner employee for the Austin TX area, our cable modems (regardless of brand, be it 3com, Ambit, Toshiba...etc) have a 10.x.x.x IP address that is not accessable to the public. Only if you have direct access to the CMTS system can you upload new BIN configuration files to these modems on the fly. If you make any changes to the modem by chance and uncap your modem, some fuzzy-logic software will check the checksum of the bin files on that modem (so I've been told by the abuse department). If that bin file has been modified or the firmware flashed to something other than what its supposed to have; expect your account to be disabled.

Chances are at this point, there will be no nogotiation. If so, you will have to find another ISP as we do not tollorate what-so-ever of people uncapping their modems. And believe me, we have quite a nice tech-savy population in Austin that DO try to get away with it.

Re:Don't fuck around w/your modem's MAC. (1)

YaRness (237159) | more than 9 years ago | (#11192316)

i'm confused. how does modifying hardware that i own affect how my isp limits traffic?

note: i'm on cox cable in virginia, i got my cable modem from somewhere other than my isp.

Re:Don't fuck around w/your modem's MAC. (0)

Anonymous Coward | more than 9 years ago | (#11192371)

becuase most cable modem ISPs apply rate limiting *at the modem* and not further up the line. pretty brain-dead if you ask me,

Re:Don't fuck around w/your modem's MAC. (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11192616)

You're a bit of a knob, aren't you?

Re:Don't fuck around w/your modem's MAC. (2, Informative)

DigiShaman (671371) | more than 9 years ago | (#11192640)

If it's your modem, you can do anything you want with it...as long as you do not hack the BIN files that your ISP uploads to the modem (they are stored in RAM, don't worry). The moment you reprogram those config files or anything else that would circumvent the Terms Of Service Agree or Coxs network, expect your account to be disabled.

Re:Don't fuck around w/your modem's MAC. (2, Interesting)

AndroidCat (229562) | more than 9 years ago | (#11192587)

Only if you have direct access to the CMTS system can you upload new BIN configuration files to these modems on the fly.

It's a good thing that spoofing a CMTS system to the modem and giving it new BIN files, and then the new software lying to checksum/CRC tests is a tricky operation. But don't assume that it's impossible.

Re:Don't fuck around w/your modem's MAC. (3, Insightful)

Jeff DeMaagd (2015) | more than 9 years ago | (#11191781)

Uncapping or raising your cap is likely in violation of your contract and grounds for termination. Basically if you did this, you could be charged with theft of service.

Re:Don't fuck around w/your modem's MAC. (1)

Sc00ter (99550) | more than 9 years ago | (#11191862)

I didn't say it was legal or right. Just that you could do it.

Re:Don't fuck around w/your modem's MAC. (2, Interesting)

asliarun (636603) | more than 9 years ago | (#11191704)

Good point. However, one could easily make a note of the original MAC address, and change it back to the original, if it causes a problem.

On the topic of MAC addresses, i'm not sure if enough people treat it as a privacy issue. AFAIK, MAC addresses are globally unique, thus uniquely identifying an individual user. Even IP addresses are sometimes dynamic (depending on the ISP), and can be "masked" by using a suitable proxy. MAC, OTOH, is almost like a digital fingerprint.

Does anyone else share the same concern? Or am i missing something here??

Re:Don't fuck around w/your modem's MAC. (1)

ThomaMelas (631856) | more than 9 years ago | (#11191811)

Not really, you can change a machines MAC address within software pretty easily.

Re:Don't fuck around w/your modem's MAC. (1)

DarkMantle (784415) | more than 9 years ago | (#11191854)

Besides that, when I bought my network card they never took my personally identifiable information.

Re:Don't fuck around w/your modem's MAC. (3, Informative)

afidel (530433) | more than 9 years ago | (#11191916)

MAC addresses are stripped at the first hop so unless someone is specifically looking for you and has a valid search warant I wouldn't be too worried about your MAC address.

Re:Don't fuck around w/your modem's MAC. (-1, Offtopic)

lazy_playboy (236084) | more than 9 years ago | (#11192664)

There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.

That's all very well, but most people seem to think it's okay to persevere with the last option, whilst only giving lip-service to the first three. If you're american/british and still support the military action in iraq, you should be ashamed.

Re:Don't fuck around w/your modem's MAC. (2, Informative)

spitefulcrow (713858) | more than 9 years ago | (#11191921)

On embedded devices like cable modems it's a bit harder to do but the MAC is always changeable. Most home routers now offer "MAC cloning" so that it looks like you have the original PC that you set up the service with connected to the cable modem still while you can share the connection over the router. And it's trivially easy to change the MAC address of a NIC in Linux and probably most other *nix systems. "ifconfig [iface] hw [class] [address]"

Re:Don't fuck around w/your modem's MAC. (1, Interesting)

nolife (233813) | more than 9 years ago | (#11191705)

Some cable ISPs use "bottom-up" provisioning which allows you to re-register your modem's MAC address and tie it to your account

Or allow you to access the internet with someone elses credentials. I am not familiar with how a cable internet system works and I doubt you could get lucky enough to guess someone elses MAC but wouldn't the other CM's in your area or "node" have their MAC flying around the wire and ripe for capture? At least the initial requests looking for the routers and DHCP server.

Re:Don't fuck around w/your modem's MAC. (1)

garcia (6573) | more than 9 years ago | (#11191777)

Or allow you to access the internet with someone elses credentials.

I would estimate that 98%+ of people using cable modems are doing so with the basic level of service. Even if you did sniff a valid modem MAC off the network and changed your modem's to that you'd have to be pretty lucky to find one that was at a "higher level" than you.

I was wondering. (2, Interesting)

FreeLinux (555387) | more than 9 years ago | (#11191714)

I was wondering about this. It seems, to me, that this hack will render your modem useless on the cable network. What's the advantage of that?

Changing tha MAC address will effectively cut off service to your modem. Being able to update the firmware sounds nifty but, do you have new firmware that you need to install? Is there some service that you need so badly, on a cable modem, that you would spend your time writing new firmware for it?

I just don't see the advantage to this hack. I can see the advantage of previous hacks to uncap a modem but, even those hacks put you at risk of having your service terminated or worse, criminal charges being brought against you.

Re:I was wondering. (0)

Anonymous Coward | more than 9 years ago | (#11192591)

I think you have it backwards. If you want to switch modems, this way you can set your mac address to match your old one so your cable network still works.

More realistically, though, your ISP sucks if he won't let you change modems.

Re:Don't fuck around w/your modem's MAC. (1)

wdd1040 (640641) | more than 9 years ago | (#11191829)

And how hard would it be to call techsupport and have them send you a new modem cause yours doesn't work? Personally, I'd love to try this. I just wish the US ISPs would open their eyes and allow us higher speeds, like almost the rest of the world.

Re:Don't fuck around w/your modem's MAC. (2, Insightful)

Shakrai (717556) | more than 9 years ago | (#11192049)

I just wish the US ISPs would open their eyes and allow us higher speeds, like almost the rest of the world.

Not to disagree with you because I like fast downloads as much as the next guy but how much bandwidth do we really need with current technology? Hell, Roadrunner is upgrading from 3.0mbits to 5.0. What do you really need all that speed for? At 3.0 I can download an entire Linux CD in less then 40 minutes.

If you bump up the speed to insane amounts on the current infrastructure (what's the tops for a cable modem node? 45-50mbits down and 10mbits up IIRC) you'll just wind up with Joe Script Kiddie slowing everybody down for the sake of his illegal copy of XP. Not to mention all the owned Windows boxes out there being used for DDoS attacks that don't really need limitless amounts of bandwidth at their disposal.

I would like to see higher upload speeds because it's really annoying to try and telecommute at 384k -- I'd say that an even meg would be about right -- but do we really need more download bandwidth?

Re:Don't fuck around w/your modem's MAC. (1)

wdd1040 (640641) | more than 9 years ago | (#11192272)

"I would like to see higher upload speeds because it's really annoying to try and telecommute at 384k -- I'd say that an even meg would be about right -- but do we really need more download bandwidth?"

That was my point. :-) Download speeds aren't complainable at the moment. I would love to have 1 meg up, at least, so I could effectively share home movies and such. Sending an compressed HD home movie from a cable user to another is still an agonizing ordeal.

Re:Don't fuck around w/your modem's MAC. (1)

RyuuzakiTetsuya (195424) | more than 9 years ago | (#11192340)

Your ISP would be the problem. Once they flag your modem as being in violation of the acceptable use policy, they may not let you back on, period. Unless you sign up for a new account under a fradulent name. But then you'd be getting into all sorts of fraud...

Re:Don't fuck around w/your modem's MAC. (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11191909)

Hackers use this to their advantage by chageing their MAC to one thats allready authed on the network. Then its just like having service that you pay for... only you dont.

Re:Don't fuck around w/your modem's MAC. (1)

Tokerat (150341) | more than 9 years ago | (#11192406)


Then its just like having service that you pay for... only you dont.
Stealing cable for the new millenium?

How long... (2, Interesting)

KennyP (724304) | more than 9 years ago | (#11191613)

Until they are discovered and those modified cable modems are de-serviced?

Kenny P.
Visualize Whirled P.'s

Re:How long... (3, Insightful)

garcia (6573) | more than 9 years ago | (#11191632)

Until they are discovered and those modified cable modems are de-serviced?

I was wondering if people could use a modified firmware that would report a valid modem config file back to the ISP when the ISP scans for ones that were not sanctioned.

The ISP could powercycle the modems remotely and push new firmware to all the modems rather easily. I would assume that the pushed firmware would include a way to block unauthorized firmware from connecting to the network.

Who knows if they'd be that interested though?

Re:How long... (1)

packslash (788926) | more than 9 years ago | (#11192179)

actually there are hundreds of people in just one of the main irc channels that have all been using hacked cable up and down for years now.

Dangerous, and probably illegal. (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11191617)

Why would anyone want to do this? For one thing, its dangerous. Connecting hardware that you have hacked to the public telephone system could electrocute some poor telecoms engineer somewhere, or damage some expensive hardware back at the exchange. Secondly, this is surely a DMCA violation.


Let's hope whoever thought of this gets put behind bars where they belong, for risking the saftey of others.

Re:Dangerous, and probably illegal. (3, Funny)

Neophytus (642863) | more than 9 years ago | (#11191680)

Please note cable modems do not connect to the telephone network. They connect to the cable company's private wires.

Re:Dangerous, and probably illegal. (1)

NoMoreNicksLeft (516230) | more than 9 years ago | (#11191839)

Please note that this was a sarcastic comment using Bell's excuse for not allowing non-Bell owned equipment to be connected to your phone jack.

Am I the only one here older than age 12?

Re:Dangerous, and probably illegal. (1)

tenman (247215) | more than 9 years ago | (#11191881)

13 and a half...

Re:Dangerous, and probably illegal. (3, Informative)

papasui (567265) | more than 9 years ago | (#11192177)

In a two way system yes both a forward and return path are provided completely through the cable provider. In a 1 way system the return path is provided through the phone, Motorola's Surfboard 2100D has a CAT3 connector on it for this purpose. I'll bet that there is still a few of these in the US.

Re:Dangerous, and probably illegal. (2, Insightful)

Anonymous Coward | more than 9 years ago | (#11191712)

impossible for so many reasons, read up on the phone network, but it is impossible to send any large ammount of electricity down it.

also you can connect up homebrew devices, the only thing you wil degrade is your own private phone network, no one elses.

why would it be a DMCA violation in the first place?
do you even know what it stands for

Re:Dangerous, and probably illegal. (2, Funny)

Anonymous Coward | more than 9 years ago | (#11191732)

why would it be a DMCA violation in the first place?
do you even know what it stands for


I believe it stands for "YHBT".

Wrong law, bucko. (2)

SCPRedMage (838040) | more than 9 years ago | (#11191804)

It wouldn't be a DMCA issue; DMCA applies to copyright protection. Hacking your modem isn't going to let you bypass some obscure copy-protection scheme.

Re:Wrong law, bucko. (0)

Anonymous Coward | more than 9 years ago | (#11192447)

Have you never read any of the twisted ways this law has been applied? I'm sure the access you get to the Copyrighted BIOS would be more then enough to get you charged - and who needs a conviction, just being charged gets you RIAA style justice.

Re:Dangerous, and probably illegal. (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11191809)

wow you are so insanely stupid I feel dumber just reading your post.

I suggest you go to a forum more your speed, There are plenty on AOL.

please, if you are so unbelieveably stupid that you have no idea what you are talking about, do not SAY anything.

It amazes me how the complete idiots spew things from their mouth and only sound dumber and dumber.

get a clue, learn abut CABLE modems, and for that matter what the public telephone system does and is designed around.

you obviousally know nothing about either one.

Re:Dangerous, and probably illegal. (1)

PalmKiller (174161) | more than 9 years ago | (#11191859)

Its cable modem systems, not DSL, just a few radio waves over a coax, and no, its not going to microwave them

Re:Dangerous, and probably illegal. (1)

anderm7 (68050) | more than 9 years ago | (#11191875)

Who let 1960 AT&T on slashdot. Wasn't there a court case that decided that you can put 3rd party hardware on the public telephone network? Although, I imagine that you would have trouble connecting the cable "modem" to your phone jack.

Note the date.. (5, Informative)

Anonymous Coward | more than 9 years ago | (#11191637)

..of the securityfocus story. It says "Feb 5 2004". It's nearly a year old!

True (0)

Anonymous Coward | more than 9 years ago | (#11191687)

This article was written nearly a year ago, and probably doesn't apply now.

As a Technology Demonstration... (1, Funny)

Anonymous Coward | more than 9 years ago | (#11191664)

The group's website is being served through a hacked cable-modem connection.

Cue FBI raids in 5...4...3.. (5, Interesting)

EvilStein (414640) | more than 9 years ago | (#11191675)

Remember these cable modem tweakers [geek.com] that were raided by the FBI?

Re:Cue FBI raids in 5...4...3.. (3, Informative)

garcia (6573) | more than 9 years ago | (#11191710)

Remember these cable modem tweakers that were raided by the FBI?

Those individuals were "uncapping" their cable modems by changing their modem config file and uploading it to their modems. That could be labeled theft of service as you are effectively stealing bandwith that you didn't pay for.

Modifying the firmware on your cable modem doesn't necessarily have to mean uncapping your modem config file and upping your possible bathwidth.

In fact, this method is quite a bit more difficult than just editing the modem config file (as it requires a hardware interface not just a TFTP server).

Re:Cue FBI raids in 5...4...3.. (1)

EvilStein (414640) | more than 9 years ago | (#11191765)

Very true, but do you really think that "more bandwidth" was *not* on their minds?

I can't think of many other reasons to get in to a cable modem to dick around with it. I'm sure there are a few that people will come up with, but I chalk it up to the "Eh, who cares?" file. :P

Re:Cue FBI raids in 5...4...3.. (3, Insightful)

Vo0k (760020) | more than 9 years ago | (#11191846)

Resident sniffer/logger.
Simple Firewall.
Monitor, blinking LEDs on certain kinds of packets arriving.
"Wake on ring" if not present by default.
"extra secret storage" in unused flash.
Changing MAC address...
*less* bandwidth (throttling your uplink, etc)

Re:Cue FBI raids in 5...4...3.. (-1, Offtopic)

wcitechnologies (836709) | more than 9 years ago | (#11191730)

Wow. I just watched the Animatrix, but after reading this story, somehow I feel like the opressive system is REAL.

Re:Cue FBI raids in 5...4...3.. (1)

nolife (233813) | more than 9 years ago | (#11191774)

I seem to recall a huge controversy on how they came up with those damages figure. Just enough to get the FBI involved but later determined to be very much less? No that is working the criminal justice system in your favor.

Question (3, Interesting)

MisanthropicProgram (763655) | more than 9 years ago | (#11191690)

Could these guys get arrested or sued under the DMCA?

Re:Question (1)

Anonymous Coward | more than 9 years ago | (#11191722)

Yes - and I hope they do.

My ISP's service is suffering from hacked/malfunctioning DSL modems, so I truly wish crap like this is dealt harshly with.

Re:Question (1)

Vo0k (760020) | more than 9 years ago | (#11191794)

Yep. in non-hackable hardware.
If it's made illegal, it doesn't vanish. It only moves deeper under ground.

Re:Question (2, Informative)

SCPRedMage (838040) | more than 9 years ago | (#11192391)

Allow me to spell it out for you: Digital Millennium COPYRIGHT Act. It covers bypassing COPYRIGHT protection measures. Uncapping your modem is NOT bypassing a COPYRIGHT protection measure (although it IS still illegal).

Re:Question (1)

Vo0k (760020) | more than 9 years ago | (#11191906)

No. They didn't circumvent any mechanisms protecting copyrighted data in order to use that data. (and this is strictly what DMCA is about)
You could say they circumvented the protection (doubtful, the protection wasn't anywhere near to "efficient" as DMCA states) to access the copyrighted firmware. Except their aim is not to steal the original firmware but to replace it with their own, so the intent part isn't fulfilled at all. If they downloaded the firmware and started spreading it over BitTorrent, sure, then they are in violation of DMCA. But if they just make a backup for personal use and then write new software, sorry, nope. Sure they could be SUED under DMCA. But they would win the case hands down.
Even if they were spreading original but -modified- (not written from scratch) firmware, a good lawyer could argue it's fan art and as such, fair use, but that's more tricky.

spoofing? (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11191738)

I wonder how long it will be until people spoof other people's cable modem hardware addresses to 'steal' their access...

Re:spoofing? (1, Informative)

Anonymous Coward | more than 9 years ago | (#11192033)

Most Cable ISP's also log the CPE mac(ethernet mac), so they would see the change when looking for the person who committed the crime... I know, I am one of those people who work for a Cable MSO searching for people who commit crimes.

Re:spoofing? (1)

quantax (12175) | more than 9 years ago | (#11192303)

I have been reading the comments thus so far and am surprised that no one has hit upon this. In fact, this is very purpose of changing your MAC address of your modem. A certain cable ISP around here, their national network is setup such that a user with a MAC address in one part of the country can duplicate their MAC address onto another cable modem and go else where in the country (to another subnet of the ISP), and thus gain free service merely by hooking their cable modem up to a line with their cable TV service.

I know someone who has done this, and it works rather effectively. In this case, it is due to the way the ISP has structured their network, so that having duplicate MAC addresses will only work so long as the modem is placed on another subnet. A group of guys online have been doing this for a while, a little while after people figured out how to uncap their modems.

Re:spoofing? (1)

nuclear305 (674185) | more than 9 years ago | (#11192342)

It already exists. Albeit I've only seen it done with Motorola's line of modems...but it is certainly possible and has been done. The only catch is that the cloned modem can't be on the same node as the original because you'll have 2 modems with the same hardware address fighting for access...unless of course you have SNMP access to the modems and remotely shut down the original.

WOOOHOOO (5, Funny)

Anonymous Coward | more than 9 years ago | (#11191743)

i cant wait for a few days until all the people that try this hack, are kicked off the network allowing my service to go faster.

yay for stupid people.

Hacking cellphones (5, Insightful)

null etc. (524767) | more than 9 years ago | (#11191753)

Now if only these guys can figure out how to enable the Bluetooth features on my v710 phone...

Try the discussion forums over at wirelessadvisor.com

I posted a teaser message there once regarding the Motorola T720. By using the USB modem cable and a COM port sniffer, I determined that extended AT modem commands were used to synchronize the phone with the desktop. By posting my findings, someone took the initiative and started a Yahoo! group for hacking the T720. Within a month, the group had 400 members and within five months the group had collectively hacked the T720.

Re:Hacking cellphones (1)

weave (48069) | more than 9 years ago | (#11191913)

I went with T-mobile and a Nokia 6600 specifically because of this busted-by-design decision regarding bluetooth and Verizon. While I doubt they lose more customers than they generate through the revenue they soak out of people, it *does* matter to a significant amount of people.

(btw, the Nokia bluetooth isn't as nice as the bluetooth on Sony phones like the t610, but I think that is due to bad coding more than by design.)

mirror, anyone? (1, Redundant)

bodrell (665409) | more than 9 years ago | (#11191776)

only 14 comments, and site's down already.

Maybe it's not a problem (0)

Anonymous Coward | more than 9 years ago | (#11191807)

Once they tweak their cable modem, they'll be back up again.

Then again, maybe they DID tweak their cable modem, and screwed it up.

great for deniability in court (3, Interesting)

Anonymous Coward | more than 9 years ago | (#11191784)

MAC address/IP are often used in court. Things get interesting when people can change or spoof these things.

Great way to lose your service. (4, Insightful)

papasui (567265) | more than 9 years ago | (#11191798)

This violates most acceptable use policies, regardless if your own the cable modem or not changing your modems mac address would fall under hacking as your could cause service interruptions on your network segment for other people. Your paying for internet service not the right to fuck around with a companies million dollar network. We had a kid get arrested for this, changed his modems mac everyday but never changed his nic's. Pretty trivial to track him down.

Re:Great way to lose your service. (1)

pclminion (145572) | more than 9 years ago | (#11192036)

We had a kid get arrested for this, changed his modems mac everyday but never changed his nic's. Pretty trivial to track him down.

How does an ethernet MAC address get exposed on the Internet side of a cable modem? Are you making this up?

Re:Great way to lose your service. (3, Informative)

papasui (567265) | more than 9 years ago | (#11192079)

ARP

Re:Great way to lose your service. (3, Informative)

Sc00ter (99550) | more than 9 years ago | (#11192087)

via SNMP and the arp table of the modem. The cable provider still has access to the modem via SNMP.

Re:Great way to lose your service. (1)

nolife (233813) | more than 9 years ago | (#11192337)

How do they know what CM to pull the config from with his MAC changing all the time? I guess they could do them all everyday or maybe specifically target new/different/flipfloped MACS. Is that something a cable company would pull and analyzes on a daily basis as part of normal business? Maybe there are more details then "he changed his MAC" everyday and those details resulted into something worth looking into.

Re:Great way to lose your service. (1)

Jedi Alec (258881) | more than 9 years ago | (#11192126)

dunno about him, but my cable modem actually checks the MAC addy of my nic. it will work with 1 MAC addy and that addy only, otherwise it's game over. so yeah, the isp knows my mac address, the modem knows my mac address etc. etc.

Wow (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11191856)

Slashdotted after 37 posts, a new record

Article content (2, Funny)

PuppiesOnAcid (792320) | more than 9 years ago | (#11191860)

Warning: mysql_connect(): Can't connect to MySQL server on 'engdb.agava.com' (61) in /home/t/tcniso.hosting.agava.com/WWW/db_connect.ph p on line 10
Can't connect to MySQL server on 'engdb.agava.com' (61)

=)

Brave man to hack your cable modem.. (0)

Anonymous Coward | more than 9 years ago | (#11191864)

It's pretty obvious from a cable modem providers perspective when you start transmitting out of bounds or the crc on the firmware is not right. You might think you can get away with it, but at the same time they KNOW they can catch you, if they desire. And YES they do prosecute folks. Go back to p2p'ing its probably safer than hacking your cable modem. Or learn to bridge the neighbors worth of free 802.11 to aggregate more bwidth, lol.

Explain this to me, please? (2, Interesting)

khrtt (701691) | more than 9 years ago | (#11191870)

The only way you can possibly benefit from this is to uncap the modem, which is about as kosher as petty shoplifting. And you wouldn't need to reflash the modem for it anyways.

So, if you are not uncapping it, then what's the point? It's not like you are going to add any badly missed features, or make a linux print server out of it. Maybe it's just my lack of imagination, but I just don't see any practical uses for a hacked cable modem. I mean, other than getting the inner satisfaction from proving that you are actually able to read and flash the EEPROM:-). But then, you could just use a screwdriver and an EEPROM programmer...

Re:Explain this to me, please? (1)

YaRness (237159) | more than 9 years ago | (#11192395)

I mean, other than getting the inner satisfaction from proving that you are actually able to read and flash the EEPROM:-). But then, you could just use a screwdriver and an EEPROM programmer...

i can see now some gang of script kiddies in a basement. they've got some retired guy tied up in front of a console. mom won't let them buy any weapons so they are threatening him with a screwdriver. "M4K3 TEH CH1p W3RK OR W3 W177 ST@B j00!!!!!@#111"

2400 bps modems? (3, Funny)

Anonymous Coward | more than 9 years ago | (#11191890)

I've got a box-full of old 2400 bps modems and it would be great if these guys can find a way to tweak some speed out of them.

Re:2400 bps modems? (1)

SCPRedMage (838040) | more than 9 years ago | (#11192430)

I've got a way to hack them, but you'll need either a hammer or a shotgun. Or both.

A tear of admiration for these people. (1)

gelfling (6534) | more than 9 years ago | (#11191994)

This article brings joy to me. It's great to see serious hardcore development like this, on a shoestring. 21st century Thomas Alva Edisons and Alexander Graham Bells.

Re:A tear of admiration for these people. (0)

Anonymous Coward | more than 9 years ago | (#11192424)

Big difference.

The people you referenced were doing something for the first time and developing something NEW. The firmware hackers are duplicating what existing engineers have already developed, tested, and deployed and the units are in place and working already. Nothing new here, just getting the same information the others have without getting it directly from them.

Re:A tear of admiration for these people. (1)

gelfling (6534) | more than 9 years ago | (#11192623)

Nonsense, the Edwarian era Great Inventors were engineering better solutions to crude unworkable designs that already existed.

article author (-1, Flamebait)

XO (250276) | more than 9 years ago | (#11192091)

Look, you moron. As was determined several months ago, you can't ENABLE the bluetooth functions that DO NOT EXIST on your v.710. They just plain AREN'T THERE to BE ENABLED. Jerk.

Re:article author (1)

SCPRedMage (838040) | more than 9 years ago | (#11192450)

It was a joke. Calm yourself, grasshopper.

Interesting... Makes me think of a few things... (1)

bhima (46039) | more than 9 years ago | (#11192095)

This is an intelictually intersting exercise. I suppose the idiots that have no business doing this sort of thing will diswaded by the soldering and cabling requirements. The really persistant dumbasses will have their ISP cut off their service when they violate their terms of service.

But the thing that really comes to my attention is:Never leave debug code in production firmware. Proves I haven't been paranoid for no reason these years!

Hold up! (3, Funny)

El Camino SS (264212) | more than 9 years ago | (#11192121)


The group known as TCNiSO has released a very interesting hardware modification for RCA / Thomson cable modems. The modification is done by grounding the bus clock on the serial EEPROM which throws the device into a diagnostic panic mode. Then by using the debug tools from the embedded console to reprogram the EEPROM, a user can permanently enable a developers menu which gives complete control of the modem, such as modifying the hardware addresses or flashing new firmware. Now if only these guys can figure out how to enable the Bluetooth features on my v710 phone..."

Whoa, slow down.

Corky here can't handle frontpage paragraphs like that first thing in the morning.

Motorola V710 phone hack here (4, Informative)

scattol (577179) | more than 9 years ago | (#11192163)

There are instructions on this web site [tellushow.com] on how to modify your v710 phone to turn on all the bluetooth functionality. You need to register though. Don't know if they work, I haven't tried them so you are on your own.

If they work, let us know.

Nitpicking (1)

Plocmstart (718110) | more than 9 years ago | (#11192210)

I realize this is a minor detail, but with the I2C protocol SDA (the EEPROM line that is grounded) is actually the serial data/address line. SCL is the serial clock line.

Re:Nitpicking (0)

Anonymous Coward | more than 9 years ago | (#11192594)

werd!

from the article:
"SDA pin used to clock the data transmission"

Article got it right, person that wrote the summary on slashdot apparently is incapable of correctly RTFA

Also Discovered (5, Funny)

Jozer99 (693146) | more than 9 years ago | (#11192239)

It was also discovered that by permanantly grounding the clock, the RCA cable modem could be turned into a full fledged Radeon 9700 Pro...

Re:Also Discovered (1)

SCPRedMage (838040) | more than 9 years ago | (#11192468)

Shoot, I was hoping for a X800 XT...

v710 Hacked Firmware @ HoFo (0)

Anonymous Coward | more than 9 years ago | (#11192250)

You need the SuperDave 1.02 firmware over at HoFo. http://www.howardforums.com/showthread.php?s=&thre adid=513683 [howardforums.com]

Enables xferring ringtones, pix via BT, better camera quality, I now have signal/battery strength on the HUB in my Acura TL, other fixes as well.

Uncapping? No... (2, Interesting)

telemonster (605238) | more than 9 years ago | (#11192289)

Uncapping of the rate? No. Promiscuous mode is where the terror begins! Sniffing the traffic on the segment is where the real press will begin.

What about the more legit uses? (5, Interesting)

anthony_dipierro (543308) | more than 9 years ago | (#11192335)

Everyone is talking about how this is a bad thing to do on someone else's network, but what about on your own network? Is it possible to get two cable modems to talk to each other over a coax cable? Can you hack the things to run distributed.net software? There are an awful lot of people out there with cable modems but no cable modem service.

Re:What about the more legit uses? (1)

alienwork (843875) | more than 9 years ago | (#11192438)

if there are no SNMP protections then you can "talk" to other modems on your node.

The SB5100 is hacked with special method that will allow you to run unsigned code on the modem

Back in the day... (5, Interesting)

danuary (748394) | more than 9 years ago | (#11192477)

I worked for a startup cablemodem ISP. This was the mid-90's, before DOCSIS; we used proprietary equipment.

We discovered and hounded the vendor relentlessly about the fact that the modems had a serial port for dial-upstream service. If you jumped a couple pins on the serial port, reset the modem, and plugged in a serial line 9600/8/n/1 you'd get the modem's diagnostics (password protected, albeit with a very weak password).

The things you could do from the diag screen were downright scary. All this and more. You could determine the downstream and upstream freqs; you could also set the modem to transmit on any upstream frequecncy at any level up to 60dB. We played around with it for a bit. We set up a test modem and had it transmit for a second at 60dB on one of our upstream freqs; it took out ~400 users' service for about a half hour. Had we done it on the PPV freqs, it would have taken out PPV for a few thousand people. Fun stuff.

And to my knowlege, they never fixed it.

Re:Back in the day... (0)

Anonymous Coward | more than 9 years ago | (#11192675)

I have a cable modem that has a mini http server (among other things ... I remember it also provides a dhcp server) that you can connect to that gives you information about the downstream and upstream frequency (btw, they run vxworks). I do not recall that there is a serial console available, but my understanding is that as I recall, it is possible to open it up and solder on the appropriate pins to get a console.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?