|
Notice: This tutorial is in beta form, and will be updated soon it should only serve as a reference or starting point for SB6120 use. If you are not a power user it is recommended that you do not attempt to use the SB6120 until more user friendly options are developed.
Part 1:
Note: In order to flash the SB6120 you must have a USBJTAG (NT) this product is sold exclusively at USBJTAG.com other USB Jtag products are not compatible with this particular modem.
Flashing the SB6120 with the USBJTAG NT
Make sure USBJTAG NT IS ACTIVATED
Have your wires soldered up and the usbjtagNT NOT connected and then power up the modem give it 10 seconds then you connect the usbjtagNT to your soldered lead, you should see the modem lights turn off this is completely NORMAL once you get the modem into that state run these commands.
Save full 8MB dump
flshdct 0
getram 0 800000
save 0 800000
Programing the bootloader
flshdct 0
ldram bootblock (select the noisy bootloader "SB6120 Noisy Bootloader.bin")
erase 00000000 00020000
sprogram 0 20000
Programing Image0
flshdct 0
ldram Image0 (Select the firmware file you wish to flash either "SBH_Alpha1.0.0.bin" or "SBH_Alpha1.0.0-BPI_DISABLED.bin")
erase 00040000 003b0000
sprogram 40000 3b0000
Programing Image1
flshdct 0
ldram Image1 (Select the firmware file you wish to flash either "SBH_Alpha1.0.0.bin" or "SBH_Alpha1.0.0-BPI_DISABLED.bin")
erase 003f0000 003b0000
sprogram 3f0000 3b0000
http://usbjtag.net/t...sb6120shell.php thanks to usbbdm @ usbjtag.com for this tutorial
devDelay suggests that you just use usbjtagNT to flash only the bootloader(BootBlock) and get experienced using serial to flash.
Part 2: Serial Port Connections
NEW SB6120's are missing two resistors that give the output and input, flip the SB6120 PCB over and look near the serial connections see R271 R272 if there is nothing connecting the points together then you need to bridge the connection with solder and it'll work.
Baud Rate: 115200
Data Bits: 8
Stop Bits: 1
Parity: None
Flow Control: None
Flash firmware via serial cable (U-Boot)
You need the noisy boot loader
Set up a TFTP server on your computer and set your NIC to static 192.168.100.2
Use these commands
Name your firmware "puma5_ubfi" or it won't work
printenv
run updateX (replace X with what you see for ACTIMAGE=1)
boot
Part 3: Firmware usage and Commands
How to remove the p7 header from SB6120 firmwares and some newer Motorola firmware
Remove X amount of bytes from the beginning of the file
Docsis: 1604 bytes
Euro-Docsis: 1527 bytes
How to stop frequency scanning
cli docsis/scan 0
How to TFTP the config file you want
Your modem needs to be online already for this to work
cd /nvram/
tftp -g -r CONFIGNAME.cm IPADDRESS
cp CONFIGNAME.cm config.cm
reboot
How to upload your config file via FTP and renaming it to autoserve in SSH or console
You can use this free ftp server http://filezilla-pro...php?type=server
also if you don't want to rename the config on the modem then just rename it to config.cm before you ftp it to your modem
You need to be in /nvram/
cd /nvram/
wget ftp://user:password@localipaddress:port/filename.cm
cp filename.cm config.cm (ignore if your file is already named config.cm)
To disable firmware updates do the following in SSH or console
echo "1" >/nvram/disable_fw_update
How to clear the http error logs
in SSH or console use
rm -rf /nvram/1/3
ps (find /usr/sbin/eventmgr_cm and use the PID in the next step)
kill -9 PID
(also instead of killing the process you could just reboot but this is faster)
Then refresh http://192.168.100.1/cmLogs.htm
How to connect to dropbear with Putty
Download Putty then launch it
Host Name: 192.168.100.1
Port: 22
Connection Type: SSH
Click Open
User name: root
Password: sbhacker
How to change your MAC address/Serial
In console type the following
Short way
cli docsis/Production/prodset
(Press ENTER until you get to "Cable Modem Serial Num" or "Cable Modem MAC")
Cable Modem Serial Number is 24 digits
Cable Modem MAC needs to be in this format 00-11-22-33-44-55
In SSH type this instead
/usr/sbin/cli docsis/Production/prodset
all the "prodset" settings are stored in /nvram/1/1 the first 4 bytes are a time stamp so it changes everytime you save with prodset
Enable config page changeable
In Console type
cli docsis/Motorola/mProduction/htmlReadOnly
type "false" [ENTER]
then press W to save
In SSH use
/usr/sbin/cli docsis/Motorola/mProduction/htmlReadOnly
type "false" [ENTER]
then press W to save
How to enable more debugging info in console (You will see lots of diagnostic output all the time)
cli logger/setDefaults [ENTER]
How to Clear DS and US frequency database in NVRAM
cli docsis/Debug/clearNvramDsUsFreqDb
How to Clear US frequency database in NVRAM
cli docsis/Debug/clearNvramUsFreqDb
The SB6120 accepts certs straight from a Haxorware modem
this is a find from rajkosto
cd /nvram/1/security
rm mfg_key_pub.bin
rm cm_cert.cer
rm mfg_cert.cer
rm cm_key_prv.bin
(the rms are necessary because they are symbolic links by default)
then transfer over wget or tftp or whatever
cm_cert.cer = cm_cert.cer from haxorware
mfg_cert.cer = ca_cert.cer from haxorware
cm_key_prv.bin = private.key from haxorware
mfg_key_pub.bin = public key from ca_cert.cer from haxorware (open with your operating system's shell extensions, find the public key structure, and copy the hex bytes into a hex editor having it treat them as hex data)
and since the originals were chmod 777,
chmod 777 mfg_key_pub.bin
chmod 777 cm_cert.cer
chmod 777 mfg_cert.cer
chmod 777 cm_key_prv.bin
UNTESTED(if anyone can test and confirm if any of these work send me a PM)
Set MaxCPE
cd proc/net/
cd dbrctl
echo "20">maxcpe
cat cpe (this should confirm Max CPEs)
CPEs List
--------------------
Max CPEs 20
--------------------
Mac Name Learning Source Cpe Num
--- ---- -------- ------ -------
-> 00:00:00:00:00:00 lbr0 Dynamic eth0 1
Ignore REG_RSP
cli docsis/Debug/SetDebugOption 18 1
Debug> showDebugOptions
Debug options : 0x00040000
Option State Num Bit pos
================= ===== === =======
DOCSIS_DBG_NO_MAC_REINIT Off 0 0x00000001
DOCSIS_DBG_NO_INIT_ETH0 Off 1 0x00000002
DOCSIS_DBG_NO_AES Off 2 0x00000004
DOCSIS_DBG_CAP_DOCSIS_VER_20 Off 3 0x00000008
DOCSIS_DBG_CAP_MCAST_DSID_FOR Off 4 0x00000010
DOCSIS_DBG_CAP_MAP_UCD_RECEIPT Off 5 0x00000020
DOCSIS_DBG_CAP_DROP_QUAL Off 6 0x00000040
DOCSIS_DBG_DEF_SNMP_ACC_NMACC Off 7 0x00000080
DOCSIS_DBG_IGNORE_BAD_UCD Off 8 0x00000100
DOCSIS_DBG_FORCE_CONFIRMATION_OK Off 9 0x00000200
DOCSIS_DBG_DISABLE_NB_RCP_WA Off 10 0x00000400
DOCSIS_DBG_FORCE_TCC_WO_RCC_OK Off 11 0x00000800
DOCSIS_DBG_NO_UCD_ON_PRIMARY_DS Off 12 0x00001000
DOCSIS_DBG_SIMULATE_DS_CABLE_CUT Off 13 0x00002000
DOCSIS_DBG_IGNORE_DBC_ACK Off 14 0x00004000
DOCSIS_DBG_IGNORE_DCC_ACK Off 15 0x00008000
DOCSIS_DBG_BLOCK_BIRNG_REQ_POWER_CHANGE Off 16 0x00010000
DOCSIS_DBG_NO_AUTH_ON_AUTH_INVALID Off 17 0x00020000
DOCSIS_DBG_IGNORE_REG_RSP On 18 0x00040000
Important Legal Information:
Theoryshare does not condone, support, or authorize the use of any of its equipment or the equipment of its customers for any illegal means.
Most electronic products can be converted and used for illegal means. DVD records and VCRs can be legally used to watch purchased or rented movies, or they can be used to illegally copy these movies. Personal computers are crucial to business, and can be found in almost every home. PCs can be used for many legal means such as surfing the Internet, sending emails, or creating documents. PCs can also be used for illegal means, such as hacking into networks or identity theft.
All of Theoryshare's products are intended to give our customers and users the ability to control, modify, monitor, and diagnose their home and business networks at a much lower cost than other alternatives. Our products and tools all users to maximize the efficiency if their Internet connections and networks.
For instance Theoryshare products may be used to determine if there are wiring faults or other network problems within a user's home or business. Additionally our diagnostic interfaces are much easier to use than competing products, making them an attractive alternative to products costing many times as much.
At Theoryshare, we also realize that our products may be converted to illegally access cable networks, steal Internet service, or for other illegal means out of our control. We strongly prohibit any illegal use of our product under any circumstances.
Under no circumstances will Theoryshare or its employees tolerate any discussion of illegal activities on our user support message boards, nor will we instruct anyone on using our products for illegal means.
Under no circumstances will Theoryshare sell products to those expressing a desire to use them for illegal means. If we are made aware of discussions regarding illegal uses for our products we will delete offending content, and ban the users.
|
