Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cable Modem Hackers Release Improved Firmware

Posted by michael on from the improvise-adapt-overcome dept.

FatCat writes "SecurityFocus has a story about a group of hardware and software hobbyists specializing in embeddded systems who've released their own custom firmware for Motorola Surfboard cable modems. The firmware lets you log in to an interactive VxWorks shell, or issue commands from a Web browser through an http interface. You load it by tapping an undocumented console serial port on the circuit board. So far, uncappers are apparently the primary consumers, and they're downloading up to 400 copies a day."

25 of 419 comments (clear)

  1. Loss of service by mpost4 · · Score: 5, Informative

    I would think that doing this could put one in dangar of lossing their service. I this more then likely is a violation of the TOS of most cable ISP's and when you violate a contract( TOS's are contracts of a form ) you void it, so then the cable company is not obligated to server you any more. Is the promise of high speed you don't pay for (theft) worth the lose of service, and posable legal action?

    1. Re:Loss of service by BeemanH2O · · Score: 1, Informative

      Not only is it a violation of the TOS on most cable ISP's, it's a violation of FCC law. So think again if you're wanting to hack or uncap your cable modem.

    2. Re:Loss of service by MCZapf · · Score: 2, Informative

      Your statement is false. Comcast, for one, is now advertisting its new faster service capped at 3Mb/sec instead of 1.5Mb/sec. Maybe in the past they didn't mention the caps, but they do now.

    3. Re:Loss of service by garcia · · Score: 4, Informative

      I worked for ATTBI before they were swallowed up by Comcast. I still have an ATTBI hostname...

      When the first round of "cable modem uncapping" documents started floating around to the masses I found plenty of open tickets that had been forwarded to the "legal department" for possible action. Most people had uncapped their modems to 10mbit/10mbit.

      Apparently they had a script that ran that checked for this as they had quite a few open tickets all over the place. I guess it was not hard to find.

      They would disable your modem, forcing you to power-cycle it. Then your modem would download a new, correct, config file. If they found that you were AGAIN in violation you were terminated.

      Some people did not lose their service but most did.

    4. Re:Loss of service by l1gunman · · Score: 2, Informative
      Your analogy is seriously flawed. Sattelite and cable signals are already coming into your house. You're not taking something that you're not paying for - the signals are already in your house.

      This must be one of the most tired, and specious, arguments of all time. Though the signals may, indeed, be "in your house", those that you are clearly not paying for are protected, in some way, to inhibit you from accessing them if not authorized. You breaking open that protection to access whatever you want, to use your words, "is theft". It is that plain, it is that simple.

      Here's another analogy like yours: Since you live in your parent's basement still, you must get your mail at their house, right? Every day your Mom picks up the mail that drops through the slot on the front door. Since they're "in her house" she can open whatever ones she wants, including yours, right? Bzzzzt. Wrong answer, thanks for playing. That letter that was addressed to you, though clearly "in her house" is not legally hers to open. Nor are those "extra" signals from the Spice channel that you're not paying for but want so desperately to see.

    5. Re:Loss of service by wo1verin3 · · Score: 2, Informative

      I think people forget about the problems that can happen when you uncap.

  2. Re:confused by Pyro226 · · Score: 3, Informative
    I used dialup for years and NEVER had to worry about messing with my modem to uncap it. My connection was burstable and had absolutely no cap!

    This is not actually true; "56k" modems are actually capped at 53k due to FCC regulations. I looked quickly on google and I couldn't figure out why they are capped and it doesn't really matter because almost no-one has a high enough quality phone line to get this rate. But there could be some dial-up hackers out there trying to get an illegal 3k.

    --
    This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
  3. Re:This shouldn't even be possible by Anonymous Coward · · Score: 2, Informative

    errrr...... this is a discussion of CABLE not ADSL. ADSL lines are individual lines to the ISP's DSLAM, whereas cable modems are on a local network loop with other users, hence the need for capped modems......

  4. Doesn't sound wise.. by stratjakt · · Score: 3, Informative

    Could the cable company not quickly whip something together to scan all of their subscribers modems, and have a list of uncapped/hacked boxes in their hands within a few minutes, hours tops?

    Or even better, can hackers reach this shell from the outside?

    Sounds like a good way to lose your service and wind up in court.

    --
    I don't need no instructions to know how to rock!!!!
  5. This won't last long by Knightsaber2003 · · Score: 5, Informative

    As soon as someone from Motorola reads this, they'll be popping out new firmware to cable ISP's right quick. It's quite easy for the ISP's to push this out in a night or two. I do it for a living :)

    --
    -KS2k3
    1. Re:This won't last long by Peridriga · · Score: 2, Informative

      IDDWYDFAL (I don't do what you do for a living) but, couldn't it be possible for the flashed firmware have a option to refuse to allow a pushed firmware update?
      Since essentially they are overwriting almost all of the programable material on the boxes wouldn't this be simple task?

      Although you'd run the risk of your ISP saying if (modem.firmware != current_version) {disconnect_service}, I'd say that'd effect their QoS if some of the customer boxes didn't accept the update.

    2. Re:This won't last long by tomcio.s · · Score: 2, Informative

      No it isn't as simple as that in most cases.
      See, in deployed network, where you don't have physical access to the box you can't afford to not be able to communicate with it.

      So a company like Motorolla would not allow this to be a 'changable' option in the first place.

  6. Re:dropped carrier by clarkc3 · · Score: 2, Informative
    Of course, they don't have time to crack down on everyone, but they can easily collect statistics from the routers.

    they dont have to take any special/extra time to crack down on them - they can check that with scripts, flag the account, and disable the modem.

  7. Re:What will the companies do? by DOCStoobie · · Score: 2, Informative

    Well, some cable ISP's actually have it set up to where the CMTS (cable mdoem termination system) verifies both the modems firmware and config file source, to ensure that the modem is legit, and if the source doesn't match ... the CMTS won't route packets from that modem, or even allow it to pass on DHCP to the user's PC/router, so this will only work on some Cable systems

  8. Re:confused by Fuyu · · Score: 2, Informative

    According to this reply on NANOG, "What the FCC limits is the power (db) level you can place on the line in the PSTN. This is to limit crosstalk in copper cable bundles. This power limitation does not equal a speed limitation. This seems to have arisen from the fact that the first PCM modems - USR X2 units - could not go faster than 53.3K without violating the FCC power limitations. All other things being equal, the more power you can use, the faster you can go. To cover their ass USR put the disclaimer on the boxes talking about how X2 was capable of 56K, but limited to 53.3K due to the FCC blah, blah. Many people read this as the FCC having some cap on allowed speed since they didn't explain that the trouble was with X2's inability to go faster in
    the allowed power band."

  9. Re:Hmm... by UID30 · · Score: 3, Informative
    couldn't they just have the system automagically cut off service when the packets start flowing too fast, rather than getting into the legal minefields?

    You have obviously lost touch with your inner lawyer. :)

    IMHO, the best solution is to alter the terms of all contracts with users (those who wish to cancel service can do so) ... the new contract should have a monetary charge in the order of cents per kilobit per second in excess of whatever the modem cap is. anybody that wants to uncap their modem, therefore, is welcome to do so ... and get a big ass bill the next month.
    --
    "Glory is fleeting, but obscurity is forever." - Napoleon Bonaparte
  10. Re:Is it "bad netizenship"? by JamesD_UK · · Score: 2, Informative

    Leaving aside the Sir Edmund Hillary rationale for hacking anything ("Because it was there")
    That was actually George Mallory who died whilst climbing Everest on June 6, 1924.

  11. T1? Don't think so. by jasonhamilton · · Score: 2, Informative

    It's funny that you said "huge, dedicated bandwidth" and T1 in the same sentence, especially in this context. If you opted for a T1, you'd be limited to around half your current shared bandwidth, so your reasoning confuses me.

    --
    SearchIRC - Now with live chat directory!
  12. Re:so the question becomes by Tassach · · Score: 2, Informative

    T-1 is 1.5M down/1.5M up, on a dedicated connection. Comcast's standard offering is currently 3M down/256K up on a shared connection, which is more or less typical for cable modem. Remember that a basic T-1 package will almost invariably have a SLA guaranteeing that you won't have more than N minutes of downtime per month, at least 5 static IP addresses, and a noticable absence of draconian/asinine AUP terms. Of course it's going to cost roughly 10X as much as a cable modem connection, but it's well worth it if you really need those extra features. Of course there's SDSL if you're close enough to your CO, which can give you the same features as a T-1 for about 1/2 the cost. The Covad web site has rates posted, if you want to see real numbers.

    --
    Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
  13. Re:so the question becomes by nolife · · Score: 2, Informative

    Why do this on a shared medium, particularly one you have to share with your neighbors?

    All bandwidth is a shared medium. DSL to your house is not shared between you and the CO but that unshared segment is useless. Everyone in your neighborhood uses that same CO and you all are sharing the pipe the CO has. Not much different then a CM. I'd imagine a T1 from that CO to your house would share the same upstream also. If your CO has a good pipe you may not notice it, if it is small, you all will suffer the same. I do not know under what conditions the responsible CO party decides that the CO bandwidth needed upgraded but I'm sure /dev/random plays a role.

    --
    Bad boys rape our young girls but Violet gives willingly.
  14. Slow Upstream by Nintendork · · Score: 2, Informative
    I don't use much of my downstream. Maybe 50MB per day average. I do most of my surfing and downloading at work. What I do need though is faster upstream bandwidth. Right now, Comcast is limiting it to 256kbps (32KB/sec.) and I need around 768kbps to host Halo games on my Xbox. If they had a plan where I payed $10 more a month or something close to that for the increased upstream bandwidth, I wouldn't hesitate to go that route.

    -Lucas

  15. Re:so the question becomes by thedillybar · · Score: 2, Informative
    I heard "VxWorks shell" so I'd imagine you could run whatever processes you'd like on it.

    Might be useful for the few geeks they don't leave their machines on 24x7.

  16. Re:My Opinion by The+Vulture · · Score: 2, Informative

    While uncapping a cable modem cannot change monthly download limits, uncapping a modem certainly can remove speeed limits imposed on the upstream. That's one of the major reasons for uncapping a modem, to get more upstream bandwidth.

    There's two sides to how much bandwidth is allowed to your cable modem, the modem, and the headend, called the CMTS (Cable Modem Termination System). As part of the modem's configuration file, there's either a Class of Service (DOCSIS 1.0) or a Quality of Service (DOCSIS 1.1/2.0) that controls how much upstream and downstream bandwidth you can get. On the CMTS, you can setup policies that dictate how much upstream and downstream bandwidth the CMTS will allocate per modem.

    Most operators enforce the limits at the CMTS end (additionally specifying it in the modem config file), so that the values given to the cable modem are used just so that the modem doesn't waste it's time trying to push out/grab more bandwidth than the CMTS will let it have (in that case, the CMTS just wastes clock cycles in dropping packets from modems). However, if you don't enforce the values at the headend, then whatever the modem thinks are the correct values stands, and if you alter the config file, well, you've just increased your bandwidth.

    -- Joe

  17. Re:Screw uncapping, I just want my diagnostics bac by detritus. · · Score: 2, Informative

    What kind of cable modem do you own? The surfboards have always (from at least the SB3100 and up, from my personal experience) had a web interface (192.168.100.1) that displays upstream and downstream power levels, frequency locks, SNR, as well as an event log. I have Charter cable. SNMP would be nice if it were accessible to the customers (to set threshold monitors, etc.) but having the web interface is much better than nothing at all. I don't know if they have the capability to lock out the web interface, but there's really no point in it.

  18. Re:CABLE MODEM MAC CLONING by Anonymous Coward · · Score: 1, Informative

    use their old software, more info from the BETTER GROUP fibercoax... :) TCNiso is gay, don't give them donations when fibercoax will give you better software for free.