RCA / Thomson Modem Hack Discovered

← Back to Stories (view on slashdot.org)

RCA / Thomson Modem Hack Discovered

Posted by Hemos on Monday December 27, 2004 @03:49AM from the the-joy-of-hacking dept.

An anonymous reader writes "Those un-employed modem hackers are at it again. The group known as TCNiSO has released a very interesting hardware modification for RCA / Thomson cable modems. The modification is done by grounding the bus clock on the serial EEPROM which throws the device into a diagnostic panic mode. Then by using the debug tools from the embedded console to reprogram the EEPROM, a user can permanently enable a developers menu which gives complete control of the modem, such as modifying the hardware addresses or flashing new firmware. Now if only these guys can figure out how to enable the Bluetooth features on my v710 phone..."

182 comments

Don't fuck around w/your modem's MAC. by garcia · 2004-12-27 03:51 · Score: 5, Interesting

Just remember that some cable ISPs use modem MAC authentication and changing your MAC address could possibly disable your access to the Internet. Some cable ISPs use "bottom-up" provisioning which allows you to re-register your modem's MAC address and tie it to your account (useful if you buy your own modem) but others could still be using manual provisioning which could cause delays in regaining block-sync.

Personally, don't fuck around w/your cable modem. It works just fine the way it is. Hacks are a wonderful educational/mental exercise but I wouldn't exactly be trying this if you don't want to lose connectivity to your ISP.
1. Re:Don't fuck around w/your modem's MAC. by Saxton · 2004-12-27 03:59 · Score: 4, Insightful
  
  That, and is there any real functionality you are able to get from this hack? Didn't seem like it. I am guessing for 95% of the people that do it are going to follow the directions, say "yay I did it" and then forget all about it other than being able to tell their friends that they owned their own cable modem.
  
  *yawn*
  
  -Aaron
  
  --
  My name is Aaron Landry, and I approve this message.
2. Re:Don't fuck around w/your modem's MAC. by asliarun · 2004-12-27 04:01 · Score: 2, Interesting
  
  Good point. However, one could easily make a note of the original MAC address, and change it back to the original, if it causes a problem.
  
  On the topic of MAC addresses, i'm not sure if enough people treat it as a privacy issue. AFAIK, MAC addresses are globally unique, thus uniquely identifying an individual user. Even IP addresses are sometimes dynamic (depending on the ISP), and can be "masked" by using a suitable proxy. MAC, OTOH, is almost like a digital fingerprint.
  
  Does anyone else share the same concern? Or am i missing something here??
3. Re:Don't fuck around w/your modem's MAC. by nolife · 2004-12-27 04:02 · Score: 1, Interesting
  
  Some cable ISPs use "bottom-up" provisioning which allows you to re-register your modem's MAC address and tie it to your account
  
  Or allow you to access the internet with someone elses credentials. I am not familiar with how a cable internet system works and I doubt you could get lucky enough to guess someone elses MAC but wouldn't the other CM's in your area or "node" have their MAC flying around the wire and ripe for capture? At least the initial requests looking for the routers and DHCP server.
  
  --
  Bad boys rape our young girls but Violet gives willingly.
4. Re:Don't fuck around w/your modem's MAC. by Sc00ter · 2004-12-27 04:03 · Score: 3, Interesting
  
  You could hack the bootp config file and get faster upload/download speeds.
  
  --
  Free Mac Mini
5. Re:Don't fuck around w/your modem's MAC. by garcia · 2004-12-27 04:08 · Score: 4, Informative
  
  So? You can do that w/o a hardware hack using a TFTP server and a text editor. Most cable ISPs already scan their networks for modified cable modem config files and disable them for ToS violations.
6. Re:Don't fuck around w/your modem's MAC. by garcia · 2004-12-27 04:11 · Score: 1
  
  Or allow you to access the internet with someone elses credentials.
  
  I would estimate that 98%+ of people using cable modems are doing so with the basic level of service. Even if you did sniff a valid modem MAC off the network and changed your modem's to that you'd have to be pretty lucky to find one that was at a "higher level" than you.
7. Re:Don't fuck around w/your modem's MAC. by Jeff+DeMaagd · 2004-12-27 04:11 · Score: 3, Insightful
  
  Uncapping or raising your cap is likely in violation of your contract and grounds for termination. Basically if you did this, you could be charged with theft of service.
8. Re:Don't fuck around w/your modem's MAC. by ThomaMelas · 2004-12-27 04:17 · Score: 1
  
  Not really, you can change a machines MAC address within software pretty easily.
9. Re:Don't fuck around w/your modem's MAC. by wdd1040 · 2004-12-27 04:19 · Score: 1
  
  And how hard would it be to call techsupport and have them send you a new modem cause yours doesn't work? Personally, I'd love to try this. I just wish the US ISPs would open their eyes and allow us higher speeds, like almost the rest of the world.
  
  --
  wdd
10. Re:Don't fuck around w/your modem's MAC. by DarkMantle · 2004-12-27 04:22 · Score: 1
  
  Besides that, when I bought my network card they never took my personally identifiable information.
  
  --
  DarkMantle I been bored, so I started a blog.
11. Re:Don't fuck around w/your modem's MAC. by Sc00ter · 2004-12-27 04:23 · Score: 1
  
  I didn't say it was legal or right. Just that you could do it.
  
  --
  Free Mac Mini
12. Re:Don't fuck around w/your modem's MAC. by Sc00ter · 2004-12-27 04:26 · Score: 3, Insightful
  
  Some versions of the firmware won't allow bootp files to be recived from the ethernet interface. This hack lets you change the firmware to a version that does allow it. So it may still be a required step.
  
  --
  Free Mac Mini
13. Re:Don't fuck around w/your modem's MAC. by Anonymous Coward · 2004-12-27 04:31 · Score: 1, Interesting
  
  Hackers use this to their advantage by chageing their MAC to one thats allready authed on the network. Then its just like having service that you pay for... only you dont.
14. Re:Don't fuck around w/your modem's MAC. by afidel · 2004-12-27 04:31 · Score: 3, Informative
  
  MAC addresses are stripped at the first hop so unless someone is specifically looking for you and has a valid search warant I wouldn't be too worried about your MAC address.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
15. Re:Don't fuck around w/your modem's MAC. by spitefulcrow · 2004-12-27 04:32 · Score: 2, Informative
  
  On embedded devices like cable modems it's a bit harder to do but the MAC is always changeable. Most home routers now offer "MAC cloning" so that it looks like you have the original PC that you set up the service with connected to the cable modem still while you can share the connection over the router. And it's trivially easy to change the MAC address of a NIC in Linux and probably most other *nix systems. "ifconfig [iface] hw [class] [address]"
  
  --
  Sorry, my karma just ran over your dogma.
16. Re:Don't fuck around w/your modem's MAC. by Shakrai · 2004-12-27 04:48 · Score: 2, Insightful
  
  I just wish the US ISPs would open their eyes and allow us higher speeds, like almost the rest of the world.
  
  Not to disagree with you because I like fast downloads as much as the next guy but how much bandwidth do we really need with current technology? Hell, Roadrunner is upgrading from 3.0mbits to 5.0. What do you really need all that speed for? At 3.0 I can download an entire Linux CD in less then 40 minutes.
  
  If you bump up the speed to insane amounts on the current infrastructure (what's the tops for a cable modem node? 45-50mbits down and 10mbits up IIRC) you'll just wind up with Joe Script Kiddie slowing everybody down for the sake of his illegal copy of XP. Not to mention all the owned Windows boxes out there being used for DDoS attacks that don't really need limitless amounts of bandwidth at their disposal.
  
  I would like to see higher upload speeds because it's really annoying to try and telecommute at 384k -- I'd say that an even meg would be about right -- but do we really need more download bandwidth?
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
17. Re:Don't fuck around w/your modem's MAC. by wdd1040 · 2004-12-27 05:16 · Score: 1
  
  "I would like to see higher upload speeds because it's really annoying to try and telecommute at 384k -- I'd say that an even meg would be about right -- but do we really need more download bandwidth?"
  
  That was my point. :-) Download speeds aren't complainable at the moment. I would love to have 1 meg up, at least, so I could effectively share home movies and such. Sending an compressed HD home movie from a cable user to another is still an agonizing ordeal.
  
  --
  wdd
18. Re:Don't fuck around w/your modem's MAC. by DigiShaman · 2004-12-27 05:16 · Score: 4, Interesting
  
  As a Time Warner employee for the Austin TX area, our cable modems (regardless of brand, be it 3com, Ambit, Toshiba...etc) have a 10.x.x.x IP address that is not accessable to the public. Only if you have direct access to the CMTS system can you upload new BIN configuration files to these modems on the fly. If you make any changes to the modem by chance and uncap your modem, some fuzzy-logic software will check the checksum of the bin files on that modem (so I've been told by the abuse department). If that bin file has been modified or the firmware flashed to something other than what its supposed to have; expect your account to be disabled.
  
  Chances are at this point, there will be no nogotiation. If so, you will have to find another ISP as we do not tollorate what-so-ever of people uncapping their modems. And believe me, we have quite a nice tech-savy population in Austin that DO try to get away with it.
  
  --
  Life is not for the lazy.
19. Re:Don't fuck around w/your modem's MAC. by YaRness · 2004-12-27 05:22 · Score: 1
  
  i'm confused. how does modifying hardware that i own affect how my isp limits traffic?
  
  note: i'm on cox cable in virginia, i got my cable modem from somewhere other than my isp.
20. Re:Don't fuck around w/your modem's MAC. by RyuuzakiTetsuya · 2004-12-27 05:25 · Score: 1
  
  Your ISP would be the problem. Once they flag your modem as being in violation of the acceptable use policy, they may not let you back on, period. Unless you sign up for a new account under a fradulent name. But then you'd be getting into all sorts of fraud...
  
  --
  Non impediti ratione cogitationus.
21. Re:Don't fuck around w/your modem's MAC. by Anonymous Coward · 2004-12-27 05:29 · Score: 0
  
  becuase most cable modem ISPs apply rate limiting *at the modem* and not further up the line. pretty brain-dead if you ask me,
22. Re:Don't fuck around w/your modem's MAC. by Tokerat · 2004-12-27 05:33 · Score: 1
  
  Then its just like having service that you pay for... only you dont.
  Stealing cable for the new millenium?
  
  --
  CAn'T CompreHend SARcaSm?
23. Re:Don't fuck around w/your modem's MAC. by AndroidCat · 2004-12-27 05:58 · Score: 2, Interesting
  
  Only if you have direct access to the CMTS system can you upload new BIN configuration files to these modems on the fly.
  It's a good thing that spoofing a CMTS system to the modem and giving it new BIN files, and then the new software lying to checksum/CRC tests is a tricky operation. But don't assume that it's impossible.
  
  --
  One line blog. I hear that they're called Twitters now.
24. Re:Don't fuck around w/your modem's MAC. by DigiShaman · 2004-12-27 06:04 · Score: 2, Informative
  
  If it's your modem, you can do anything you want with it...as long as you do not hack the BIN files that your ISP uploads to the modem (they are stored in RAM, don't worry). The moment you reprogram those config files or anything else that would circumvent the Terms Of Service Agree or Coxs network, expect your account to be disabled.
  
  --
  Life is not for the lazy.
25. Re:Don't fuck around w/your modem's MAC. by RyuuzakiTetsuya · 2004-12-27 06:32 · Score: 1
  
  I know the pinch. My cable ISP upped my download speed to match the rest of thier markets, but didn't bother with the upstream. I have a 4meg down 256 up, while the rest of the nation gets 512! This sucks!
  
  --
  Non impediti ratione cogitationus.
26. Re:Don't fuck around w/your modem's MAC. by asdfghjklqwertyuiop · 2004-12-27 06:47 · Score: 1
  
  How are the supposed to limit the rate at which you transmit by touching only the receiving end?
27. Re:Don't fuck around w/your modem's MAC. by RzUpAnmsCwrds · 2004-12-27 06:56 · Score: 1
  
  "That was my point. :-) Download speeds aren't complainable at the moment. I would love to have 1 meg up, at least, so I could effectively share home movies and such. Sending an compressed HD home movie from a cable user to another is still an agonizing ordeal."
  
  Try DSL. Around here, Qwest offers 1.5/1.0 (they claim 896K but the modem snycs at 1.0) ADSL for $28 a month. You need an ISP, but Qwest offers a basic one for $7 a month (no email/web hosting/etc. - just connectivity).
  
  Total: $35.
28. Re:Don't fuck around w/your modem's MAC. by Sc00ter · 2004-12-27 06:57 · Score: 1
  
  They could rate limit at the head end. At least that's something that the customer has no access or control over.
  
  --
  Free Mac Mini
29. Re:Don't fuck around w/your modem's MAC. by asdfghjklqwertyuiop · 2004-12-27 07:07 · Score: 1
  
  That only limits the rate at which your traffic passes through to the rest of their network. It doesn't control the speed at which you transmit onto the local cable segment.
30. Re:Don't fuck around w/your modem's MAC. by wdd1040 · 2004-12-27 07:11 · Score: 1
  
  We don't have those luxurious ISPs in Florida... The fastest (most cost effective) you can find here is 3.0/384K. DSL is still around 1.5/264K.
  
  --
  wdd
31. Re:Don't fuck around w/your modem's MAC. by Anonymous Coward · 2004-12-27 07:21 · Score: 0
  
  I have news for you. Most cable modem systems use unrouteable IP's because using publically routed IPs on a cable modem would be a waste of IP space.
  
  Next.. CMTS. Wrong. Try again. Some modems DO allow you to upload from a machine that has a TFTP server on it running with firmware.
  
  As far as checksum on the bin files. The only thing DOCSIS 1.0 has for its integrity is the ability to sign the config files. On some CMTS equipment, it'll drop an error message if they signatures don't match. There is also other CMTS equipment where this DOESN'T happen. Most end users (your "tech savvy"), won't have any idea what the signature key is, unless they decided to brute force it, but I would bet they didn't. Once again, I've seen CMTS equipment that doesn't even check for valid signatures.
  
  Basically, if you have a firmware file and know how to code for that particular file, you could in theory, write patches to just ignore the TX/RX values given by the config file, hardcode the SNMP output to display what the config file says for those rates and still accept a valid signed file. This is out of most peoples reach however. But you could potentially be a wolf in sheeps clothing and your oh-so-scary abuse dept wouldn't be able to really do much. At best, unless you're watching for excessive bandwidth usage, then you could probably catch someone, but if the config file checks out and their modems claims to be what it is, what can you do aside from try to re-flash the modem.
  
  Then you can sniff broadcast and see all sorts of arp traffic. I'm sure if you get creative, you can figure out where i'm going with this.
  
  Get an external packet shaper and you can just about nullify the result of people uncapping their modems. They might be able to blast away available spectrum space on the cable to the CMTS, but from there it would get shaped down after hitting the packet shaper. Much more reliable than trusting CPE. Yes, this all depends on how its configured, but cable co's could probably save on bandwidth charges easily by putting some restrictions on p2p traffic, since thats a majority of what the bandwidth consumption is.
32. Re:Don't fuck around w/your modem's MAC. by wizbit · 2004-12-27 07:30 · Score: 1
  
  It's usually in their terms of service, wherein an ISP can say, "Yes, modify your modem, do whatever you want with it, but do take your business elsewhere" - as TOS violators are not welcome on their network.
  
  Pretty standard these days.
33. Re:Don't fuck around w/your modem's MAC. by evilviper · 2004-12-27 08:04 · Score: 1
  
  It works just fine the way it is.
  
  And what if it doesn't? I know I was calling my cable company ever week, month after month, and they sent a different trained monkey out every time, to change a different section of wire, and declare the problem all fixed... for about 5 minutes after they left.
  
  I'm glad I switched to DSL. But for those who might not have such an option, it's nice to be able to get detailed info yourself, and possibly make the necessary changes to get your service working.
  
  Isn't this slashdot? Where we expect the hardware we buy to be free of restrictions of any kind?
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
34. Re:Don't fuck around w/your modem's MAC. by Magic5Ball · 2004-12-27 08:09 · Score: 1
  
  If all I'm after is Internet access not tracable to me directly, I wouldn't need higher level access, just access at all. If I wanted to do something particularly nasty, I would want to do it from a source that looks just like every other source (your 98 per cent) rather than from the easily identifiable two per cent of "higher level" accounts in the subnet.
  
  --
  There are 1.1... kinds of people.
35. Re:Don't fuck around w/your modem's MAC. by ReTay · 2004-12-27 08:32 · Score: 1
  
  "That, and is there any real functionality you are able to get from this hack? Didn't seem like it."
  
  That depends with my cable company a unknown MAC is allowed to be up and running for three days...
  Think about it for a moment.
  
  Almost everything is tied to the MAC of the modem.
  There is some debate IF they could identify you with a forged MAC maybe the three block radius but the account? Maybe, maybe not. Depends on the system you are in and for my company they could not find you.
36. Re:Don't fuck around w/your modem's MAC. by fm6 · 2004-12-27 09:39 · Score: 1
  
  What functionality to you get from any hack? 99% of the hacks you see on Slashdot have no functional purpose, beyond some small (even imaginary) improvement in features or efficiency. Which is hardly worth the risk of damaging the thing you're trying to hack.
  But all hacks are useful for teaching yourself about the technology. And that's not a small goal.
37. Re:Don't fuck around w/your modem's MAC. by Anonymous Coward · 2004-12-27 12:10 · Score: 0
  
  "Or allow you to access the internet with someone elses credentials" Precisely. You can get lots of valid MAC addresses quite easily. Just run tcpdump and look at the ARP traffic -- at least, I can see ARP and broadcast traffic for several of my neighbors with my old, cheap, DCM-100 cable modem.
38. Re:Don't fuck around w/your modem's MAC. by ShortSpecialBus · 2004-12-27 12:30 · Score: 1
  
  I would love to have 1 meg up, at least, so I could effectively share home movies and such.
  
  I think it's reasonable to buy the business class service if you want to run a porn site, hehe
  
  --
  //FIXME: Bad .sig
39. Re:Don't fuck around w/your modem's MAC. by runderwo · 2004-12-27 13:12 · Score: 1
  
  our cable modems (regardless of brand, be it 3com, Ambit, Toshiba...etc) have a 10.x.x.x IP address that is not accessable to the public. Only if you have direct access to the CMTS system can you upload new BIN configuration files to these modems on the fly.
  Well, I hope you don't use Motorola SB3100 or SB4100 modems, since they have a documented ARP poisoning attack that causes the modem to TFTP its config from the local Ethernet segment instead of the headend.
  
  --
  LRC, the best-read libertarian site on the web
40. Re:Don't fuck around w/your modem's MAC. by Anonymous Coward · 2004-12-27 19:18 · Score: 0
  
  If they do it further up the line then the customers that are paying for premium bandwidth would get slower speeds. In example, I have the regular Comcast 3000/256 kbps plan. A person that's paying for the 4000/384, or 6000/512 would get my 3000/256. They can't control it by IP either because the cable modem pulls it out of DHCP. That way they are stuck with giving the end user a pre-programmed capped cable modem.
41. Re:Don't fuck around w/your modem's MAC. by rhuntley12 · 2004-12-27 19:38 · Score: 1
  
  I have Time Warner, and I'm perfectly happy with the 3meg downstream, but you guys wanna raise our upstream a little? Also kind of annoying having to restart cable modem every few days...
42. Re:Don't fuck around w/your modem's MAC. by Cramer · 2004-12-27 20:06 · Score: 1
  
  TW hands out SB5100's now (have been for some time now.) However, there are still an ass load of older SB's out there (even 2100's, 'tho rare.) I know of a several 3100's and 4100's around here.
  
  Personally, I like the 5100... nice tiny black thing with blinkin' LED(s). It's supposed to be the "hacker proof" version, but we all know there's no such thing. (people hack cable boxes that are filled with black tar...)
43. Re:Don't fuck around w/your modem's MAC. by Aurix · 2004-12-27 20:43 · Score: 1
  
  I just wish the US ISPs would open their eyes and allow us higher speeds, like almost the rest of the world.
  
  I can't believe you are bitching about your bandwidth when I dare say the rest of the world has slower and more expensive access.
44. Re:Don't fuck around w/your modem's MAC. by Cramer · 2004-12-27 21:24 · Score: 1
  I would like to see higher upload speeds because it's really annoying to try and telecommute at 384k...
  I've done this (over IPSec that eats even more BW) and 384k is perfectly acceptable. I've also done so via 64k and 128k (ISDN.) 64k is painfully slow; I've seen better and won't go back :-) 128k is ok, but it takes a smart terminal app (citrix, rdp, vnc, etc.) to avoid unnecessary repainting of large areas -- citrix is the only thing I've seen work well in low bandwidth and/or congestion.
  
  (Note: don't connect to your windows desktop ("terminal server", "remote desktop", etc.) at 24bit... 8bit color depth is all you need.)
  
  It's easy for the cable network to increase the download speeds as that's what the network is designed for. Each channel supports 30Mbps down/10Mbps up. Flooding the downstream channel(s) isn't a major problem as everything will level out -- those using the most bits will see the biggest hit. However, flooding the upstream channel(s) will kill everyone... I don't get anymore packets until I ACK the one's I've received. And QoS policies don't work upstream -- you cannot shape the bits until you have them, and in the upstream direction, once you have the bits, it's already too late; the damage is done.
45. Re:Don't fuck around w/your modem's MAC. by Anonymous Coward · 2004-12-27 23:35 · Score: 0
  
  Actually sane ISP's limit it on the head end (although based on MAC so if you figure out who has a faster link you could steal their MAC)
46. Re:Don't fuck around w/your modem's MAC. by RzUpAnmsCwrds · 2004-12-28 05:22 · Score: 1
  
  That's the cool part - the $35 service *is* the business-class service. I don't know what the TOS is, though.
47. Re:Don't fuck around w/your modem's MAC. by Fullaxx · 2004-12-28 05:53 · Score: 1
  
  *MOST* bandwidth limiting is done at your modem, not at the ISP center.
  The ISP send the limits to your modem, and your modem limits your bandwidth.
48. Re:Don't fuck around w/your modem's MAC. by DigiShaman · 2004-12-29 17:44 · Score: 1
  
  1. Download should be upgraded from 3-Mbit/s to 5Mbin in the comming months ahead. But keep dreaming on the upload, we are lucky to even be able to offer a 384-Kbit/s upload rate. Downstream access is practically free, but it's the upload that costs so much money. Basically in the ISP business, uploading data is a commodity in the market. So...fogettaboutit (Yes, I get the same access as you do and I'm an employee at that)
  
  2. If you have problems with an intermit cable modem issue, then call in about the issue. We have the ability to run diagnostics and check the history log of the modem connection for problems that you might be having. If there is an issue with a signal to the modem, a technician can be scheduled to have the problem addressed.
  
  --
  Life is not for the lazy.
49. Re:Don't fuck around w/your modem's MAC. by dave1g · 2005-01-03 14:46 · Score: 1
  
  mmmm 5 megs. i assume the 6 meg premium service will go up as well?
  
  Also Is there any chance of time warner allowing maximum connection speeds Up and down, inside the time warner network where it should be free, right? Im not sure if that would only be to your neighborhood, or city, or the entire road runner network.
50. Re:Don't fuck around w/your modem's MAC. by DigiShaman · 2005-01-06 18:08 · Score: 1
  
  Yes, the cap will also go up for premium subscribers. I'm not sure what it is though, I'm wanting to say 8-mb/s though.
  
  As for the idea of different rates inside TWC network, it's a good one. I too wish the caps would be lifted for peer access based on subnets. This would be very nice for gamers that wish to host and play online FPS based games (not to mention setting up VPNs for file trading).
  
  --
  Life is not for the lazy.
51. Re:Don't fuck around w/your modem's MAC. by dave1g · 2005-01-06 18:16 · Score: 1
  
  heh, I suspect you dont have much clout with the policy guys at time warner.
  
  Technically would the intra network idea be possible and essentially free to the company?
  
  Interesting that you mention games because the San Antonio(Im from there, now in Austin at UT) RR team actually runs a few game servers inside the network. Which makes for really good ping times, but still High bandwidth between my neighbors would be awsome.
  
  What is the max bandwidth for a cable system? I've heard people saying that the docsys standard allows up to 10 mbps.
52. Re:Don't fuck around w/your modem's MAC. by X0563511 · 2005-01-08 09:30 · Score: 1
  
  That's providing the technician isn't a complete retard who couldn't even scrape up an A+ certification.
  
  Last couple of times i had a "technician" come "address" the problem, i had to help him do it.
  
  Then again, i live in the good ole state of Maine, and it was Adelphia...
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
How long... by KennyP · 2004-12-27 03:52 · Score: 2, Interesting

Until they are discovered and those modified cable modems are de-serviced?

Kenny P.
Visualize Whirled P.'s
1. Re:How long... by garcia · 2004-12-27 03:54 · Score: 3, Insightful
  
  Until they are discovered and those modified cable modems are de-serviced?
  
  I was wondering if people could use a modified firmware that would report a valid modem config file back to the ISP when the ISP scans for ones that were not sanctioned.
  
  The ISP could powercycle the modems remotely and push new firmware to all the modems rather easily. I would assume that the pushed firmware would include a way to block unauthorized firmware from connecting to the network.
  
  Who knows if they'd be that interested though?
2. Re:How long... by packslash · 2004-12-27 05:05 · Score: 0
  
  actually there are hundreds of people in just one of the main irc channels that have all been using hacked cable up and down for years now.
3. Re:How long... by Grym · 2004-12-27 09:26 · Score: 0
  
  Who knows if they'd be that interested though?
  This isn't *just* about some users getting more bandwidth than they are paying for. Messing with some of the settings can seriously screw up the network for everyone.
  For instance, on most cable modems the upload bandwidth is much smaller than the download. Why? Because there is an issue known as a "hidden node" that affects the many-to-one side of communications (the upstream). Suffice it to say that without this limit, service can be seriously degraded to the point of non-functionality to *everyone* on that part of the network. The cable company knows this, but dollars-to-donuts the script kiddie screwing with the settings won't.
  And that's just one setting. As another poster commented, others like dB can cause even worse problems.
  No, trust that the cable company *does* care and rightfully so.
  -Grym
Note the date.. by Anonymous Coward · 2004-12-27 03:55 · Score: 5, Informative

..of the securityfocus story. It says "Feb 5 2004". It's nearly a year old!
1. Re:Note the date.. by AndreyF · 2004-12-27 18:04 · Score: 1
  
  Note the date of the securityfocus story. It says "Feb 5 2004". It's nearly a year old!
  
  I think the point of it was to get visitors to the last link he provided... not a bad idea, and no one seems to have noticed... :)
As a Technology Demonstration... by Anonymous Coward · 2004-12-27 03:58 · Score: 1, Funny

The group's website is being served through a hacked cable-modem connection.
Cue FBI raids in 5...4...3.. by EvilStein · 2004-12-27 03:58 · Score: 5, Interesting

Remember these cable modem tweakers that were raided by the FBI?
1. Re:Cue FBI raids in 5...4...3.. by garcia · 2004-12-27 04:02 · Score: 3, Informative
  
  Remember these cable modem tweakers that were raided by the FBI?
  
  Those individuals were "uncapping" their cable modems by changing their modem config file and uploading it to their modems. That could be labeled theft of service as you are effectively stealing bandwith that you didn't pay for.
  
  Modifying the firmware on your cable modem doesn't necessarily have to mean uncapping your modem config file and upping your possible bathwidth.
  
  In fact, this method is quite a bit more difficult than just editing the modem config file (as it requires a hardware interface not just a TFTP server).
2. Re:Cue FBI raids in 5...4...3.. by EvilStein · 2004-12-27 04:09 · Score: 1
  
  Very true, but do you really think that "more bandwidth" was *not* on their minds?
  
  I can't think of many other reasons to get in to a cable modem to dick around with it. I'm sure there are a few that people will come up with, but I chalk it up to the "Eh, who cares?" file. :P
3. Re:Cue FBI raids in 5...4...3.. by nolife · 2004-12-27 04:10 · Score: 1
  
  I seem to recall a huge controversy on how they came up with those damages figure. Just enough to get the FBI involved but later determined to be very much less? No that is working the criminal justice system in your favor.
  
  --
  Bad boys rape our young girls but Violet gives willingly.
4. Re:Cue FBI raids in 5...4...3.. by Vo0k · 2004-12-27 04:21 · Score: 3, Insightful
  
  Resident sniffer/logger.
  Simple Firewall.
  Monitor, blinking LEDs on certain kinds of packets arriving.
  "Wake on ring" if not present by default.
  "extra secret storage" in unused flash.
  Changing MAC address...
  *less* bandwidth (throttling your uplink, etc)
  
  --
  Anagram("United States of America") == "Dine out, taste a Mac, fries"
5. Re:Cue FBI raids in 5...4...3.. by Frank+T.+Lofaro+Jr. · 2004-12-27 06:06 · Score: 1
  
  One of them got convicted of a felony.
  
  http://www.broadbandreports.com/shownews/33596
  
  http://www.google.com/search?q=uncapped+cable+mode m+%22convicted+of+a+felony%22&hl=en&lr=&filter=0
  
  --
  Just because it CAN be done, doesn't mean it should!
6. Re:Cue FBI raids in 5...4...3.. by BRTB · 2004-12-27 06:30 · Score: 2, Informative
  
  I wouldn't mess with the speed, as I'm sure the second somebody starts blasting 10mbit uploads down the cablenet, somebody on the UBR end will pick it up. I'd be happy with re-enabling the read-only 'public' SNMP on the local IP address of the cable modem... it was really nice pointing MRTG at 192.168.100.1 and reading the transferred-bytes numbers straight out of the modem interface, to say nothing of the signal strength and other genuinely useful info you can read with docsdiag.
7. Re:Cue FBI raids in 5...4...3.. by zakezuke · 2004-12-27 08:40 · Score: 1
  
  Those individuals were "uncapping" their cable modems by changing their modem config file and uploading it to their modems. That could be labeled theft of service as you are effectively stealing bandwith that you didn't pay for.
  
  Silly question... how does one measure the amount of theft in these cases? By the byte? If you are not paying for the service this is easy, the theft would be equal to the monthly rate normally charged. But if you are paying for service how can you measure the amount of theft that took place?
  
  --
  There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
8. Re:Cue FBI raids in 5...4...3.. by rec9140 · 2004-12-27 10:47 · Score: 1
  
  I'd be happy with re-enabling the read-only 'public' SNMP on the local IP address of the cable modem... it was really nice pointing MRTG at 192.168.100.1 and reading the transferred-bytes numbers straight out of the modem interface, to say nothing of the signal strength and other genuinely useful info you can read with docsdiag.
  
  EXACTLY!
  
  I have ZERO interest in "uncapping" I am quite happy with my speed.
  
  What I would like is the ability to use the SNMP READ to get info as listed above. I am NOT ASKING for or do I want the WRITE SNMP string.I alsp don't want locked out of the ability to CONFIG *MY* EQUIPMENT!
  
  I simply want to be able to read stats and info on the link, data sent etc..
  
  Also the ability to change out modems on my end with out calling up the ISP, since my cable ISP doesn't have this online ability would be great. A simple change of the MAC to the presently autorhized one in their system would allow me to swap out the Ericsson PipeRider and Toshiba I have to MY Cisco UBR924's. I'll put the 2 cableco units in the closet(s) for use when I need to check problems, but otherwise I want more robust equipment, BUT I am not going to get LOCKED out of MY EQUIPMENT EITHER!
  
  --
  1311393600 - Back to Black
Re:Dangerous, and probably illegal. by Neophytus · 2004-12-27 03:59 · Score: 3, Funny

Please note cable modems do not connect to the telephone network. They connect to the cable company's private wires.
True by Anonymous Coward · 2004-12-27 03:59 · Score: 0

This article was written nearly a year ago, and probably doesn't apply now.
Question by MisanthropicProgram · 2004-12-27 04:00 · Score: 3, Interesting

Could these guys get arrested or sued under the DMCA?
1. Re:Question by Anonymous Coward · 2004-12-27 04:03 · Score: 1
  
  Yes - and I hope they do.
  My ISP's service is suffering from hacked/malfunctioning DSL modems, so I truly wish crap like this is dealt harshly with.
2. Re:Question by Vo0k · 2004-12-27 04:14 · Score: 1
  
  Yep. in non-hackable hardware.
  If it's made illegal, it doesn't vanish. It only moves deeper under ground.
  
  --
  Anagram("United States of America") == "Dine out, taste a Mac, fries"
3. Re:Question by Vo0k · 2004-12-27 04:30 · Score: 1
  
  No. They didn't circumvent any mechanisms protecting copyrighted data in order to use that data. (and this is strictly what DMCA is about)
  You could say they circumvented the protection (doubtful, the protection wasn't anywhere near to "efficient" as DMCA states) to access the copyrighted firmware. Except their aim is not to steal the original firmware but to replace it with their own, so the intent part isn't fulfilled at all. If they downloaded the firmware and started spreading it over BitTorrent, sure, then they are in violation of DMCA. But if they just make a backup for personal use and then write new software, sorry, nope. Sure they could be SUED under DMCA. But they would win the case hands down.
  Even if they were spreading original but -modified- (not written from scratch) firmware, a good lawyer could argue it's fan art and as such, fair use, but that's more tricky.
  
  --
  Anagram("United States of America") == "Dine out, taste a Mac, fries"
4. Re:Question by SCPRedMage · 2004-12-27 05:31 · Score: 2, Informative
  
  Allow me to spell it out for you: Digital Millennium COPYRIGHT Act. It covers bypassing COPYRIGHT protection measures. Uncapping your modem is NOT bypassing a COPYRIGHT protection measure (although it IS still illegal).
  
  --
  My sig can beat up your sig.
5. Re:Question by Predius · 2004-12-27 07:53 · Score: 1
  
  How is your service being affected by hacked/modded DSL modems? The rate limiting doesn't occur at the modem, it occurs at the DSLAM by tweaking the line rates the remote CPE is allowed to train up to. If the DSLAM has been hacked, well, you're screwed, get a new ISP, but people mucking with their modems, all that does is affect how well they train, not allow them to 'uncap' their setup like you can with cable.
6. Re:Question by walt-sjc · 2004-12-27 08:43 · Score: 2, Interesting
  
  He's probably confused. It's amazing how many people I talk to that say they have DSL that actually have cable modems.
7. Re:Question by Fallen_Knight · 2004-12-27 10:04 · Score: 1
  
  and by that he probaly really doesn't know a thing about why is net connection is so screwed....
8. Re:Question by Cramer · 2004-12-27 21:46 · Score: 1
  
  Time to add a copyright notice to that MD5 signed config file :-)
  
  Of course, the DMCA has little to do with copyright in actual practice. Saddly.
Re:Dangerous, and probably illegal. by Anonymous Coward · 2004-12-27 04:02 · Score: 2, Insightful

impossible for so many reasons, read up on the phone network, but it is impossible to send any large ammount of electricity down it.

also you can connect up homebrew devices, the only thing you wil degrade is your own private phone network, no one elses.

why would it be a DMCA violation in the first place?
do you even know what it stands for
I was wondering. by FreeLinux · 2004-12-27 04:03 · Score: 2, Interesting

I was wondering about this. It seems, to me, that this hack will render your modem useless on the cable network. What's the advantage of that?

Changing tha MAC address will effectively cut off service to your modem. Being able to update the firmware sounds nifty but, do you have new firmware that you need to install? Is there some service that you need so badly, on a cable modem, that you would spend your time writing new firmware for it?

I just don't see the advantage to this hack. I can see the advantage of previous hacks to uncap a modem but, even those hacks put you at risk of having your service terminated or worse, criminal charges being brought against you.
1. Re:I was wondering. by Anonymous Coward · 2004-12-27 05:59 · Score: 0
  
  I think you have it backwards. If you want to switch modems, this way you can set your mac address to match your old one so your cable network still works.
  More realistically, though, your ISP sucks if he won't let you change modems.
Re:Dangerous, and probably illegal. by Anonymous Coward · 2004-12-27 04:05 · Score: 2, Funny

why would it be a DMCA violation in the first place?
do you even know what it stands for

I believe it stands for "YHBT".
spoofing? by Anonymous Coward · 2004-12-27 04:05 · Score: 1, Interesting

I wonder how long it will be until people spoof other people's cable modem hardware addresses to 'steal' their access...
1. Re:spoofing? by Anonymous Coward · 2004-12-27 04:46 · Score: 1, Informative
  
  Most Cable ISP's also log the CPE mac(ethernet mac), so they would see the change when looking for the person who committed the crime... I know, I am one of those people who work for a Cable MSO searching for people who commit crimes.
2. Re:spoofing? by quantax · 2004-12-27 05:21 · Score: 1
  
  I have been reading the comments thus so far and am surprised that no one has hit upon this. In fact, this is very purpose of changing your MAC address of your modem. A certain cable ISP around here, their national network is setup such that a user with a MAC address in one part of the country can duplicate their MAC address onto another cable modem and go else where in the country (to another subnet of the ISP), and thus gain free service merely by hooking their cable modem up to a line with their cable TV service.
  
  I know someone who has done this, and it works rather effectively. In this case, it is due to the way the ISP has structured their network, so that having duplicate MAC addresses will only work so long as the modem is placed on another subnet. A group of guys online have been doing this for a while, a little while after people figured out how to uncap their modems.
  
  --
  "What can a thoughtful man hope for mankind on Earth, given the experience of the past million years? Nothing." -Bokonon
3. Re:spoofing? by nuclear305 · 2004-12-27 05:25 · Score: 1
  
  It already exists. Albeit I've only seen it done with Motorola's line of modems...but it is certainly possible and has been done. The only catch is that the cloned modem can't be on the same node as the original because you'll have 2 modems with the same hardware address fighting for access...unless of course you have SNMP access to the modems and remotely shut down the original.
WOOOHOOO by Anonymous Coward · 2004-12-27 04:06 · Score: 5, Funny

i cant wait for a few days until all the people that try this hack, are kicked off the network allowing my service to go faster.

yay for stupid people.
1. Re:WOOOHOOO by evilviper · 2004-12-27 07:59 · Score: 1
  
  allowing my service to go faster.
  
  Not possible. The primary reason for this hack in the first place, is to stop your cable-modem from limiting your bandwidth.
  
  If you were the only node on the entire network, you wouldn't see the slightest bit of a speed-up.
  
  I switched to DSL, and couldn't be happier about it. Costs less, and MANY times faster.
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
2. Re:WOOOHOOO by Anonymous Coward · 2004-12-29 06:29 · Score: 0
  
  He will have the same bandwith to his isp, but his isp will have more spare bandwidth upstream.
Hacking cellphones by null+etc. · 2004-12-27 04:08 · Score: 5, Insightful

Now if only these guys can figure out how to enable the Bluetooth features on my v710 phone...

Try the discussion forums over at wirelessadvisor.com

I posted a teaser message there once regarding the Motorola T720. By using the USB modem cable and a COM port sniffer, I determined that extended AT modem commands were used to synchronize the phone with the desktop. By posting my findings, someone took the initiative and started a Yahoo! group for hacking the T720. Within a month, the group had 400 members and within five months the group had collectively hacked the T720.
1. Re:Hacking cellphones by weave · 2004-12-27 04:31 · Score: 1
  
  I went with T-mobile and a Nokia 6600 specifically because of this busted-by-design decision regarding bluetooth and Verizon. While I doubt they lose more customers than they generate through the revenue they soak out of people, it *does* matter to a significant amount of people.
  (btw, the Nokia bluetooth isn't as nice as the bluetooth on Sony phones like the t610, but I think that is due to bad coding more than by design.)
2. Re:Hacking cellphones by fm6 · 2004-12-27 10:04 · Score: 1
  
  Not quite the same kind of hacking. The USB cable is meant to be used the way you used it. (Very likely you could have found out the same thing by reading the SDK manuals, though it is more fun to discover this stuff on your own.) But Verizon seems to have decided that their customers can't be allowed to use Bluetooth except for specific authorized purposes. Getting around their limitations involves disabling the activation and modifying the firmware. Not for the faint of heart!
mirror, anyone? by bodrell · 2004-12-27 04:10 · Score: 1, Redundant

only 14 comments, and site's down already.

--
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
great for deniability in court by Anonymous Coward · 2004-12-27 04:12 · Score: 3, Interesting

MAC address/IP are often used in court. Things get interesting when people can change or spoof these things.
1. Re:great for deniability in court by bani · 2004-12-27 10:56 · Score: 1
  
  have a reference for mac address being used in court? if its often as you claim, then you should have no problems providing one or more case numbers.
2. Re:great for deniability in court by Anonymous Coward · 2004-12-27 18:21 · Score: 0
  
  hey asshat... the MAC sometimes helps decide WHICH ip the isp assigns the device in the dhcp lease.... therefore the IP address is realted to the MAC address.
  
  there is not one court case that does not mention the IP address and since the IP address is a function of the MAC address then you are indeed an ignorant ass
  
  read a book, or grow a dick
3. Re: great for deniability in court by Anonymous Coward · 2004-12-28 04:02 · Score: 0
  
  he cant, because there isnt any such case.
Great way to lose your service. by papasui · 2004-12-27 04:15 · Score: 4, Insightful

This violates most acceptable use policies, regardless if your own the cable modem or not changing your modems mac address would fall under hacking as your could cause service interruptions on your network segment for other people. Your paying for internet service not the right to fuck around with a companies million dollar network. We had a kid get arrested for this, changed his modems mac everyday but never changed his nic's. Pretty trivial to track him down.
1. Re:Great way to lose your service. by pclminion · 2004-12-27 04:46 · Score: 1
  
  We had a kid get arrested for this, changed his modems mac everyday but never changed his nic's. Pretty trivial to track him down.
  How does an ethernet MAC address get exposed on the Internet side of a cable modem? Are you making this up?
2. Re:Great way to lose your service. by papasui · 2004-12-27 04:52 · Score: 3, Informative
  
  ARP
3. Re:Great way to lose your service. by Sc00ter · 2004-12-27 04:53 · Score: 3, Informative
  
  via SNMP and the arp table of the modem. The cable provider still has access to the modem via SNMP.
  
  --
  Free Mac Mini
4. Re:Great way to lose your service. by Jedi+Alec · 2004-12-27 04:57 · Score: 1
  
  dunno about him, but my cable modem actually checks the MAC addy of my nic. it will work with 1 MAC addy and that addy only, otherwise it's game over. so yeah, the isp knows my mac address, the modem knows my mac address etc. etc.
  
  --
  
  People replying to my sig annoy me. That's why I change it all the time.
5. Re:Great way to lose your service. by nolife · 2004-12-27 05:25 · Score: 1
  
  How do they know what CM to pull the config from with his MAC changing all the time? I guess they could do them all everyday or maybe specifically target new/different/flipfloped MACS. Is that something a cable company would pull and analyzes on a daily basis as part of normal business? Maybe there are more details then "he changed his MAC" everyday and those details resulted into something worth looking into.
  
  --
  Bad boys rape our young girls but Violet gives willingly.
6. Re:Great way to lose your service. by Anonymous Coward · 2004-12-27 06:08 · Score: 0
  
  We had a kid get arrested for this, changed his modems mac everyday but never changed his nic's. Pretty trivial to track him down.
  
  I'm genuinely curious... Did the police invite themselves in and just arrest him? Did the ISP serve him with warning notices? Was he given an opportunity to explain what he may or may not have been doing?
  
  And you say a "kid" was arrested. Would his parental/guardian units not be held responsible? The cable contract would not have been in the kid's name and, most likely, the adults of the household would be the ones responsible for the cable modem's well-being. Well, that's what I would have expected, anyways.
7. Re:Great way to lose your service. by Frank+T.+Lofaro+Jr. · 2004-12-27 06:17 · Score: 1
  
  Arrested?
  
  On what charge?
  
  That is insane!
  
  --
  Just because it CAN be done, doesn't mean it should!
8. Re:Great way to lose your service. by papasui · 2004-12-27 06:43 · Score: 1
  
  Theft of service. He wasn't paying for it.
9. Re:Great way to lose your service. by papasui · 2004-12-27 06:47 · Score: 2, Funny
  
  There was some other factors surrounding this, but I can't discuss it.
10. Re:Great way to lose your service. by Anonymous Coward · 2004-12-27 06:56 · Score: 1, Funny
  
  You mean like the factor about how you made the whole thing up?
11. Re:Great way to lose your service. by Anonymous Coward · 2004-12-27 08:16 · Score: 0
  
  Exactly how did you track a NIC MAC on a PC to physical house address? That would be a cool tool. What purpose did the person have to change the MAC address of the CM in the first place? I've seen two types of CM systems in the US. One that authenticates by CM MAC, and the other by PC MAC behind the CM. Obviously the place you "work" for was not using the CM address if the user was able to change that at will and still be able to connect, so... I am assuming the system in question uses the end user PC NIC MAC, in that case, you would already have the MAC on file as that was the auth method but you claimed you used ARP to get it (you could save some time and just parsed the DHCP lease logs). But if you had that MAC on file already (which you would have to), I assume the person was a paying customer so exactly what were they stealing?
  I'm sorry, but your answers are so vague it appears you are making something up as you go along or you really have no idea what really happened if anything.
12. Re:Great way to lose your service. by papasui · 2004-12-27 10:06 · Score: 1
  
  The cisco cmts keeps a live log of it. A show cable modem command with the cable mac will provide the cpe mac and a show cable modem command with the nic mac will show the cable modem mac. A lot easier and less time consuming than parsing compressed dhcp logs.
13. Re:Great way to lose your service. by papasui · 2004-12-27 10:12 · Score: 2, Interesting
  
  He was pushing his own copy of our cm file from his tftp server. He was changing his mac address to avoid being tracked but neglected to change his nic's mac. The rest was just a bit of investigating work. We know what areas combine to what on our network and we tools that match customer info back to the live mac addresses on the system. After that there was only a handful of people that it possibly could be.
14. Re:Great way to lose your service. by Punboy · 2004-12-27 11:03 · Score: 1
  
  And... how exactly do you expect the changing of MY MAC address to cause other modems on the block to malfunction and lose service?
  
  --
  If you like what I've said here, and want to read more, go to http://www.krillrblog.com
15. Re:Great way to lose your service. by Anonymous Coward · 2004-12-27 13:39 · Score: 0
  
  Obviously you have no idea what tracks are left on an ISPs network. If the moron is doing something illegal (kiddie pr0n?) his NIC would have a public IP that would could be tracked. Getting the modem IP would then be childs play with full access to routers, CMTS', etc.
  
  I know because I do!
16. Re:Great way to lose your service. by Anonymous Coward · 2004-12-27 13:43 · Score: 0
  
  The fun thing to do is give a slow Qos via a static entry in the UBR (ours is 28k) before he gets arrested. Give him a little time to wonder what went wrong before the cops knock on the door!
17. Re:Great way to lose your service. by Leffe · 2004-12-28 10:49 · Score: 1
  
  I can't really agree with the law here.
  
  1. He was paying for it.
  2. The cable company happily and willingly approved his request for higher speeds.
  3. He changed nothing he did not own (except for the modem perhaps).
  
  I would rather consider the cable company the culprits here.
  
  I ANAL!
Wrong law, bucko. by SCPRedMage · 2004-12-27 04:16 · Score: 2

It wouldn't be a DMCA issue; DMCA applies to copyright protection. Hacking your modem isn't going to let you bypass some obscure copy-protection scheme.

--
My sig can beat up your sig.
1. Re:Wrong law, bucko. by Anonymous Coward · 2004-12-27 05:38 · Score: 0
  
  Have you never read any of the twisted ways this law has been applied? I'm sure the access you get to the Copyrighted BIOS would be more then enough to get you charged - and who needs a conviction, just being charged gets you RIAA style justice.
Maybe it's not a problem by Anonymous Coward · 2004-12-27 04:16 · Score: 0

Once they tweak their cable modem, they'll be back up again.

Then again, maybe they DID tweak their cable modem, and screwed it up.
Re:Dangerous, and probably illegal. by NoMoreNicksLeft · 2004-12-27 04:20 · Score: 1

Please note that this was a sarcastic comment using Bell's excuse for not allowing non-Bell owned equipment to be connected to your phone jack.

Am I the only one here older than age 12?
Re:Dangerous, and probably illegal. by PalmKiller · 2004-12-27 04:23 · Score: 1

Its cable modem systems, not DSL, just a few radio waves over a coax, and no, its not going to microwave them
Article content by PuppiesOnAcid · 2004-12-27 04:23 · Score: 2, Funny

Warning: mysql_connect(): Can't connect to MySQL server on 'engdb.agava.com' (61) in /home/t/tcniso.hosting.agava.com/WWW/db_connect.ph p on line 10
Can't connect to MySQL server on 'engdb.agava.com' (61)

=)
Brave man to hack your cable modem.. by Anonymous Coward · 2004-12-27 04:23 · Score: 0

It's pretty obvious from a cable modem providers perspective when you start transmitting out of bounds or the crc on the firmware is not right. You might think you can get away with it, but at the same time they KNOW they can catch you, if they desire. And YES they do prosecute folks. Go back to p2p'ing its probably safer than hacking your cable modem. Or learn to bridge the neighbors worth of free 802.11 to aggregate more bwidth, lol.
Explain this to me, please? by khrtt · 2004-12-27 04:24 · Score: 2, Interesting

The only way you can possibly benefit from this is to uncap the modem, which is about as kosher as petty shoplifting. And you wouldn't need to reflash the modem for it anyways.

So, if you are not uncapping it, then what's the point? It's not like you are going to add any badly missed features, or make a linux print server out of it. Maybe it's just my lack of imagination, but I just don't see any practical uses for a hacked cable modem. I mean, other than getting the inner satisfaction from proving that you are actually able to read and flash the EEPROM:-). But then, you could just use a screwdriver and an EEPROM programmer...
1. Re:Explain this to me, please? by YaRness · 2004-12-27 05:32 · Score: 1
  
  I mean, other than getting the inner satisfaction from proving that you are actually able to read and flash the EEPROM:-). But then, you could just use a screwdriver and an EEPROM programmer...
  
  i can see now some gang of script kiddies in a basement. they've got some retired guy tied up in front of a console. mom won't let them buy any weapons so they are threatening him with a screwdriver. "M4K3 TEH CH1p W3RK OR W3 W177 ST@B j00!!!!!@#111"
2. Re:Explain this to me, please? by Anonymous Coward · 2004-12-27 07:09 · Score: 0
  
  So, if you are not uncapping it, then what's the point?
  
  This would allow me to access the modem via SNMP and run MRTG against it to track bandwidth usage, signal strength, downtime, etc., and to tweak the modem's built-in TCP/UDP firewall. Right now my provider locks me out of SNMP, even though it's not their modem.
3. Re:Explain this to me, please? by evilviper · 2004-12-27 07:56 · Score: 1
  
  So, if you are not uncapping it, then what's the point?
  
  You can evesdrop on all the other cable-modem users on your segment (could be nearly 1000). You can change your MAC address for anonymous access, or even free access.
  
  You can't make it into a print server, but it could easily become a router, firewall, NAT box, etc.
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Re:Dangerous, and probably illegal. by anderm7 · 2004-12-27 04:24 · Score: 1

Who let 1960 AT&T on slashdot. Wasn't there a court case that decided that you can put 3rd party hardware on the public telephone network? Although, I imagine that you would have trouble connecting the cable "modem" to your phone jack.
Re:Dangerous, and probably illegal. by tenman · 2004-12-27 04:25 · Score: 1

13 and a half...
2400 bps modems? by Anonymous Coward · 2004-12-27 04:27 · Score: 3, Funny

I've got a box-full of old 2400 bps modems and it would be great if these guys can find a way to tweak some speed out of them.
1. Re:2400 bps modems? by SCPRedMage · 2004-12-27 05:36 · Score: 1
  
  I've got a way to hack them, but you'll need either a hammer or a shotgun. Or both.
  
  --
  My sig can beat up your sig.
2. Re:2400 bps modems? by Anonymous Coward · 2004-12-27 13:17 · Score: 0
  
  Well, let's see... you can strap 436 of them in parallel on 436 telephone lines and achieve a 1 Mbps transfer rate. Finding an ISP that will support this is left as an exercise to the "too much time on their hands" crowd.
A tear of admiration for these people. by gelfling · 2004-12-27 04:41 · Score: 1

This article brings joy to me. It's great to see serious hardcore development like this, on a shoestring. 21st century Thomas Alva Edisons and Alexander Graham Bells.
1. Re:A tear of admiration for these people. by Anonymous Coward · 2004-12-27 05:36 · Score: 0
  
  Big difference.
  
  The people you referenced were doing something for the first time and developing something NEW. The firmware hackers are duplicating what existing engineers have already developed, tested, and deployed and the units are in place and working already. Nothing new here, just getting the same information the others have without getting it directly from them.
2. Re:A tear of admiration for these people. by gelfling · 2004-12-27 06:02 · Score: 1
  
  Nonsense, the Edwarian era Great Inventors were engineering better solutions to crude unworkable designs that already existed.
Interesting... Makes me think of a few things... by bhima · 2004-12-27 04:53 · Score: 1

This is an intelictually intersting exercise. I suppose the idiots that have no business doing this sort of thing will diswaded by the soldering and cabling requirements. The really persistant dumbasses will have their ISP cut off their service when they violate their terms of service.
But the thing that really comes to my attention is:Never leave debug code in production firmware. Proves I haven't been paranoid for no reason these years!

--
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
Hold up! by El+Camino+SS · 2004-12-27 04:57 · Score: 3, Funny

The group known as TCNiSO has released a very interesting hardware modification for RCA / Thomson cable modems. The modification is done by grounding the bus clock on the serial EEPROM which throws the device into a diagnostic panic mode. Then by using the debug tools from the embedded console to reprogram the EEPROM, a user can permanently enable a developers menu which gives complete control of the modem, such as modifying the hardware addresses or flashing new firmware. Now if only these guys can figure out how to enable the Bluetooth features on my v710 phone..."

Whoa, slow down.

Corky here can't handle frontpage paragraphs like that first thing in the morning.
Motorola V710 phone hack here by scattol · 2004-12-27 05:03 · Score: 4, Informative

There are instructions on this web site on how to modify your v710 phone to turn on all the bluetooth functionality. You need to register though. Don't know if they work, I haven't tried them so you are on your own.

If they work, let us know.
1. Re:Motorola V710 phone hack here by Anonymous Coward · 2004-12-27 06:37 · Score: 3, Informative
  
  I registed a fake user and posted it on bugmenot.com:
  
  user: userboy
  pass: pants1
Re:Dangerous, and probably illegal. by papasui · 2004-12-27 05:04 · Score: 3, Informative

In a two way system yes both a forward and return path are provided completely through the cable provider. In a 1 way system the return path is provided through the phone, Motorola's Surfboard 2100D has a CAT3 connector on it for this purpose. I'll bet that there is still a few of these in the US.
Nitpicking by Plocmstart · 2004-12-27 05:07 · Score: 1

I realize this is a minor detail, but with the I2C protocol SDA (the EEPROM line that is grounded) is actually the serial data/address line. SCL is the serial clock line.
1. Re:Nitpicking by Anonymous Coward · 2004-12-27 05:59 · Score: 0
  
  werd!
  
  from the article:
  "SDA pin used to clock the data transmission"
  
  Article got it right, person that wrote the summary on slashdot apparently is incapable of correctly RTFA
Also Discovered by Jozer99 · 2004-12-27 05:11 · Score: 5, Funny

It was also discovered that by permanantly grounding the clock, the RCA cable modem could be turned into a full fledged Radeon 9700 Pro...
1. Re:Also Discovered by SCPRedMage · 2004-12-27 05:41 · Score: 1
  
  Shoot, I was hoping for a X800 XT...
  
  --
  My sig can beat up your sig.
v710 Hacked Firmware @ HoFo by Anonymous Coward · 2004-12-27 05:13 · Score: 0

You need the SuperDave 1.02 firmware over at HoFo. http://www.howardforums.com/showthread.php?s=&thre adid=513683

Enables xferring ringtones, pix via BT, better camera quality, I now have signal/battery strength on the HUB in my Acura TL, other fixes as well.
Uncapping? No... by telemonster · 2004-12-27 05:19 · Score: 2, Interesting

Uncapping of the rate? No. Promiscuous mode is where the terror begins! Sniffing the traffic on the segment is where the real press will begin.

--
Southeastern Virginia REPRESENT!
What about the more legit uses? by anthony_dipierro · 2004-12-27 05:24 · Score: 5, Interesting

Everyone is talking about how this is a bad thing to do on someone else's network, but what about on your own network? Is it possible to get two cable modems to talk to each other over a coax cable? Can you hack the things to run distributed.net software? There are an awful lot of people out there with cable modems but no cable modem service.
1. Re:What about the more legit uses? by alienwork · 2004-12-27 05:37 · Score: 1
  
  if there are no SNMP protections then you can "talk" to other modems on your node.
  
  The SB5100 is hacked with special method that will allow you to run unsigned code on the modem
Re:article author by SCPRedMage · 2004-12-27 05:38 · Score: 1

It was a joke. Calm yourself, grasshopper.

--
My sig can beat up your sig.
Back in the day... by danuary · 2004-12-27 05:41 · Score: 5, Interesting

I worked for a startup cablemodem ISP. This was the mid-90's, before DOCSIS; we used proprietary equipment.
We discovered and hounded the vendor relentlessly about the fact that the modems had a serial port for dial-upstream service. If you jumped a couple pins on the serial port, reset the modem, and plugged in a serial line 9600/8/n/1 you'd get the modem's diagnostics (password protected, albeit with a very weak password).
The things you could do from the diag screen were downright scary. All this and more. You could determine the downstream and upstream freqs; you could also set the modem to transmit on any upstream frequecncy at any level up to 60dB. We played around with it for a bit. We set up a test modem and had it transmit for a second at 60dB on one of our upstream freqs; it took out ~400 users' service for about a half hour. Had we done it on the PPV freqs, it would have taken out PPV for a few thousand people. Fun stuff.
And to my knowlege, they never fixed it.
1. Re:Back in the day... by Anonymous Coward · 2004-12-27 06:08 · Score: 0
  
  I have a cable modem that has a mini http server (among other things ... I remember it also provides a dhcp server) that you can connect to that gives you information about the downstream and upstream frequency (btw, they run vxworks). I do not recall that there is a serial console available, but my understanding is that as I recall, it is possible to open it up and solder on the appropriate pins to get a console.
2. Re:Back in the day... by computational+super · 2004-12-27 07:49 · Score: 1
  
  Wow... I wish I was smart enough to understand all that...
  
  --
  Proud neuron in the Slashdot hivemind since 2002.
3. Re:Back in the day... by ddent · 2004-12-27 10:19 · Score: 1
  
  And this is a perfect example of why I much prefer DSL. Cable modems are the unholy child of token ring... any one station can affect them all. Oh, packet sniffing anyone?
  
  --
  SSL Certificate
4. Re:Back in the day... by bani · 2004-12-27 10:59 · Score: 1
  
  I worked for a startup cablemodem ISP.
  
  My condolences. I hope you recovered.
5. Re:Back in the day... by Anonymous Coward · 2004-12-27 11:26 · Score: 1, Interesting
  
  I too worked inside the cable company for a while, and in my first month they were in the process of rolling out the docsis in full swing. I showed my boss this artical, http://www.theregister.co.uk/2004/02/05/cable_mode m_hackers_conquer/
  , the look on her face was priceless. HAHA
Re:article author by paranoidgeek · 2004-12-27 07:26 · Score: 1

However it was quite likely for the functions to be there , good move by the author to offer a "prize" because i am sure that if it was possible to write a hack for it it would have been written.

--
Lima India November Uniform X-ray
Re:True BUT by Anonymous Coward · 2004-12-27 07:50 · Score: 0

Unfortunately, only well-placed media tycoons have the ability to get their story out immediately. For the rest of us, it takes much longer to get the outlines of what the "truth" might actually look like.

Go on accepting what you hear on the "up-to-the minute" daily "news" AS GOSPEL and you are doomed to live from the crumbs that remain after corporate titans and their political minions and morally corrupt judges have swept the table of the crumbs they no longer feel worth consuming.

Not exactly a winning Darwinian strategy, but thats your choice in a "free" society.
Its not, but... by brunes69 · 2004-12-27 08:05 · Score: 1

It's not impossible. But, why would anyone spend hundreds (actually, more like thousands) of dollars on the custom CMTS hardware required? They would be spending *WAY* more than the business class internet access would for a number of years.
1. Re:Its not, but... by AndroidCat · 2004-12-27 10:36 · Score: 1
  
  That's assuming that something couldn't be hacked on the cheap--it only has to look like a CMTS to one modem for a brief operation. Still, (a) why go to the bother? (b) messing with the people who own your wire is a bad idea.
  
  --
  One line blog. I hear that they're called Twitters now.
Re:Interesting... Makes me think of a few things.. by Lurker · 2004-12-27 08:09 · Score: 1

This is an intelictually intersting exercise.

So is that sentence.
So, what you're saying is... by sean.peters · 2004-12-27 08:13 · Score: 1

... that 3MB down ought to be enough for anybody?

A few years ago, similar arguments could have been made against ordinary broadband. What if I want to download full length movies?

Sean
Non-illegal applications? by zakezuke · 2004-12-27 08:17 · Score: 1

So far we've had had many replies about how this will violate ToS and is Theft of Service. I would not presume to disagree... it's generally a stupid idea to do something illegal with any broadcast device.

But what about applications that don't involve the cable company what so ever? For example is it possible to set one modem in host and the other to client so one could use a pair to communicate? If so would there be an advantage in terms of range over let's say cat5 ethernet?

--
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
1. Re:Non-illegal applications? by tech_guru5182 · 2004-12-27 08:31 · Score: 1
  
  I agree. This may also make multiple building sites work easier/cheaper than running fiber, because cat5 can't go the distance. Sure, there is the theoretical 38Mbps limit for docsis (i don't remember the version,) but that's quicker than WIFI, and somewhat more secure. (one set in master, 2+ others set as slaves)
  
  --
  BAN BPL! Keep the radio spectrum free fro
Ownership. by Hobadee · 2004-12-27 10:39 · Score: 1

If I own it, I should be able to do whatever the f*ck I want with it, as long as it doesn't interfere with other people doing whatever the f*ck they want with the stuff they own.

--
...Had this been an actual emergency, we would have fled in terror, and you would not have been informed.
1. Re:Ownership. by Anonymous Coward · 2004-12-27 13:23 · Score: 0
  
  I agree. If you take this cable modem and mod the hell out of it, that's great... so long as you never plug it into a public network... otherwise, you ARE potentially "interfering" with other people.
2. Re:Ownership. by Anonymous Coward · 2004-12-28 02:40 · Score: 0
  
  Exactly. What the hell is all this about uncapping and 'stealing bandwidth'? Can't the ISPs monitor your bandwidth? Are they somehow unable to throttle it if they think you're out of spec? What are they using, 1960s technology?
NAT Router? by Deimios · 2004-12-27 12:52 · Score: 1

I noticed that in one of the menus on that page, there was a "Firewall/NAT" section...presumably if you had access to this you could set your modem up as a router/modem combo so you wouldn't need to buy a router, just a cheap switch/hub instead.
1. Re:NAT Router? by ali3nxx · 2004-12-28 09:52 · Score: 1
  
  gateway ~ # nmap -v -sS -O 192.168.100.1
  
  Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2004-12-28 15:43 CST
  Initiating SYN Stealth Scan against 192.168.100.1 [1663 ports] at 15:44
  Discovered open port 80/tcp on 192.168.100.1
  The SYN Stealth Scan took 4.49s to scan 1663 total ports.
  For OSScan assuming port 80 is open, 1 is closed, and neither are firewalled
  Host 192.168.100.1 appears to be up ... good.
  Interesting ports on 192.168.100.1:
  (The 1662 ports scanned but not shown below are in state: closed)
  PORT STATE SERVICE
  80/tcp open http
  Device type: firewall|switch|WAP
  Running: SonicWall SonicOS, Enterasys embedded, Cisco embedded
  OS details: SonicWall SOHO firewall, Enterasys Matrix E1, or Accelerated Networks VoDSL, or Cisco 350 Access Point
  TCP Sequence Prediction: Class=64K rule
  Difficulty=1 (Trivial joke)
  IPID Sequence Generation: Incremental
  
  Nmap run completed -- 1 IP address (1 host up) scanned in 31.505 seconds
  
  Nat router with a TCP Sequence prediction of 1? i'll pass thx =]
panasonic phase change is crap... by bani · 2004-12-28 03:55 · Score: 1

you got fucking owned! he ripped you a new asshole, and you're crying about it. lol!
Re:article author by XO · 2004-12-28 06:02 · Score: 1

This should be moderated insightful, not Flamebait. Mods.

--
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
Could this be used to REDUCE hacking? by Anonymous Coward · 2004-12-29 14:14 · Score: 0

Let me start by saying I have never cared enough to become more than slightly aware of how DOCSIS / US Cable modems work BUT... Some asshole has set up a rougue DHCP server and half the time my modem gets a 192.168.69.x address with 192.168.69.69 and 10.0.0.69 as its DNS servers and 192.168.69.10 as its gateway and all DNS queries return 192.168.69.69 and then my computer becomes very unusable until I do a hard reset (ie, with a hairpin)on the cable modem and leave the modem unplugged from the cable side for +-1 hour. ??!?!??!? WHY IS THE FIRMWARE NOT WRITTEN TO REJECT ILLOGICAL DHCP ASSIGNMENTS? Comcast does not seem to believe me or even understand what I'm saying, but it happens at 2 locations about once a week or so. I have not used these subnet numbers in my internal assignments. In the words of Green Day, "Am I just paranoid or am i just stoned?" --OR-- could this hardware bug exploit be salvation for me and the many others that are surely affected? A Motorola Surfboard at a third location is not ever affected by this. --Vic, spam@acinta.com