RCA / Thomson Modem Hack Discovered

← Back to Stories (view on slashdot.org)

RCA / Thomson Modem Hack Discovered

Posted by Hemos on Monday December 27, 2004 @03:49AM from the the-joy-of-hacking dept.

An anonymous reader writes "Those un-employed modem hackers are at it again. The group known as TCNiSO has released a very interesting hardware modification for RCA / Thomson cable modems. The modification is done by grounding the bus clock on the serial EEPROM which throws the device into a diagnostic panic mode. Then by using the debug tools from the embedded console to reprogram the EEPROM, a user can permanently enable a developers menu which gives complete control of the modem, such as modifying the hardware addresses or flashing new firmware. Now if only these guys can figure out how to enable the Bluetooth features on my v710 phone..."

9 of 182 comments (clear)

Min score:

Reason:

Sort:

Note the date.. by Anonymous Coward · 2004-12-27 03:55 · Score: 5, Informative

..of the securityfocus story. It says "Feb 5 2004". It's nearly a year old!
Re:Cue FBI raids in 5...4...3.. by garcia · 2004-12-27 04:02 · Score: 3, Informative

Remember these cable modem tweakers that were raided by the FBI?

Those individuals were "uncapping" their cable modems by changing their modem config file and uploading it to their modems. That could be labeled theft of service as you are effectively stealing bandwith that you didn't pay for.

Modifying the firmware on your cable modem doesn't necessarily have to mean uncapping your modem config file and upping your possible bathwidth.

In fact, this method is quite a bit more difficult than just editing the modem config file (as it requires a hardware interface not just a TFTP server).
Re:Don't fuck around w/your modem's MAC. by garcia · 2004-12-27 04:08 · Score: 4, Informative

So? You can do that w/o a hardware hack using a TFTP server and a text editor. Most cable ISPs already scan their networks for modified cable modem config files and disable them for ToS violations.
Re:Don't fuck around w/your modem's MAC. by afidel · 2004-12-27 04:31 · Score: 3, Informative

MAC addresses are stripped at the first hop so unless someone is specifically looking for you and has a valid search warant I wouldn't be too worried about your MAC address.

--
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Re:Great way to lose your service. by papasui · 2004-12-27 04:52 · Score: 3, Informative

ARP
Re:Great way to lose your service. by Sc00ter · 2004-12-27 04:53 · Score: 3, Informative

via SNMP and the arp table of the modem. The cable provider still has access to the modem via SNMP.

--
Free Mac Mini
Motorola V710 phone hack here by scattol · 2004-12-27 05:03 · Score: 4, Informative

There are instructions on this web site on how to modify your v710 phone to turn on all the bluetooth functionality. You need to register though. Don't know if they work, I haven't tried them so you are on your own.

If they work, let us know.
1. Re:Motorola V710 phone hack here by Anonymous Coward · 2004-12-27 06:37 · Score: 3, Informative
  
  I registed a fake user and posted it on bugmenot.com:
  
  user: userboy
  pass: pants1
Re:Dangerous, and probably illegal. by papasui · 2004-12-27 05:04 · Score: 3, Informative

In a two way system yes both a forward and return path are provided completely through the cable provider. In a 1 way system the return path is provided through the phone, Motorola's Surfboard 2100D has a CAT3 connector on it for this purpose. I'll bet that there is still a few of these in the US.