Slashdot Mirror

← Back to Stories (view on slashdot.org)

RCA / Thomson Modem Hack Discovered

Posted by Hemos on from the the-joy-of-hacking dept.

An anonymous reader writes "Those un-employed modem hackers are at it again. The group known as TCNiSO has released a very interesting hardware modification for RCA / Thomson cable modems. The modification is done by grounding the bus clock on the serial EEPROM which throws the device into a diagnostic panic mode. Then by using the debug tools from the embedded console to reprogram the EEPROM, a user can permanently enable a developers menu which gives complete control of the modem, such as modifying the hardware addresses or flashing new firmware. Now if only these guys can figure out how to enable the Bluetooth features on my v710 phone..."

13 of 182 comments (clear)

  1. Don't fuck around w/your modem's MAC. by garcia · · Score: 5, Interesting

    Just remember that some cable ISPs use modem MAC authentication and changing your MAC address could possibly disable your access to the Internet. Some cable ISPs use "bottom-up" provisioning which allows you to re-register your modem's MAC address and tie it to your account (useful if you buy your own modem) but others could still be using manual provisioning which could cause delays in regaining block-sync.

    Personally, don't fuck around w/your cable modem. It works just fine the way it is. Hacks are a wonderful educational/mental exercise but I wouldn't exactly be trying this if you don't want to lose connectivity to your ISP.

    1. Re:Don't fuck around w/your modem's MAC. by Saxton · · Score: 4, Insightful

      That, and is there any real functionality you are able to get from this hack? Didn't seem like it. I am guessing for 95% of the people that do it are going to follow the directions, say "yay I did it" and then forget all about it other than being able to tell their friends that they owned their own cable modem.

      *yawn*

      -Aaron

      --
      My name is Aaron Landry, and I approve this message.
    2. Re:Don't fuck around w/your modem's MAC. by garcia · · Score: 4, Informative

      So? You can do that w/o a hardware hack using a TFTP server and a text editor. Most cable ISPs already scan their networks for modified cable modem config files and disable them for ToS violations.

    3. Re:Don't fuck around w/your modem's MAC. by DigiShaman · · Score: 4, Interesting

      As a Time Warner employee for the Austin TX area, our cable modems (regardless of brand, be it 3com, Ambit, Toshiba...etc) have a 10.x.x.x IP address that is not accessable to the public. Only if you have direct access to the CMTS system can you upload new BIN configuration files to these modems on the fly. If you make any changes to the modem by chance and uncap your modem, some fuzzy-logic software will check the checksum of the bin files on that modem (so I've been told by the abuse department). If that bin file has been modified or the firmware flashed to something other than what its supposed to have; expect your account to be disabled.

      Chances are at this point, there will be no nogotiation. If so, you will have to find another ISP as we do not tollorate what-so-ever of people uncapping their modems. And believe me, we have quite a nice tech-savy population in Austin that DO try to get away with it.

      --
      Life is not for the lazy.
  2. Note the date.. by Anonymous Coward · · Score: 5, Informative

    ..of the securityfocus story. It says "Feb 5 2004". It's nearly a year old!

  3. Cue FBI raids in 5...4...3.. by EvilStein · · Score: 5, Interesting

    Remember these cable modem tweakers that were raided by the FBI?

  4. WOOOHOOO by Anonymous Coward · · Score: 5, Funny

    i cant wait for a few days until all the people that try this hack, are kicked off the network allowing my service to go faster.

    yay for stupid people.

  5. Hacking cellphones by null+etc. · · Score: 5, Insightful

    Now if only these guys can figure out how to enable the Bluetooth features on my v710 phone...

    Try the discussion forums over at wirelessadvisor.com

    I posted a teaser message there once regarding the Motorola T720. By using the USB modem cable and a COM port sniffer, I determined that extended AT modem commands were used to synchronize the phone with the desktop. By posting my findings, someone took the initiative and started a Yahoo! group for hacking the T720. Within a month, the group had 400 members and within five months the group had collectively hacked the T720.

  6. Great way to lose your service. by papasui · · Score: 4, Insightful

    This violates most acceptable use policies, regardless if your own the cable modem or not changing your modems mac address would fall under hacking as your could cause service interruptions on your network segment for other people. Your paying for internet service not the right to fuck around with a companies million dollar network. We had a kid get arrested for this, changed his modems mac everyday but never changed his nic's. Pretty trivial to track him down.

  7. Motorola V710 phone hack here by scattol · · Score: 4, Informative

    There are instructions on this web site on how to modify your v710 phone to turn on all the bluetooth functionality. You need to register though. Don't know if they work, I haven't tried them so you are on your own.

    If they work, let us know.

  8. Also Discovered by Jozer99 · · Score: 5, Funny

    It was also discovered that by permanantly grounding the clock, the RCA cable modem could be turned into a full fledged Radeon 9700 Pro...

  9. What about the more legit uses? by anthony_dipierro · · Score: 5, Interesting

    Everyone is talking about how this is a bad thing to do on someone else's network, but what about on your own network? Is it possible to get two cable modems to talk to each other over a coax cable? Can you hack the things to run distributed.net software? There are an awful lot of people out there with cable modems but no cable modem service.

  10. Back in the day... by danuary · · Score: 5, Interesting
    I worked for a startup cablemodem ISP. This was the mid-90's, before DOCSIS; we used proprietary equipment.

    We discovered and hounded the vendor relentlessly about the fact that the modems had a serial port for dial-upstream service. If you jumped a couple pins on the serial port, reset the modem, and plugged in a serial line 9600/8/n/1 you'd get the modem's diagnostics (password protected, albeit with a very weak password).

    The things you could do from the diag screen were downright scary. All this and more. You could determine the downstream and upstream freqs; you could also set the modem to transmit on any upstream frequecncy at any level up to 60dB. We played around with it for a bit. We set up a test modem and had it transmit for a second at 60dB on one of our upstream freqs; it took out ~400 users' service for about a half hour. Had we done it on the PPV freqs, it would have taken out PPV for a few thousand people. Fun stuff.

    And to my knowlege, they never fixed it.