Haxorware Forums

greetings to everyone in the forum
You can copy the certificate to this moden???

what chipset is it? take some pictures of the board as honestly only thing i can find about the modem is that it has a ttl port?

TNETC4401 (TI DOCSIS chip), some one-chip tuner, etc. it has ttl and jtag port. I've been tinkering with one. They are dumpable via jtag. The firmware is VxWorks on mine. They have a nice console you can access via telnet.
.
.
Here's the innards.
.

do you wish to share your dump as i want to see were the certs are located and check there size to see if they are compatable

Okay, attached. I edited the obviously viewable hex/ascii mac addresses with xxxxxx, I may have missed some obfuscated ones

Logs are located @ 0x1F0000 and 0xC000 ("ELOG" ascii header).
dual images @ 0x10000 + 0x100000 ("TiZp" ascii header)

---

I cant figure out the damn compression routine! ...zlib, lzma, gz, ???

and what ?? any info ? any update ?

What sort of update are you looking for?

will be interesting to also know the OID this models uses. this is the same as SMC networks made by Hitron Technologies, use same processor and it has telnet open with same commands.. i play a little with one of those but not long enough since i had to return it to the owner.

they have port 162 open.. so if we discover the OID they use.. with snmp it's possible to extract all certs easily...without any fisical intervention

btw any info about where are located the certs in the dump ?

My Best Regards