Instruction how to connect Jtag SB5101U.
1. Connect ONLY Jtag to SO-8
2. Open BlackCatUsb.exe (makesure its on SPI mode Ver 1.09)
3. Plugin MODEM adapter (NOT the External adapter) then unglug it.
Note: if all the lights on the Modem remains ON after unplugin, this means your jtag connected propertly.
4. Connect or Switch ON Q104 as it shown in diagram.
Note: All the lights On the modem should go OFF.
5. Connect External Adapter as it shown in Diagram.
Note: Please DO NOT have the external 5V connected too long it can harm your Modem after 1 hour of full connecte.
6. Simply Press Detect on the BlackCatUSB.exe
If You guys have any questions, please PM me
Happy Testing

(31-10-2011, 09:46 AM)blacklist Wrote: [ -> ]Instruction how to connect Jtag SB5101U.
1. Connect ONLY Jtag to SO-8
2. Open BlackCatUsb.exe (makesure its on SPI mode Ver 1.09)
3. Plugin MODEM adapter (NOT the External adapter) then unglug it.
Note: if all the lights on the Modem remains ON after unplugin, this means your jtag connected propertly.
4. Connect or Switch ON Q104 as it shown in diagram.
Note: All the lights On the modem should go OFF.
5. Connect External Adapter as it shown in Diagram.
Note: Please DO NOT have the external 5V connected too long it can harm your Modem after 1 hour of full connecte.
6. Simply Press Detect on the BlackCatUSB.exe
If You guys have any questions, please PM me
Happy Testing 
I dont know if its me or what but im having alos of trouble soldering wire to the chip .Do you have any tips or tell me how to make something that I can use to place on top the chip with wires connected and flash . I dunno but this is a bitch.
how i do it is i tin the chip legs and wire then put more flux on the wire (it a yellow pot so easier just to dip the wire in)
line up the wire to the leg and then just hold the wire to the leg with the soldering iron while the flux burns off and then remove the iron (note it is a hundred percent better with a temp controlled iron than a shitty iron)
I have a SB5101U and are these instructions on how to hack it? where is the program needed? what is a J-Tag?
Takes about 30 seconds to HACK your modem provided you have all the toys and can READ simple instructions. Getting it to actually work in today's D3 security is something that will require a tremendous amount of time and effort from you.
Google these terms:
cable modem provisioning
Docscis 3
cable modem termination systems
Baseline Privacy
Usbjtag NT
Flashcat USB
Cisco IOS commands cable modem telnet commands
That's just to get a feel for what is ahead for you. Haxorware WILL NOT bypass any new security features on it's own anymore unless you live in a country that has no security. (Docsis 1.0)
(05-01-2013, 04:11 PM)southernyankey1970 Wrote: [ -> ]Takes about 30 seconds to HACK your modem provided you have all the toys and can READ simple instructions. Getting it to actually work in today's D3 security is something that will require a tremendous amount of time and effort from you.
Google these terms:
cable modem provisioning
Docscis 3
cable modem termination systems
Baseline Privacy
Usbjtag NT
Flashcat USB
Cisco IOS commands cable modem telnet commands
That's just to get a feel for what is ahead for you. Haxorware WILL NOT bypass any new security features on it's own anymore unless you live in a country that has no security. (Docsis 1.0)
yes, that's what I thought.... I found lots of tutorials on how to hack it because the SB5101U is not Jtag friendly so I know how to solder the leads to the chip and hack it, just not how to actually make it work. Will blackcat do the job?
Tried to flast rev 39 as well as a 2mb 5101 hax dump.
nothing happens ...
any suggestion?
dont flash a 2mb dump, just flash the normal diag version of hax to the 1st image
Once again drewmerc to the rescue...
P.S. suggestion to all the ppl trying this...
Take Backup for all the tabs after the script loads.
Flash the haxorware diag into the first firmware tab of the script
Flash the boot again...
that should do it...
(17-09-2013, 08:52 PM)drewmerc Wrote: [ -> ]dont flash a 2mb dump, just flash the normal diag version of hax to the 1st image
I don't know how you guys did it. I'm able to detect the flash. I backed up all the flash. image 0 is only 896k. image 1 is 960 k. I flashed over and over I still got the original firmware. Help! Please!