Haxorware Forums

Full Version: Some questions about docsis.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello, i'm new in docsis modding and i have some questions.

I read something about docsis and form what I read, docsis CMTS is sending config file to the modem using tftp. In this config file there is set speed limit in UsServiceFlow and DsServiceFlow.
Is this limit set on modem or on cmts? If it is set on modem why nobody created firmware that bypass cap without changing config file?

Changing config file is protected by only cmts mic or there is some other things that protect config file?

Will it be possible to create firmware that send cmts mic and cm mic from original docsis config but use custom docsis config?
Some firms based in opensource linux soft has been modified to change nvram DB e.g. mac, serial, certfs, enable or disable bpi+/telnet/ssh/snmp and to force config file (not working in ISP with dinamic shared secret or other security).
But production programs that start up and keep comunication like dmg_provisioning, dispatcher, etc has not been modified.
+info;
http://index-of.es/Magazines/EN-Hacking%...0Modem.pdf
https://www.cisco.com/c/en/us/td/docs/ca...000010.pdf
https://www.forocable.com/foro/threads/4...se-11-quot
(11-10-2021, 04:37 PM)elbarto Wrote: [ -> ]Some firms based in opensource linux soft has been modified to change nvram DB e.g. mac, serial, certfs, enable or disable bpi+/telnet/ssh/snmp and to force config file (not working in ISP with dinamic shared secret or other security).
But production programs that start up and keep comunication like dmg_provisioning, dispatcher, etc has not been modified.
+info;
http://index-of.es/Magazines/EN-Hacking%...0Modem.pdf
https://www.cisco.com/c/en/us/td/docs/ca...000010.pdf
https://www.forocable.com/foro/threads/4...se-11-quot

Forceware has a modified dmg_provisioning service. To answer your question OP, the speed limit for download is enforced by the CMTS and the speed limit on upload is enforced by the cable modem. In some CMTS, the upload is also enforced on the CMTS in addition.

So, what this means is that you can uncap upload, but not download because you don't control your ingress speed, the CMTS does. 
This is what forceware's Sflow zero feature does. But, this doesn't work on many ISPs today because most CMTS also enforce egress speed nowadays.
It looks like traffic shaping by mac or ip on CMTS. When modems have rate limits established via config file, the CMTS typically drops data packets to enforce the rate limit.
In case, download and upload speeds would enforce on CMTS, forcing config file would not work (Fortunately, somewhere still working up to max speeds CMTS allow in) what's left cloning modems until to any system of detection of duplicate macs bans cloned modem. If CMTS takes all control over speeds then modifying firms does not help much.
I know my ISP is creating public wifi requiring WPA-EAP PEAP login and password to login. Even modems that are not getting internet access but are connected to ISP network are transmitting this wifi network. Would it be possible to use this for free internet? I know that in config file there is radius ip by snmp "iso.3.6.1.4.1.35604.2.3.1.1.4.2.5.1.2.33" and radius server password by snmp "iso.3.6.1.4.1.35604.2.3.1.1.4.2.5.1.4.33". How is it done on docsis side that every client is getting separate external ip even when modem is not getting internet access on lan ports?