Haxorware Forums
Extract locked firmware - Printable Version

+- Haxorware Forums (http://www.haxorware.com/forums)
+-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6)
+--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7)
+--- Thread: Extract locked firmware (/showthread.php?tid=2422)

Pages: 1 2


Extract locked firmware - convict - 13-03-2013

I have a NetGear CG3000-1STAUS which is a ISP type modem.
So unlike normal modems its Advance features are missing one being to upgrade/backup firmware.

I've used Teleport Pro and it shows only the same options i see (log into Modem), No hidden features, No even the RgNatControl.asp hidden page.

So what tool/s can I use to extract its firmware. And once extracted and haxed, Is there a tool that would reflash it.


RE: Extract locked firmware - SlowGrind6 - 13-03-2013

Here is a page that you might be interested in.

http://kb.netgear.com/app/answers/detail/a_id/2649/~/gpl-open-source-code-for-programmers


RE: Extract locked firmware - convict - 13-03-2013

(13-03-2013, 07:18 AM)SlowGrind6 Wrote: Here is a page that you might be interested in.

http://kb.netgear.com/app/answers/detail/a_id/2649/~/gpl-open-source-code-for-programmers

Yes i have seen that open-source page, However one would need to code and compile under linux - I cant do that. And even if i could there is still no way to flash/force flash it to the Modem Router.

I can use IDA pro / SoftIce / Hex editor etc, But there of no use unless i can access the router directly through USB which on this model is disabled so i am f@#ked there too.

EDIT> NetGear have a Firmware recovery tool, However i dont know if it will work for this modem.


RE: Extract locked firmware - convict - 13-03-2013

Ok well can anyone tell me if it is at all possible to extract the firmware from this modem via Telnet or some other program.
I have search this forum and others but had found nothing.

If a ISP Updates your Modem's firmware from there end surely there has to be a way of doing it my end.

If the Router has features locked via firmware - Would it still be possible to add some thing like 192.168.0.1/RgBackup.asp.htm via Teleport pro?
I would need the correct htm address name if some one has it please let me no.


RE: Extract locked firmware - sixteen - 13-03-2013

(13-03-2013, 01:19 PM)convict Wrote: Ok well can anyone tell me if it is at all possible to extract the firmware from this modem via Telnet or some other program.
I have search this forum and others but had found nothing.

If a ISP Updates your Modem's firmware from there end surely there has to be a way of doing it my end.

If the Router has features locked via firmware - Would it still be possible to add some thing like 192.168.0.1/RgBackup.asp.htm via Teleport pro?
I would need the correct htm address name if some one has it please let me no.

Go here all you need is right there http://www.usbjtag.com/jtagnt/modem/CG3100D.php


RE: Extract locked firmware - drewmerc - 13-03-2013

it's spi based so you can dump it with any $10 spi flasher


RE: Extract locked firmware - convict - 15-03-2013

Thanks for the feedback guys, But i have no idea on spi flashing and it sounds like its expensive not the so called $15 bucks more like $60 then there is software you need for dumping. Honestly I may as Turn NAT option off and go buy a router with a USB port for a my external hard-drive.
I seriously didn't think it would be such a F@#k around to unlock something like this.

And Sixteen thanks for posting the link, However the guys at that site refuse to help anyone unless you use there hardware, Even trying to get a hold of the extracted firmware is impossible.


RE: Extract locked firmware - drewmerc - 15-03-2013

ww.ebay.com/itm/EN25T80-Programmer-USB-Series-SPI-FLASH-BIOS-24CXX25XX-STC-AVR-Support-TO-TTL-A-/300797698192?pt=LH_DefaultDomain_0&hash=item4608f0a090

25xx spi flash in the netgear but you gotta love stupidity of people who think the only way to flash is a NT


RE: Extract locked firmware - SlowGrind6 - 15-03-2013

(15-03-2013, 10:33 AM)convict Wrote: Thanks for the feedback guys, But i have no idea on spi flashing and it sounds like its expensive not the so called $15 bucks more like $60 then there is software you need for dumping. Honestly I may as Turn NAT option off and go buy a router with a USB port for a my external hard-drive.
I seriously didn't think it would be such a F@#k around to unlock something like this.

And Sixteen thanks for posting the link, However the guys at that site refuse to help anyone unless you use there hardware, Even trying to get a hold of the extracted firmware is impossible.

As Drew said you don't need the NT to flash the modem or extract the firmware. It is just a nice GUI and you have support if something doesn't work out. The link in drews post will extract the image and allow you to update the image on the modem as well. I don't know of any other way to extract the image other than downloading it from your ISP and the opening it up and looking at it in IDA. You have to know the file name and server address to download it from your ISP. You will have to unpack it and then load it in IDA at the right address. Having this small and cheap programmer will show you some of these things.


RE: Extract locked firmware - flashgordon - 15-03-2013

just telnet into it you can upload or download what you like i did Smile