Haxorware Forums
extracting certs via Telnet - on modems that don't respond to Fastcert - Printable Version

+- Haxorware Forums (http://www.haxorware.com/forums)
+-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6)
+--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7)
+--- Thread: extracting certs via Telnet - on modems that don't respond to Fastcert (/showthread.php?tid=3545)



extracting certs via Telnet - on modems that don't respond to Fastcert - jofre - 07-05-2015

hello, world

has anyone had success extracting certs via Telnet using 'diag readmem' command?

I could find some kind of pvt key using (on SVG1202)

diag readmem -s 1 -n 16384 0x80bd60dc

(but it did not work as expected)


I saw some posts using this address instead

diag readmem -s 4 -n 5838 0x83fa8b80

can it be done?


RE: extracting certs via Telnet - drewmerc - 07-05-2015

read the entire memory then extract with http://www.haxorware.com/forums/showthread.php?tid=1156&pid=16207#pid16207
untested but i done see why it would not work


RE: extracting certs via Telnet - jofre - 07-05-2015

thank you

you mean 'extract with CMnOnVol_Extractor', right?

cmnonexp needs a .bin file to work

how can I convert the output - that goes like this below - to a .bin file?

"
Console/system> diag readmem -s 1 -n 16384 0x80bd60dc
80bd60dc: 20 d8 d9 00 00 00 00 00 2d 2d 2d 2d 2d 42 45 47 | .......-----BEG
80bd60ec: 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b | IN RSA PRIVATE K
80bd60fc: 45 59 2d 2d 2d 2d 2d 0a 4d 49 49 43 57 77 49 42 | EY-----.MIICWwIB
80bd610c: 41 41 4b 42 67 51 43 39 59 43 57 37 52 31 48 64 | AAKBgQC9YCW7R1Hd
80bd611c: 31 55 78 72 57 44 59 78 77 50 6a 39 76 68 52 57 | 1UxrWDYxwPj9vhRW
80bd612c: 6f 57 4c 53 77 31 39 74 73 39 70 57 74 44 2b 69 | oWLSw19ts9pWtD+i
80bd613c: 50 2f 49 78 6d 53 61 5a 0a 34 42 46 30 49 78 70 | P/IxmSaZ.4BF0Ixp
...etc "


RE: extracting certs via Telnet - ricktendo - 07-05-2015

If you can telnet then you can activate factory mode, once you have done this you can use snmp to grab the certs


RE: extracting certs via Telnet - jofre - 07-05-2015

I must be unaware of the OIDs to achieve this

In old modems - i.e. sb5100 and sb5101 - I can get the certs easily via fastcert

Newer modems will not respond to fastcert although I can access them via telnet

Any ideas on how to find those OIDs?

Using solarwinds SNMP Walk I can get some of the certs but not the pvt key

Maybe the community string for newer modems is different,
But I'd bet on a different OID


Thank you


RE: extracting certs via Telnet - geoneo111 - 31-08-2016

(07-05-2015, 06:01 AM)drewmerc Wrote: read the entire memory then extract with http://www.haxorware.com/forums/showthread.php?tid=1156&pid=16207#pid16207
untested but i done see why it would not work

What is the command to read the entire memory?

diag readmem ?