+- Haxorware Forums (http://www.haxorware.com/forums)
+-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6)
+--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7)
+--- Thread: Arris TG2492 (VM Super hub 3) (/showthread.php?tid=6860)
RE: Arris TG2492 (VM Super hub 3) - danman - 03-03-2019
(03-03-2019, 10:44 PM)eltremendo Wrote:(03-03-2019, 01:13 AM)danman Wrote: You can probably use Windows too but I have no idea what tool you need to use.
more photos
It's the same chip as on my board PS8211-0 . It's possible that it will have the same pinout as mine:
31 - CMD
22 - CLK
25 - DAT0
26 - DAT1
24 - DAT2
33 - VCC
RE: Arris TG2492 (VM Super hub 3) - eltremendo - 03-03-2019
(03-03-2019, 11:00 PM)danman Wrote:(03-03-2019, 10:44 PM)eltremendo Wrote:(03-03-2019, 01:13 AM)danman Wrote: You can probably use Windows too but I have no idea what tool you need to use.
more photos
It's the same chip as on my board PS8211-0 . It's possible that it will have the same pinout as mine:
31 - CMD
22 - CLK
25 - DAT0
26 - DAT1
24 - DAT2
33 - VCC
wao thanks for the info . i can just tap those pins of the phiston chip with a pong
RE: Arris TG2492 (VM Super hub 3) - eltremendo - 06-03-2019
(03-03-2019, 11:00 PM)danman Wrote:(03-03-2019, 10:44 PM)eltremendo Wrote:(03-03-2019, 01:13 AM)danman Wrote: You can probably use Windows too but I have no idea what tool you need to use.
more photos
It's the same chip as on my board PS8211-0 . It's possible that it will have the same pinout as mine:
31 - CMD
22 - CLK
25 - DAT0
26 - DAT1
24 - DAT2
33 - VCC
what about this version with phiston chip
RE: Arris TG2492 (VM Super hub 3) - danman - 06-03-2019
(06-03-2019, 05:42 AM)eltremendo Wrote:(03-03-2019, 11:00 PM)danman Wrote:(03-03-2019, 10:44 PM)eltremendo Wrote:(03-03-2019, 01:13 AM)danman Wrote: You can probably use Windows too but I have no idea what tool you need to use.
more photos
It's the same chip as on my board PS8211-0 . It's possible that it will have the same pinout as mine:
31 - CMD
22 - CLK
25 - DAT0
26 - DAT1
24 - DAT2
33 - VCC
what about this version with phiston chip
no idea...
RE: Arris TG2492 (VM Super hub 3) - eltremendo - 16-03-2019
(06-03-2019, 07:10 PM)danman Wrote:(06-03-2019, 05:42 AM)eltremendo Wrote:(03-03-2019, 11:00 PM)danman Wrote:(03-03-2019, 10:44 PM)eltremendo Wrote:(03-03-2019, 01:13 AM)danman Wrote: You can probably use Windows too but I have no idea what tool you need to use.
more photos
It's the same chip as on my board PS8211-0 . It's possible that it will have the same pinout as mine:
31 - CMD
22 - CLK
25 - DAT0
26 - DAT1
24 - DAT2
33 - VCC
what about this version with phiston chip
no idea...
Hey what voltage should i feed the vcc with?
RE: Arris TG2492 (VM Super hub 3) - elbarto - 26-03-2019
(25-02-2019, 10:49 AM)danman Wrote: Hi guys, I'm working on very similar device CH7465 with NOSH firmware.
I was able to make a full dump and have convenient way to modify the internal eMMC.
My device doesn't display almost any messages on its console (just a few messages from bootloader) so no shell access is available.
I was also able to order another device from ebay and after clonning eMMC also the copy works Ok for accessing my internet connection.
I'd like to enable telnet/ssh access on this device. Did you make any progress with this?
Telnet and ssh can be activated, changing 0 by 1 in addresses 0x2A and 0x203 of /nvram/6/1 for TG862.
if nvram DB keeps same it can works. With breakout board taking, edit and get back file /6/1 in nvram partion and add or remplace rules with iptables.
(18-01-2019, 10:32 AM)vmu19 Wrote: Does anyone have the 9.1.116.608 firmware, or a mechanism to log in to this release? I can login to 9.1.116V using the mechanism from the NCC blog and I'm sure there must be other vulnerabilities to allow local login still. I looked at the two UARTs and only get output though someone mentioned the possibility of causing some sort of crash. Also from another site, it seems JTAG is disabled, so not going to try that route.
I got same problem, bucsay's mechanism is not longer work in new firms. Getting image of new firm from upgrade server and scraping file system. i hope find out to way to get acess.
RE: Arris TG2492 (VM Super hub 3) - emantec - 09-04-2019
Decrypted 9.1.116 firmware for those interested.
https://mega.nz/#!opVmiILY!xr4En9nFS-6y5Yl5qeMr9OK2mCwzwyiNY-yJDITiMws
RE: Arris TG2492 (VM Super hub 3) - blacklisted - 09-04-2019
now for someone to build firmware
RE: Arris TG2492 (VM Super hub 3) - ricktendo - 12-04-2019
Nice, binwalk extracted it successfully!
RE: Arris TG2492 (VM Super hub 3) - emantec - 12-04-2019
Adding to elbarto's post on enabling telnet you can do the following to bypass the pwod by setting the 'client' password (assuming the client is actually Virgin Media in this case).
In /nvram/6/1 set the following at address 0x1F7
BC AE 6A 68 38 32 4B 18
This will set the password to 'pwned' giving you access to the higher privileged shell (still need to work out how to break into busybox).