Thompson/RCA DCM425C Flashing -- Linux snmp bash script

[Radiotubes]

I recently flashed a DCM425C with Haxorware. It was rather easy. I'm certain most of us can find the basic steps for doing this in windows, however, I use a a real operating system called Linux .

Basically you get the modem into "emergency state" with all lights flashing. I did this with a little push button (momentary on) switch connected between pins one and two of the flash memory chip. I connected up my serial adapter to the modem header pins and monitored the console output in minicom. I pressed my little shorting button as the "dots" got to the last "s" in address.

address
..........

If you do it right and at the correct time, all the lights on the modem will be flashing.

I connected the modems ethernet to a NIC on my computer and configured the NIC to an IP of:
192.168.100.10 netmask 255.255.255.0 via ifconfig. I pinged the modem on 192.168.100.1 to be certain it answered.

Most Linux distro's have a tftp server. Read the man pages if you don't know how to use it! I put the firmware "haxorware.bin" in my tftpboot folder along with the bash script posted below. I started up the tftp server and ran the bash script. Once the script was complete, I rebooted the modem et voila! Haxorware!

Code:

# !/bin/bash

# This is the Linux bash script for putting a DCM425C modem into factory mode then configuring
# it for a firmware upload "haxorware.bin" via tftp.  It is based on a bat script written for
# winblows that can be found around the net.
# Search for "How to Flash DCM425 any version !!With one Click!!"

list=(
   "snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.1.2.1.2.1 s password"  
   "snmpget -v2c -c public 192.168.100.1 1.3.6.1.2.1.1.1.0"  
   "snmpwalk -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2"  
   "snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.1.0 i 1"  
   "snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.2.0 a 192.168.100.10"  
   "snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.3.0 s haxorware.bin"  
   "snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.4.0 i 1"  
   "snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.5.0 i 1"  
   "snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.6.0 i 2"  
   "snmpwalk -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2"  
   "snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.6.0 i 1"
   )

for i in "${list[@]}"
do
#echo "$i"
read -sp "Press ENTER to continue..."
$i
done

[drewmerc]

windows

Code:

cd\
@pause
snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.1.2.1.2.1 s password
@pause
snmpget -v2c -c public 192.168.100.1 1.3.6.1.2.1.1.1.0
@pause
snmpwalk -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2
@pause
snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.1.0 i 1
@pause
snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.2.0 a 192.168.100.10
@pause
snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.3.0 s haxorware.bin
@pause
snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.4.0 i 1
@pause
snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.5.0 i 1
@pause
snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.6.0 i 2
@pause
snmpwalk -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2
@pause
snmpset -v2c -c public 192.168.100.1 1.3.6.1.4.1.4413.2.99.1.1.2.4.2.2.2.6.0 i 1
pause Wait until the TFTP Sent the Firmware and reboot your modem.
cmd

basicly your crashing the bootloader before it runs the firmware image (and if your wondering where i got that code from it's from the webby 1 click installer http://www.haxorware.com/forums/attachment.php?aid=166 so crash bootloader run bat file)

[Radiotubes]

Yeah, I just wanted to make certain that Linux users had a bash script that would accomplish the same thing.

[drewmerc]

always post windows scripts with linux ones as we all know windows users will cry like the bitches they are

[ncb]

I don't have a RS232 chip and serial cable, how I can know when to jump the pin one and two to switch it to emergency mode?

[drewmerc]

if radiotubes is in a good mood i guess he could time it from power on to button press for you
but even then it would not be an easily repeatable method

[Radiotubes]

Yeah, I would just say it's easier to build or buy a serial interface. I mean this is about having fun, testing, and learning. A MAX232/233 is cheap or even an MC1489 (4 for $1.00). I used an old Dave card loader or some such nonsense that had the MAX232, caps, pwr supply, and serial port already on it.

[ncb]

I don't have a DCM425 but I just find out that I have a old DCM305 and I would like to try get cert from it by Serial port. I know that 2 models are differents but I just want to try using Serial port. Can somebody post any picture theres serial pins and some tutorials. Thanks

[plaguewolf]

i just got my hands on a DCM425 and am completl new to haxorware, however i have flashed both dd-wrt and open-wrt.

my problem now is that i dont know what kind of interface i need. i dont think it has a noisy bootloader, i cant seem to connect to it during boot up with putty.

what kind of cable are you using to connect to it? jtag?

[Radiotubes]

I used what is known as a serial cable. It has a level shifting chip on it such as a MAX232 or MAX233 that converts the voltages to ttl levels. You only have to hook this up to monitor the console (UART) output so you know when to short the flash pins and put the modem into emergency state. The actual programming is done over the ethernet cable via tftp.