Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Noisy Bootloaders for ARRIS D3 Modems (6182+)
#1
Good evening everyone,

Looking for some help here from the community.  Some of you might remember me from the SBHacker days and I hope all is well.

I'm looking for some noisy bootloaders for the later docsis 3.0 broadcom modems. I have an SB6182 that I'm trying to flash either shelled firmware on or a noisy bootloader, at least. The 6182 bootloader doesn't allow me to select boot images via pressing 1, 2 or p during startup.  I tired flashing the 6180 bootloader on there for shits and giggles, but it refuses to boot with it.

I'll be posting how to get serial on that modem on the usbjtag forum, but if anyone is interested I'll post it up here, as well. I was playing around for a couple of days with my oscilloscope to find the correct points. I was also able to dump firmware if anyone wants them. I don't know what they are at this point, but I can let you know if there's any interest in it.

I know that I saw someone with some shelled firmwares and some fun orange modems, but I forget if they were 6180 or a 6182, I'll cross reference that with the usbjtag forum. If someone has 6183 shelled firmware and noisy bootloader, I'd be more than elated, as well!

Thank you kindly!
Reply
#2
(17-07-2018, 02:56 AM)LkBurn Wrote: Good evening everyone,

Looking for some help here from the community.  Some of you might remember me from the SBHacker days and I hope all is well.

I'm looking for some noisy bootloaders for the later docsis 3.0 broadcom modems. I have an SB6182 that I'm trying to flash either shelled firmware on or a noisy bootloader, at least. The 6182 bootloader doesn't allow me to select boot images via pressing 1, 2 or p during startup.  I tired flashing the 6180 bootloader on there for shits and giggles, but it refuses to boot with it.

I'll be posting how to get serial on that modem on the usbjtag forum, but if anyone is interested I'll post it up here, as well. I was playing around for a couple of days with my oscilloscope to find the correct points. I was also able to dump firmware if anyone wants them. I don't know what they are at this point, but I can let you know if there's any interest in it.

I know that I saw someone with some shelled firmwares and some fun orange modems, but I forget if they were 6180 or a 6182, I'll cross reference that with the usbjtag forum. If someone has 6183 shelled firmware and noisy bootloader, I'd be more than elated, as well!

Thank you kindly!

hello, here I cut the boot of a Motorola mg-7550 bcm33843 should work is noisy ... I also have dump sb6183 but I do not remember if it has a bootloader noisy, if you have one to have console you only have to ground the SO pin when load the Nonvol known as emergency mode, this is known!

if you have modem backups already named or others send me PM maybe I can give you a push and tell me if you need a noisy boot

https://mega.nz/#!oEBmgQyS!infYtpzrdG8Hz...HrgZ8GHZd0
Reply
#3
Arrobazo: it's funny that you mention that, because later on today, I was going to try and ground MISO on the SPI to see what would happen when it is looking for images to load.

I'm assuming what you gave me does not require me to ground anything? haha
Reply
#4
try first if you use the mg7550 boot but the console should be closed anyway ... even if you do the short SO pin, in the worst case this will only leave the mac addesses in emergency mode type xx: xx: de: ad: xx: xx and by oid snmp you can activate the serial console, I disregard the oid in broadcom that activates it .... over the noisy boot is only to stop the system boot and allows you to write in the sectors or groups of the flash. Try to make the short at just the moment the system loads the console should be unlocked in most cases always like this or it will allow you to put the modem in the factory and send the corresponding oid to have a serial console!

P.S
sorry my english, I use Google translator ... my native language is Spanish I hope it is understood
Reply
#5
(17-07-2018, 05:50 PM)arrobazo Wrote: try first if you use the mg7550 boot but the console should be closed anyway ... even if you do the short SO pin, in the worst case this will only leave the mac addesses in emergency mode type xx: xx: of: ad: xx: xx and by oid snmp you can activate the serial console, I disregard the oid in broadcom that activates it .... over the noisy boot is only to stop the system boot and allows you to write in the sectors or groups of the flash. Try to make the short at just the moment the system loads the console should be unlocked in most cases always like this or it will allow you to put the modem in the factory and send the corresponding oid to have a serial console!

P.S
sorry my english, I use Google translator ... my native language is Spanish I hope it is understood

@ : haha (that's what your name translates to in my head), I'll check it out when I am home.  We can speak Spanish if you want, but I'm not sure if this is a Spanish friendly forum.

@ : jaja (tu usuario se traduce asi en mi cabeza). Voy a probar ese metodo cuando regrese a casa. Podemos hablar en espanol si quisieses, pero no estoy seguro si el espanol esta bienvenido en este foro. De donde sos vos? Me podes mensajear si te sentis mas comod@ asi.
Reply
#6
No....please don't speak Spanish. You two boys are doing very well so far.....
Reply
#7
LOL it doesn't matter to me which language I'm using as long as people respond!
Reply
#8
Argentino ....? xD
tell me how it's going to be the same you could send me dump of your motorola sb618x, the language does not matter to me obviously if you send me PM you speak to me in Spanish
Reply
#9
(18-07-2018, 01:11 AM)arrobazo Wrote: Argentino ....? xD
tell me how it's going to be the same you could send me dump of your motorola sb618x, the language does not matter to me obviously if you send me PM you speak to me in Spanish

xD Wink

I'll send you a PM, we can trade the dump of the SB6182 for your dump of the SB6183. I'm going to try attacking that modem next.

Anyways, for anyone reading this thread, I will post a guide of how to wire up and the serial points of the SB6182 sometime this week. I'm open for questions.
Reply
#10
first of all, the sb6182 / sb6180 are 8x4 channels .... the sb6183 is 16x4 channels, at the same time it is another processor are not compatible with each other !! and if I ask you it is to extract your firmware nothing more !! I have no interest mostly ...
your exchange comment kills any encouragement to help ... go to forcable to see if they help you there, greetings from CHILE haha xD

sb6183-image0.BIN
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)