Extracted firmware of my SBG901 from MX Flash , now how can I extract CERTS?

[dssence]

you should try this http://www.haxorware.com/forums/thread-8...ml#pid4250
ok you'd be loading an 8mb dump but i dont see any difference as the jtag software can cope with the entire memory anyways (no you dont need a usbjtag to use the software)
plus looking at the nonvol explorer log above all the certs have been extracted so you should be good to go

also 8mb is not big it should take no more than a minute to upload unless your on dialup not that it matters as you have the certs

Well I did try USBJTAG NT , and wrote this commands. I chose SBG900 modem at startup on config.

ldram 9fc00000 <<< does this command grab the portion of the dump file from 9fc00000 position?

(pick 2mb dump)
save cfg

it created supposedly the portion of the memory dump which corresponds to non-vol , but there's nothing inside, when I read it with cmnonexp. I'm suspecting the memory locations are not accordingly cause this modem has a broadcom BCM3361 chipset.

Check your PM I sent you the mediafire link to my firm. Let me know how you did manage to get the certs. The app I used was cmnonexp2mbwin32 which is a compiled version to support 2mb flash
By the way can you send me the log output of the command line you get when you extract the certs , this is the schematic I used to build the LPT , after you build the cable you need this app to read the flash




http://www.mediafire.com/?envw9p8ss4s0644]

SPIPGM Emulates SPI over LPT port it's better to be run natively under plain dos it works much faster.

type the following commands

CWSDPMI
SPIPGM /i << identifies flash
SPIPGM /d << dumps entire flash




This was the research I made myself.






This is is the setup

[img] Uploaded with ImageShack.us[/img]

Uploaded with ImageShack.us