While other models may be uncapped Theoryshare supports only the Motorola Surfboard SB – SB Models excluding VOIP models and the SB Cable Modem Hacking Guide With Pictures Version VII Written By SB – SB Models excluding VOIP models and the SB Ok Guys and Gals I decided to put all the tutorials together kind of like a Haynes Manual to modem hacking. Everything that’s covered within is available.
|Published (Last):||15 January 2010|
|PDF File Size:||9.88 Mb|
|ePub File Size:||6.34 Mb|
|Price:||Free* [*Free Regsitration Required]|
Ok Guys and Gals I decided to put all the tutorials together kind of like a Haynes Manual to modem hacking. Config file Database, accurate on: Pre Manufactured Max Cables Webstar Max cable adapter Communicating with your modem Programming Ambit Chips, with Willem 4. Ambit Firmware Downgrading via Ethernet Latest release for the Ambit Restoring a Compatible Bootloader Ambit – Guide to Hacking v Updating Ambit to hacked firmware Force modem to use the 10mb config file Modems from America or Japan SB – Rev a Making a Chipless Blackcat Soldering a pin header SB Tutorial with Broadcom Commands Factory mode OID list for Motorola cable modems A cable modem is identified by the hacm company by its Mac address which can usually be found on the underneath of the modem on a s3100 with bar codes.
How it works is by using a method know as handshaking, When you boot your modem Switch it onthe modem will perform some tasks. Once the Mac is recognized by the cable co. Now a config file is what determines the speed the modem will run at so the config you will be looking to use is the one with the fastest speeds available.
Cloning works by copying the Mac address of a modem that is legitimately paid for by a subscriber. This will allow you to receive the same level of service as the paying customer.
Hack modem + isp and get high speed
The following text was put together by Viiiper 2a. We all live in a certain segment and no two MAC addresses are the same. First off you need the program this can be found in most forums. When you 1st run the program this is the screen you should have in front of you: Once you have this screen up all you have to do to start sniffing for Mac addresses on your gateway is go to DHCP and select start sniffing as seen in next screen: The other thing you have got to consider is once you have all your Macs you are going to have to trade Macs with someone in your surrounding area as you cant use the Macs hackk your gateway as the gack will see two people with the same Mac address and start kicking each of you off all the time, this is the reason you need to find someone in your area that is on a different gateway, swap Macs and then use the new Mac to clone a modem.
Most forums that deal with cable have a Mac swapping thread. Once finished sniffing you should have a picture like this with address and Macs in etc: You can save these addresses by right clicking on the addresses and selecting Dump info to file as in picture, this file is saved were you run your DHCP Force program from.
Mac Swap Tutorial There seems to be nack of people struggling to get their heads round the Mac Trade Threads, so I’ve put this together to help. Go to the Mac Trade thread 2. Once in the Mac Trade thread, click the tab that says “Search this thread”.
A drop down box will appear. Now type in your Town or City and click “Go”. Note down the names of the people who’ve posted requests and send them a polite PM asking for a trade. Now if you haven’t already posted in the Mac Trade thread, do so now, the reason being, so other members, who may need Macs in the future, can go through the same process. This is however by no means always going to work.
You’ll still have to rely on other people to be generous and send you Macs and you may also find nobody from your area has posted. The only other option then is to go to a mates or family members and scan from there if they live outside your UBR but within the server limits.
Another way is to sb31100 out with a wireless laptop and see if you can get into somebody’s wireless network and bring up the web interface of their cable modem and get a Mac gack that, although you’ll need to check the UBR address first to make sure it’s compatible for you. If you don’t know your UBR click one of these links to find it. This Database could change at any moment, config files are constantly being reviewed and updated by Virgin Media, this list is accurate on the day of posting.
Sh3100 for example you connect your subscribed modem to your PC through your NIC then you connect a cloned modem to the same pc using the same NIC then the cable co. The following screen shots and text were put together by Cleric 3a. I personally recommend you only change the last two or three digits of the NIC Mac as completely changing the Mac can cause your PC to not detect a network connection. Also if you jack never connected a subscribed modem to the NIC you are going use your clone on then there will be no need to spoof the NIC Mac address.
My favorite stockiest is Tailor Made Circuits and can be found at this address.
Full text of “Hacking The Cable Modem ()”
MAX The voltage tolerance of the capacitor should not matter; anything over 12v should work fine. MAX Uack one is simple to put together. You just need to make a small adapter to plug into the Webstar. The following screen shots and text were put together by Cleric 6a. The pin header is on the Right hand side of the board on the ambit modems.
You will see that they are labeled: Now you need to attach your audio clip onto the pin header as shown below, it should fit perfectly without any problems: Communicating with your modem Next comes the setting up of your computer to talk to the modem, this can be done in two ways either using HyperTerminal or Teraterm download available from the shack under cable modem download sectionfor the purpose of this tutorial I am using hyper terminal.
Once you have sh3100 these hit ok, and you will see the next screen like in the picture below with the phone icon active: The modem will not lock on so the data will keep running in HyperTerminal window this is fine Now enter the non update command: This is now at the point we enter the new Mac in to the modem.
Cd non-vol Cd halif press Enter press Enter Once you have done the above all you need to do now is enter the hacck for changing your Mac address which is as follows: After you have entered your new mac address, type the following: Write This command writes the information you changed to the nvram, once this is done reset your modem by unplugging power and re plug back in. That should be your Ambit modem cloned with a new Mac address. The next bit is to go into Internet explorer and type in http: Once in the modems internal web page click on set search frequency parameters and you will now see this screen: Click on the signal tab and this will bring you here: Please note the hacked Ambit modems are under attack From NTL and there are serious problems with these modems bs3100 a fix may never be found, but hopefully the resourcefulness of the people who are in the scene sh3100 find a solution to the current problems being experienced with NTL users.
If some clever bugger finds a fix, for the NTL Updates then this tutorial will be updated accordingly. The way they initially kill your modem, is by upgrading the firmware on your modem Firmware is what tells your modem how to operate. If your modem has updated you will need to restore it to its original state, to do this there are two ways, an easy way and a hard way.
OK the hard way will require a certain amount of skill this requires you to remove the modems TSOP Thin Small Outline Packagebasically the 48 pin chip soldered to the modems circuit board.
Secondly you will then need read, erase and then write to the chip. The following screen shots and text were put together by Jim Rose 6d. Here is a picture, of how, I set the Willem up, the only jumper I had on is the 29f, as you can see in the picture: Ok once the Willem is set up put the chip in with the circle end at the top sb100 the red jumper 29f. Put the serial lead in and the power lead in.
I used a 12v, 1 amp power adapter. Now open up software eprg which is included. Now go to device like below: Once this is selected hit the id button to id the chip and you should get the following: Once you hit ok, erase the chip the erase button is underneath the minimize button in the picture above. You can then do a blank chip test by clicking on the chip with the question mark. OK moving onto the settings of the software to program chip Firstly where its says PCB3 on the above picture click on it to change it to Willemthen check the temporary sector unprotected, your screen should now look like this: As you can see it gives you the dip switch settings but they are back to front as you can see they go from 12 to 1.
Now what you have to do is clear the buffer which you can do by clicking on the little yellow box with red X through it. Once you have done this load up your dump which should be in BIN form.
Once you have loaded up your pre-updated dump click on program chip which is the little picture of the chip with hcak lightening through it. It took about mins programming and verifying the chip. Now put the chip down, there are various methods of doing this if you search around. Then the Sync, Power and Rdy lights will come on solid for about 10 seconds then they will all flash in sequence if this does not happen and the Power, Rdy and Sync stay solid there is a problem either try relaying the chip or reprogram it again.
Now open up internet explorer and type As you can see it still has the old screen and where it says software upgrade file name it has the old software C All you need to do now is put your new MAC on and do the no-update mod which you can find on Unlocker-Forums modem section.
I hope this helps you, please hacj free to add to this tutorial, as some people might have different ways of doing this, sb300 this the way Hak got it to work. The following screen shots and text were put together by JimboTheHo 6e.
Ambit Firmware Downgrading via Ethernet This guide will allow you to easily unlock terminal locked modems that stop at in HyperTerminal.