any1 understand this haxo log message - Page 3 - Techwatch Support Forums: Digital & Satellite TV, FTA, Cable, Computers, Mobile Phones, Apple and General Tech Forums

toolzkit · 14-04-09, 03:37 AM

hmm so at the minute there is no way to extract the certs from a original A250 dump to incert back into haxorware fw?

toolzkit · 14-04-09, 03:44 AM

at the moment using haxorware you can only use motorola certs, is this right. so is it worth going back to stock as there are 2mb fullflash backups on hax home page.

I would of thought that the correct certs were included in the hax fw.

fitz · 14-04-09, 03:51 AM

There may be a shortcut to it as they're stored in the perm nonvol, but I don't know of one yet.

The real problem is the dynamic configs, they're RSA encrypted on a 'per mac' basis, each modem having its own unique private RSA key to decrypt it. There is no way to get this private key remotely like you can do sniffing MAC's.

TBH it's getting very difficult very quickly with the new changes. Old modem mac's and configs work for now, but who knows how long it'll be till say all subscribers on 20meg get 255/256's and the rts22 is removed.

As far as I can see this will be an improvement over what we're doing currently, as it's just one less auth check we're failing.

What I can see working for a while(tm) is tftp enforce bypass with one of the dynamic 'unreadable' configs, while autoserving one of the unencrypted rts22 / rts50 files.

Maybe i'm wrong and this tweak will be completely ****, but I'll defo be doing it.

Cheers, fitz

fitz · 14-04-09, 03:58 AM

ok here's a bit of the telnet log:

0x00004916 [CmDocsisCtlThread] CmSecureDownload::ProcessConfigFileSpecifiedCvc:
(Secure Software Download) ERROR - Config File manufacturer CVC Subject organiz
ationName does not match the CM's manufacturer name.
0x00004916 [CmDocsisCtlThread] CmSecureDownload::ProcessConfigFileManufAndCosign
erCvcs: (Secure Software Download) ERROR - Reject config file MFG CVC!

here's a bit of the config file cvc - showing what manufacturer it's expecting in your modem's cm cert:

ComLabs
20 2d 20 45 75 72 6f 2d 44 4f 43 53 49 53 31 15 | - Euro-DOCSIS1.
30 13 06 03 55 04 0b 13 0c 43 61 62 6c 65 20 4d | 0...U....Cable M
6f 64 65 6d 73 31 28 30 26 06 03 55 04 03 13 1f | odems1(0&..U....
45 75 72 6f 2d 44 4f 43 53 49 53 20 43 61 62 6c | Euro-DOCSIS Cabl
65 20 4d 6f 64 65 6d 20 52 6f 6f 74 20 43 41 30 | e Modem Root CA0
1e 17 0d 30 32 30 37 31 30 30 30 30 30 30 30 5a | ...020710000000Z
17 0d 30 34 30 37 30 39 32 33 35 39 35 39 5a 30 | ..040709235959Z0
5b 31 0b 30 09 06 03 55 04 06 13 02 54 57 31 0e | [1.0...U....TW1.
30 0c 06 03 55 04 0a 13 05 41 4d 42 49 54 31 14 | 0...U....AMBIT1.

and finally here's a bit of the haxorware cm cert the dumps currently use:

;Motorola
43 6f 72 70 6f 72 61 74 69 6f 6e 20 43 61 62 6c | Corporation Cabl
65 20 4d 6f 64 65 6d 20 52 6f 6f 74 20 43 65 72 | e Modem Root Cer
74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 | tificate Authori
74 79 30 1e 17 0d 30 31 30 37 31 31 30 30 30 30 | ty0...0107110000
30 30 5a 17 0d 32 31 30 37 31 30 32 33 35 39 35 | 00Z..21071023595
39 5a 30 6d 31 0b 30 09 06 03 55 04 06 13 02 55 | 9Z0m1.0...U....U
53 31 1d 30 1b 06 03 55 04 0a 13 14 4d 6f 74 6f | S1.0...U....Moto
72 6f 6c 61 20 43 6f 72 70 6f 72 61 74 69 6f 6e | rola Corporation

I think you'll see the problem.

cheers, fitz

toolzkit · 14-04-09, 04:04 AM

thanks for the posts fitz, off bed catch you tommorow when I can read what your posting lol

Smurf · 14-04-09, 04:47 AM

Aint even got a clue what ur talking about lol. Just goes straight over my head. Hehe. What difference does it make having the correct cert's? Still get the correct speed without them? Whats the benefit? I dont understand? Ur confusing me. Lol

fitz · 14-04-09, 06:56 PM

Ok i've been messing with this and have had some success.

Here's what i've done and the results:

Firstly i'm not in a dynamic config area. It is a Pure area though.

Previously, I could only get Haxorware to work with BPI disabled, and even then it was only reliable if I used an old A100/120 mac. If i used a 250/256 mac or config The telnet log when connecting told me the modem was set into something (along the lines of) kPeriodicRanging.

The modem would go online and work fine for a few hours then would rescan the upstream, fail and drop the connection. The modem would then require a reboot and/or a MAC change.

This was when using a 250 with no certs installed, just completely blank.

Trying to enable BPI would let the modem connect, but no web pages.

Modification:
.................................................. .....................

I had a stock A200 here and Jtagged the perm nonvol off it (which contains the modem certs). I then loaded this 200 nonvol onto the 250, and corrected the tuner type settings etc so it would connect again.

This means I have legit certs on the modem, apart from the cm_cert, which obviously has the manufacturer details for a 200, not a 250.

.................................................. .....................

Results:
.................................................. .....................
I still get the CVC validation failure upon registration, due to the bad cm_cert.

With BPI disabled, i would still get the kPeriodicRanging status, and the dropped conection every few hrs. Sh1t, I thought.

However, I can now enable BPI1.0, then modem connects AND gives web pages correctly. When I connect with BPI, I do not get the periodic ranging, and the connection is rock solid.

Changing the MAC in haxorware now updates the certs for the new MAC and self signs them, whereas before it did nothing with the certs, as there were none.

I think if I now get hold of a valid 250/255/256 cm_cert, I will no longer get the CVC validation error, resulting in the modem being much more 'stealth' than before.
.................................................. .......................

Comments / ideas anyone?

If you want the current 2mb dump (still a work in progress obviously), PM me and you can try it.

Cheers, Fitz.

true_devil · 14-04-09, 07:25 PM

wow, there is a lot of info here guys, ive got a similar issue where

"The modem would go online and work fine for a few hours then would rescan the upstream, fail and drop the connection. The modem would then require a reboot and/or a MAC change."

so bottom line is ive got to try a diff config for the 120 and if that doesnt work ive gotta go through this lengthy process which fitz described?

fitz · 14-04-09, 07:33 PM

or you could just use my full 2mb dump and reflash with that...once i've done a bit more testing.

cheers, fitz

true_devil · 14-04-09, 07:40 PM

lol, cool sounds good mate...so id just have to reflash that and then flash haxo? or just reflash yours and sort the settings out? (once your finished ofcource)

14-04-09, 03:37 AM	#21 (permalink)
toolzkit Night owl twit twoo :P Join Date: Sep 2008 Posts: 570 Thanks: 90 Thanked 65 Times in 46 Posts	Re: any1 understand this haxo log message hmm so at the minute there is no way to extract the certs from a original A250 dump to incert back into haxorware fw? __________________ TM6800 HD Super, 1m Gibertini, TM2600 Motor & Megasat twin LNB 0.1dB 39.0E- 45.0W

14-04-09, 03:44 AM	#22 (permalink)
toolzkit Night owl twit twoo :P Join Date: Sep 2008 Posts: 570 Thanks: 90 Thanked 65 Times in 46 Posts	Re: any1 understand this haxo log message at the moment using haxorware you can only use motorola certs, is this right. so is it worth going back to stock as there are 2mb fullflash backups on hax home page. I would of thought that the correct certs were included in the hax fw. __________________ TM6800 HD Super, 1m Gibertini, TM2600 Motor & Megasat twin LNB 0.1dB 39.0E- 45.0W

14-04-09, 03:51 AM	#23 (permalink)
fitz Senior Member Join Date: May 2008 Posts: 587 Thanks: 28 Thanked 119 Times in 95 Posts	Re: any1 understand this haxo log message There may be a shortcut to it as they're stored in the perm nonvol, but I don't know of one yet. The real problem is the dynamic configs, they're RSA encrypted on a 'per mac' basis, each modem having its own unique private RSA key to decrypt it. There is no way to get this private key remotely like you can do sniffing MAC's. TBH it's getting very difficult very quickly with the new changes. Old modem mac's and configs work for now, but who knows how long it'll be till say all subscribers on 20meg get 255/256's and the rts22 is removed. As far as I can see this will be an improvement over what we're doing currently, as it's just one less auth check we're failing. What I can see working for a while(tm) is tftp enforce bypass with one of the dynamic 'unreadable' configs, while autoserving one of the unencrypted rts22 / rts50 files. Maybe i'm wrong and this tweak will be completely ****, but I'll defo be doing it. Cheers, fitz

14-04-09, 03:58 AM	#24 (permalink)
fitz Senior Member Join Date: May 2008 Posts: 587 Thanks: 28 Thanked 119 Times in 95 Posts	Re: any1 understand this haxo log message ok here's a bit of the telnet log: 0x00004916 [CmDocsisCtlThread] CmSecureDownload::ProcessConfigFileSpecifiedCvc: (Secure Software Download) ERROR - Config File manufacturer CVC Subject organiz ationName does not match the CM's manufacturer name. 0x00004916 [CmDocsisCtlThread] CmSecureDownload::ProcessConfigFileManufAndCosign erCvcs: (Secure Software Download) ERROR - Reject config file MFG CVC! here's a bit of the config file cvc - showing what manufacturer it's expecting in your modem's cm cert: ComLabs 20 2d 20 45 75 72 6f 2d 44 4f 43 53 49 53 31 15 \| - Euro-DOCSIS1. 30 13 06 03 55 04 0b 13 0c 43 61 62 6c 65 20 4d \| 0...U....Cable M 6f 64 65 6d 73 31 28 30 26 06 03 55 04 03 13 1f \| odems1(0&..U.... 45 75 72 6f 2d 44 4f 43 53 49 53 20 43 61 62 6c \| Euro-DOCSIS Cabl 65 20 4d 6f 64 65 6d 20 52 6f 6f 74 20 43 41 30 \| e Modem Root CA0 1e 17 0d 30 32 30 37 31 30 30 30 30 30 30 30 5a \| ...020710000000Z 17 0d 30 34 30 37 30 39 32 33 35 39 35 39 5a 30 \| ..040709235959Z0 5b 31 0b 30 09 06 03 55 04 06 13 02 54 57 31 0e \| [1.0...U....TW1. 30 0c 06 03 55 04 0a 13 05 41 4d 42 49 54 31 14 \| 0...U....AMBIT1. and finally here's a bit of the haxorware cm cert the dumps currently use: ;Motorola 43 6f 72 70 6f 72 61 74 69 6f 6e 20 43 61 62 6c \| Corporation Cabl 65 20 4d 6f 64 65 6d 20 52 6f 6f 74 20 43 65 72 \| e Modem Root Cer 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 \| tificate Authori 74 79 30 1e 17 0d 30 31 30 37 31 31 30 30 30 30 \| ty0...0107110000 30 30 5a 17 0d 32 31 30 37 31 30 32 33 35 39 35 \| 00Z..21071023595 39 5a 30 6d 31 0b 30 09 06 03 55 04 06 13 02 55 \| 9Z0m1.0...U....U 53 31 1d 30 1b 06 03 55 04 0a 13 14 4d 6f 74 6f \| S1.0...U....Moto 72 6f 6c 61 20 43 6f 72 70 6f 72 61 74 69 6f 6e \| rola Corporation I think you'll see the problem. cheers, fitz

14-04-09, 04:04 AM	#25 (permalink)
toolzkit Night owl twit twoo :P Join Date: Sep 2008 Posts: 570 Thanks: 90 Thanked 65 Times in 46 Posts	Re: any1 understand this haxo log message thanks for the posts fitz, off bed catch you tommorow when I can read what your posting lol __________________ TM6800 HD Super, 1m Gibertini, TM2600 Motor & Megasat twin LNB 0.1dB 39.0E- 45.0W

14-04-09, 04:47 AM	#26 (permalink)
Smurf Senior Member Join Date: May 2008 Location: Midlands Posts: 1,220 Thanks: 131 Thanked 179 Times in 164 Posts	Re: any1 understand this haxo log message Aint even got a clue what ur talking about lol. Just goes straight over my head. Hehe. What difference does it make having the correct cert's? Still get the correct speed without them? Whats the benefit? I dont understand? Ur confusing me. Lol

14-04-09, 06:56 PM	#27 (permalink)
fitz Senior Member Join Date: May 2008 Posts: 587 Thanks: 28 Thanked 119 Times in 95 Posts	Re: any1 understand this haxo log message Ok i've been messing with this and have had some success. Here's what i've done and the results: Firstly i'm not in a dynamic config area. It is a Pure area though. Previously, I could only get Haxorware to work with BPI disabled, and even then it was only reliable if I used an old A100/120 mac. If i used a 250/256 mac or config The telnet log when connecting told me the modem was set into something (along the lines of) kPeriodicRanging. The modem would go online and work fine for a few hours then would rescan the upstream, fail and drop the connection. The modem would then require a reboot and/or a MAC change. This was when using a 250 with no certs installed, just completely blank. Trying to enable BPI would let the modem connect, but no web pages. Modification: .................................................. ..................... I had a stock A200 here and Jtagged the perm nonvol off it (which contains the modem certs). I then loaded this 200 nonvol onto the 250, and corrected the tuner type settings etc so it would connect again. This means I have legit certs on the modem, apart from the cm_cert, which obviously has the manufacturer details for a 200, not a 250. .................................................. ..................... Results: .................................................. ..................... I still get the CVC validation failure upon registration, due to the bad cm_cert. With BPI disabled, i would still get the kPeriodicRanging status, and the dropped conection every few hrs. Sh1t, I thought. However, I can now enable BPI1.0, then modem connects AND gives web pages correctly. When I connect with BPI, I do not get the periodic ranging, and the connection is rock solid. Changing the MAC in haxorware now updates the certs for the new MAC and self signs them, whereas before it did nothing with the certs, as there were none. I think if I now get hold of a valid 250/255/256 cm_cert, I will no longer get the CVC validation error, resulting in the modem being much more 'stealth' than before. .................................................. ....................... Comments / ideas anyone? If you want the current 2mb dump (still a work in progress obviously), PM me and you can try it. Cheers, Fitz. Last edited by fitz; 14-04-09 at 07:09 PM.

14-04-09, 07:25 PM	#28 (permalink)
true_devil Senior Member Join Date: Apr 2008 Posts: 204 Thanks: 4 Thanked 8 Times in 7 Posts	Re: any1 understand this haxo log message wow, there is a lot of info here guys, ive got a similar issue where "The modem would go online and work fine for a few hours then would rescan the upstream, fail and drop the connection. The modem would then require a reboot and/or a MAC change." so bottom line is ive got to try a diff config for the 120 and if that doesnt work ive gotta go through this lengthy process which fitz described?

14-04-09, 07:33 PM	#29 (permalink)
fitz Senior Member Join Date: May 2008 Posts: 587 Thanks: 28 Thanked 119 Times in 95 Posts	Re: any1 understand this haxo log message or you could just use my full 2mb dump and reflash with that...once i've done a bit more testing. cheers, fitz

14-04-09, 07:40 PM	#30 (permalink)
true_devil Senior Member Join Date: Apr 2008 Posts: 204 Thanks: 4 Thanked 8 Times in 7 Posts	Re: any1 understand this haxo log message lol, cool sounds good mate...so id just have to reflash that and then flash haxo? or just reflash yours and sort the settings out? (once your finished ofcource)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
haxorware probs	iggyziggy	Cable Modems	37	12-04-09 07:16 PM