Using Original Firmware

[Smurf]

I was just wondering if it is possible to use original firmware on say an ambit 250/255 and somehow change the mac of it. Is this possible as this would look like a legit modem so hopefully it wouldnt go off?

Thank You.

[G77]

needs to be shelled doesnt it?

its poss for 200's as shelled orig is out there

dont think its avail for the 250 series thou. yet.

i'd gladly go back to orig if it would stop probs, touch wood i've been ok for a good 4 weeks

[rick1019]

I'm using original firmware for ambit 200 and not gone off once

[Smurf]

Are 200's hard to do? What do u mean G77 by shelled? Can they hit 20meg? How do u change the mac on it? What tools would i need in order to do it? My next project find a 200 and put original firmware.

[666]

from monkey
I made this guide a long time ago when the CC last hit us. And going off what's going on in some area's with Infinite and Haxorware getting hit I thought it worth releasing again. I have given it a bit of an update to keep us up to date.

Right, here goes. You will find all the files you need linked in the guide. For files that are not linked I have uploaded them in the downloads

You undertake this at your own risk and I am not responsible if you brick your modem doing this. You cannot use this guide for bricked modems.

STEP 1:

If your modem is stealth you will need to restore the bootloader first. If you already have a bootloader then you can skip to STEP 2.

To restore the bootloader, download the bootloader from the bottom of this post then use one of the SoftJTAG applications to connect to your modem via Com 1. I have included both as I found that some modems will only work with one or the other depending on what firmware you have on the modem so if one doesn't work the other will.

NOTE - If you get an error when trying to open SoftJTAG then you'll need to install these first:

.NET Framework 2.0
Visual J# Version 2.0

Once connected to the modem click on 'WRITE BOOTLOADER' and select the bootloader included with this guide.

Once it's flashed your now ready to go to STEP 2.

STEP 2:

Install Solarwinds TFTP Server

Copy 250.bin to C:\

Set network adapter to 192.168.100.10

Run Solarwinds

Goto 'FILE' > 'CONFIGURE' and make sure the root of your C:\ drive is selected and that you can see the 250.bin file

Next select the 'SECURITY' tab and click the radio button next to 'TRANSMIT & RECEIVE FILES' followed by the 'OK' button

Now connect your MAX Cable to the modem and double click on the 'AMBIT' Hyperterminal file included

Power up the modem and press 'P' within 2 seconds

Change the board IP to 192.168.100.1 and press 'ENTER'

Press 'ENTER' 4 more times

Select option 'D'

Set your TFTP server as 192.168.100.10 and press 'ENTER'

Type 250.bin and press 'ENTER'

The modem should now read the firmware image. You will be informed that the image does not have a standard header and asked if you still want to store it. Type 'yes' and press 'ENTER'

You will then be asked the sector at which to start the store. Type '0' (Zero not the letter, and press 'ENTER'

It will then start to flash the chip with the origional firmware. When it’s finished, it will ask you to store parameters to flash, enter 'no and press 'ENTER'

Reboot the modem, you now have an origional 250 modem

STEP 3:

Now to change the MAC. First open the 256 toolkit and edit a 256 PERM section to include the MAC and settings that you wish to use.

Save the file to the root of your drive as PERM.bin

Double click on the 'AMBIT' Hyperterminal file included again

Power up the modem and press 'P' within 2 seconds

Change the board IP to 192.168.100.1 and press 'ENTER'

Press 'ENTER' 4 more times

Select option 'D'

Set your TFTP server as 192.168.100.10 and press 'ENTER'

Type PERM.bin and press 'ENTER'

Once the PERM has transferred over and you are asked if you still want to store it. Type 'yes' and press 'ENTER'

You will then be asked the sector at which to start the store. Type '3' and press 'ENTER'

It will then start to flash the chip with the PERM.bin you created. When it’s finished, it will ask you to store parameters to flash, enter 'no' and press 'ENTER'

Job Done!

Reboot the modem and you should now be online. You can optionally use 'max_dload_tries 4' above to keep the modem up to date with the latest FW as you can always use the Console Unlocker to restore a bootloader. But I will leave that choice up to you, just be warned the CC could release a new FW at any date that locks out the Console Unlocker.

As a side note I would like to address the confusion of my guide. Many peeps seem to think it was Adam who figured out how to restore to original back in the day and that simply is not the case. Adam was noted for for the loading of the Motorola 5100e firmware into ram to make the necessary changes to the SA3 sector of the modem. Anyways that has now been replaced with the new and more up to date method of using the 256 toolkit to edit the details so enough about that lol

I'm also surprised how many peeps have altered my guide slightly and tried to pass it off as there own. Even more surprised at the ones that said please don't try to pass this off as your own work, now that was just funny lol Given that I guess these needs adding, "PLEASE DON'T TRY TO PASS THIS GUIDE OF AS YOUR OWN"

Since this guide was released by myself back in the day on DW there have been many contributions from other members so I am going to give credit here and hope that everyone takes them into consideration when using this guide:

So here goes, a BIG thanks to (In alphabetical order):

Benchould (For helping me figure out some memory locations back when the guide was originally released)
Boltar (For SoftJTAG)
ImH (For releasing the superb 256 Toolkit)
mackay22 (For making it public knowledge on how to flash the SA3 to sector 3)
MONKey (Yup thats me lol! For releasing the original guide that made restoring possible)
Water (For having mad skills and putting the Console Unlocker together)

Also I would like to say THANKS to Digi & Mark as without them UGM would not be here and this guide wouldn't be what it is today!

If I have missed anyone here please feel free to PM me and I'll get your name added here

[G77]

shelled is when the telnet console can take connections and commands

[666]

all so i,m using haxoware with betty bootloader, this was made by cabledud21 from unlockers, but it dont keep the p

[Smurf]

Ok im going to order a Ambit 200 going to need help in setting it up to use original firmware as here in pure area i cant get online if i do i get booted off after 2 mins.

Also does stealth mean a flashed modem? Dont u need to use console unlocker before softjtag on Step 1? Im sure my buttons only appear after using console unlocker. Also last time i tried to use solarwinds as a TFTP server it didnt work for me i kept getting timeout error so i reverted to tftpd32 and that worked ace can i just use that?
So 666 can i do this with a 250 as i have one of them lying about with original firmware on it as you've put it will change firmware to original 250.

Thanks 666 and G77.

[666]

the above is for a 250 m8

[666]

what is wrong with your modem m8, what is it what firmware you got on it, lets see if we can get you on line