melttc
DW Regular
- Joined
- Oct 12, 2005
- Messages
- 2,928
- Reaction score
- 149
thought it may come of use to us here somehow by the guys trying to sort this out.
hope this is of some help to the likes of adam lord icon and the rest of the guys trying out things on the ambits.......
keep up the good work boys it is appreciated!
at boot up the modem does a ...
Downstream Frequency Search: The cable modem scans the downstream looking for 64- or 256-QAM (quadrature amplitude modulation) digitally modulated signals. Once a digital signal is found, the modem looks for information on that signal that is sent by the termination system (CMTS). A critical piece of information is the upstream channel descriptor (UCD), which contains information that the cable modem will need, such as the upstream frequency, modulation type and channel to use in order to communicate with the CMTS.
Ranging: Once the cable modem has found the digital signal from the CMTS (remember, there are digital signals on the downstream, too), the cable modem will listen for a special message from the CMTS called a map. The map will give the cable modem an opportunity to transmit upstream data for the first time (initial maintenance). Since the cable modem doesn't know what RF transmit power to use, it will start at its lowest power (+8 dBmV). If the CMTS does not respond, the modem will increase its transmit power by 3 dB and try again. The message being sent is called a range request. The cable modem keeps increasing the transmit power of the range request until the CMTS is able to detect the range request. Once the CMTS detects the range request, it analyzes the power, frequency and timing of the range request and sends the cable modem a range response, which includes instructions for the modem to adjust its transmit power, frequency and timing as necessary.
The CMTS does this ranging (station maintenance) for every cable modem in the DOCSIS network at least once every 30 seconds. This ensures that all cable modems are transmitting at the proper power, frequency and timing.
Dynamic host configuration protocol (DHCP): Now that the cable modem has ranged with the CMTS, it has established a communications link. It must now obtain additional information about the network, get an IP address and get the name of a configuration file. This is all achieved by using DHCP. This is a four-step process in which the cable modem sends a DHCP discover message to a DHCP server connected to the IP network attached to the CMTS. If the cable modem has been provisioned on the server, the DHCP server will send the modem an IP address, the IP addresses of other important network servers and the configuration filename.
now fun starts if its had a bpi encrypted key sent in this packet.
Time of Day (ToD): Although a requirement for DOCSIS 1.0 networks, the ToD [which provides a timestamp to cable modems during registration, is actually no longer required in DOCSIS 1.1 and later revisions. Almost all modems will in fact boot without a functioning ToD server.
Virgin dont use this tod stamp.
Trivial file transfer protocol (TFTP): Next, the cable modem must download the configuration file whose name it was given during the DHCP process. It does this by sending a TFTP read request to the IP address of the TFTP server, also obtained during the DHCP process.
we forced this config.
If the filename exists on the TFTP server, the file is downloaded to the cable modem. This file will provide the cable modem with settings such as the maximum subscriber data download and upload speeds, quality of service (QoS) settings, DOCSIS 1.1 settings, *** encryption settings ***.
Registration request: Finally, the cable modem will send a registration request to the CMTS along with a list of the modem's configuration settings.
NOW ENCRYPTED!!!!
If the CMTS approves of the modem's settings, it will respond with a registration response indicating a successful registration.
If the CMTS does not like the cable modem's settings, i.e. your a clone !!!the CMTS has the ability to reject the cable modem with a registration rejection, and the cable modem will not be able to come online and transmit data.
it drops into the 1k up 1k down default settings
Baseline privacy
BPI is being implemented by virgin, both as a means to encrypt and protect subscriber data while it is on the RF network and also as a way to prevent nonpaying subscribers from getting broadband service with hacked cable modems. The BPI registration process, when enabled, occurs immediately after the cable modem registers with the CMTS.
BPI is a four-step process at which time public and private keys are exchanged between the cable modem and CMTS, along with key expiration times.
now every two hours currently so its resets and has a new key. A clone modem infinity firmware doest have the ability to handle the key changes as the legit one does and drops off the network.
now understand.
for the ohh lemme do this lemme do that this works. Virgin have not implemented the full rollout and hence modems are still working ive not forced the config it works. Simple that modem is online and hasnt taken the bpi config. Soon as it does wammo you lose the connection.
till the full rollout all sorts of wierd things will work but every clone mac used simply will die soon as its new config kicks in. You cannot use the key to download the new config.
hope this is of some help to the likes of adam lord icon and the rest of the guys trying out things on the ambits.......
keep up the good work boys it is appreciated!
at boot up the modem does a ...
Downstream Frequency Search: The cable modem scans the downstream looking for 64- or 256-QAM (quadrature amplitude modulation) digitally modulated signals. Once a digital signal is found, the modem looks for information on that signal that is sent by the termination system (CMTS). A critical piece of information is the upstream channel descriptor (UCD), which contains information that the cable modem will need, such as the upstream frequency, modulation type and channel to use in order to communicate with the CMTS.
Ranging: Once the cable modem has found the digital signal from the CMTS (remember, there are digital signals on the downstream, too), the cable modem will listen for a special message from the CMTS called a map. The map will give the cable modem an opportunity to transmit upstream data for the first time (initial maintenance). Since the cable modem doesn't know what RF transmit power to use, it will start at its lowest power (+8 dBmV). If the CMTS does not respond, the modem will increase its transmit power by 3 dB and try again. The message being sent is called a range request. The cable modem keeps increasing the transmit power of the range request until the CMTS is able to detect the range request. Once the CMTS detects the range request, it analyzes the power, frequency and timing of the range request and sends the cable modem a range response, which includes instructions for the modem to adjust its transmit power, frequency and timing as necessary.
The CMTS does this ranging (station maintenance) for every cable modem in the DOCSIS network at least once every 30 seconds. This ensures that all cable modems are transmitting at the proper power, frequency and timing.
Dynamic host configuration protocol (DHCP): Now that the cable modem has ranged with the CMTS, it has established a communications link. It must now obtain additional information about the network, get an IP address and get the name of a configuration file. This is all achieved by using DHCP. This is a four-step process in which the cable modem sends a DHCP discover message to a DHCP server connected to the IP network attached to the CMTS. If the cable modem has been provisioned on the server, the DHCP server will send the modem an IP address, the IP addresses of other important network servers and the configuration filename.
now fun starts if its had a bpi encrypted key sent in this packet.
Time of Day (ToD): Although a requirement for DOCSIS 1.0 networks, the ToD [which provides a timestamp to cable modems during registration, is actually no longer required in DOCSIS 1.1 and later revisions. Almost all modems will in fact boot without a functioning ToD server.
Virgin dont use this tod stamp.
Trivial file transfer protocol (TFTP): Next, the cable modem must download the configuration file whose name it was given during the DHCP process. It does this by sending a TFTP read request to the IP address of the TFTP server, also obtained during the DHCP process.
we forced this config.
If the filename exists on the TFTP server, the file is downloaded to the cable modem. This file will provide the cable modem with settings such as the maximum subscriber data download and upload speeds, quality of service (QoS) settings, DOCSIS 1.1 settings, *** encryption settings ***.
Registration request: Finally, the cable modem will send a registration request to the CMTS along with a list of the modem's configuration settings.
NOW ENCRYPTED!!!!
If the CMTS approves of the modem's settings, it will respond with a registration response indicating a successful registration.
If the CMTS does not like the cable modem's settings, i.e. your a clone !!!the CMTS has the ability to reject the cable modem with a registration rejection, and the cable modem will not be able to come online and transmit data.
it drops into the 1k up 1k down default settings
Baseline privacy
BPI is being implemented by virgin, both as a means to encrypt and protect subscriber data while it is on the RF network and also as a way to prevent nonpaying subscribers from getting broadband service with hacked cable modems. The BPI registration process, when enabled, occurs immediately after the cable modem registers with the CMTS.
BPI is a four-step process at which time public and private keys are exchanged between the cable modem and CMTS, along with key expiration times.
now every two hours currently so its resets and has a new key. A clone modem infinity firmware doest have the ability to handle the key changes as the legit one does and drops off the network.
now understand.
for the ohh lemme do this lemme do that this works. Virgin have not implemented the full rollout and hence modems are still working ive not forced the config it works. Simple that modem is online and hasnt taken the bpi config. Soon as it does wammo you lose the connection.
till the full rollout all sorts of wierd things will work but every clone mac used simply will die soon as its new config kicks in. You cannot use the key to download the new config.