[DOWNLOAD] GUIDE Downgrading Superhub and Mac Sniffing

cupra.john

DW Member ++
Joined
Dec 23, 2005
Messages
330
Reaction score
25
Location
Bristol / Fuerteventura
Downloads: A new file has been added by cupra.john:

Downgrading Superhub

Downgrading VMDG480 (Superhub)
Changing Mac & Serial VMDG480
Upgrading Firmware To R.37 VMDG480 (SUPERHUB)
How to Sniff Using a VMDG480

all files plus instructions in Zip file
I found this on another site all credit to them
 
Last edited by a moderator:
Re: [DOWNLOAD] Downgrading Superhub

I found this info that I think goes with the files above...

-------------------------------

1. Download Netsnmp and Tftpd32 - (FILES IN FIRST POST)

install both netsnmp and tftpd32 default settings.

2. Download 480 r37 r30 Downgrade Files - (FILES IN FIRST POST)

3. Disconnect from wifi networks etc, and connect via ethernet to the modem your flashing.
Make sure the white virgin lead is not connected to the modem your flashing.

4. Change your IPv4 settings to do this right click on the network icon in your System tray, open network sharing center, click on ethernet connection, Properties, double click ipv4 and change settings to match below. click ok for settings to take.

IP Address: 192.168.100.10
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.100.1
Preferred DNS Server: 192.168.100.1

5. Open tftpd32 in the box: server interfaces it should say 192.168.100.10?

6. Click start > control panel > programs > turn windows features on or off > find telnet client and tick the box. once its installed click ok.

7. Open a web browser, and goto 192.168.100.1 will open a virgin settings page. Default login is admin pass is changeme

8. Click the middle one. and scroll to the bottom of the page, will say software version.

9. Click back and click advance settings, will pop up with some crap just say yes.

10. Scroll down, and click on the tab that says backup / restore.

11. Click browse, goto the folder on your desktop and select Rev 37.cfg, or Rev30.bin (Depending on Firmware Version)
Click upload, will pop up saying accept these settings, click yes and the modem will reboot.

12. Open the tftpd32 window, click browse and select the folder on your desktop.

13. Click start and type telnet, then click the telnet app (Looks like a cmd prompt window)

14. Type: 'o 192.168.100.1'
It will now ask for username: MSO (Must be capitals)
password: changeme (Lower case, doesn't display what your typing)
hit enter twice and it will say cg???> and scanning blah blah

15. type: '/cm_hal/scan_stop'
that will stop it scanning

16. In the folder on your desktop there is a text file saying telnet downgrade, open it and you'll see the list of commands, copy and paste them in one at a time, hitting enter after each one, when you hit enter it will say yes or no, press y and hit enter on each one, once you've typed the last one, it will start going nuts and youll see the transfer in the tftpd32 window.
To paste text, click the icon in the top left of the telnet window, click edit and hit paste, (Keyboard shortcuts don't work)

cd snmp
set cdPvtMibEnableKeyValue.1 s cabwizardz
set cdPvtMibEnableKeyValue.1 s cabwizardz
set v2FwControlImageNumber.0 i 2
set v2FwDloadTftpServer.0 ip 192.168.100.10
set v2FwDloadTftpPath.0 s Image1.bin
set v2FwDloadLarge.0 i 1
set v2FwDloadForce.0 i 2
set v2FwDloadNow.0 i 2
set v2FwDloadNow.0 i 1

17. If you get a connection lost message in telnet window ignore it aslong as you can see the trasfer in tftpd32 your ok

18. Wait till the transfer is 100% and the file list clears on that window.

19. Wait 1min, then reset the modem (pull the power lead and plug it back in)

20. Close the telnet window and tftpd32

21. Open web browser and goto 192.168.100.1, It Should look different? (If it doesn't you've done something wrong, repeat steps above)

22. Close the browser, the modem is now downgraded to rev 19 firmware, (rev 19 allows you to change the mac, rev 37 doesn't thats why we had to downgrade first.)


Changing Mac & Serial VMDG480 (SUPERHUB)

1. Open the text file on your desktop 'Mac change Telnet comms' and change the mac and serial to a known working mac,

/cm_hal/scan_stop
/non-vol/halif/mac_address 1 00:11:22:33:44:55
/non-vol/snmp/docsDevSerialNumber 001122334455
/non-vol/write
/reset

2. Now, if you try and login via telnet 'o 192.168.100.1' if it says connection refused you need to re-enable telnet

Open web browser, goto 192.168.100.1, login, click advanced settings, click on backup / restore tab on the left, click browse file to upload, select rev30.bin click upload, modem will reboot, let me know when yellow icon in system tray once rebooted.

Open telnet, 'o 192.168.100.1'
Username: MSO
Password: changeme

Hit enter twice, once you see cg???>

3. copy and paste all the commands all at once from the mac change text file, into telnet window. then hit enter, the modem will reboot almost instantly.

4. once its fully rebooted, goto 192.168.100.1 page, login.

5. The Login changes to admin, the password is the wifi password on the sticker on the back of the modem.

6. click advance settings, and click basic settings, where it says mac address it will now have your new mac address.

7. The wifi name will be wrong (look at the numbers, as the telnet enable file changes the wifi name)

8. Click wireless settings, and change the wifi settings to whatever you want (Just set it to the defaults on the sticker on back of modem). Make a note of the wifi password. Then click apply you'll see the screen flicker when its took the settings save.

9. Pull the power and ethernet, plug the white feed cable in and power it on, (No ethernet)
wait till the 3 lights on the side go solid.

10. Connect to it via wifi. and try a website.

11. working? Speed Test?

12. Thats the main part done, now close all the window.


Upgrading Firmware To R.37 VMDG480 (SUPERHUB)

1. Open telnet, 'o 192.168.100.1'
Username: MSO
Password: changeme

/docsis_ctl/dload -s 10.137.103.1 CG3101D-2VGUKS_V2.37.01S.bin

2. Copy and paste that into the telnet window, then hit enter, you will see it start receiving.
takes a few minutes to complete. once complete it will reset itself.
Once its rebooted, it is back on r37 firmware.

3. you need to do this as r19 has wifi issues, these are fixed in r37.

4. once its rebooted your all done.

5. you'll need to change the ip4 settings back for ethernet connections, otherwise if they try and go on internet via ethernet it will just bring up dns error page.


How to Sniff Using a VMDG480

you don't need modem mode etc. you can can do it over wifi.
login via telnet, (Default user: MSO, Default pass: changeme)
type,
cd /
routeShow
scroll up a bit and there will be a table, the first mac will be marked as UHCL, thats your mac, make a note of the ip address to the left of it.
ie, 10.157.17.86 -- 00:11:22:33:44:55 -- UHCL
then type,
cd ping
ip_sweep 255.255.255.0 10.157.17.86 (change the ip to yours, but make the end number 1 ie, 10.157.17.1)
then it will check that range up to 10.157.17.255
once its done you can go up a range 10.157.18.1 etc.
once your finished and you want the list of found macs,
type
cd /
routeShow
then scroll up, there is your list, copy and paste to notepad

Cable Wizard
 
Re: [DOWNLOAD] Downgrading Superhub

I have fixed the link in the first post...

Should be right now @cupra.john.

Thanks again for sharing the modem guide and files with the forum cheers!

Mick
 
Last edited:
Re: [DOWNLOAD] Downgrading Superhub

still cannot seem to find any macs! :(
 
Re: [DOWNLOAD] Downgrading Superhub

had a spare SuperHub so decided to give this a go.
I got through the Changing Mac & Serial VMDG480 section and changed the serial and mac to my existing subbed modem for testing purposes.
I disconnected my subbed modem and connected up the modded superhub, it syncs up but shows access denied in the setup page.
Any ideas?

In the download from the first post there is a Frequency Change file, do we need to change the upstream and downstream frequency settings?
 
Re: [DOWNLOAD] Downgrading Superhub

U need to pull certs from subbed modem and inject them into clone only way also unreliable and change often cable modem hacking as such is dead at the moment wish the scene would come back to life
 
Re: [DOWNLOAD] Downgrading Superhub

use the superhub tool thats out there it will scan for you its just like the old days ambit tool :)
 
Re: [DOWNLOAD] Downgrading Superhub

Cheers for file but when I try unzip with 7zip or windows zip it says its corrupted. Do you remember what utility you used to zip it? Winrar, Winzip?
 
Re: [DOWNLOAD] Downgrading Superhub

Interesting.......I thought the cable modem stuff was dead in the water a long time ago??

Does this work the same way as it used to years ago where you have to search for macs on another UBR?
 
Re: [DOWNLOAD] Downgrading Superhub

Interesting.......I thought the cable modem stuff was dead in the water a long time ago??

Does this work the same way as it used to years ago where you have to search for macs on another UBR?
I would be interested to know as well if it's this is now back on the scene again? Has a workaround been found as last I heard certs, etc was needed.
 
Re: [DOWNLOAD] Downgrading Superhub

I went through all the motions without reading the thread through lol

I s there a way to pull the cert from my original? :)
 
Re: [DOWNLOAD] Downgrading Superhub

I've downloaded a VMDG Hub Tool which i think will do the trick? But now i think i have to downgrade my subbed Hub to be able to telnet connect to it? My question is, if i downgrade, could it spanner the certificates that i'm after and mess up my subbed modem? lol
 
Re: [DOWNLOAD] Downgrading Superhub

Right, i downgraded my subbed, extracted the Certs ets, programmed them onto the clone, but still no internet access??
 
Well done dar1437, I bet it's something small @Tr0jan might have more of an idea :)
 
Last edited:
I have my spare Superhub VMDG480 ready and waiting, I may give it a go later on.
 
Seems i missed out on some necessary info. :)
Can't test as yes, due to the ManU Liverpool game. May be able to try it before the Swansea Spurs game otherwise i'll be sure to get a phonecall or too from card sharers. :)

If all goes well, i'll upload a simplified tutorial (with all due credit to the authors) :)
 
Seems i missed out on some necessary info. :)
Can't test as yes, due to the ManU Liverpool game. May be able to try it before the Swansea Spurs game otherwise i'll be sure to get a phonecall or too from card sharers. :)

If all goes well, i'll upload a simplified tutorial (with all due credit to the authors) :)
A simplified tutorial for me would just what the doctor ordered, looking forward to it, thanks mate.
 
Got blue data light on and green wifi, but the green tick is just flashing very quickly? Hmmm (well i think it's moving in the right direction, yesterday the tick was flashing for a few secs, going off for a bit and flashing again lol)
 
Turns out that i haven't actually installed the Certificates (bpi.bin) When Telneting it across, i get this error:

Opening file 'bpi.bin' on 192.168.100.10 for reading...
Tftp read < 512 bytes, we have reached the end of file.
Tftp transfer complete!
TFTP settings:
stack interface = 0
server ip address = 192.168.100.10
server port number = 64003
total blocks read = 20
total bytes read =10222

checksum for permanent settings: 0x69200001

ERROR - The setting were not valid. Restoring previous values.
Chescksum for permanent settings: 0xb7e3f5ba

The settings were successfully read from the device.


I'm wondering when reading the Certs from the subbed, whether i should have had the BPI+Bypass box unticked on the HubTool?
 
Back
Top