ECM WARNING - Ambit 250 modems - Remote brickage!

[Hideki]

Hihi

Games are afoot at Virgin, 3 of my 4 Ambit 250s are dead

Somehow (possibly because they had the default login, I've changed the one I managed to unplug as I realised what was happening) these modems are bricked, all went down within 15 minutes of each other

No output on Max232, sit there with network light slowly going on and off, possibly because sat in a reboot cycle, IE: bricked.

Curiously, my 200s are completely unaffected although whether that will last is anyones guess

Anyone using a 250 with infinite who hasn't changed the default login/password had better do so now:

This is how:

Connect as normal then do (Note, type this at cm> prompt, NOT at bootloader, definitely not after hitting p at bootloader):

cd \non
cd msg
user_name YOURUSERNAME
password YOURPASSWORD
write

(then reboot your modem)

(obviously replacing the YOURUSERNAME/YOURPASSWORD values with appropriate ones)

You should do this asap, while this current attack might only affect my area, it will probably be seen elsewhere too.

No, it was not a power surge, they went down very close together but not at exactly the same time, the one that I changed the password on seems fine so it seems fairly likely they can get in only with the defaults.

 

[reddwarf]

Hideki,

Can I just clarify this method of changing the password cos I previously bricked one using the CM Terminal option on the Ambit Config tool and entering something similar to what you have posted.

When I use HyperTerminal, am I pressing the "p" button and then pasting these commands in? An idiots guide would be nice. Thanks.

 

[Hideki]

Hihi

You could not brick a 250 typing that at the terminal.

just use the cm terminal over ethernet and once at the CM> prompt type the above.

Bloody Virgin

Anyone know if it's possible to JTAG a 250 and what might be needed? (I have normal/eurovox JTAGs from TMC already so if it's just a case of a bit of soldering...)

 

[reddwarf]

Hihi
You could not brick a 250 typing that at the terminal.
just use the cm terminal over ethernet and once at the CM> prompt type the above.

I had the Max232 connection as well as the ethernet cable plugged in that's probably why I bricked it. I cannot access 192.168... on the modem so I am pretty sure it is bricked :-(

I guess you have it worse with 3 of them going down mate!

 

[Hideki]

Hihi

If it's just sitting there with the power light on and the ethernet light slowly going on and off then it's likely the same countermeasures I'm describing above, you cannot brick a modem with my tool unless you use the bootloader flasher and interrupt it.

 

[demonx]

Edit : Can't read.

 

[reddwarf]

This happened about 3 weeks ago so do you think that was a counter measure? The modem was working fine until I tried to change the username and password. I have tested a friends modem with the default password at my house and it was working ok (surely that would have been hit at the time too?).

Thanks.

 

[Hideki]

Hihi

Okay, then it wasn't the same thing, I thought you meant it'd died just now, was thinking perhaps your area had been hit with the same thing and you just happened to be editing at the time

If it was 3 weeks ago I'm doubtful...

 

[reddwarf]

Sorry to keep going on Hideki but, if you only need the ethernet cable to change the default password surely the cc can change it back and then gain access to the modem and brick it?

 

[Hideki]

And how would they know what you changed it to?!

 

[reddwarf]

Sorry, you are right! I was thinking of the Max232 connection which doesn't need the password!

Basically the one I bricked, I wanted to change the password back to default as a trader had changed the password and I didn't know what it was so used the Max232 connection and (I think) the commands above. In hindsight, I should have just reflashed instead....

 

[meangreenie]

Can't you just change the user and password with 250 configurator ?

 

[reddwarf]

Can't you just change the user and password with 250 configurator ?

I haven't tried that!

 

[Hideki]

Hihi

I gave the exact commands required to do it in my initial post.

I also don't believe for a second that you could brick a modem with those commands...

This thread is about virgin killing modems, I did not expect it or intend it to be a never ending load of questions that were answered in the first post.

 

[hethemlrijk]

the games begin, but may get rid of some big cloners on the network hopefully the ones that have 10 modems on the run..

next thing they'll be trying to hack them illegal hacking of illegal modems

 

[nozzer]

Interesting that there may be two different attacks happening at once !

Perhaps its different attack trials in different areas or maybe the attacks are related somehow.

 

[MFCGMFC]

so how exactly do i enter these commands

hook it up via max232

open hyperterminal

when the options come up press p

then enter those commands and reboot modem?

Cheers
MFCGAVMFC

 

[waynemcfc]

yes all going tits up in madchester but if you change the password it sorts the problems out

 

[Smok3y666]

Do you get any kind of error message? I got my first Generic Host Error this morning, I was getting loads of these last time round when everything was going funny.

 

[tricksterdude]

Mines was working fine this morning when I got up. As soon as I read this I pulled it off the cable connection though. I'll change the password when I get home. Hopefully this'll be enough to keep Virgin at bay and if it isn't the hopefully there's some very clever people out there who'll be able to beat any countermeasures that Virgin bring in.