ไม่สามารถเล่นวิดีโอนี้
ขออภัยในความไม่สะดวก
Chip-Off Firmware Extraction and Reverse Engineering of Arris SB6121 Cable Modem
ฝัง
- เผยแพร่เมื่อ 8 ม.ค. 2023
- In this video, we demonstrate a chip-off firmware extraction on the Arris SURFboard SB6121 cable modem. Then, we unpack the squashfs filesystems with binwalk and explore their contents.
flash chip datasheet:
www.winbond.co...
XGecu T56 universal programmer site:
autoelectric.cn...
Wine wrapper for XGecu software:
github.com/rad...
IoT Hackers Hangout Community Discord Invite:
/ discord
🛠️ Stuff I Use 🛠️
🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
- Soli Deo Gloria
💻 Social:
twitter: / nmatt0
linkedin: / mattbrwn
github: github.com/nma...
#hacking #linux #reverseengineering #iot #firmware
That poor little capacitor went unnoticed :(
omg yeah I saw that when I was editing the video...
Hi Matt, this is really really helpful. I absolutely love how you go through the step on by one and explain the why of each step. I have bought a soldering iron and a hot air gun but so far I haven't gathered the courage to try them out. Your video completely removed my underlying reluctance. Good job!
Excellent, I appreciate you taking the time to go through the whole process in real time. Excellent job. Superb
Ok so I've been watching your videos for awhile now and like most of your commenters, i think your stuff is digital gold. But it just clicked and occurred to me, although i don't watch streams myself per say, I do watch alot of straemers YT content which as you know is often outtakes from streams or sometimes standalone projects. My point is I just realized your a streamer bro! Your personality and content formatting like your voice overs are perfect and it already seems you have a solid community behind you and developing. Keep doing you but please stream what you do and monetize it accepting donations ect. You would pop off in the tech world. Just a thought, peace.
Thanks man! Yeah I've thought about streaming as well but there are at least a couple reasons that it would not work for me. One is that you want to stream at a consistent time to grow an audience but having a family makes that hard. If you see the time on my computer/watch on my videos you'll see that I usually record very late at night. Second reason is that I'm often finding stuff in devices that I have to censor in the video edits which would not be possible if streaming.
@@mattbrwn Ahh I see still your up there with the best bro all the best
Excellent tutorial.
Binwalk is a good util
Nice work! Thank you for sharing and showing us problems on the way that you solves on the go!
Im a simple human i see matt brown i click matt brown
😂
First video here and I think I’m Gonna like your channel
You dont need to remove the chip. You can use an in circuit chip clip. I have done this on a 6580. Also, if you plug into cable, it will get a default config from your isp. If you ssh into the device you can get root access and download the firmware and config for review.
I don't have cable internet. I have fiber.
I'm guessing there is a way to emulate the cable signal somehow but I need to look into that. The Ethernet port doesn't get a link at all. I'm guessing it needs the cable side to come up first.
@Matt Brown you would have to emulate a cmts and that would be hard as you would have to have the correct upstream and downstream frequencies modulated. You would need a cmts with dcam and ucam cards
10:39 I hope that cap wasn't important...
This is great!
Please continue to do more vids
To emulate the internet side of it you need some knowledge of DOCSIS. I am not sure if connecting it to a MoCA adapter using a coaxial cable would work. I know that a lot of these devices would not experience interference from MoCA. It uses different frequencies so that it ought not interfere.
The thingy on the other end that it would talk to is called a CMTS which might help search for some sort of CMTS emulator/test harness. Most old school DOCSIS hackers would just find an actual decommissioned CMTS unit somehow, if what they were testing couldn't work black-box style with a live cable network (real CMTS).
I asked ChatGPT this, I got a few answers you'll like! "How to emulated a coax isp input to modem for Arris to do ethernet setup, i need to access the wifi settings and it will not detect over Ethernet unless emulated, what are my options?"
What it spit out, do the search for more details on each:
Use a Dummy Coaxial Signal
"Connect one end of the splitter to the modem and the other end to a 75-ohm terminator. This tricks the modem into thinking it’s receiving a signal."
Access via Backup Battery (if applicable)
"Sometimes, during the initial boot process, the modem/router might allow access to its settings via Ethernet even without a live coaxial signal."
Bypass Coaxial Check
"Telnet or SSH connection"
hi, does xgecu board you use can dump bga153 emmc from android tv box?
without watching the video i click like :) .
haha much appreciated!
Can i ask what was the purpose of doing this? The application?
28:20 "password = maplesyrup, not localised" ???
all in test smtp files. every cable company redefines the SMTP credentials, these days.
is there no way with JTAG / UART?
Was possible on earlier models of SurfBoard but they learned their lesson and even if it did have JTAG pins or pads, they are disabled and/or the CPU won't give a real dump or accept writes.
can you make a sb6190
13:44
Did you teach yourself Linux or did you take a computer course for that?
I taught myself. I know very few Linux users/professionals who got into it by a structured course.
The best way to learn is to install Linux on some old laptop/desktop you don't use anymore. If you don't have one laying around, then either buy one refurbished on ebay or get a Raspberry Pi. There are TONS of youtube videos that will walk you through this process and teach you other stuff about Linux along the way. But the best way to learn Linux is to try using it as your "daily driver" (the computer you use to get your work done) as much as possible.
@@mattbrwn I'd love to teach myself Linux (bash). Could you recommend any books that would help me learn Linux?
@@shanebrady568 The Cyber Mentor has a good course on TH-cam.
The Linux Command Line interface is a free online book.
Linux for hackers is also a nice resource.
But you will learn the most from fucking up and trying to fix it.
Learn by doing, hands on the keyboard.
13:15 that made me laugh
Look, am I going to get free PPV or not? lol
Yes my g
I’m curious what that rsa_key.priv file was all about 😵💫
used for dropbear ssh server as the SSH server's RSA host key:
from service file:
dropbear -r /etc/rsa_key.priv