hacker

turmio

description
Hacking Ciscos cable modem used by DNA (EPC3825)
started

2015-12-28

  • Serial pins: https://wiki.openwrt.org/toh/cisco/epc3208g

  • https://wiki.openwrt.org/toh/cisco/epc3925

  • Similar output: http://pastebin.com/1jZQHNz4

    • Boot output from serial: 

    BCM338031 TP0
1
Sync:1
346890

SA BootLoader Version: 2.3.0_R3(S) Release Gnu spiboot reduced DDR drive
Build Date: Sep 21 2009
Build Time: 15:57:39
SPI flash ID 0xc22017, size 8MB, block size 64KB, write buffer 256, busy bit 1

Found image 1 at offset 20000

Found image 2 at offset 400000
 eCos - hal_diag_init
Init device '/dev/BrcmTelnetIoDriver'
Init device '/dev/ttydiag'
Init tty channel: 81268dd0
Init device '/dev/tty0'
Init tty channel: 81268df0
Init device '/dev/haldiag'
HAL/diag SERIAL init
Init device '/dev/ser0'
BCM 33XX SERIAL init - dev: 0.2
Set output buffer - buf: 0x81322a28 len: 4096
Set input buffer - buf: 0x81323a28 len: 4096
BCM 33XX SERIAL config
Init device '/dev/ser1'
BCM 33XX SERIAL init - dev: 0.3
Set output buffer - buf: 0x81324a28 len: 4096
Set input buffer - buf: 0x81325a28 len: 4096
BCM 33XX SERIAL config
'LsSpiInit 3380
[00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitStorageDrivers:  (BFC Target) Configuring/Loading Flash driver...
[00:00:00 01/01/1970] [tStartup] BcmSpiFlashDevice::DetectFlash:  (SPI Flash Device Factory) WARNING - Detected SPI flash with JEDEC ID =0xc22017
[00:00:00 01/01/1970] [tStartup] FlashDeviceDriver::SpiFlashPlaceRegions:  (Flash Driver C API) WARNING - Permanent NonVol would fit in the boot block of this flash device, but I found existing NonVol in the following block; using this location instead...
[00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitStorageDrivers:  (BFC Target) Loading BootloaderStore driver...
[00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitStorageDrivers:  (BFC Target) Loading ProgramStore driver...
ProgramStoreDeviceDriver::ProgramStoreDriverInit:  INFO - Initializing...
[00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitStorageDrivers:  (BFC Target) Loading NonVol driver...
[00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitStorageDrivers:  (BFC Target) Storage drivers initialized successfully.
[00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitDeviceAbstractions:  (BFC Target) Creating singletons for ProgramStore/BootloaderStore/NonVol devices...
Detecting the next image number that we will store to by default...
Bootloader indicates we are running image 2
By default, we will dload to image number 1!

[00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitDeviceAbstractions:  (BFC Target) Device abstraction singletons created successfully.

BcmCmDocsisNonVolSettings::GetSingletonInstance:  WARNING - the singleton instance is NULL, and someone is accessing it!
SAHttpCacheVariables::GetSingletonInstance:  WARNING - the singleton instance is NULL, and someone is accessing it!
Setting up the SAHttpCacheVariables singleton pointer.
CmSnmpNonVolSettings::GetSingletonInstance:  WARNING - the singleton instance is NULL, and someone is accessing it!
CmSnmpNonVolSettings::GetSingletonInstance:  WARNING - the singleton instance is NULL, and someone is accessing it!
CmSnmpNonVolSettings::GetSingletonInstance:  WARNING - the singleton instance is NULL, and someone is accessing it!
BcmCmSANonVolSettings::GetSingletonInstance:  WARNING - the singleton instance is NULL, and someone is accessing it!
[00:00:02 01/01/1970] [tStartup] CwmpClientStateNonVolSettings::CwmpClientStateNonVolSettings:  INFO - ****** Constructor called ******
[00:00:02 01/01/1970] [tStartup] CwmpClientStateNonVolSettings::ResetDefaults:  INFO - ****** ResetDefaults called for Dynamic section, setting version to 0.1 ******
[00:00:02 01/01/1970] [tStartup] CwmpClientStateNonVolSettings::ResetDefaults:  INFO - ****** ResetDefaults called for Permanent section, setting version to 0.1 ******
[00:00:02 01/01/1970] [tStartup] CwmpClientStateNonVolSettings::CwmpClientStateNonVolSettings:  INFO - Setting up the singleton pointer.
BcmPcpClientServiceAppIf::GetSingletonInstance:  WARNING - the singleton is NULL, and someone is accessing it!

Reading Permanent settings from non-vol...
Checksum for permanent settings:  0x770377f
[00:00:02 01/01/1970] [tStartup] BcmMessageLogNonVolSettings::ReadFromImpl:  (User Interface NonVol Settings) WARNING - Read older version of the settings (0.2); they have been upgraded to version 0.3, preserving original settings.
[00:00:02 01/01/1970] [tStartup] BcmHalIfNonVolSettings::ReadFromImpl:  (HalIf NonVol Settings) WARNING - Read older version of the settings (0.19); they have been upgraded to version 0.21, preserving original settings.
00:00:02 01/01/1970] [tStartup] BcmWiFi80211NonVolSettings::ReadFromImpl:  (WiFi 802.11 NonVol Settings) WARNING - Read older version of the settings (0.8); they have been upgraded to version 0.10, preserving original settings.
[00:00:02 01/01/1970] [tStartup] BcmCmDocsis30NonVolSettings::ReadFromImpl:  (CM DOCSIS 3.0 NonVol Settings) WARNING - Read older version of the settings (0.1); they have been upgraded to version 0.2, preserving original settings.
[00:00:02 01/01/1970] [tStartup] BcmCmSANonVolSettings::ReadFromImpl:  (CM SA NonVol Settings) WARNING - Read older version of the settings (0.8); they have been upgraded to version 0.11, preserving original settings.
[00:00:02 01/01/1970] [tStartup] BcmNonVolSettings::IsDefault:  (CM BFC Event Log) Permanent settings are default!
[00:00:02 01/01/1970] [tStartup] BcmNonVolSettings::IsDefault:  (CWMP Client NonVol Settings) Permanent settings are default!
[00:00:02 01/01/1970] [tStartup] BcmNonVolSettings::IsDefault:  (CWMP Client State NonVol Settings) Permanent settings are default!
[00:00:02 01/01/1970] [tStartup] BcmNonVolSettings::IsDefault:  (PBCA Connected Device Monitor NonVol Settings) Permanent settings are default!
[00:00:02 01/01/1970] [tStartup] BcmNonVolSettings::IsDefault:  (PBCA Content Filter NonVol Settings) Permanent settings are default!
[00:00:02 01/01/1970] [tStartup] BcmN

    Attachments

    CategoryProjekti