2010년 4월 12일 월요일

Hard Reset SB5101 / Debrick - SurfboardHacker Forums

This does NOT work with the TCNiso USBblackcat, nor does it have these capabilities don't polute this thread with the BlackcatUSB

This should ONLY be attempted IF;
1) you know your Jtag works, (i.e. if a parajtag has worked on other modems and your not using the blackcat software).
2) You cannot detect the flash of your modem using the SBHUsbJtag or a Parajtag running Tom's Jtag Util.
3) When you power up the modem all the lights come on and then immediately go out.

Solder some thin wire to the RH leg of the 3.3v power source then run the other end QUICKLY over the 5 inside Jtag pins, then connect your Jtag then enter these commands;

Method 1.
poke fffe230c 3
poke fffe2304 0
poke fffe2300 a
poke fffe2300 9
poke fffe2300 9
poke fffe2300 9
poke fffe2300 9
poke fffe2300 9
poke fffe2300 9
poke fffe2300 9
poke fffe2300 9
poke fffe2300 1c
detect (MAY HAVE TO RE-DO the POKE COMMANDS A FEW TIMES IF DETECT DOES NOT WORK)
ldram 9fc00000 (Select the 2mb dump file)
program 9fc00000 200000


Method 2
detect
ldram boot (Select boot file)
erase boot
sprogram boot
(Power off the modem)
detect
ldram 9fc00000 (Select the 2mb dump file)
program 9fc00000 200000

Textbook Flash chip reset;
Another method is shown in the pic below. 3.3v is applied to the pin 12 of the flash TSOP to reset it. I would recommend soldering a fine wire to the #12 lead first then apply power to it for about a second. You don't wan to accidentally touch the pins on either side. the #27 pin is already attached to a common ground on the PCB.

Attached File(s)

TUTORIAL 5101i

Hello everyone I'm a bit short of time so they put the steps something fast, but they will make amend SB5101 to give them a link included with the files. bin and ambit250 necessary. the blackat not published because there are many links.

http://rapidshare.com/files/154132565/hack_5101.rar.html


TUTORIAL 5101i

Tools and programs.
Ambit.250.
fullflash-250hack_dump_telnet.bin
Firmware-sb5101.mod.10.2.by.fercsa.bin
blackcat-v.128-programer

1-As your full flash flasher.
First check that your connection is correct. Open blackcat.v128. In the console tab.
After seeing that has a bcm3348. This tells you everything is. Ok
Open blackcat.v128. In the flash tab, open there look. WRITE ALL. --- And you put the 250hack_dump_telnet. Bin ---.
This will last you a lot. at least 2 hours.

2-FIRMWARE ACTUALIZASION
At the same flash tab. opened in WRITE. and you put the sb5101.mod.10.2.by.fercsa.bin
In this case the writing starts at 0x10000

3-ACCESS TO THE INTERFACE OF TELNET
This will serve two to see if you and if your moden design work.
Enter through http://192.168.100.1
Remember to respect the capital letters.
login: Infinite password: SetValue

4-CONFIGURATION AND CHANGES BY TELNET MODEN
A-to activate the BIS.
Run cmd.exe ... ... ... ..
Write clik enter telnet -----
Type or ------ clik enter 192.168.100.1
login: admin password: infinite
You give him two times while inside enter
Write non-vol cd clik enter ----
Cd write clik enter DOCSIS -----
Enable bpi true write clik enter -----
0 ------ write clik enter bpi_version
Write write clik enter -----

5-CHANGE OF MAC
can be done by telnet and ambit250.
I set some options.
For telnet:
Stop scanning frequency:
cd / cm_hal
scan_stop
September custom config:
cd / non-vol/docsis
force_cfgfile enable true
dhcp_settings
[Just press enter]
[Just press enter]
[Just press enter]
yes
10.10.10.10 (this your tftp server address - local tftp server not allowed, this is a bug ..)
config.cfg (config name)
[Just press enter]
[Just press enter]
write
Change MAC address to 00:11:22:33:44:55
cd
2155776876 write_memory 0x00
2155776877 write_memory 0x11
2155776878 write_memory 0x22
2155776879 write_memory 0x33
2155776880 write_memory 0x44
0x55 write_memory 2155776881
cd / non-vol
write

DOWN BY SOME THAT AMBIT250.HAY necessary patches.
The only thing I see with suspicion is that the lights do not work but everything works well, to see the functionality of the moden have to go screen telnet interface.

Motorola SBG9000 with USBJTAG

Salu2 Hello to everyone: little brother who has integrated the router SBG900 is the echo I do not have as many loses kiss when you edit the router but still have a tutorial here: Programming Motorola SBG9000 with USBJTAG nt, NOTE: This document is made for educational purposes, any other use and / or other purposes is the sole responsibility of the user.
The cable modem must be disconnected from electricity, when uncovered and also when
USBJTAG connect.

1 .- off all (light and PC)
2 .- open the SBG900
3 .- connect the SBG900 USBJTAG NT
4 .- NT connect to the PC USBJTAG
5 .- connect the SBG900 to light
6 .- Program

- Baja Firm_sgb900_BPI_OK_Consola flash, this has enabled telnet, thus it
can change the mac with the commands.
.- Subes full flash with the cable USBJTAG (selects first and foremost in the model SBG900
USBJTAG your program in "Tools" - "Settings")
detect
9fc00000 ldram
400,000 9fc00000 program
9fc00000 cmpram 400,000

First identified as modem SBG900 opens:


1 .- It has a screw in the upper back, 2 .- take off the label.


3 .- Remove the tabs careful not to break.


We revealed the equipment carefully to avoid breaking the antenna.


Already open, we seek to connect the USBJTAG nt.


Identify the pin 1 and connect the USBJTAG, red is the pin1,
USBJTAG not connected to anything when you connect the SBG900 (the usb jtag should not be
connected to the CPU)
SBG900 team should not be connected to the light when you connect the USBJTAG


Already connected the computer proceed to the software.

Aa USBJTAG connect the PC (for this and must be connected to the SBG900)
Then connect the modem to light
open the program usbjatg


Open the program and see if the USBJTAG detected as connected, configured to do
the SBG900 which is the model we will use


We selected the model


We write in the box below and we detect enter (my details are fuzzy to avoid misunderstanding)

haxorware sb5101i blackcat

Educate step by step tutorial with haxorware sb5101i blackcat * Newbies * with PICS: WARNING: This document is made for educational purposes, any other use and / or other improper purposes, is the sole responsibility of the user, this document only has to to explain the use of this utility, the use of this / these soft / s, research and understand the technology system HFC (cable Internet system).

First of all we need the hardware and software material (program).

The physical material is:

1 - blackcat Cable: This cable is happy to connect the modem board to the computer via LPT port. Deputy picture as connecting cable. This cable can do it yourself or buy it on eBay for about 12 €, just put in looking for Motorola jtag cable and is for 5101. If you want to do it yourself here I leave you the manual. Cable photo: photo Blackcat:

---------- 2 - Cable modem sb5101i: because that the device in question to educate. What we have to do is open the modem with these hex wrench and remove the screw from behind and then remove the sticker on the bottom and the lights, then open the two pins holding and finally remove the plaque. The modem but what you can buy one on eBay for about 30 or 40 €.
3 - fine point soldering, tin, and strip pin: the iron and tin in the hardware store you can buy it in about 12 € and strip pin going to an electronics store and say so as is the clerk to sell you a strip of pins, which costs about 3 € and brings many pin for that and then welded to the plate in the jtag port. Although we are only going to be welded 8 pin modem.
Summarising this material can cost about 60 €

The course material or programs are:

1 - Schwarze Katze (build 128) and the corresponding flaship.dll 5101i modem with bcm3349. To learn more about the flaship.dll something we need here
With this program we would be better to educate the modem. There are others who use the jtagutility but I will explain this as newbie like me is easier than the other is with commands.

2 - what we also need to change the modem which would in this case the firmware, the bootloader or the complete flash. Download everything from here

o The firmware: this is part of the flash, in this case we use the 1.1 haxorware rev.30 and explain how to upgrade to future rev.31 eg no need to re-flash the modem.

o bootloader it is also a part of the flash and low on the same page where the firm.

o flash: are the two things together, ie, firmware + bootloader. If you want to get the full flash, then download a flash backup of the downloads section that matches your flash (and tell you how you know that flash).

o memory: the only use for backup or backup of her but not modify. We backup in case we died the modem and had to recover at all, that for this there is another manual here

In short you can change both (firm + boot) individually or get directly to flash. Here I will explain the two ways:

Well once we have all this clear and we get the right material to work, doing the following steps prior to educate, that is, we will prepare the modem.

First we take the modem and removed the screw on the back side with these hex wrench, then the sticker on the bottom (in this sticker tells us if the modem is version i, e, etc.). Then remove the sticker of the LEDs, and finally with some tweezers or small flat screwdriver to open it from the bottom and came to the plate. After removing the plate, we take 8-pin strip and carefully solder the jtag port (photo port):

---------------
the modem (photo):

-----------
Once this is done you connect the blackcat cable (photo link):

-----------
and the other end to the printer port on the motherboard (it is best if your motherboard already has the integrated port and buy a pci card with ltp port because it is giving problems or errors).

Once connected to the motherboard you plug the light cord. Now go and open the program Skatze and we should detect the modem (photo detection) (but what does is because it might connect the cable BC backwards on the plate, flip over and re-plug):

---------------
Well before we forget we give first click options and uncheck "Verify Written data (photo Verify):

---------
Well now we will proceed to make a backup of the parties to the modem.

Backup or Backup:

1. Create a folder and set its name within such Modem and another that says backup, then go to Skatze and give to the Flash tab and click detect, we should detect the flash on the bottom (photo flash):

----------
This information is important for example if you download a full flash downloads section and you want to download directly without firm + boot. Then we click on read all, what we do is read all the flash of the modem and give in read only as you read just the firmware. Well once you finish reading you will get a window and look for the backup folder, you put the name or firmware flash as you read.
2. After we moved to the Memory tab and read all we click (Photo Memory):

-------
and so, when you finish reading out the window and put the name and save.
3. We spent the SB5100 tab and bootloader section we give the same read and hope to complete and maintain.
With this we end up making our modem backup. Read the flash and the memory takes time but the bootloader not so OK.

Educating the modem:

But in another folder inside the modem create another with the name there firmware for example and put the firmware and the bootloader or flash that we have downloaded, in this case the Haxorware rev30 and upgrade to 31 and then explain how Web do so for future updates.
1. Once the backup, you do not have unchecked olvideo Written verify dates of options. Go to the tab flash click detect and eye. We will click if we write down only the firmware and we seek and give open and if we question the direction we write 10000 (ten thousand). But if you put the full flash you downloaded all you give to write the show you want and give in, it does not need write address, then start writing.
2. Once you finish putting the firm or the flash pass to the SB5100 tab and in the bootloader section you give the little icon in the folder and look for the bootloader and then give to open the Flash button. Once you finish it and say install complete, we would have our modem Educated.
Now we take and unplugged from the light and removed the blackcat cable and reassembling the modem, put plate, insert the LEDs, cover, screw and leds sticker sticker only black and the other is not going to serve but that if before throwing fijate letter has provided the modem in this case must be the i (sb5101i) I say this because for future questions in the forum you'll need.

Finally, and only we would configure the modem via the web. To this I attached photos of my setup so you have to be activated. Well at least what I have turned my work, maybe some others can be marked and un.

We connect the network cable to the modem, then the coaxial cable and finally the light. We leave it to be turning on the lights and take frequently. Once you take should be the frequency of blinking only online and that's where we get first network connections and configure a static ip with this data:
Ip: 192.168.100.10
Msubred: 255.255.255.0
Gateway IP Address: 192.168.100.1

If you have problems setting the ip manually, look at this video tutorial
Then we go to the Internet and http://192.168.100 and would enter the modem configuration web. We go to the part of Addreesses and change the HFC mac one we've exchanged with someone from another node or city that is not ours. We change the Ethernet MAC by any other, could be the same as the hfc but the last two numbers changed. The same thing we do with Usb mac and finally change the serial numbers by 24 and we want them to save and reboot. If after you restart the modem is still blinking of onlines only change the hfc mac and give to save reboot until all the lights are fixed and that's where we put back the values of the automatic ip and then you have the Internet.

FAQ:
If you do not pass after a while the lights send or Receive frequency manually configure the Frequency section on the website of modem. And we DOCSIS annex in plan: American in freq1 627,000,000 in freq2 547,000,000, 615,000,000 and in freq3 channel: 1. frequencies may vary according to your city if something is I'm from Alicante. We give to save and reboot.

Well the other settings you can look at the pictures to put the put at the end of the post. But also I write will not be to remove the images from the host. In the section to base line privacy in BPI: BPI + bypass and save and reboot.
In the Settings section, we will check all 6 boxes and save and reboot. From this I have great idea but again this is how I work to me.

Finally update the modem with a new firmware rev31 eg, go to the firmware upgrade section and give to examine (photo update):

----
We seek in this case update rev31 and we finally open and upload, we hope to complete and restart and you're done already.

It is possible to educate the modem depending on the city from which you have to place the modem in hybrid mode to see if your city is DOCSIS or EuroDOCSIS pasate here and to put it in hybrid mode here

It is also very important section of event log, because sometimes when you have problems in future it would be best to copy and paste what it says here in the forum for help in a better way, always saying the model of modem you have.

If you need is a mac, you have to drop by the thread of exchange here, but before you scan your doing in your area with this program Ip Full View low as you download area and here the manual, look at you also Macs that can not be used here

If you have passed a list of mac and do not know that they serve you look at this

But you know what some words mean stop by the dictionary

For everything else there is mastercard or ask in the forum. I ask the more expert help to resolve the doubts and concerns of users as I am a freshman and I have little idea about this. I made this tutorial based on my experiences and everything I've done and tested. Also with a bit of all the forum threads to answer frequently asked questions.

Pictures of my setup:

Settings:

------------------- Remember to choose DOCSIS American and European EuroDOCSIS choose and that the frequency can vary depending on the node, the day .....

- Hey brothers hope will be useful author, is the companion mauro669 but have not met him over here I give the grasias.