|
|
|
Modem Hacking-
Author- Saikat Basu.
Hey, I am back and this time with the modem hacking article as I had promised last time. Modem hacking is also called uncapping, for, one of the many ways in which a modem can actually be hacked, is the process of removing the manufacturer imposed restrictions on the inbuilt characteristics of the modem. This includes mainly the uplink and the downlink rate. Most of the modem manufacturers actually impose this limit by default and uncapping this is really a reverse enginering marvel.
Well guyz, today u ll come to know some of the intricacies of one of the superb example of the architecture and working of an embedded system, our good old frnd Mr. Modem. Actually, there are a lot of things that a modem actually does, other than just MODulation-DEModulation.
Being an embedded system, it is not very different from other digital devices, and has its own firmware, installed by default. For those of u who dont know what a firmware is, it is basically, the software backbone of a device, namely, the operating system. Just visit the link http://192.168.1.1 , or whatever may be the ip address of your router, the modem here. Here you can check the firmware name and version your modem is using. Now , you must be knowing of MAC addresses. For those who dont, it is the hardware address of a system placed on a network. For a cable modem, this MAC address is called Hibrid Fibre Coax (HFC) MAC address or in short, HMAC. The cable companies identify the modem by its MAC address. Each cable company maintains a database of MAC addresses of its member devices. So, when the modem boots up it obtains its network address, namely the IP address , by either the DHCP or BOOTP. Details of these can be found through googling. Now once it obtains the network address, next, it downloads the configuration file from a remote TFTP server. It is this configuration file that is important in deciding the various operating parameters of the modem I mentioned earlier.
Now, that we have a very basic idea about the working lets think how to get through or rather get in? Its very important for a hacker to understand the architecture of a device very well to be able to actually compromise it. Now I get to the actual point. There are many ways. But the easiest one is also the simplest. For this we turn to a phenomenon called MAC trading. Here, different people trade their MAC addresses with others in a different network segment, in order to improve their config file configuration. Once they have traded the MACs the next step is MAC spoofing. This is nothing but in simple words, impersonating yourself as someone else. But, remember, the two identical MACs must be in different network segments, for otherwise, the two identical MACs in the same segment will make them enter an infinite reboot loop. so, be careful. But this is only one way. Other complex and more interesting approaches exist. The first one that comes my mind is Reverse engineering. This is done by manually opening the modem, then, taking the chip, and feeding it in a hyperterminal or teraterm.
Now, the chip can be reprogrammed and again fed onto the modem. A great example of reverse engineering, indeed.
Now, the second method. This involves IP spoofing. Here, we note the IP address of the TFTP server and make the modem download the config file locally from the local TFTP server. However, here we have various problems like HMAC-md5 checksum checking, which creates a md5 digest of the config file and prevents duplicacy. But the solutin to this is to remove this checksum from the digest. Well, all this is cryptography stuff, dat I am going to cover some other day.
Lastly, I would like to show you the most interesting and flexible way. That is, designing your modules to be put inside the modem. This involves Cross-platform compilng. Here, we generate code in C or C++, compile them using GCC, use VxWorks module library functions, and then put the compiled program into the modem. This cross-platform compatibility between GCC and MIPS ( Microprocessor without Interlocked Pipeline Stages) is very helpful in MODEM hacking.
Thats all for today.
Leave your opinions and suggestions at deepbasu007@gmail.com
|
|
|
|
|
|
|