hacker:: [[turmio]] description:: Hacking Ciscos cable modem used by DNA (EPC3825) started:: <> * Serial pins: https://wiki.openwrt.org/toh/cisco/epc3208g * https://wiki.openwrt.org/toh/cisco/epc3925 * Similar output: http://pastebin.com/1jZQHNz4 Boot output from serial: {{{ BCM338031 TP0 1 Sync:1 346890 SA BootLoader Version: 2.3.0_R3(S) Release Gnu spiboot reduced DDR drive Build Date: Sep 21 2009 Build Time: 15:57:39 SPI flash ID 0xc22017, size 8MB, block size 64KB, write buffer 256, busy bit 1 Found image 1 at offset 20000 Found image 2 at offset 400000 eCos - hal_diag_init Init device '/dev/BrcmTelnetIoDriver' Init device '/dev/ttydiag' Init tty channel: 81268dd0 Init device '/dev/tty0' Init tty channel: 81268df0 Init device '/dev/haldiag' HAL/diag SERIAL init Init device '/dev/ser0' BCM 33XX SERIAL init - dev: 0.2 Set output buffer - buf: 0x81322a28 len: 4096 Set input buffer - buf: 0x81323a28 len: 4096 BCM 33XX SERIAL config Init device '/dev/ser1' BCM 33XX SERIAL init - dev: 0.3 Set output buffer - buf: 0x81324a28 len: 4096 Set input buffer - buf: 0x81325a28 len: 4096 BCM 33XX SERIAL config 'LsSpiInit 3380 [00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitStorageDrivers: (BFC Target) Configuring/Loading Flash driver... [00:00:00 01/01/1970] [tStartup] BcmSpiFlashDevice::DetectFlash: (SPI Flash Device Factory) WARNING - Detected SPI flash with JEDEC ID =0xc22017 [00:00:00 01/01/1970] [tStartup] FlashDeviceDriver::SpiFlashPlaceRegions: (Flash Driver C API) WARNING - Permanent NonVol would fit in the boot block of this flash device, but I found existing NonVol in the following block; using this location instead... [00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitStorageDrivers: (BFC Target) Loading BootloaderStore driver... [00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitStorageDrivers: (BFC Target) Loading ProgramStore driver... ProgramStoreDeviceDriver::ProgramStoreDriverInit: INFO - Initializing... [00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitStorageDrivers: (BFC Target) Loading NonVol driver... [00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitStorageDrivers: (BFC Target) Storage drivers initialized successfully. [00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitDeviceAbstractions: (BFC Target) Creating singletons for ProgramStore/BootloaderStore/NonVol devices... Detecting the next image number that we will store to by default... Bootloader indicates we are running image 2 By default, we will dload to image number 1! [00:00:00 01/01/1970] [tStartup] BcmBfcStdEmbeddedTarget::InitDeviceAbstractions: (BFC Target) Device abstraction singletons created successfully. BcmCmDocsisNonVolSettings::GetSingletonInstance: WARNING - the singleton instance is NULL, and someone is accessing it! SAHttpCacheVariables::GetSingletonInstance: WARNING - the singleton instance is NULL, and someone is accessing it! Setting up the SAHttpCacheVariables singleton pointer. CmSnmpNonVolSettings::GetSingletonInstance: WARNING - the singleton instance is NULL, and someone is accessing it! CmSnmpNonVolSettings::GetSingletonInstance: WARNING - the singleton instance is NULL, and someone is accessing it! CmSnmpNonVolSettings::GetSingletonInstance: WARNING - the singleton instance is NULL, and someone is accessing it! BcmCmSANonVolSettings::GetSingletonInstance: WARNING - the singleton instance is NULL, and someone is accessing it! [00:00:02 01/01/1970] [tStartup] CwmpClientStateNonVolSettings::CwmpClientStateNonVolSettings: INFO - ****** Constructor called ****** [00:00:02 01/01/1970] [tStartup] CwmpClientStateNonVolSettings::ResetDefaults: INFO - ****** ResetDefaults called for Dynamic section, setting version to 0.1 ****** [00:00:02 01/01/1970] [tStartup] CwmpClientStateNonVolSettings::ResetDefaults: INFO - ****** ResetDefaults called for Permanent section, setting version to 0.1 ****** [00:00:02 01/01/1970] [tStartup] CwmpClientStateNonVolSettings::CwmpClientStateNonVolSettings: INFO - Setting up the singleton pointer. BcmPcpClientServiceAppIf::GetSingletonInstance: WARNING - the singleton is NULL, and someone is accessing it! Reading Permanent settings from non-vol... Checksum for permanent settings: 0x770377f [00:00:02 01/01/1970] [tStartup] BcmMessageLogNonVolSettings::ReadFromImpl: (User Interface NonVol Settings) WARNING - Read older version of the settings (0.2); they have been upgraded to version 0.3, preserving original settings. [00:00:02 01/01/1970] [tStartup] BcmHalIfNonVolSettings::ReadFromImpl: (HalIf NonVol Settings) WARNING - Read older version of the settings (0.19); they have been upgraded to version 0.21, preserving original settings. 00:00:02 01/01/1970] [tStartup] BcmWiFi80211NonVolSettings::ReadFromImpl: (WiFi 802.11 NonVol Settings) WARNING - Read older version of the settings (0.8); they have been upgraded to version 0.10, preserving original settings. [00:00:02 01/01/1970] [tStartup] BcmCmDocsis30NonVolSettings::ReadFromImpl: (CM DOCSIS 3.0 NonVol Settings) WARNING - Read older version of the settings (0.1); they have been upgraded to version 0.2, preserving original settings. [00:00:02 01/01/1970] [tStartup] BcmCmSANonVolSettings::ReadFromImpl: (CM SA NonVol Settings) WARNING - Read older version of the settings (0.8); they have been upgraded to version 0.11, preserving original settings. [00:00:02 01/01/1970] [tStartup] BcmNonVolSettings::IsDefault: (CM BFC Event Log) Permanent settings are default! [00:00:02 01/01/1970] [tStartup] BcmNonVolSettings::IsDefault: (CWMP Client NonVol Settings) Permanent settings are default! [00:00:02 01/01/1970] [tStartup] BcmNonVolSettings::IsDefault: (CWMP Client State NonVol Settings) Permanent settings are default! [00:00:02 01/01/1970] [tStartup] BcmNonVolSettings::IsDefault: (PBCA Connected Device Monitor NonVol Settings) Permanent settings are default! [00:00:02 01/01/1970] [tStartup] BcmNonVolSettings::IsDefault: (PBCA Content Filter NonVol Settings) Permanent settings are default! [00:00:02 01/01/1970] [tStartup] BcmN }}} === Attachments === <> ---- CategoryProjekti