dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9693
share rss forum feed


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to life

Re: Fair warning! 3rd party purchase of U-verse IPDSLAM modem

I'm a graduate student at USC in Computer Engineering, so I think I can handle getting into the router on my own

It's just a question of whether or not I want to spend time doing that. I purchased a NVG510 off eBay for $10, so that will probably lessen my desire to break into the 2210.
--
University of Southern California - Fight On!



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

1 edit
reply to DataRiker

said by DataRiker:

No.

If it were just a matter of linux I could certainly help you out. Most modems have the firmware tightly locked.

Although I don't own nor have ever used this modem, so I could be wrong.

I'm thinking there are a number of ways into this thing:

1. It as a built-in, but disabled, Telnet server. If I could activate the telnet server, it seems like changing out the cert is straightforward (from the Netopia manual for the generic 2210).

2. It probably has either a JTAG or COM interface (or both). I popped it open, but didn't find any locations on the board that screamed JTAG/COM to me. There are a number of highlighted test points (one group of 7, another group of 3). I'm thinking there could be something there.

3. Dump the whole filesystem, find the cert, and replace it/reflash the memory

Unfortunately 1 and 3 require reading out the memory chip, which is definitely possible, but the setup time could be extensive. 2 is easy if you get lucky and find the interface you're looking for quickly, but that's a long shot. It'd be better if I could find a datasheet for the Infineon psb7100 chip inside the modem, but I haven't found one.

Edit: some more digging turned up that the PSB 7100 is based on an old TI AR7 design, which does have a UART interface. No idea if that interface has stuck around in the Infineon branded chips, but it seems like a good place to start.
--
University of Southern California - Fight On!

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8

If you have the new cert, yes. But that's the problem... you'd have to "hack" one that works to get it's cert to fix the one that doesn't. And if you have one that works, you don't need to do any of this.

(BTW, there are ways to get the serial console / telnet access enabled on the NVG. Retreiving the cert, is another matter.)



DataRiker
Premium
join:2002-05-19
00000

said by cramer:

If you have the new cert, yes. But that's the problem... you'd have to "hack" one that works to get it's cert to fix the one that doesn't. And if you have one that works, you don't need to do any of this.

(BTW, there are ways to get the serial console / telnet access enabled on the NVG. Retreiving the cert, is another matter.)

Exactly


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to cramer

Click for full size
Success
--
University of Southern California - Fight On!


ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9

Any details on how said success has been attained?



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

I'll throw together a quick tutorial when I have some time over the next few days. To summarize: copy AT&T/Moto root CA certs from NVG510, activate telnet on the 2210, install new certs, reboot.

It's actually a good thing AT&T sent me a NVG510. It's much easier to get the CA certs from it compared to the 2210.
--
University of Southern California - Fight On!



ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9

Has your 2210, now that it has connected, tried to download the new firmware yet?

The process seems fairly straight forward -- well done =)



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to David

Not sure if this is allowed. If it isn't, mods you can remove it or ATT people, PM me and I will take it down ASAP.

Here's what I believe to be the 7.8.7r27 firmware for the 2210.

MD5 (nta787r27_attsw.bin) = 715b2b5d3071731fffbb91ca686a5377

WARNING: I have NOT tested this. I have no idea if it works. I have no idea if it will brick your modem. I have no idea if it will allow your outdated 2210 to get online. You use this completely at your own risk.
That being said, if you try it and it works, let me know
--
University of Southern California - Fight On!


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to ILpt4U

said by ILpt4U:

Has your 2210, now that it has connected, tried to download the new firmware yet?

The process seems fairly straight forward -- well done =)

I finally let the modem stay online for more than a few seconds tonight (I pulled the plug the other day after seeing authentication pass so it wouldn't update). It connected to the ATT CWMP server, received a config file (I think), then it downloaded the firmware file. All this occurred within 30 seconds of the modem being online.

About a minute later, it flashed the firmware file and automatically rebooted into 7.8.7r27.
--
University of Southern California - Fight On!


geraldo

@sbcglobal.net
reply to Mangix

if im not mistaken, the 2310 is for vdsl, not adsl. might be a different method of authenticating.



ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
Reviews:
·AT&T U-Verse

said by geraldo :

if im not mistaken, the 2310 is for vdsl, not adsl. might be a different method of authenticating.

The 2310 is for VDSL, but both the ADSL2+ and VDSL2 modems use the Certificate Authentication

alex14464

join:2004-11-11
Bonne Terre, MO
reply to Thinkdiff

I tried it and it works!!!!! thanks Thinkdiff just downloaded the zip, unziped and updated my modem and it came right on



brg

join:2001-01-03
Chicago, IL
kudos:1

said by alex14464:

I tried it and it works!!!!! thanks Thinkdiff just downloaded the zip, unziped and updated my modem and it came right on

Can you document how you updated the modem?


madbear

join:2000-09-03
Veedersburg, IN

Well, last night I screwed my courage to the sticking point, and gave it a try...

Success!

Easy - unzip the file, go into the modem's "Advanced" menu and select "Update Modem." Browse to the unzipped .bin file location, select the firmware update and proceed (sorry, I can't remember the exact button names). The update happens in a few seconds.

I went back in under "Connection Configuration" and selected "Yes, use public IP address" and configured my WNR3500L to get the Internet IP address dynamically from ISP (the 2210 with the current firmware passes the subnet mask correctly to the router, unlike the NVG510), and I was in business.

The log file from initial powerup while connected to the line initially shows the 802.1X Supplicant - FAILURE error, but after about a minute shows "Client Acquired Net Parameters". There's something about "Certificate Verify Success", "Connection Request username changed" and "Connection Request password changed" in there as well.

So all seems well... for the time being. Does anyone know how often those certificates are updated? I really like having a spare modem around in case of emergency, but am I going to have to pull it out of storage every few months and connect it to keep its firmware/certificates current?

And thanks for posting r27!



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

said by madbear:

So all seems well... for the time being. Does anyone know how often those certificates are updated? I really like having a spare modem around in case of emergency, but am I going to have to pull it out of storage every few months and connect it to keep its firmware/certificates current?

Here are the expiration dates for the certificates I extracted from the NVG510. I assume r27 contains the same ones:

SBC Services , Inc Root CA - August 22, 2012
SBC Services, Inc. Enhanced Services CA - August 22, 2012
ATT Services Inc Root CA - February 24, 2031
ATT Services Inc Enhanced Services CA - February 24, 2021
Motorola 802.1x Root CA - June 19, 2019
Motorola 802.1x AAA server CA - June 19, 2019
 

So it looks like you're safe until June 19, 2019, unless AT&T decides to change something else. If the Motorola CA isn't used, then you have even longer (2021)!
--
University of Southern California - Fight On!


madbear

join:2000-09-03
Veedersburg, IN

Heh - it'll be a really sorry state of affairs if I'm still on IP-DSLAM U-verse in 7 years...

But stranger things have happened!

Thanks again



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to David

FWIW, it seems that the NVG 510 also has the same problem. I purchased one off eBay and it failed authentication the first time I plugged it in. Somehow it was able to download a firmware update and apply it automatically, though. Would've been nice if that functionality was included on the 2210!
--
University of Southern California - Fight On!


andrewcfitz

join:2012-01-23
reply to David

Will this one work? Or do I need an AT&T specific one?

»www.amazon.com/Motorola-2210-02-···02KCNW2Y



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

Just judging by the picture, that won't work. You need the black Motorola 2210-02-1ATT.
--
University of Southern California - Fight On!



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

1 edit
reply to andrewcfitz

said by andrewcfitz:

Will this one work? Or do I need an AT&T specific one?

»www.amazon.com/Motorola-2210-02-···02KCNW2Y

Will it work for what?

The model number in the on-line ad does not explicitly say 2210-02-1ATT, and the image shows what appears to be the old silver case ATM based DSL modem (the 2210-02-1ATT modems that I have seen were black, but perhaps not all of them are). The somewhat vague description combined with some of the user feedback comments also seems to point to it being a standard ATM based DSL modem (and being one of the batch of 2210's that tended to self destruct). If that is so, then it would possibly work just fine if you connect it to a traditional ATM based DSL circuit (if it is not one of the "easy-bake" modems that cook themselves).

Unfortunately, Amazon is infamous for not posting the correct images for products that they sell, and for not fully disclosing exactly what model of any particular product is actually being sold. So unless you can get Amazon to fully identify the model number, there really isn't any way to know for sure other than buying one and seeing what is actually shipped.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


David
I start new work on
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:101
Reviews:
·DIRECTV
·AT&T Midwest
·magicjack.com
·Google Voice
reply to David

He's wanting to use it for IPDSLAM, I don't think the silver modems have that capability. This one has the -1ATT at the end of it. Not saying the firmware might work but if you try it on there and brick the modem, then it's exactly that... a brick.