dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
26
share rss forum feed


KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK
reply to David

Re: Fair warning! 3rd party purchase of U-verse IPDSLAM modem

Answer: The firmware is not available in an off-line package that can be used on that page, it is only made available via network push.

And this was clearly by design. Engineered obsolescence and control. Buy from us, and us only--- at whatever price we dictate.... or worse, we won't sell it, and charge you a monthly rental fee.

Honestly: This type of crap ought to be illegal.
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

1 edit

said by KrK:

Answer: The firmware is not available in an off-line package that can be used on that page, it is only made available via network push.

And this was clearly by design. Engineered obsolescence and control. Buy from us, and us only--- at whatever price we dictate.... or worse, we won't sell it, and charge you a monthly rental fee.

Honestly: This type of crap ought to be illegal.

Agreed. I think it's ridiculous that AT&T calls these "third-party" modems, when they originally sold them. What does it matter if I bought it from somebody else? Obviously this is done to kill the aftermarket and force their $100 fee on everyone.

If my modem is "outdated", then I'm hoping to figure out a way to upgrade it manually, but I'm not so confident it'll be possible.
--
University of Southern California - Fight On!

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
reply to KrK

Correct. But it's about protecting that certificate. With that cert, you can get anything to sign-on as anyone. (in fact, you could get almost any PTM capable VDSL/ADSL modem to work.)



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

And what is the downside of using any modem? It worked just fine with ATM based ADSL (from a consumer standpoint).

I don't understand AT&T's stranglehold on the modem, other than they really don't want to lose out on the modem fees.
--
University of Southern California - Fight On!


cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9

The modem isn't the issue. Securing access to the network is. Uverse isn't using PPPoE to identify accounts. People are a lot more careful with their username/password; they cannot be with a device serial number and the same cert used by everybody. (read: everyone has the same username (cert) and the serialno is the password.) Granted, one still needs physical access to the network (read: dsl service) for this to work -- 'tho DSLAM ports can be turned on and off. [that's what we used to do sans PPPoE... customer stops paying the bill, we turn the port off.]



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

The CA is public knowledge. You can distribute it anywhere without any loss in security. Presumably the modem has other identifying certs or serial numbers that are used during the 802.1x authentication process.

Even without that, you said it yourself. Authentication is mainly handled at the physical level by deactivating the port at the CO. The rest is just to keep unauthorized modems (not users) off the network.
--
University of Southern California - Fight On!



LightS
Premium
join:2005-12-17
Greenville, TX
reply to KrK

said by KrK:

Answer: The firmware is not available in an off-line package that can be used on that page, it is only made available via network push.

And this was clearly by design. Engineered obsolescence and control. Buy from us, and us only--- at whatever price we dictate.... or worse, we won't sell it, and charge you a monthly rental fee.

Honestly: This type of crap ought to be illegal.

I agree. It's a huge load of BS, & David continues to avoid that. It's obviously available, they just choose to not make it available. This is why I will never have AT&T again until they change their shoddy business practices.

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
reply to Thinkdiff

said by Thinkdiff:

The CA is public knowledge.

CA (Certificate Authority)... yes, the public key is public, but it's only used to verify a signed certificate. Either the CA signing certificate (a closely guarded secret) or the device's authenticating certificate (signed by the CA, the same on every device) has expired. The authentication cert is NOT public knowledge. AT&T is not going to put it anywhere it can be easily extracted. (aside from the device that uses it. and even there, it's not easy.) If they were actually turning ports on and off, they wouldn't need this mess.

It's rather a moot point as there's currently no market for VDSL modems.


David
I start new work on
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:101
Reviews:
·DIRECTV
·AT&T Midwest
·magicjack.com
·Google Voice

2 edits
reply to LightS

said by LightS:

I agree. It's a huge load of BS, & David continues to avoid that. It's obviously available, they just choose to not make it available. This is why I will never have AT&T again until they change their shoddy business practices.

I am not avoiding it I am just reporting it. From what I got the modems that are actually be affected isn't going to be a very large number.

Technically I didn't have to say or post anything at all, please keep that in mind.

--
If you have a topic in the direct forum please reply to it or a post of mine, I get a notification when you do this.
Koetting Ford, Granite City, illinois... YOU'RE FIRED!!


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

Appreciate the information, as now I'll know why my modem might not work next week.

Still wish AT&T would be more accepting of the third-party market. Not only does it save the customer some money (making them happier), it's also less wasteful. Tons of AT&T modems are sitting around in closets unused because they try to force brand new equipment on everyone.
--
University of Southern California - Fight On!



life

@sbcglobal.net
reply to Thinkdiff

Hey man, you're ic Cali, right?? Simply find a forum over at UCal/Berkeley and talk to some linux/unix geeks.. .. .. problem solved. someone over there will at least be able to point you to how to access/program the darn thing from command line; if you're so inclined. take care. Have A Healthy, Prosperous Day!
---out here.. .. ..
---10th SFG(A) --> 'kill 'em all....let god sort 'em out!"



DataRiker
Premium
join:2002-05-19
00000

said by life :

Hey man, you're ic Cali, right?? Simply find a forum over at UCal/Berkeley and talk to some linux/unix geeks.. .. .. problem solved. someone over there will at least be able to point you to how to access/program the darn thing from command line; if you're so inclined. take care. Have A Healthy, Prosperous Day!
---out here.. .. ..
---10th SFG(A) --> 'kill 'em all....let god sort 'em out!"

No.

If it were just a matter of linux I could certainly help you out. Most modems have the firmware tightly locked.

Although I don't own nor have ever used this modem, so I could be wrong.


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to life

I'm a graduate student at USC in Computer Engineering, so I think I can handle getting into the router on my own

It's just a question of whether or not I want to spend time doing that. I purchased a NVG510 off eBay for $10, so that will probably lessen my desire to break into the 2210.
--
University of Southern California - Fight On!



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

1 edit
reply to DataRiker

said by DataRiker:

No.

If it were just a matter of linux I could certainly help you out. Most modems have the firmware tightly locked.

Although I don't own nor have ever used this modem, so I could be wrong.

I'm thinking there are a number of ways into this thing:

1. It as a built-in, but disabled, Telnet server. If I could activate the telnet server, it seems like changing out the cert is straightforward (from the Netopia manual for the generic 2210).

2. It probably has either a JTAG or COM interface (or both). I popped it open, but didn't find any locations on the board that screamed JTAG/COM to me. There are a number of highlighted test points (one group of 7, another group of 3). I'm thinking there could be something there.

3. Dump the whole filesystem, find the cert, and replace it/reflash the memory

Unfortunately 1 and 3 require reading out the memory chip, which is definitely possible, but the setup time could be extensive. 2 is easy if you get lucky and find the interface you're looking for quickly, but that's a long shot. It'd be better if I could find a datasheet for the Infineon psb7100 chip inside the modem, but I haven't found one.

Edit: some more digging turned up that the PSB 7100 is based on an old TI AR7 design, which does have a UART interface. No idea if that interface has stuck around in the Infineon branded chips, but it seems like a good place to start.
--
University of Southern California - Fight On!

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9

If you have the new cert, yes. But that's the problem... you'd have to "hack" one that works to get it's cert to fix the one that doesn't. And if you have one that works, you don't need to do any of this.

(BTW, there are ways to get the serial console / telnet access enabled on the NVG. Retreiving the cert, is another matter.)



DataRiker
Premium
join:2002-05-19
00000

said by cramer:

If you have the new cert, yes. But that's the problem... you'd have to "hack" one that works to get it's cert to fix the one that doesn't. And if you have one that works, you don't need to do any of this.

(BTW, there are ways to get the serial console / telnet access enabled on the NVG. Retreiving the cert, is another matter.)

Exactly


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to cramer

Click for full size
Success
--
University of Southern California - Fight On!


ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9

Any details on how said success has been attained?



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

I'll throw together a quick tutorial when I have some time over the next few days. To summarize: copy AT&T/Moto root CA certs from NVG510, activate telnet on the 2210, install new certs, reboot.

It's actually a good thing AT&T sent me a NVG510. It's much easier to get the CA certs from it compared to the 2210.
--
University of Southern California - Fight On!



ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9

Has your 2210, now that it has connected, tried to download the new firmware yet?

The process seems fairly straight forward -- well done =)



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

said by ILpt4U:

Has your 2210, now that it has connected, tried to download the new firmware yet?

The process seems fairly straight forward -- well done =)

I finally let the modem stay online for more than a few seconds tonight (I pulled the plug the other day after seeing authentication pass so it wouldn't update). It connected to the ATT CWMP server, received a config file (I think), then it downloaded the firmware file. All this occurred within 30 seconds of the modem being online.

About a minute later, it flashed the firmware file and automatically rebooted into 7.8.7r27.
--
University of Southern California - Fight On!