"Hacking the Cable Modem" by Ryan Harris, No Starch Press (Amazon
, 283 pages, with decent index) is a new book with the promising subtitle What cable companies don't want you to know
. The book's dedication reads, in part, to all the righteous hackers that have been silenced by greedy corporations
This book describes in some detail hacking victories the author and his crew had over various Motorola Surfboards, a LANCity, a D-link and an RCA model. (Other cable modems listed in a short list in chapter two are labelled as exploit free, at least, so far).
The techniques used to convince cable modems to drop all resistance and bend to the will of the user vary from nonviolent trickery of cable modem software, to forcibly reprogramming the EEPROMs and/or re-instating/re-enabling diagnostic ports dropped from newer versions (dropped probably because of previous hacks).
Once the cable modem is under full control of the Mr Cable Hacker, MAC addresses can be changed (cloning the modem to appear identical to a neighbor), and the holy-grail, uncapping, can proceed. Once uncapped, the modem will go as fast as the head-end can deliver or accept data over the available frequencies. The author states that a typical uncapped modem will currently run about 6 to 10mbit, and sometimes up to 20mbit, downstream.
So for the price of $29.95 can we easily get free internet service, or uncap? Well, no. Casual buyers will be disappointed if they expected a simple guide for their current model. Advanced users will already know much of this information from online resources, including the authors own site. Breaking into a newly released or newly upgraded modem is tricky and clearly not always successful. It requires a number of tools, more than a passing familiarity with MIPs assembler, and a willingness to sacrifice a modem or two in the process. Uncapping a known-exploitable model, and not getting caught, appears to require immersion in a cable modem hacking community - lest your ISP advance their detection methods while you are asleep.
I found the book a little schizophrenic in attitude. A number of remarks throughout by the young author, (from the dedication onward), imply that uncapping, MAC cloning and evading detection, is a noble pursuit, yet the back cover warns, in red, that uncapping violates service agreements and risks a "life" ban by the ISP (in fact, it risks arrest). Within the book the author warns that cable companies can always identify uncapped modems if they devote enough time and energy. In fact, Chapter 23 includes recommendations to ISP engineers on how to improve their systems to more easily defeat and detect cable modem hackers.
There is another curious section in this book I'd like to take issue with. The author concludes in Chapter 3, in a DSL vs Cable presentation, that cable is superior to DSL. The last line reads: For you see, the truth is that if you want broadband, you want cable Internet broadband
. Yet the balance of the book describes something that no DSL customers experience: other users able to clone your MAC address (I've personally been the victim of this, and it created six months of service misery for me), use ten times their fair share of bandwidth (guess whose performance then suffers), sniff downstream data belonging to other neighbors, and generally break out of the box and explore the config of their local node. At least some of the cable modem models can probably be hacked remotely. The book depicts harried cable engineers trying to balance demand and supply of bandwidth spending a lot of time trying to identify hackers who, after they uncap their cable modem and attempt invisibility, presumably use their new-found super status to soak the bandwidth of an area with P2P traffic for free. If you want broadband you want cable? Maybe if you want to hack outside your service agreement at the expense of the service quality of your neighbors, you want cable!
Despite these criticisms, Hacking the Cable Modem is a good introduction to the inner workings of these blinky boxes, and the techniques currently in use by the hacking community to defeat security measures. I do recommend this book to anyone who itched to play with their own cable modem SNMP configuration and menu system.
Unfortunately, from my experience on this site, a lot of kids are also attracted to this subject NOT for pure intellectual curiosity, but because they hope, to put it bluntly, that they can break their service agreement with their ISP, and accelerate their P2P downloading to warp speed. For this reason I believe cable industry professionals should also check out this book, if only to see where they are weakest.
Update: The author, DerEngel, drops in to give his take on the subject: here