Cable Modem Cloning Hacking Communication Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Cable modem is a communication device. This device allows us to connect our PC or laptop to cable Television line and receive data from operator at speed of 1.5 Mpbs or more. Data rate is much more then telephone modems (28.8 or 56 kbps) and 128 kbps given by ISDN (integrated services Digital Network). It is almost equal to Digital Subscriber Line (DSL) telephone service. Cable modem can is combined with set top box. With this combination channels could be watched on TV and internet could be accessed. In most cased cable modem are given by operator. They are not purchased by customers.

Cable modem has two connectors. One connecter is connected to cable wall outlet. Other connected to personal computer or laptop. In some cased second connector is connected to set top box for TV channels. Cable modems do conversation between analog signals and digital signals. In other words it performs the task of modulations and demodulation. Although it do modulation and demodulation but it is a very complex device then telephone modem. Cable modem can be individual external device or it can be integrated with a personal computer of set top box. Cable modem is connected to a laptop or personal computer with a standard 10BASE-T Ethernet card.

Cable modems are connected to cable operator with a coaxial cable line. Through this coaxial cable cable modem communicates to Cable Modem Termination System located at cable operator office. Cable modems can send or receive signals to Cable Modem Termination System. But cable modem cannot send or receive signal to other cable modems on line.

Internet service bandwidth over cable TV line can be 27 Mpbs or more for downstream and 2.5 Mpbs or more on reverse direction. But main factor in speed is cables from operator office to customers' homes and actual speed that operator has. If operator is only connected to internet at speed of 1.5 Mpbs in this case data rate at customer end would be near 1.5 Mpbs.

Main cable TV providers are using cable modems to bring internet at customer home. Cable modems are used to provide internet service to individuals and business customers. Fast internet connection can be provided by cables modems as well cable modem is a continuous connection.

How cable modems work

News, entertainment and educational programs are brought by television in millions of homes. Many peoples watch TV through cable TV in short known as CATV. Cable TV operator provides many channels and in very good picture quality. If customer wants cable TV operator can also provide access to internet with high speed. Cable modems are able to give competition to asymmetrical digital subscriber lines (ADSL).it is very interesting to how these both competitors works. In next topic I will try to explain how many TV channels and web sites flow on single coaxial cable.

1.1.1 More Space

Coaxial cable used by cable operators is able to carry hundreds of megahertz of signals and each channel that travels on coaxial cable is given 6 megahertz of total electrical space or means coaxial cable can carry many more channels then we can or wants to watch. Cable TV operator sends signals of various channels each channel gets six MHz slice of coaxial cable's available total bandwidth. There could be two types of distribution of cable network. In first one coaxial cable is installed from operator's office till customer home. In second type fiber-optic cable is installed from operator's office till different areas then from these different locations coaxial cable is installed till customer home.

1.1.2 Streams

If a company provides facility of internet then internet service can also use same coaxial cable. This work is done by Cable Modem by putting downstream data (data that is sent from internet to customer) on a six MHz channel. So internet data is just like a TV channel on cable. Same amount of total cable bandwidth is taken by internet downstream data as by a single TV channel. Internet service is a combination of downstream and upstream (data that is sent to internet from customer) .it means upstream also need bandwidth of cable. It takes only 2 MHz slice of space from total available space because it is assumed that customers download more data as they upload.

To put these two types of streams (downstream and upstream) cable operator needs only two devices. One device at customer end that is called Cable Modem and other one at operator end called Cable Modem termination system. Computer networking and internet access management takes place in between these two devices.

1.1.3 inside the cable modem

As mentioned earlier Cable modem can be external or internal to computer. Some operators provide Cable Modems those are integrated with set top box. Cable Modems can be different from their outer look but all of them have same components inside. Components are given below

1. Demodulator

2. Media Access Control Device

3. Microprocessor

4. Modulator

5. Tuner Tuner

The tuner is connected to cable outlet. In some cases tuner is connected to a splitter. Splitter separates channels used for data from channels used for cable TV channels. Tuner collects data from internet channel. Data comes in form of digital modulated signal. Tuner receives this data and passes this data to demodulator.

In some Cable Modems tuner contain one other component known as allows tuner to divide frequencies into two sets. First set is used for downstream traffic ad second one is used for upstream traffic. Range of frequencies used for upstream is between 5 to 42 MHz. Range used for downstream frequencies is between 42 to 850 MHz. In some other cases Cable Modem tuner is only used for downstream data and for upstream traffic dial up telephone modem is used. In any case tuner passes data to demodulator. Demodulator

Typically Demodulator performs four functions. First function is to convert radio frequency signal in to simple signal that can be processed by analog to digital converter. Radio frequency signal contains information in it by varying amplitude and phase of wave. Second function is performed by analog to digital converter. It takes signal from quadrature amplitude modulation demodulator in turns in series of 1s and 0s. These 1s and 0s are in digital form. Third function is performed by error correction module. It receives information from analog to digital converter and checks this information against a already known standard for possible errors. Main function of this module is to find problems in transmission and to fix them. At this stage data is in groups and these groups are called frames. Frames can be MPEG format. So MPEG synchronizer does its duty to make sure that frames are in order and in line as they were transmitted. Modulator

Modulator do reverse job as done by demodulator. It converts digital data into radio frequency signals. So that they can be transmitted on cable. Nature of traffic that flow between user and internet is irregular. Typically this component has they parts

1. Digital to analog converter

2. Quadrature amplitude modulator

3. Error correction information inserter MAC

Cable modem has two portions upstream and downstream.MAC is lactated between these two portions. It works as interface between hardware and software portions of different network protocols. Every network device has MAC. Cable modem MAC performs much more complex task then normal MACs. Because it performs much more complex tasks it work load is given to CPU of Cable Modem or to CPU of user personal computer or laptop. Microprocessor

Job of Microprocessor depends on for what cable modem is designed. Cable modem can be designed only to provide internet access or it can be designed to be a part of large computer system. If Cable modem is used only for internet access then Microprocessor of Cable mode does most of function of MAC. In case Cable modem is used to be part of large computer system Microprocessor of computer performs most function of MAC.

1.2 Cable Modem Termination System

At CMTS end traffic comes from different users in groups. Function of CMTS is take all traffic on a single channel and route this all traffic to internet service provider for connection to internet. on CMTS end service provider could have set up different servers for performing following functions

1. Account and Log management

2. Dynamic Host Configuration Protocol

3. Administration of IP Addresses of users

4. Servers for Data over Cable Service Interface Specifications

Downstream data reaches to connected users. It is same like in a Ethernet network. Individual connection has to think that it is for him or not. It is totally different in case of upstream data. Data send from one user to internet is not seen by other users on network. As we know there is not so much bandwidth for upstream. Total available bandwidth is divided into time slices. Time slices are in milliseconds. Time slices are given to different user to send data to internet. Time slices works very well for send short commands, queries and address those are send from users to internet.

Typically CMTS allow 1,000 users to connect to internet on a single six MHz channel. Normally single channel have capacity of 30 to 40 megabits per second. So it clear that Cable modem is able to give speed to customers which is much more then dial up modems. Single channel concept could also lead to some issues those customers can face.

2. History of Cable Modems

At stating of year 1990 world started to know about stuff that could be possible with digital communication. At that time internet was known just as a tool. Engineers were trying to discover a method to shuttle digital signals between two computers. Same stuff is available for us today in form of internet, email and much more.

Technology was invented but not for sending receiving email or surfing web instead it was invented to transmit television channel signals. Channels like ORF, ATV, Plus 4. These channels were transmitted on high capacity wires. At user end a TV box was used to handle these channels and deliver to TV. It was starting of cable TV. To get more TV channels so much efforts are done in last many years. Physical network of coaxial cable and fiber optic cable are installed in many kilometers. These physical networks are installed either underground or some feet's over ground using wooden or iron poles. And of course these networks have worked very well to full fill their purpose. Cable TV was born in U.S. but it has rapidly migrated to other continents. Now a day cable TV networks are pumping more than hundred TV channels to homes. One of leading cable operator in Vienna is delivering 132 TV programs including 23 HD programs.[]

Later on inventors wanted to use cable TV network for other purposes. That was time when computer network started to stand on its feet. Means computer networks were started to build in organizations and in educational institutions. Some organization had proved that two or more computer connected to each other can do amazing things. Data or information that was only in individual's computer can be shared between others also can be enhanced by other users. Books were made free from library and published so that all can see. To make it possible that two computers can talk to each other so much was done by inventors. Communication protocols were developed. Languages to develop protocol were invented. Standards of communication were developed. Names were given to standards such as Novell and Ethernet. This all was rising of local area network.

At this time engineers and investors started to think about increase boundaries of this information communication network. They wanted to share that was going on in computer of an organization at a wider geographical area. They were thinking to share information of a computer with another computer located at other end of same city. They wanted to transform a local area network in metropolitan area network. All these idea needed transmission medium installed within a that information or data can be send or received on wide spread transmission medium. One solution was to transmit information on copper wires of telephone networks. But copper wires used in telephone network were not able to provide speed that was provided by LANs. Fast speed transmission was provided by advance version of telephone system called TI ,T3 or ISDN. But these solutions of high speed information transmission were very expensive.

Luckily same types of cables used for local area networks named coaxial cables were already been installed in all over the city by cable operators to provide TV channels to customers. With some more engineering this cable can be used as very power full media for information transmission. A electronic device was demanded by many organizations and educational institutes. Private and government organizations, schools, hospitals, were looking for a way to send and receive text file, images, across town. Some of them rented expensive lease lines from telephone companies and some of them created their own pipes to transfer data or information across town.

But peoples were not aware that there was a medium that was able to data with high speed as well it capable to transfer data on very high speed. This medium was not far away it was just outside in street. Cable TV operators had built a network across city. It was supposed that it was only for transmission of TV channels. But it was very much suited for information as well.

It took many years to discover that cable TV network can be used for transfer data across city. LANcity discovered technology that became mile stone for so called Cable Modem. In other words

It was just a box that was attached to cable television that was able to transfer coaxial cable a medium to transfer TV channels to medium to transfer data. As many people wished about its speed it was outstanding. It was a big coincidence that almost on same time an another force that attracted attention of peoples was introduced. Its name was internet. Typically cable modem technology was developed so that peoples can share files between offices those were located across city. Combination of internet and cable modem technology connected households with high speed.

As it happens to all most all technologies same was with cable modems that it took many years to come in shape that is available for us today. Modems those were made in its early days were big metal boxes and were very heavy to pick up.

In early years size of cable modem was almost same as rack of our cupboard. Main idea was they were not made for homes or residential use. They were made for schools, offices and for educational institutions. Not at all for homes.

In those days internet was just a linking of government offices and educational institutions. Speed of internet was very slow over dialup phone lines. Computer monitors were also black and white. Operating system of systems was also DOS. It was not windows. There was no world wide web available. Internet was a toy for peoples who were interested in technology or of peoples who were interested to explore new technology. Internet has nothing for everyone. Those days were starting days of internet.

2.1 Development of Cable's

Nothing would be wrong to say that in those days personal computer were babies. But cable television networks were in their 30s. There was more than one cable operator in same area. Most of cable operators were offering more than 50 channels. Some of cable operators were providing service with basic TV channels on the other hand some were providing TV channels with basic channels as well premium TV channels.

Architecture of cable network was totally different as it is today. In these days fiber optics is being used and it has increased speed of transmission lines. Noise that was introduced by amplifiers has reduced. Combination of fiber optics and coaxial cable are doing a under full job. But at starting some peoples believed this combination will never work.

With time there are many changes have taken place in technology but still one technology is still same. Pictures of TV channels are taken from air as they are broadcast from satellites.

At operator end TV channels are captured from air then they are passed through a so called mixer it place them on a single cable on different frequency bands. Now they are ready to travel on coaxial cable. But after traveling some miles they should be amplified. But here is a problem amplifiers also amplify or boost noise as well. This noise introduced by amplifiers make the picture worse.

In 1980 cable networks were like branches of tree. It means from main office of cable operator thick cables were going to all four directions. After a particular distance in each direct less thick cable were used till different branches of cable operator. Thin cables were used till customer home from branch office. This was architecture of cable TV networks. It was perfect to transmit TV channels on it. There were many reasons that this network was not suitable for data communication. In a sense it was one way network.

As we mentioned there where many reasons one of them was TV signals were sent only in one direct means from cable operator office to customer homes. To send signal in other direction means from customer to home cable TV operator was not possible. This network could work with data transmission if there would a method that customer or users can also send data to operator office and from operator office to destination of data it could in same city or in same country or could in other country for example world wide web.

Till 1980 most of cable operator had not started to make path for customer to send data toward operator office. It was called upstream. Downstream was already possible as channels were sending from operator office to customer homes. Operator were not thinking about it one reason behind was there was not enough demand of it. So without any demand operators were not ready to invest their money in this technology to make path from customer home toward operator office. But it has not affected developers in any way. They continued their inventions in this technology that could make coaxial cable more useable. It was their main interest to make this cable TV network useable for information transmission. Information can travel in both directions not only in one direction. There was a requirement of an electronic device that could combination all stuff of data communication with cables used for TV channels. This electronic device should combine whole architecture of cable network with data communications. So lot of efforts was required to transform cable TV network in to data network.

Cable modems those were invented in 1980. Typically were not addressed a Cable Modems. They were so called radio frequency modems. They were not made for home users. They were used only by engineers. They were cable able to perform of modulation and demodulation. Information transmitted by them was 1s and 0s. It was not video means were not TV channels. Information was transmitted in coaxial cable within same boundaries of frequencies.

Cable modems those were invented in their early days were used for different purposes. As cable networks owned by cable operators. Only some of cable operator agreed to negotiate within a city to link different buildings. These building can be educational institutions, police stations. These building can send or receive messages to each other by using existing cable network. At that time cable modems were only capable to deliver a speed of 19.2 kbps. But it was still faster than speed given by telephone modems that was around 1200 bps. Interesting thing is after 30 years we can enjoy speed of Mpbs.

Cable Modems made in starting days were not so complex as modems those we have now a day. They were very less sophisticated as compared to today's modems. Let us suppose there are two computers in two different buildings attached to each other with cable modems over cable network coaxial cable. A message is sent from first computer. Computer handovers message to modem. Modem hand over this message to destination computer on downstream frequency without any processing. Basically it is broadcasted to all computers over network. Destination computer gets message through cable modem. As well all other computers on network get the message. But they cannot see messages because address of computer does not correlate with message's destination address. Transmission was based on a simple logic. One computer wants to send message to other computer so called Mr. ABC it will send message to all assuming that all are Mr. ABC but only Mr. ABC will receive message because other computers are not Mr. ABC.

Till this time cable TV operators started to recognize capabilities of their wide spread coaxial cable network. They started to use cable modem for their own communications. Some of main branch offices were not near to telephone lines. Cable operators had covered remote areas as well mountains. But telephone lines were not available on these places. So cable operators thought they will use their own cables for communication on these remote areas rather than paying to telephone companies for installing telephones line in those remote areas. They have one choice to use cable modem on both end of their cable network. It was cable modem that allowed to cable engineers to set up internet PBX using cable network. Till now a day in some places those modems are used for telephone service.

This was the time when data was available with phone and TV channels were already available. After some time developers of cable modem discovered a modem that was able to provide speed of 1.544 Mpbs speed over cable network. They took advantage of it started service of leased line known as T1 for businesses. T1 lines needed bandwidth on cable as equal to one TV channel. Luckily some of cable operator have free channel available. Those operators do not have vacant channels thought to replace some of channels so that give service of private data network to their customers.

Research done on history of cable modem shows that it took 15 years and then cable modem became main stream. Main three problems were faced in long path of development of cable modems. First problem was transmission of traffic in both directions. It was possible with cable network to transmit information from operator office to customer homes but transmission of information from customers toward operator office was not possible. Till late 1990 cable operstor were capable to transmit information in both directions.

Second problem was with business model. As already mentioned data transmission was made possible by cable modems but it was only use full for organizations or educational institutions like universities or schools. It was not available for home users. At that time it only looked as a business have only cost but no profit.

Third problem was modem itself. In most cased it was built by different companies according to their requirement for single application. It was property of supplier. Modems from different suppliers were not able to communication with each other means no interoperable. In simple words it means cable companies were investing in such a technology that have no standard and it can be overcome anytime or other technology. Answer of these questions was given by DOCSIS. DOCSIS stands for Data Over Cable Service Interface Specification. It defined that cable modems are for cable industry. They are not for researchers or developers. DOCSIS helped for development of cable modems in direction of economy and volume.

2.1.1 DOCSIS

Till mid of 1990, three problems those occurred for acceptance of cable modem were being solved. Upstream path from customer homes to operator office were being added to coaxial cable network. News from Cambridge and Castro valley encouraged cable operators to know more about cable modem also helped them to explore business model.

Use of cable modem in telecommunications business was also favorable for cable modem development. Internet was rising day by day. Cable TV and telephone companies had tuff competitions. Companies were trying to get each other customers. Companies were able to provide TV channel service as well telephone service. At this time there was a new business for these companies it was internet service for customers at high speed.

But still there was one barrier for companies. It was device interoperability. There was a lack of standard in modem industry. It was not possible to get interoperability without standards. Cable modem market could not be emerged without standards. Cable modem developers had a feeling of fear without standards to manufacture a big volume of cable modems. Because of production of less quantity price was high and it directly affected customers.

It was well understandable and as well expected that electronic devices should work no matter of their location. In other words if we buy a modem from Vienna it should also work in Graz without any trouble. Because lack of interoperability if a modem purchased from Vienna and then customer moves to some other city where cable service is provided by another operator and this modem will not work there. I would like to give a sweet example here may be you have experienced of different power outlet in different countries. It is obvious no retailer would like to sell such products those give trouble to face angry customers.

Interoperability was main issue at that time and it depended on technologies those developers had chosen those days. Some manufactures were selling asymmetrical modems. It means information moved faster from operator office toward customer home as it moved from customer home to operator office. Reason behind was a click to get a page from web needed less bandwidth as required by webpage itself.

Some other manufactures had different ideas they were producing symmetrical cable modems as broadband user were increasing. Their idea was that home user would need more upstream speed to send information toward word wide web.

Cable modem suppliers were growing with same speed as high speed internet grew. Every supplier was bit different from other. Some big names of electronic devices like Cisco Systems. HP, IBM, Motorola jumped in industry of cable modems.

There were also small manufactures in cable modem industry. When big companies entered in market, small manufactures where afraid because big manufactures can produce modem like cookies. They could offer price very much attractive for customers. Still small suppliers tried to move on as quickly it was possible for them. This all was happening in non-standardized environment. In 1995 only one mantra was on everyone's tongue and it was standards for their technology. When it did not worked as it was in mind of big manufactures like HP and IBM they step back from scene.

In those days standards for cable industry were only concern. Because it was related to electronic devices those were used in homes. Cable operators has only fitted cables and modems in their offices and at customers end only from short listed providers of cable and modems. It made possible coexistence of both suppliers and cable service provider. Main suppliers have full control over selecting pricing and features of cable modems. It totally up to them to decide when older version would be discontinued and newer version would be introduced to market.

At end of year 1995 some of cable modem engineers started to does private meetings about a chip call MIcroUnity. Same like other chips it was also reprogrammable. They decided to use this chip in cable modems as well in set top boxes and later on if required it can be updated with software. It was an alternative for if new services are introduced then cable operator should change box. It have double cost first cost was of box and second one was to send one to install new box.

At that time there were two main players in cable technologies. Both of them thought enough about this MicroUnity chip that was reprogrammable then they decided to invest in this chip. They formed a private company that would lead for use of chip in cable hardware. This company was called Cable Multimedia Cable Network System in short MCNS.

Motivation behind MCNS was to attract more hardware suppliers in cable industry. So that pricing can be bring down and to introduce more features. Only reason to do so was to bring interoperability among cable device producers. only solution of Interoperability between devices from different operators was to develop standards.

Later on MCNS became DOCSIS Data Over Cable Service Interface Specification. It is pronounced as dock sis. In year 1996 Developers put it on fast track and they decided to complete specification written till end of year 1996. At mid of 1997 specification were being completed. Lab test can be performed on specifications. Intension of these tests was give sample to vendor and to test specifications.

It was September month of year 1997 when a detailed certification program was released. Responsibility was given to a board to review certification. It was also responsibility of board to approve products if they meet specifications. An agreement was made that Cable Modem Termination Systems would be check to qualify specifications and vendors would be tested to give me certificate. As certificate they will get DOCSIS certificate sticker.

2.1.2 Certification

Two years and to clear three certification test were necessary for any vendor to get DOCSIS certificate. On 20 march 1999 cisco system got qualification for their CMTS. First certificate for modem was issued to Toshiba and Thomson companies. After some months modems from 3Com and Arris passed certification. In coming some months many products get DOCSIS certificate. Now a day in many country cable companies lead DSL reson behind is speedy efforts done to make DOCSIS standard.

Meanwhile stories of success of cable modem and high speed internet were coming continuously. Peoples who adopted cable modem in its early days were satisfied from their decision. Cable modem industry was afraid if they would be able to full fill high demand. Because of fast progress of cable modem technicians were also in high demand. Two persons were need first one to handle cable modem and second one for handling personal computer.

At end of year 2002 in North America there were around 16 million customers. Cost of cable modem was also reduced from 1990 since 2001. In year 2001 cost of a cable modem was around $120 while in year 1990 it was $500. There is no dispute either on success stories of cable or on its high demand. Investment banker signed agreements with leading cable companies to build backbone network and content infrastructure to support high speed cable modem technology.

Development of DOCSIS is still continuing. Now a day Circuit of cable modem is available on personal computer cards. In Europe cable modem circuit is available in set top box. With the time successor of DOCSIS were released. Quality of service has in improved in successors of DOCSIS. They are able to support coming generation of high speed internet service. DOCSIS has also played very important role in development of internet protocols. Latest version of DOCSIS is DOCSIS 3.0 that is able to provide download speed of 1.5 Gbit/s and upload speed of 1150 Mbit/s. Trial version of DOCSIS 3.0 was announced on April 2011. DOCSIS 3.1 could be next version and its aim is to provide at least 10 Gbits download and 1 Gbits upload speed. Frequency bandwidth is different in United States and Europe. DOCSIS stand is named EuroDOCSIS. There is difference in bandwidth because Europe follow PAL standards of 8 MHZ while United States follow ATSC of 6 MHZ.

2.1.3 Security

Security is also included in DOCSIS. It has security at MAC layer. It is specified in Baseline Privacy Interface specifications. BaseLine Privacy Interface plus is next version of security in DOCSIS. Baseline Privacy plus are used in DOCSIS 1.1 and 2.0. As mentioned earlier trial of DOCSIS 3.0 was introduced in 2011 security measures have also get a new name in DOCSIS 3.0. In this version security specification has got name SEC stand for security. Purpose of BPI or SEC specification is to security services at MAC layer for DOCSIS. Security specifications are committed to provide all security measures between cable modem and CMTS (Cable Modem Termination System). There are two main goals of BPI/SEC. we know very well that cable modem users flow their data one cables attached to cable modems. BPI/SEC is responsible for privacy of user data over cable was first goal for BPI/SEC and it totally in favor of users for cable network and cable modems. Second goal goes in favor of service provider. This goal defines all security measures about protection of service provided by service provider. Main purpose is to stop unauthorized users from accessing service of service provider. Goal of this paper and of my master thesis is to explore how much security is provided by BPI plus

Main function of BPI/SEC is to stop users of cable modem from communicating with each other. Here question is how this goal is achieved and answer is it is done by encrypting data that flow between users and CMTS. 56bit DES encryption is used by BPI and BPI Plus while on the other hand 128bit AES encryption is used by SEC. Key that is used for encryption is updated on periodical bases. Period to update this encryption key is set by service provider. Updating encryption key makes whole system more secure.

BPI/SEC makes system secure by allowing cable operators to refuse service request if it is not made by certified cable modem or authorized user. BPI Plus have great strength to protect service. Authentication is based on digital certificate. Public key infrastructure is used and it is based on digital certificate authorities from certification testers. Relationship between a cable modem and a customer is set by cable operator by manually adding MAC address of cable modem in customer account. This relation allows a cable modem to access service MAC is attested by a certificate this certificate is issued by help of PKI. BPI specification those came in earlier days of BPI had some limitations regarding protection because key management protocols were not able to authenticate cable modem.

With time security provided by BPI specification has been improved. Main hike came when cable modems were installed for business critical communications. Restrictions were applied on communication of user toward network infrastructure. If CMTS were configured to provide compatibility to DOCSIS 1.1 modems then some successful attacks were made. Those modems did not have valid certificates of EuroDOCSIS or DOCSIS.

3. Cable Modem Hacking

Cable modem hacking can have more than one meaning. By hacking cable modem we can clone a cable modem and can have free internet access. Second meaning of cable modem hacking can be to increase speed of cable modem. A non-technical meaning is modifying cable modem. Throughout this paper I will use word modify because it does not sound illegal. Basically what happens when a cable modems boots it download a configuration file from internet service providers server. This configuration file contains all details of download and uploads speed that is assigned to the modem. To get this file from modem and modify its parameters and then again upload this file in modem so that cable modem function according customized file is all about modifying cable modem. All this stuff is done with customized firmware. So it means modems can be modified those allow to update firmware with some unofficial method. Some models of modems can be modified with Ethernet cable while other need some hardware changes on printed circuit board.

Motorola surfboard cable modem is choice of hackers because it is possible to modify some of their models. Motorola SB3100 till SB 5100 can be modified. But VOIP models of this series cannot be modified as well SB4220. SB4100 and SB4200 modems can be modified over Ethernet wire using netbooting software and custom firmware. SB 5100 is little bit difficult to modify because it need hardware changes to get modified. An adapter is soldered on PCB (printed circuit board) of modem then through parallel cable custom firmware is uploaded to modem.

If we have bought a cable modem from market then to modify it is not illegal. To use this modem on a networking on which we have permission or it is our own is also not illegal. But it is easy to say it is really hard to do because very operator tries their best to be secure. May be some years before it would be possible to steel service using modified modems but now a day because of security specifications of DOCSIS it seems not easy.

Main motive of modifying process is to increase speed by the help of customized firmware. As well some additional program may be needed to modify configuration file of cable modem. There are two methods those can fulfill motive. Both methods work very well on Motorola Surfboard. First method is about modifying firmware. Firmware modification is compatible with SB4100 and SB4200. It is also compatible with SB5100 but need to make a cable and it should be soldered on cable modem board.

Let us suppose I am on a tariff plan that allows me speed of 8 Mbps download and 1 Mpbs download. If I want to enjoy more speed means I want to uncap my modem. I need to another configuration file with more speed for example 16 Mpbs as download and 2 Mpbs as upload. It can be done with sniffer software or with a built in sniffer. We can sniff a file that is offered by internet service provider. Another method is to bypass tftp server of internet service provider and upload modified configuration file from spoofed tftp server. It is not so easy to do but if done then we can set custom values for download and upload speed.

Now let us talk if internet service provider can catch for doing above stuff. There is no doubt that we can get caught because internet service provider has many ways to find it out who is using their bandwidth. It needs money and time should be spent to catch who is using bandwidth. Risk is low unless we not using too much amount of bandwidth and we are not disturbing their network. We should not forget that we are flaying under radar of intern service provider. There are some cases peoples were getting caught because they were abusing bandwidth so badly. They were using high bandwidth on torrent clients for long time. It is obvious that internet service provider has some system which notifies them if some unknown modem is using such high amount of bandwidth not only for downloading as well for should not forget that cable internet connection is shared between peoples using such an high bandwidth will give troubles to other users on network.

3.1 uncapping using hacked firmware

As mentioned earlier there are two methods to modify modems first one called uncapping using hacked firmware will be demonstrated in this section. Second method called DHCP force will be demonstrated in next section. Uncapping using hacked firmware method works on Motorola SB4100, SB4101, SB4200. This method does not work on any other modem. As we are in Europe and under EuroDocsis system there are some more restrictions. So for EruoDOCSIS this method works only on SB4200. Let us move forward toward step 1.


To perform step one modem should be connected on Ethernet port on RJ 45 connector. We should open any browser and should type address It will look like flowing picture.

This picture is screen shoot of my Motorola SB 4200 modem which I specially bought from United States to do experiments for this paper. After opening address we should click on configuration link then click on reset all defaults. Then we can unplug power of modem. No need to reboot modem only needs to do reset all defaults. Normally it does not take long time.


In step 2 we will go to network settings those can be found in control panel and we will change network setting as shown in picture.

We will set ip address subnet and gateway we will not make any changes to DNS setting.


In step 3 we will open software call NetBoot. We will make sure that 'Enable FTP Server' and 'Auto IP' are checked. Then we will connect power cable to modem. We will wait about one minute then we will press button 'boot over network'. We will wait till Netboot give message that 'FTP Client has been disconnected and model has done with net booting. We will not close Netboot window and will move to next step.

This picture is of NetBoot software. It is before modem has bet boot. In FTP root path we select a file that is uploaded in modem during net boot process.

Above picture is after modem has successfully net boot. By net boot a file named us uploaded to modem.


When modem finishes booting we open configuration page with address Now we can see an extra menu in modem firmware it is hack menu. We will select it and we will scroll down till we see "Update Cable Modem Firmware". We will click on Browse button and look for corresponding firmware for SB 4200. Please note this is not original firmware it is hacked firmware that we will upload in modem. We will click on start update button. Now modem will start upgrading firmware. At this point we will not unplug modem and we will not change page at browser. we will wait till modem reboots. Typically it take less than 5 minutes. Once modem will reboot we will again to go on browser to confirm that firmware is updated. We will look for hack tab if it is there or not. If it there it means firmware is permanently loaded in modem.

This picture show what we have done in step 4.


As mentioned already during booting cable modem get configuration file from internet service provider and this configuration file controls download and upload speed of modem. For uncapping cable modems we need a configuration file that have higher upload and download them ours.

In picture of step 4 there is one sniffer tab. This sniffer table comes with hacked firmware that we have install in step 4.This sniffer tab perform of task to sniff configuration file. At this point we are assuming that our internet service provider using DOCSIS 1.1 means cable modem is authenticated on based of MAC address no additional tuff security check are performed. As well we are assuming that we have tariff plan from internet service provider and a modem. In hacked firmware under hack tab we have 'Cable Modem Identification'. It allows us to give any mac address. So what we have done is we put our modem's address that has from internet service provider in field 'HFC MAC Address' as show in picture.

As we copied MAC of internet service provider modem into our modem so our modem with hacked firmware will go online. Now what we have to do is waiting for some time until sniffer tab in hacked firmware will sniff conjugation file and it will update it in config list. Typically config name are quite similar with tariff plan names. Some internet service provider also identify config file with MAC name to which file is assigned. Configuration files can also be dynamic means every time modem boots it get another config file. If our modem has already sniffed a configuration file it is very easy to use it just need to go on hack tab enter name of configuration file that we wants to try then click on save change. We will reboot modem and on hack tab we can look for maximum download and upload speed to confirm that another file is being used by modem as config file. Here it is important that we can upload config file that we wants. How much speed a particular file have is not important because once we can upload configuration file of our choice then we can look for a file with better speeds and upload it.

Figure: 6 Uploading User Defined Configuration File

3.2 Uncapping with DHCP Force

1. At first we will find MAC address of our cable modem that is typically written in a sticker on bottom of modem maybe we can find it on documents those comes with modem. We will open DHCP Force software and give our modem MAC address then we will use function named discover. Now it is time to write down values those are in boxes. We could also find modem information such as MAC addresses on modem configuration page for example http://

Figure: 7 SNMP cfg Admin Software

2. We will install and open software called SNMP cfg Admin. Window will appear same as in figure 7. At bottom of software window is ip range. In first box we will put out ip address that is assigned to our modem for example in second box we will put higher value for example We will click on mass getter button to get names of configuration file names. Once this software has some name in list by clicking + sign we can get ip address of corresponding modem. By putting ip address in DHCP force we can know which file has faster download and upload settings. If SNMP cfg Admin do not display any result after pressing 'Mass Getter' it means game is bit complicated in that case we have to retrieve config file from our modem and open it with config editor software and we have to find out community string. This string we will enter in SNMP cfg Admin to find out names of config files.

3. now we will open DHCP force software. First we will disable media sense under DHCP menu. After disabling this option we need to restart computer. As computer starts again we will put our MAC address and press 'Discover' button as discovery finishes we will change config file name those we have found in SNMP cfg Admin software. We will click start button on DHCP software and unplug cable modem and then plug again. We have to wait till modem fully reboot then we can stop DHCP force. If all would be correctly followed we would be on faster speed but we should not reboot modem it will bring us on default speed given by internet service provider.