jclehner/nmrpflash

Flashing DG3000D

Closed this issue · 2 comments

Cause of fash?

I cannot connect to the Wi-Fi due to lack of password, nor can I access the router credentials. I try the default admin and password credentials and it doesn't allow me to access.

IP scan.

I get 2 ips from the router.

192.168.0.1       84:1b:5e:59:a6:a3
192.168.100.1     00:09:5b:de:ad:02

Flashing

nmrpflash -i eno1 -f V5.5.2R05.bin -m 84:1B:5E:59:A6:A3  -v -B 
Adding 10.164.183.253 to interface eno1.
Advertising NMRP server on eno1 ... |
No response after 10 seconds. Continuing blindly.
Sending configuration: 10.164.183.252/24.
Using remote filename 'V5.5.2R05.bin'.
Uploading V5.5.2R05.bin ... OK

Note Flash:

After Uploading V5.5.2R05.bin ... OK, not restart the router automatic, I did it manually and I think it still has the same firmware. I cannot access with default admin and password credentials.

According to this exploit says the current version

python upnp_firmware_exploit . py 192.168.100.1
Unknown model and version: CG3000D V5.5.4.MP2_RG18

I tried firmware V5.5.2R05.bin and V5.5.4.mp2_R09b.bin and it doesn't work

Note MAC:

The reverse label of the router says MAC: 84:1B:5E:59:A6:A0, however, if I do an ARP or nmap scan, it returns mac 84:1B:5E:59:A6:A3 , changing A0 by A3 in the end. Even the WIFI SSID is called CharterWiFia6a0

Ports:

192.168.0.1

PORT     STATE  SERVICE
22/tcp   closed ssh
23/tcp   closed telnet
80/tcp   open   http
443/tcp  open   https
1900/tcp closed upnp
5000/tcp open   upnp
8080/tcp closed http-proxy
MAC Address: 84:1B:5E:59:A6:A3 (Netgear)

192.168.100.1

PORT     STATE  SERVICE
80/tcp   open   http
443/tcp  open   https

Possible error.

The router has firmware V5.5.4.MP2_RG18 and I am trying with previous versions

You're using blind mode to upload, so even though it looks like it's uploading correctly, nmrpflash has no way of knowing if it's actually working.

The device you're trying to flash is a cable modem/router, and these are completely different to the "normal" routers. There's no way nmrpflash will work this device, unfortunately.

Surely there's a way to factory reset the router using a button.

I have already tried to reset the router to default, it goes through the process of blinking the LEDs, restarting, etc. but once it turns on again, it is the same, same ssid name, and it won't let me log in with default credentials.

I was inquiring on the other hand with some friends, and they told me that this model of router may have firmware from an ISP that is difficult to reinstall, and that nmrpflash is not going to work for me. As the only thing, it would be flashing directly through serial port