CableGuy

Members
  • Content count

    63
  • Joined

  • Last visited

Community Reputation

0 Neutral

About CableGuy

  • Rank
    HACK THE PLANET!
  • Birthday 04/14/1980

Contact Methods

  • Website URL
    http://
  • ICQ
    20839318

Profile Information

  • Location
    Columbus, Ohio
  1. Look into NoCat. http://nocat.net/ CableGuy
  2. It depends on how much you can break into your box before your warehouse guys notice. If you're willing to break the seals and do some work, there's a lot of things that you can do. Content extraction isn't that hard, and with a few solder points, you can override software restrictions on serial or ethernet ports. CableGuy
  3. There are two types of systems: analog and digital. Analog descramblers (the most popular type of descrambler) are the most common. As long as you know what you're doing, they will work. Digital Boxes...now, that's a complete different story. They work in the same way as DOCSIS in pulling an ip address, however, the cable box talks to CSG or ICOMS to determine what specific channels you should be getting, and then set up an 'access table' inside the box. Then, the cable company can poll your box using snmp to verify that it still has the correct settings. Ironically enough, there's something called the "Non-Responder List" that gets generated every week of active accounts that we haven't seen their digital box online. The problem with those cheap filters they used to try and prevent PPV charges, was that they kept the purchases in the box--and the headend tried to retrieve them, but never heard back from the box....causing your box to hit the NRL....and usually they'll roll a truck automatically for NRL's (every wednesday) CableGuy
  4. Places like Lowe's use a wink in the line to indicate to the phone switches that the line has dropped. That, and ground start lines too. CableGuy
  5. A lot of companies are migrating to the "software" controlled network. There are two types of disconnects -- soft and hard.A soft disconnect is when cable can be disconnected at someone's house via software. A hard disconnect is when they roll a truck to your location to physically take you off of the network. I'm not sure about other places, but here, the cost of rolling a truck is around $108 per call, if you include insurance, benefits, gas, maintenance (so on, so forth). You have products like this that can hit or deact an account in software, and they make similar versions for MDU's (Multi-Dwelling Units, a/k/a apartment buildings), that only cost around $50 per port. However, the cost is immense, unless you're in a heavily populated urban area. When you're in areas like that, rolling out a new network is rather cheap, compaired to a HFC plant in the boon-docks, which is why these are great for college campuses and the like...when you've got a great deal of people disconnecting and reconnecting at various times. By the way, the link that is up there, arcom labs, are the people who make filters for the cable industry. If you go poking around their web page, they have a lot of interesting products and technical information around. (I didn't see anything specific from the filters that you have on there--it's quite possible you've got a pancake filter (used to disable return path frequencies with your negative filter). CableGuy
  6. I'm sure it's possible. I've got Saturday off, I think. I'll try to organize my thoughts about cracking your cable box tonight and stick them in a nice howto, along with some technical information and documents that I have accumulated over the years. CableGuy
  7. you could spoof the mac, i do it with my wireless card when i want to comnect to the universities wireless network You're not spoofing the ethernet MAC address, you're wanting to spoof the RF Mac address. These are two different things. The MAC addresses are "encrypeted with RSA Level 2 Security" or some BS like that. CableGuy
  8. Yes. That's because the cable modems work in the higher analog channels (usually 90-120) They don't want to filter out the cable modem signal. CableGuy
  9. Ok...to answer some questions: These aren't coax tips. These are like the seals that the power company puts on the power meter to make sure that you don't steal power...they're made by the same company. We just clamp them on the coax line themself...either to identify or to secure the disco'ed tip. You've got the premise of filtering correct...from the head end, you can get regular cable...but if you only want basic cable, they have to roll a truck to your house and have a tech trap or remove the channels from your line. If you want them back, they roll the truck again, and then the trap gets removed from your line, and you get your channels back. There are two types of filters, by the way: Positive filters, and negative filters. Positive filters, although rarely used, add a frequency or a harmonic shift to the line so you can receive a specific channel. Negative filters remove a channel or a set of channels. Back in the "day," the positive filters were audited by your boss at Time Warner weekly. Now, they just look at the converters on your truck and make sure they're in "T" status either on ICOMS or CSG. (really old back in the day: my college town's MSO, Adelphia, used negative filters. Bring out ladder, remove traps, volia...free HBO, Showtime, and Cinemax. Kept that way for 4 years) Most cable systems today use HFC (Hybrid Fiber Coax) technology. Basically, the HFC plant uses fiber to carry video and telephony from the "headend" or CO to the optical node serving a particular neighborhood. At the optical node, downstream optical signaling is converted to an electrical signal and carried via coax to drops at individual customer locations. Because the carrying capacity of fiber is much higher than that of coax, a single optical node will typically support a number of coaxial distribution feeds. A typical ratio is four multidrop coaxial cables from a single optical node. This is how cable companies can save money in the long run. One HFC Headend can serve many different communitites...or deliver content per specific zip code or however they break their HFC plant down. Your PPV ordering goofup might have been caused by a problem in the upstream bandwidth. Upstream data works in the same way...goes from node to the converter, then back up the fiber to the headend. Hacking cable boxes isn't for the faint of heart. There really aren't a lot of sites or tutorials on how to do it...like I said...try to go to the Salvation Army or Flea Markets in your area, and pick up some of the digital boxes that they have. Then take it home, break the seals, and play. Good tools to have are a scope, logic probe, and multimeter. Unless they put a pancake filter on your line to specifically dissalow signals on your line, most of the lines have broadband signals on it. Specifically, the pancakes just prohibit the signal from being sent upstream. Now, I'm not sure how your cable system does things, but we use something called DOCSIS for cable modem authentication. Each cable modem has two MAC addresses...an ethernet address, and an RF Address. When it's plugged into the network it goes something like this: Cable modem scans the channels, looking for data. Cable modem thinks...Hey! I found data! Let's listen for a few seconds to make sure that it's stuff that I need to be paying attention to. (In cookie monster like fashion, the cable modem snarfs up some packets, but, is careful not to leave crumbs everywhere) The cable modem then decides: Yes, this is data I need to be paying attention to, or no, this isn't what I need, I'm going to keep looking. It'll keep looking until it finds something it is suppossed to be paying attention to. Then the cable modem still listens for a little bit more, for the data to say, "Hey! This is how we're sending the data back. Wait your turn, then send your information to this channel." The cable modem does just that....it waits its turn in line, then says, "Hey! Mr. Head End. I am MAC address 00-04-BD-94-DB-42, and I need to get a configuration file." It'll repeat that every 5 seconds or so until it receives a configuration file. The configuration file that it receives contains the upstream and downstream limits for your cable modem, as well as what the internal RF ip address is, and tells the cable modem to finally allow information from the ethernet port to start talking on the network, and the cable modem will send it. That honestly depends on the cable company, and the rate of theft in the area. I know that there are areas where I live where the cable company audits on a weekly basis. Otherwise, they will do tap audits about once a year or so. They will also scan for signal leakage usually about once a week, or so, if they're in the neighborhood. Hope this helps; CableGuy
  10. Ok... In Time Warner areas, these are how the tags brake down: Black - Disconnected because of cable leakage Red - Disco (voluntary or involuntary) Yellow - Basic Cable (you'll see a yellow taped filter on the line) Green - Regular Cable Orange - Road Runner Only (You'll see a orange taped filter on the line) White - House Identification Tag Blue - Digital Services on line Brown - VoIP House I know that in some areas comcast uses a BRIGHT red for Voluntary Disconnects, and a Dark red for involuntary disconnects. Yes...the boxes do work somewhat like DOCSIS...they have an internal ip address, (10.x.x.x), and they can do interesting things through the box. Myself and a coworker have our own cable setup running between our garages (we're neighbors), complete with headend, encoders, interchange points, and Customer Service interface. I know...too much spare time. It is possible to hack the cable boxes...go down to your local salvation army and see if they have any extras...usually they'll sell them to you for ten or so dollars...then have fun... CableGuy The problem with most people when they pirate cable is that they forget to remove their tags. Or...the contractors are too lazy to remove them once they're done doing service or reconnecting....which is why tap audits go by active connections (they inject a carrier signal in the line, and then point a radar gun like device called a snooper at the line leading to the house...and can tell which houses are 'hot.' Usually, the first offense is a little warning...but they'll photograph it with a digital camera, and the second offense they'll press charges....using the information they found previously...you'll get three counts of cable theft...one from the first time, one from the first to the second time, and then one on the second date....when they disconnect it and cut down your line.)
  11. Now, I remember when I taught networking technologies at my college that there was an exact number, but that's been around four years ago. However, here's something that is relevant: HTML copy of PDF via google I'm sure any VoIP softswitch would probably have a nice backplane on it...maybe a tengig backplane, but, just imagine the true processing power of encoding/decoding it.... then, after a bit more thought...I'm sure it's no different than the Time Division Highway and the way it muxes/demuxes the voice calls from the trunks to the line cards. Maybe I need to get some more sleep. CableGuy
  12. I don't know...I'd be afraid of the bandwith and the scabality issues with anything over IP. Doesn't TCP/IP go to crap somewhere at 60 percent capacity? CableGuy
  13. I've got my home network set up kinda something like this (please excuse the bad ASCII art): +--[ Fedora Box ]--+ +--[ SuSE Box ]--+ +--[ Debian Box ]--+ +--[ openBSD Box ]--+----[Proxy Server ]----[That There Internet Thingie] [ S/O's Windows ]--+ | [ Work Laptop Dock ]--+ [Wireless AP ] [ Guest PC ]--+ | |(wireless link) [Her Laptop, My Laptop, Network Jukebox, Wardrivers, so on, so forth] I've got eth0 on the fedora, suse, debian, and openBSD box set on the 'public' network. I've got eth1 on the fedora, suse, debian, and openBSD box set on the 'NAS' network. The problem that I'm seeming to have is that once I decommissioned my debian box from being the proxy server, it's not resolving...anything at all. I can't get it to talk to the new proxy server, and it's not taking dhcp requests from the openBSD box which 'controls' the 'NAS' network. I've got my resolv.conf set right for the settings...using the proxy server first, then going to my ISP's Name Servers, but, I still can't resolve anything...it just gives me a 'bad host' error. Yet, all of my other machines can ping and resolve just fine. Also, something that I just noticed...my debian box wouldn't pull an ip address...I had to set one on the NAS side by hand. Any ideas? CableGuy EDIT: I'm an ASCII Lozer. Had to fix it.
  14. processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 8 model name : Pentium III (Coppermine) stepping : 10 cpu MHz : 997.532 cache size : 256 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse bogomips : 1992.29 uname -s Linux uname -m i686 Dell Poweredge 2500, IntelP3 cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 7 model name : Pentium III (Katmai) stepping : 3 cpu MHz : 447.742 cache size : 512 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pat pse36 mmx fxsr sse bogomips : 884.73 uname -s Linux uname -m i686 Dell Poweredge 1300 cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 8 model name : Pentium III (Coppermine) stepping : 6 cpu MHz : 861.501 cache size : 256 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 mmx fxsr sse bogomips : 1712.12 uname -s Linux uname -m i686 Dell Poweredge 2400 I've got another PE 1300 boxen, but it's got openbsd, and is causing all sortsa havoc right now...but I'll get that info later if needed. CableGuy