Old 10-12-2010, 05:04 PM   #1
Smartbro Motorola Canopy Hack
doppelganger doppelganger is offline 10-12-2010, 05:04 PM

NOTE FROM THE AUTHOR:




USE THIS AT YOUR OWN RISK. I WILL NOT HELD RESPONSIBLE IF MAHULI KAYO NG MGA TELECOMS ONCE YOU FOLLOW THIS STEPS.




Subscriber Module Cloning Procedure
You need two important things from Legal Subscriber for this to work properly
Subscriber Module - ESN


PC - MAC Address

2. Input the MAC here.

Set your IP to auto assign please allow DHCP to assign your designated IP

RESTART THE SM. UNPLUG THE ADAPTER AND REPLUG IT AGAIN.

FROM CANOPY PAGE: SET THIS

WATCHDOG RESET: Configuration -> Security -> Allow IP Filter (Input this: 169.254.1.1 )
and Your Auto Asign IP)

Home -> Event -> Clear Event





3. Input ESN here.




4. Rescan AP as many times as possible

5. Success! You just clone a legal sub with no software attached.


***How you can get a working ESN and MAC? Of course from your friendly neighborhoods and must be a legal subs within the same Base Station***


Take it on your own risk!
FOR ADVANCE USER WITH KNOWLEDGE ON CNUT TOOLS (NOT FOR KIDS ON NETWORKING)

temporary set up of LAN (working in some areas only)

detecting AP

inputing the AP



refreshin SUB in the network

Sa mga di makapasok sa 169.254.1.1 kelangang mareset ang canopy. Gumamit kayo ng rj12 sampung piso lang po yan.

Or Register to view links

This is rj12 6pins


Kelangan lang mag clone ng ESN at MAC address ng Legal Subrcriber para Free INTERNET na ulit.

Saan Makakakuha ng ESN at MAC adress ng Legal Subscriber.
1. Sa kapitbahay or kaibigan or kakilala na naka Legal.
2. Sa Base Station o Cellsite na malapit sa inyo. Makikita dun ang mga ESN at Mac adress ng mga Legal Subscriber.

Paano i-hack ang Base Station.
1. gumamit ng software na WIRESHARK
Punta lang kayo dito: Register to view links
at i download nyo ang software na yan para mahack ang Base Station. ma trace mo ang Ip ng Base Station ng makita ang mga esn at mac ng legal subscriber na iclone.

Kelangan ding alam nyo ang color code ng i clone nyo na esn at mac adress ng legal subrcriber.
Halimbawa:
Kung sa ap evaluation nyo ay may nadetech na 3 color code.
Example: 64, 65, 66
Halimbawa ang color code ng naclone nyo ay 64, ibang color code ang gamitin nyo, 65 or 66 ang gagamitin nyo, basta na detech sa ap evalution, magkakalapit lang naman yan. Yang ang tricks na nakakalimutan nilang gawin. At saka direct connection ka na. Walang conflict sa na clone mo sa Legal Subscriber, dahil parang new connection ang dating mo dyan. Kumbaga Unknown ka sa kanila. Dahil wala ka namang name dyan, di katulad ng Legal.

Once na ma clöne mo na ang ESN at MAC Adress ng Legal Subrcriber. Ang setting sa Lancard ay naka Auto Assign na. Hindi naka Manual Setting na katulad ng dating tricks.
Credits to:
bloodbrother of SB

Attached files:
Register to view links
Register to view links
Register to view links


 
doppelganger's Avatar
doppelganger
The Unknown
Join Date: Jun 2010
Location: Im still figuring out my place in this world.
Posts: 1,196





Last edited by doppelganger; 08-08-2011 at 08:20 AM..
Views: 42242
The Following 8 Users Say Thank You to doppelganger For This Useful Post:

 Re: Smartbro Motorola Canopy Hack (update Oct. 12, 2010)
Old 02-14-2011, 06:30 PM   #2
 
doppelganger's Avatar

doppelganger
The Unknown
doppelganger is offline
Posts: 1,196
PX Cash: 10,452
doppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant future
Rep Power: 269
Default Re: Smartbro Motorola Canopy Hack (update Oct. 12, 2010)

SMARTBRO - MOTOROLA SUBSCRIBER MODULE TECHNIQUE

Learn first how the system works.
Look closely to the pictures.



SIGNAL IMPROVEMENT TECHNIQUE:


Reflector Dish for Canopy Subcriber (Long Distance from Basestation)


Beehive Reflector for Canopy (Medium Distance from Basestation)

1. Dapat alam mo yung password ng canopy page mo: 169.254.1.1

2. Mag Log In ka

3. Hanap kayo ng disconnected na DREAM Subscriber hingin mo nalang since wala ng pagagamitin ito tapos gayahin mo yung angle ng pin. Tapat mo yung Canopy sa na nakalinya sa Pin.

**Mas malakas mas maganda working din ito kung 2km or 3km kaya mula sa base station mas expanded ang reach mo**

ANTENNA POSITIONING METHOD:

PIC 5 LOOKING FOR SIGNAL


4. Look for the Lowest Jitter posible and mark its color code

5. Dito mo isave yung nakuha mo color code for stability purpose.


RESET TOOLS FOR CANOPY WITH UNKNOWN PASSWORD




pin 1 white / orange (GPS sync)
pin 2 white / green (Serial Tx 9600)
pin 3 white / blue (Serial Rx 9600)
ping 4 green (Default Jumper)
pin 5 blue (Audio /GPS Power sync)
pin 6 orange (Ground)

This override plug resets the LAN 1 IP address to 169.254.1.1. The plug allows the operator to access the module through the default configuration without changing the configuration. The operator can then view and reset any non-default values.

To fabricate an override plug:

1. Install an RJ-12 6-pin connector onto a 6-inch length of CAT 5 cable.
2. Pin out all 6-pins.
3. Short (solder or twist together) Pins 4 and 6 on the other end. Do not connect any other wires to anything. The result should be as follows:

Pin 1 → white / orange ← Pin 1
Pin 2 → white / green ← Pin 2
Pin 3 → white / blue ← Pin 3
Pin 4 → green ← Pin 6
Pin 5 → blue ← Pin 5
Pin 6 → orange← Pin 4

The operator can regain access to the module as follows:

1. Insert override plug into the RJ-12 GPS sync port of the module.

2. Apply power to the module through the Ethernet cable.
RESULT: The module reboots with the default IP address of 169.254.1.1, username=root, password fields blank, and all other configuration values as previously set.

3. Set passwords as desired.

4. Change configuration values if desired.

5. Save the settings.

6. Remove the override plug.

7. Power cycle the module.

DEFAULT PASSWORD: root&admin, root&root, admin&root


------------TAGALOG--------------------

1. Tingnan mabuti yung picture i align mo ang iyong canopy sa litrato.
2. Hugutin ang adpater ng canopy bago kumuha ng wire at pag dikitin ang pin 4 at pin 6
3. Isaksak ulit ang canopy sa UTP cable.
4. Isaksak ang adapter at pumunta sa canopy page 169.254.1.1
5. Mag punta sa Log In at mag set desire ng Username at Password
6. Patayin ang canopy pansamatala
7. Hugitin ang wire na kinabit mo sa pin 4 & pin 6
8. Isaksak muli ang iyong canopy at naka pag reset ka na ng canopy
9. Magtimpla ng ICED COLD COFEE AND CHILL AND RELAX. You have the power to access your canopy setting!


Added after 2 minutes:


Canopy Lite - 5.7GHz TELNET COMMAND LINE c/o Sabheer's PDF Files

169.254.1.1

addwebfile filename -- Add a custom web file
This take filename and copies it to the flash memory. Transfer a file to the canopy unit 1st and then use this to overwrite the factory defaults. clearwebfile will undo this. To override the image at the top of each web page, upload a new canopy.jpg image and use 'addwebfile canopy.jpg' to replace the existing one. You can only add a file once and you must remove all web pages if you need to update an existing file you've transferred. See lsweb to see what files have been uploaded.

antennagain filename -- Set Antenna Gain parameter for the radio
This will set antenna gain for some radios with external antennas.

arp [-a | -d host | -s host either_addr [temp] | arp -f filename] -- Display, set, and delete arp table entries. From Unix

'arp -a' will give a list of all the known ip address and their arp addresses.
'arp -d' ip_address' will delete an arp entry for a specifc ip address.
'arp -s' ip_address ether_addr' doesn't seem to work but I've had it work before.
'arp -f' filename' This should read filename and set an arp address for several ip addresses.

bcb -- bcb -- Print BridgeCb
This info is on the web page bridgecbstat.html

bertoff -- Turn on/off BERT test, berton/bertoff
You must telnet in again to run bertoff.

berton -- Turn on/off BERT test, berton/bertoff
Runs some test. You must telnet in again to run bertoff to turn it

bitset address mask -- set mask bit(s) at address, (32bits)

bitclr address mask -- clear mask bits at address
This clears all the bits that are ones in the mask in the 32 bit region at address.

bootinfo -- Display boot image info
It shows the boot header info.

btbl -- bcb -- Print BridgeCb
Same info is on web page. this shows the bridging table mac address.

burnfile -- Burn flash from file
This updates the system software. 'Burnfile boot.bin'to use file boot.bin (but boot.bin is the default). Newer versions require SMboot.bin for a SM or APboot.bin for an AP. It will also install the bootloader block.bin. On P9 hardware the FPGA code is included in *boot.bin.

calpower [new_value] -- Calibrate the power Level of the radio

calslicer [new_value] -- Calibrate the slicing value of the radio

calrssi [new_value] -- Calibrate the RSSI of the radio
This is normally about 700 to 800. A value of 300 will allow marginal radios to sync more often but they are unreliable. This apparently adjusts the internal values so that the threashhold where association will work is about 700.

callock -- Lock in the current calibration settings
cat -- Concatenate and display. From Unix
This shows a file.

cd -- Change working directory. From Unix

clearsyslog -- Clear the system event log:

clearwebfile -- Clear all custom web files

clraltboot -- Clear Alt image

clrbtbl -- bcb -- Print BridgeCb
Same info is on web page.

clrrmtsyslog -- Clear remote device system log

clrscr -- Clear the screen, using TERM value

cmp -- Perform a byte-by-byte comparison of two files. From Unix

cp -- Copy files. From Unix

date -- Display or set the date. From Unix
defaulttxpower -- Display or set the default power.

du -- Display disk blocks usage. From Unix

echo -- Echo arguments to the standard output. From Unix

feccb -- bcb -- Print BridgeCb
Same info is on web page.

fpga_conf -- Update FPGA program

getid -- Get user id and group id

getpri -- Get task priority

g -- GPS Status

head -- Display the first few lines of the specified files. From Unix

help -- Display reference manual pages

httpstat -- Engineering Debug stats for the http daemon

idlecnt -- Returns the tick count since last Idle Task switch

ifconfig -- Configure network interface parameters. From Unix

ip -- Modify/display IP address

jbi -- Update FPGA program -- Dangerous

kfactor -- Set the K-factor for the radio

kill -- Terminate a task. From Unix

lbt -- Serial Port LoopBack Test

LinkQual -- LinkQual: performs link quality test
'L 2 99' from the AP will run a 99 second test to SU 002.

ls -- List the contents of a directory. From Unix
This is like a DIR command in dos. 'ls -l' will show detail of the file

lsweb -- List Flash Web files
This shows the files that override the default web files.

mac -- Modify/display MAC address
This may set the mac address but doesn't seem to work. It could be useful if there are mac conflicts on the net.

mkdir -- Make a directory. From Unix

mkfs -- Construct a file system. From Unix
I suspect not useful.

mount -- Mount pHILE+ file systems. From Unix
I suspect not useful.

mv -- Move or rename files. From Unix
Like the DOS "rename" command. 'mv x y' renames x to y.

netgateway -- Modify/display Default Network Gateway IP Address
This sets the default router.

netmask -- Modify/display Network Subnet Mask
netmask [-[1|2] 255.255.0.0] will set the netmask for one of the two interfaces.

netstat -- Show network status. From Unix
*****
netstat -r will show the routeing table
netstat -i shows per interface stats
netstat -a shows listening sockets and active connections
netstat -s shows full stats
*****

nfsmount -- Mount NFS file systems. Unixlike
I can't get this to work.

pcmkfs -- Construct an MS_DOS file system. Unixlike
Not useful

pcmount -- Mount MS-DOS file systems. Unixlike
Not useful

peekblock -- Read multiple long words from memory
This is a hex dump program. It only shows 128 bytes at a time.

peek -- Read long word from memory. From Basic

ping -- Send ICMP ECHO_REQUEST packets to network hosts. From Unix

poke -- Write long word to memory. From Basic. Dangerous if you update flash

popd -- Pop the directory stack. From Unix

pushd -- Push current directory onto the directory stack. From Unix

pwd -- Display the pathname of the current working directory. From Unix

reset -- Reset the unit
Simply resets the unit.

resume -- Resume a task

rfcb -- bcb -- Print BridgeCb
Same info is on web page.

rfofft -- Set the timeout for the RFOff command

rfoff -- Turn off the RF and reset the FPGA

rfsync -- Force syncronization

rmdir -- Remove (unlink) directories. From Unix

rm -- Remove (unlink) files. From Unix

route -- Manipulate IP routing table. From Unix
route -a shows the route table.

rtmclr -- Clear RealTime Trace and Stats

rtm -- Display RealTime Stats
This shows all the tasks and their stack sizes.

rtmon -- RealTime Monitor ON

rtmt -- Display RealTime Trace

sesstatus -- Display the current session status

setclock -- Set the system date and time

setenv -- Set environment variables. From Unix
This only seems to allow existing variables to be set. This is useful if your telneting out to another server and want to set the termcap entry.

setfreq -- Set Scan Frequencys
This can take a list. Better done from the web page.

setid -- Set user id and group id
Not useful here.

setpri -- Set task priority

sleep -- Suspend execution for a specified interval. From Unix
'sleep 10' causes the shell to return in 10 seconds. Not useful.

startmontask -- Startmontask [1..20]: starts buffer monitor broadcast

stopmontask -- Stopmontask - stops buffer monitor broadcast

suspend -- Suspend a task

sync -- Force changed blocks to disk. From Unix

syslog -- Display system event log: syslog
syslog filename will copy the syslog to a file.

tail -- Display the last part of a file. From Unix
'tail -5 x' shows the last 5 lines of file x.

touch -- Update the modification time of a file. From Unix

umount -- Umount file systems. From Unix
not useful.

update -- Enable/Disable automatic SM code updating
Unknown and maybe dangerous.

version -- Display the software version string

Shows software version and FPGA version.

The commands were found by running "help command" on each of the commands and then tring many of them.

Many commands are only found in some versions. The following table shows command compatibility
 
The Following 4 Users Say Thank You to doppelganger For This Useful Post:
 

 Re: Smartbro Motorola Canopy Hack
Old 05-19-2011, 11:02 PM   #3
 
methodpopo's Avatar

methodpopo
Junior Member
methodpopo is offline
Posts: 2
PX Cash: 131
methodpopo is on a distinguished road
Rep Power: 0
Default Re: Smartbro Motorola Canopy Hack

working pa po ba to?
 
 

 Re: Smartbro Motorola Canopy Hack
Old 06-01-2011, 10:49 AM   #4
 
planskie's Avatar

planskie
Junior Member
planskie is offline
Posts: 6
PX Cash: 201
planskie is on a distinguished road
Rep Power: 0
Default Re: Smartbro Motorola Canopy Hack

boss thanks you. try mo muna.
 
 

 Re: Smartbro Motorola Canopy Hack
Old 08-06-2011, 09:21 PM   #5
 
pole92's Avatar

pole92
Junior Member
pole92 is offline
Posts: 4
PX Cash: 180
pole92 is on a distinguished road
Rep Power: 0
Default Re: Smartbro Motorola Canopy Hack

boss tama ba tong ginawa ko ? o baliktad ang wiring ?

 
 

 Re: Smartbro Motorola Canopy Hack
Old 08-08-2011, 08:16 AM   #6
 
doppelganger's Avatar

doppelganger
The Unknown
doppelganger is offline
Posts: 1,196
PX Cash: 10,452
doppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant futuredoppelganger has a brilliant future
Rep Power: 269
Default Re: Smartbro Motorola Canopy Hack

Originally Posted by pole92 Register to view links
boss tama ba tong ginawa ko ? o baliktad ang wiring ?

Pin 1 → white / orange ← Pin 1
Pin 2 → white / green ← Pin 2
Pin 3 → white / blue ← Pin 3
Pin 4 → green ← Pin 6
Pin 5 → blue ← Pin 5
Pin 6 → orange← Pin 4

tama naman but sorry to say this to you.dapat di ko na toh pinost baka ako pa ang maging dahilan na makulong kayo once mahuli kayo use this at your own risk


this is my last update. pakiclose green cross team
 
The Following 2 Users Say Thank You to doppelganger For This Useful Post:
 

 Re: Smartbro Motorola Canopy Hack
Old 08-08-2011, 08:28 AM   #7
 
grayfox's Avatar

grayfox
Fox Hound Ninja
grayfox is offline
Posts: 742
PX Cash: 21,278
grayfox has much to be proud ofgrayfox has much to be proud ofgrayfox has much to be proud ofgrayfox has much to be proud ofgrayfox has much to be proud ofgrayfox has much to be proud ofgrayfox has much to be proud ofgrayfox has much to be proud ofgrayfox has much to be proud of
Rep Power: 246
Default Re: Smartbro Motorola Canopy Hack

Thread will be closed as per requested by TS.
 
The Following 2 Users Say Thank You to grayfox For This Useful Post:
 
Closed Thread

Bookmarks

Tags
doppleganger


Facebook Comments

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +8. The time now is 03:34 PM.

Powered by: vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios

Disclaimer: None of the files shown here are hosted or transmitted by this server. The links are provided solely by this site’s users. All references are copyright to their respective owners. Pinoyxtreme.com is not responsible for what its users post, or any other actions of its users. Pinoyxtreme.com is not responsible for the accuracy, compliance, copyright, legality, decency, or any other aspect of the content of other linked sites. You may not use this site to distribute or download any material when you do not have the legal rights to do so. It is your own responsibility to adhere to these terms.