doppelganger
doppelganger is offline
10-12-2010, 05:04 PM
NOTE FROM THE AUTHOR:
USE THIS AT YOUR OWN RISK. I WILL NOT HELD RESPONSIBLE IF MAHULI KAYO NG MGA TELECOMS ONCE YOU FOLLOW THIS STEPS.
Subscriber Module Cloning Procedure You need two important things from Legal Subscriber for this to work properly Subscriber Module - ESN
PC - MAC Address
2. Input the MAC here.
Set your IP to auto assign please allow DHCP to assign your designated IP
RESTART THE SM. UNPLUG THE ADAPTER AND REPLUG IT AGAIN.
FROM CANOPY PAGE: SET THIS
WATCHDOG RESET: Configuration -> Security -> Allow IP Filter (Input this: 169.254.1.1 )
and Your Auto Asign IP)
Home -> Event -> Clear Event
3. Input ESN here.
4. Rescan AP as many times as possible
5. Success! You just clone a legal sub with no software attached.
***How you can get a working ESN and MAC? Of course from your friendly neighborhoods and must be a legal subs within the same Base Station***
Take it on your own risk!
FOR ADVANCE USER WITH KNOWLEDGE ON CNUT TOOLS (NOT FOR KIDS ON NETWORKING)
temporary set up of LAN (working in some areas only)
detecting AP
inputing the AP
refreshin SUB in the network
Sa mga di makapasok sa 169.254.1.1 kelangang mareset ang canopy. Gumamit kayo ng rj12 sampung piso lang po yan.
Kelangan lang mag clone ng ESN at MAC address ng Legal Subrcriber para Free INTERNET na ulit.
Saan Makakakuha ng ESN at MAC adress ng Legal Subscriber.
1. Sa kapitbahay or kaibigan or kakilala na naka Legal.
2. Sa Base Station o Cellsite na malapit sa inyo. Makikita dun ang mga ESN at Mac adress ng mga Legal Subscriber.
Paano i-hack ang Base Station.
1. gumamit ng software na WIRESHARK
Punta lang kayo dito: [Only Registered Users Can See LinksClick Here To Register]
at i download nyo ang software na yan para mahack ang Base Station. ma trace mo ang Ip ng Base Station ng makita ang mga esn at mac ng legal subscriber na iclone.
Kelangan ding alam nyo ang color code ng i clone nyo na esn at mac adress ng legal subrcriber.
Halimbawa:
Kung sa ap evaluation nyo ay may nadetech na 3 color code.
Example: 64, 65, 66
Halimbawa ang color code ng naclone nyo ay 64, ibang color code ang gamitin nyo, 65 or 66 ang gagamitin nyo, basta na detech sa ap evalution, magkakalapit lang naman yan. Yang ang tricks na nakakalimutan nilang gawin. At saka direct connection ka na. Walang conflict sa na clone mo sa Legal Subscriber, dahil parang new connection ang dating mo dyan. Kumbaga Unknown ka sa kanila. Dahil wala ka namang name dyan, di katulad ng Legal.
Once na ma clöne mo na ang ESN at MAC Adress ng Legal Subrcriber. Ang setting sa Lancard ay naka Auto Assign na. Hindi naka Manual Setting na katulad ng dating tricks.
Credits to:
bloodbrother of SB
Attached files: [Only Registered Users Can See LinksClick Here To Register] [Only Registered Users Can See LinksClick Here To Register] [Only Registered Users Can See LinksClick Here To Register]
doppelganger
The Unknown
Join Date: Jun 2010
Location: Im still figuring out my place in this world.
Posts: 1,148
Last edited by doppelganger; 08-08-2011 at 08:20 AM..
Views: 27470
The Following 7 Users Say Thank You to doppelganger For This Useful Post:
Learn first how the system works.
Look closely to the pictures.
SIGNAL IMPROVEMENT TECHNIQUE:
Reflector Dish for Canopy Subcriber (Long Distance from Basestation)
Beehive Reflector for Canopy (Medium Distance from Basestation)
1. Dapat alam mo yung password ng canopy page mo: 169.254.1.1
2. Mag Log In ka
3. Hanap kayo ng disconnected na DREAM Subscriber hingin mo nalang since wala ng pagagamitin ito tapos gayahin mo yung angle ng pin. Tapat mo yung Canopy sa na nakalinya sa Pin.
**Mas malakas mas maganda working din ito kung 2km or 3km kaya mula sa base station mas expanded ang reach mo**
ANTENNA POSITIONING METHOD:
PIC 5 LOOKING FOR SIGNAL
4. Look for the Lowest Jitter posible and mark its color code
5. Dito mo isave yung nakuha mo color code for stability purpose.
RESET TOOLS FOR CANOPY WITH UNKNOWN PASSWORD
pin 1 white / orange (GPS sync)
pin 2 white / green (Serial Tx 9600)
pin 3 white / blue (Serial Rx 9600)
ping 4 green (Default Jumper)
pin 5 blue (Audio /GPS Power sync)
pin 6 orange (Ground)
This override plug resets the LAN 1 IP address to 169.254.1.1. The plug allows the operator to access the module through the default configuration without changing the configuration. The operator can then view and reset any non-default values.
To fabricate an override plug:
1. Install an RJ-12 6-pin connector onto a 6-inch length of CAT 5 cable.
2. Pin out all 6-pins.
3. Short (solder or twist together) Pins 4 and 6 on the other end. Do not connect any other wires to anything. The result should be as follows:
Pin 1 → white / orange ← Pin 1
Pin 2 → white / green ← Pin 2
Pin 3 → white / blue ← Pin 3
Pin 4 → green ← Pin 6
Pin 5 → blue ← Pin 5
Pin 6 → orange← Pin 4
The operator can regain access to the module as follows:
1. Insert override plug into the RJ-12 GPS sync port of the module.
2. Apply power to the module through the Ethernet cable.
RESULT: The module reboots with the default IP address of 169.254.1.1, username=root, password fields blank, and all other configuration values as previously set.
1. Tingnan mabuti yung picture i align mo ang iyong canopy sa litrato.
2. Hugutin ang adpater ng canopy bago kumuha ng wire at pag dikitin ang pin 4 at pin 6
3. Isaksak ulit ang canopy sa UTP cable.
4. Isaksak ang adapter at pumunta sa canopy page 169.254.1.1
5. Mag punta sa Log In at mag set desire ng Username at Password
6. Patayin ang canopy pansamatala
7. Hugitin ang wire na kinabit mo sa pin 4 & pin 6
8. Isaksak muli ang iyong canopy at naka pag reset ka na ng canopy
9. Magtimpla ng ICED COLD COFEE AND CHILL AND RELAX. You have the power to access your canopy setting!
Added after 2 minutes:
Canopy Lite - 5.7GHz TELNET COMMAND LINE c/o Sabheer's PDF Files
169.254.1.1
addwebfile filename -- Add a custom web file
This take filename and copies it to the flash memory. Transfer a file to the canopy unit 1st and then use this to overwrite the factory defaults. clearwebfile will undo this. To override the image at the top of each web page, upload a new canopy.jpg image and use 'addwebfile canopy.jpg' to replace the existing one. You can only add a file once and you must remove all web pages if you need to update an existing file you've transferred. See lsweb to see what files have been uploaded.
antennagain filename -- Set Antenna Gain parameter for the radio
This will set antenna gain for some radios with external antennas.
'arp -a' will give a list of all the known ip address and their arp addresses.
'arp -d' ip_address' will delete an arp entry for a specifc ip address.
'arp -s' ip_address ether_addr' doesn't seem to work but I've had it work before.
'arp -f' filename' This should read filename and set an arp address for several ip addresses.
bcb -- bcb -- Print BridgeCb
This info is on the web page bridgecbstat.html
bertoff -- Turn on/off BERT test, berton/bertoff
You must telnet in again to run bertoff.
berton -- Turn on/off BERT test, berton/bertoff
Runs some test. You must telnet in again to run bertoff to turn it
bitset address mask -- set mask bit(s) at address, (32bits)
bitclr address mask -- clear mask bits at address
This clears all the bits that are ones in the mask in the 32 bit region at address.
bootinfo -- Display boot image info
It shows the boot header info.
btbl -- bcb -- Print BridgeCb
Same info is on web page. this shows the bridging table mac address.
burnfile -- Burn flash from file
This updates the system software. 'Burnfile boot.bin'to use file boot.bin (but boot.bin is the default). Newer versions require SMboot.bin for a SM or APboot.bin for an AP. It will also install the bootloader block.bin. On P9 hardware the FPGA code is included in *boot.bin.
calpower [new_value] -- Calibrate the power Level of the radio
calslicer [new_value] -- Calibrate the slicing value of the radio
calrssi [new_value] -- Calibrate the RSSI of the radio
This is normally about 700 to 800. A value of 300 will allow marginal radios to sync more often but they are unreliable. This apparently adjusts the internal values so that the threashhold where association will work is about 700.
callock -- Lock in the current calibration settings
cat -- Concatenate and display. From Unix
This shows a file.
cd -- Change working directory. From Unix
clearsyslog -- Clear the system event log:
clearwebfile -- Clear all custom web files
clraltboot -- Clear Alt image
clrbtbl -- bcb -- Print BridgeCb
Same info is on web page.
clrrmtsyslog -- Clear remote device system log
clrscr -- Clear the screen, using TERM value
cmp -- Perform a byte-by-byte comparison of two files. From Unix
cp -- Copy files. From Unix
date -- Display or set the date. From Unix
defaulttxpower -- Display or set the default power.
du -- Display disk blocks usage. From Unix
echo -- Echo arguments to the standard output. From Unix
feccb -- bcb -- Print BridgeCb
Same info is on web page.
fpga_conf -- Update FPGA program
getid -- Get user id and group id
getpri -- Get task priority
g -- GPS Status
head -- Display the first few lines of the specified files. From Unix
help -- Display reference manual pages
httpstat -- Engineering Debug stats for the http daemon
idlecnt -- Returns the tick count since last Idle Task switch
ifconfig -- Configure network interface parameters. From Unix
ip -- Modify/display IP address
jbi -- Update FPGA program -- Dangerous
kfactor -- Set the K-factor for the radio
kill -- Terminate a task. From Unix
lbt -- Serial Port LoopBack Test
LinkQual -- LinkQual: performs link quality test
'L 2 99' from the AP will run a 99 second test to SU 002.
ls -- List the contents of a directory. From Unix
This is like a DIR command in dos. 'ls -l' will show detail of the file
lsweb -- List Flash Web files
This shows the files that override the default web files.
mac -- Modify/display MAC address
This may set the mac address but doesn't seem to work. It could be useful if there are mac conflicts on the net.
mkdir -- Make a directory. From Unix
mkfs -- Construct a file system. From Unix
I suspect not useful.
mount -- Mount pHILE+ file systems. From Unix
I suspect not useful.
mv -- Move or rename files. From Unix
Like the DOS "rename" command. 'mv x y' renames x to y.
netgateway -- Modify/display Default Network Gateway IP Address
This sets the default router.
netmask -- Modify/display Network Subnet Mask
netmask [-[1|2] 255.255.0.0] will set the netmask for one of the two interfaces.
netstat -- Show network status. From Unix
*****
netstat -r will show the routeing table
netstat -i shows per interface stats
netstat -a shows listening sockets and active connections
netstat -s shows full stats
*****
nfsmount -- Mount NFS file systems. Unixlike
I can't get this to work.
pcmkfs -- Construct an MS_DOS file system. Unixlike
Not useful
pcmount -- Mount MS-DOS file systems. Unixlike
Not useful
peekblock -- Read multiple long words from memory
This is a hex dump program. It only shows 128 bytes at a time.
peek -- Read long word from memory. From Basic
ping -- Send ICMP ECHO_REQUEST packets to network hosts. From Unix
poke -- Write long word to memory. From Basic. Dangerous if you update flash
popd -- Pop the directory stack. From Unix
pushd -- Push current directory onto the directory stack. From Unix
pwd -- Display the pathname of the current working directory. From Unix
reset -- Reset the unit
Simply resets the unit.
resume -- Resume a task
rfcb -- bcb -- Print BridgeCb
Same info is on web page.
rfofft -- Set the timeout for the RFOff command
rfoff -- Turn off the RF and reset the FPGA
rfsync -- Force syncronization
rmdir -- Remove (unlink) directories. From Unix
rm -- Remove (unlink) files. From Unix
route -- Manipulate IP routing table. From Unix
route -a shows the route table.
rtmclr -- Clear RealTime Trace and Stats
rtm -- Display RealTime Stats
This shows all the tasks and their stack sizes.
rtmon -- RealTime Monitor ON
rtmt -- Display RealTime Trace
sesstatus -- Display the current session status
setclock -- Set the system date and time
setenv -- Set environment variables. From Unix
This only seems to allow existing variables to be set. This is useful if your telneting out to another server and want to set the termcap entry.
setfreq -- Set Scan Frequencys
This can take a list. Better done from the web page.
setid -- Set user id and group id
Not useful here.
setpri -- Set task priority
sleep -- Suspend execution for a specified interval. From Unix
'sleep 10' causes the shell to return in 10 seconds. Not useful.
boss tama ba tong ginawa ko ? o baliktad ang wiring ?
Pin 1 → white / orange ← Pin 1
Pin 2 → white / green ← Pin 2
Pin 3 → white / blue ← Pin 3
Pin 4 → green ← Pin 6
Pin 5 → blue ← Pin 5
Pin 6 → orange← Pin 4
tama naman but sorry to say this to you.dapat di ko na toh pinost baka ako pa ang maging dahilan na makulong kayo once mahuli kayo use this at your own risk
this is my last update. pakiclose green cross team
The Following 2 Users Say Thank You to doppelganger For This Useful Post:
Re: Smartbro Motorola Canopy Hack (update Oct. 12, 2010)
but sorry to say this to you.dapat di ko na toh pinost baka ako pa ang maging dahilan na makulong kayo once mahuli kayo 
