Hacking the Cable Modem
No Starch Press 2006.
ISBN 1-59327-101-8. 290 pages; 4 Appendices; Index
Reviewed by Bob Bruen 9/14/06
Just when I thought the old style tradition of hacking was lost forever, I was thrilled to discover Hacking the Cable Modem. The security industry has moved towards defense, public descriptions of vulnerabilities, policy making and other characteristics of a fairly mature industry. This is not a criticism, but rather an acknowledgment that the world has changed, resulting in a loss of innocence when it comes to exploring new technology for the sake of understanding it. The word "hacking" has taken on a pejorative connotation which belongs to the little used term "cracker." The struggle between those who want to understand systems has moved into the war between law enforcement and criminals. The war also encompasses legal battles between organizations like the Electronic Frontier and the federal government and the certain segments of industry. The escalation has taken the fun out of playing with technology.
Thus it is refreshing to see a book written by a next generation hacker who works in the old tradition. It is also satisfying to see the thoroughness of his work. The entire process of hacking a cable modem is described in teaching-style format with illustrations, photos and screenshots. And I mean the entire process, from hardware through software to hacking.
Starting with hardware, there are instructions on building cables, opening up the cable modem, soldering and unsoldering, accompanied by schematics and a parts list. Even if you were not interested in cable modems per se, this is a great introduction to working with hardware.
The software side covers several areas. The assembly language for cable modems is not the same as for the ubiquitous ix86 architecture, so you get to learn about cross-compilers. As an expert hacker, DerEngel also explains about how and why SNMP and MIBs matter to cable modems.
The next area of software is the software he and his associates have developed for hacking the cable modems. The software is generally available at www.tcnsio.net, although some of it requires registration. The software ranges from sniffers to firmware changers and hex editors and configuration file editors. The collection is definitely worth investigating.
Clearly, this is all about reverse engineering the hardware and software of the cable modems, but it is also about the standards for cable modems, Data Over Cable Service Interface Specification (DOCSIS) is public, even if the specs for the particular modem may not be. The history of specification development generally is sordid, even though it eventually works itself out. The DOCSIS specification is no exception and the implementation of the specs are not always well done, hence the backdoors, buffer overflows and so forth.
With about 100 million cable modems out there connecting various pieces of the Internet, it seems obvious that they need to be researched. If you use one of the cable modems, you need to read this book. One of the many great features of the book is a product review of modems with ratings, hackability, prices and description. This is a really informative, well done book and highly recommended. And I even used the book to poke around in my own cable modem. Thanks RH.