Grab and Convert Certs from sb5101 to sb6120

First let me explain that extracting the certicates from Haxorware from the Baseline Privacy tab do NOT work, (either from the .tar or by downloading certicates separately).You will need to extract them from the 32 KB nonvol or 2MB dump. So please make sure you always keep a backup of your modem at all times. Here's why: The length of the keys (in hex) when you extract them from haxorware are as follows: 1. 2. 3. 4. 5. public.key 8B private.key 289 root.key 10D cm_cert.key 326 ca_cert.key 403

This is actually incorrect. If you use the nonvol explorer and extract the keys from your nonvol, the lengths will be as so: 1. 2. 3. 4. 5. public.key 8D private.key 289 root.key 110 cm_cert.key 32F ca_cert.key 409

These inconsistencies will give rise to this error when trying to start BPI: [ERROR] [DOCSIS.BPI(pid=267)]: Decrypt Auth Key: Couldn't format PKCS#8 private key into PKCS#1 format! This is a step-by-step tutorial on how to both extract the needed keys from your SB5101 running Haxorware and import them into your SB6120 with shelled rmware. 1) Open Haxorware on your SB5101 and go to backup tab. Select download nonvol (32 KB). This will download a nonvol.bin le. 2) Get the nonvol explorer program (cmnonexp.exe) by qingpu. Version 1.1.1 -> (google search)

1 of 2

3) Place nonvol.bin and cmnonexp.exe in same folder. Open CMD and navigate to that folder. Run "cmnonexp.exe -e -f nonvol.bin". This will extract 5 les and they will appear in the folder with these names: non01_1_public.key non01_2_private.key non01_3_root.key non01_4_cm_cert.cer non01_5_ca_cert.cer 4) Rename them as follows: non01_1_public.key -> mfg_key_pub.bin non01_2_private.key -> cm_key_prv.bin non01_3_root.key -> root_pub_key.bin non01_5_ca_cert.cer -> mfg_cert.cer No need to rename cm_cert.cer 5) Setup FTP server. Set the directory to whatever has those les you just renamed. 6) In SB6120 shell, navigate to "cd /nvram/1/security". Use the "ls" command to list the contents and you should see the certs in there already. 7) Remove the links to the les in there by using: rm mfg_key_pub.bin rm cm_key_prv.bin rm root_pub_key.bin rm mfg_cert.cer rm cm_cert.cer 8) Download the new ones (assuming your FTP server has no user/pass and using port 21, adjust accordingly): wgetftp://192.168.100.2/mfg_key_pub.bin wgetftp://192.168.100.2/cm_cert.cer wgetftp://192.168.100.2/mfg_cert.cer wgetftp://192.168.100.2/cm_key_prv.bin wgetftp://192.168.100.2/root_pub_key.bin 9) CHMOD the new les chmod 444 mfg_key_pub.bin chmod 444 cm_cert.cer chmod 444 mfg_cert.cer chmod 444 cm_key_prv.bin chmod 444 root_pub_key.bin Regardless if you need the root cert or not this method can be used for all 5 and works ne. I have conrmed that BPI+ works using this method with the matching MAC of course.

www.modempremodz.net

2 of 2