Unfortunately theirs no hacked firmware
available yet for the SB5101 but have a read of the
following that was posted on Modshack by:
In the blackcat program folder, go to the
broadcom folder and add this line to the
broadcom.bc file jtagpart 0x3349 "bcm3349"
"bcm3349_docsis" and create a new .bc file
containing this line script
"./jtagparts/common/ejtag.bcs" and save the file as
Build 126+ is the only version that has support
for 5101 devices. Unfortunately for all you
pirates, these builds have online protection
integrated so you must be a member and have
purchased a firmware.
Well now you can sort your 5101 modem out
without being a TCNIO member and having the latest
Do the above in build 120.
Here's another way to mod the SB5101 without
using modified firmware.
The following screen shots and text were put
The JTAG and serial ports make it cable modem
modding perfection. There is however a distinct
lack of firmware that will work on it. You can of
course use the Ambit 250 hacked firmware on which
works fine (as the Ambit 250 is pretty much the
same modem as a SB5101E). However, this tutorial is
for those of you that would rather use the more up
to date original firmware that came with the modem.
On mine, that firmware is
SB5101E-0.4.1.4-SCM02-NOSH. Of course, this
firmware has no console, so, you would think you
are stuck with simply changing the MAC address via
blackcat and putting up with the subscribed config
of the MAC you are using, which means scratching
around looking for the few bund03 configs in your
sniffers. Well you don't have to do that. Here's a
simple guide to using the original SB5101E firmware
with all the config override options. I am assuming
you are familiar with the basic concepts of
blackcat programming and serial flashing; this
tutorial will not go into huge detail about these
processes as you are expected to know. I recommend
you use build 128 of SchwarzeKatze too.
The 5101 will need to be soldered up with the
JTAG and SERIAL port headers. This is an
illustration of the pin-outs of each port.
Note that the serial port pin outs are arranged
differently to the standard pin outs most of us are
used to, and you may need to create a small
adapter. I used a small piece of strip board, a 4
pin header and a floppy power cable I cut from an
old power supply (see image). This adapter changes
the pin outs to the same order as the ambit modems,
allowing the standard pre-built Max232/3 cables to
work without modification.
The JTAG points are however standard.
Taking a full backup.
Connect the cable feed and boot the modem and
allow it to obtain a lock. You will know it's
locked when you see all the 4 green LED's lit on
the front. Now power down the modem and disconnect
the cable feed. Connect the blackcat cable and
power the modem up again, this time take a full
backup of the modem firmware using SchwarzeKatze.
Go to the 'Flash' tab and click 'Read All' to do
Flashing a new bootloader.
After the full backup is done you need to flash
a new bootloader. As standard, the 5101E has a
quiet bootloader, this needs to be replaced with
another to allow us access to the main flash menu.
Just use SchwarzeKatze to flash the included
bootloader.bin file onto the modem using the
'Bootloader (Bootstrap)' function in the 'SB5100'
tab. Wait until this is finished.
Netbooting a shelled firmware.
Power down the modem and connect your Max232/3
cable. Load up your terminal emulator and power up
You should now see the familiar "Press '1', '2'
or 'p'" prompt appear.
as the main board IP as usual, and
as usual set your windows tcp/ip settings to
, all standard stuff so far.
Start up your tftp server (there's one included)
and make sure that its root folder is set to the
same folder that you extracted the attached rar
file into. In the flash menu,
Enter 192.168.100.10 as the TFTP IP
as the filename.
It will download it and scroll a few things on
the terminal screen, and then it will ask if you
want to save parameters to flash, enter no. The
shelled firmware will then run, although this
firmware is meant for a 5100E, it will still run on
a 5101E, it just doesn't support the tuner used in
the 5101E so it cannot lock onto the DS frequency,
but that doesn't mean we can't use the firmware to
change the modem's settings, getting the idea now?
When all booted it will start to scan for
channels, but will be complaining because the tuner
is not supported, stop this by entering these
Now enter the following commands to setup your
modem. Note some of these commands need
aa:bb:cc:dd:ee:ff (change to a valid
enable bpi true
My IP Address:
Router IP Address:
Those are the only 3 that really need to be
changed. Do you want to change the other settings?
TFTP Server IP Address:
[10.10.10.254] <type in the IP of your
area's TFTP server here>
Config file name:
Time Server IP Address:
SysLog Server IP Address:
Note that you can find your TFTP IP from using
DCHP Force or most other MAC sniffers.
That should be it, reboot the modem and
reconnect the cable feed and all should be well.
You can change the MAC address again using Blackcat
or by repeating the steps from Net booting a
All the best,