Edit: Click here for a more in-depth reference on Cable Modems.

Cable Modem Hacking

Kevin Poulsen

An ambitious hackware project promises to bring illicit broadband "uncapping" to the masses, and with it the risks that come with high-speed hijinks. From a pitiable 56kbps AOL dial-up somewhere in suburban Colorado, 19-year-old Myko Hein would like to tap out this sad, regretful message to the powers-that-be at his former cable Internet provider, AT&T Broadband: I was wrong. It'll never happen again. Please take me back. It was a tough lesson to learn.

Just last month Hein thought of AT&T's service as unbearably slow -- acceptable, perhaps, for sending e-mail, but pure molasses when it came to trading software in Internet chat rooms. Hein's thirst for speed finally drove him to employ a sophisticated hack that "uncapped" his cable modem, obliterating the bandwidth limit imposed by the company, and granting him speed beyond the dreams of hotwired youth.

But it only took six hours for AT&T to catch Hein, cut him off, and ban him from their network for life. "They said they considered it theft of service," recalls Hein. "There were no second chances."

It's easy to see the hot rod appeal of tinkering with one's cable modem to tap into ridiculously high data speeds, and uncapping has become a popular exercise in the bandwidth-hungry "warez" and movie-trading underground. Today, the most common target is Motorola's popular Surfboard line of cable modems. Hackers generate a replacement configuration file for the modem that omits the capacity limits installed by the service provider. They then trick the modem into accepting the bogus file.

In addition to violating the typical broadband service agreement, there can be an anti-social aspect to uncapping. Providers put capacity limits in their subscriber's modems to prevent each user from taking more than their fair share of the bandwidth available on each node. In other words, if a user uncaps his or her modem and starts hogging bandwidth during peak hours, neighbors will suffer reduced performance. Uncapping sometimes robs Peter to pay Paul.

Instructions for pulling off the configuration file hack have been on the Web for at least a year, and chat rooms and Web boards are crowded with uncappers trading tips and experiences. But AT&T Broadband describes it as a minor problem, at worst. "I don't think it's something that's rampant," says spokesperson Sarah Eder. "It's not widespread."

Uncapping Prometheus

If cable modem hacking hasn't become a huge problem for service providers, it's probably because the process remains intimidating for non-technical users. The subscriber has to program a DOCSIS configuration file with a special editor, run their own TFTP server, change their IP address and run an DHCP server that tricks the modem into pulling the config file from their host. Dedicated hobbyists have refined the procedure and written tools to automate key portions of it, but pitfalls and caveats abound.

But that's all about to change, with the pending release of "OneStep," a user-friendly all-in-one tool that promises to make cable modem uncapping a point-and-click sport.

The work of a dangerously unemployed U.S. coder who calls himself "DerEngel," working with a colleague named "Byter", OneStep is described as a 30 megabyte monster of a program that rolls up all the various servers and spoofers needed to pull off a cable modem hack. It then hides it all behind a pretty interface with pull-down menus for selecting your service provider, modem make and model, and even the new speed limit you'd like to put on your modem -- in case you don't want the full 10 Mbs Ethernet speed.

So far, the beta version is closely held, but few in the uncapping scene dismiss OneStep as vaporware. DerEngel is already famous as the underground Prometheus of super-broadband -- the author of several publicly released programs that automate some of the steps in the uncapping process, and the host of a popular how-to site and chat system dedicated to uncapping. In an IRC interview, DerEngel said he plans to release OneStep in late May, and he expects it to open up the arcane art of uncapping to the masses. "It will be the first program of its kind," says the coder.

Speed Kills?

But what about the consequences? Myko Hein suffers a low-bandwidth exile as a result of his six hours of living dangerously. His father, who shared the household cable modem, now has to slog into work every day -- the dial-up is too slow for telecommuting. The only other broadband available in his neighborhood is IDSL service from the phone company, which would break his family's budget at over $100 a month.

Hein insists he didn't even know he was violating his service agreement, and claims the uncapping was done by an automated script passed to him by a friend on IRC -- a kind of OneStep Lite, written specifically for his service provider, modem and operating system, which he mistook for a perfectly normal connection optimizing tool. Without commenting on any particular case, AT&T Broadband claims it doesn't automatically ban a user for uncapping, and wouldn't have cut Hein off without warning unless there were aggravating factors. "We handle this on a case-by-case basis, and if someone is uncapping their service they could have their service terminated," says AT&T's Eder. "But there are all kinds of things that we have to take into account in an investigation."

DerEngel says smart uncappers know how to avoid detection. In any case, OneStep will provide disclaimers and warning statements so that the easy-to-use program will not tempt the truly innocent. Hein, who wanted more and wound up with far less, offers this advice: "Don't uncap your stuff," he says miserably. "Just don't." (SecurityFocus)