Yes, I know this topic has been covered before, but extracting the certificates

from Haxorware from the Baseline Privacy tab do NOT work, (either from the .tar
or by downloading certificates separately). You will need to extract them from t
he 32 KB nonvol or 2MB dump.
Here's why:
The length of the keys (in hex) when you extract them from haxorware are as foll
ows:
public.key 8B
private.key 289
root.key 10D
cm_cert.key 326
ca_cert.key 403
This is actually incorrect. If you use the nonvol explorer and extract the keys
from your nonvol, the lengths will be as so:
public.key 8D
private.key 289
root.key 110
cm_cert.key 32F
ca_cert.key 409
These inconsistencies will give rise to this error when trying to start BPI:
[ERROR] [DOCSIS.BPI(pid=267)]: Decrypt Auth Key: Couldn't format PKCS#8 private
key into PKCS#1 format!
For those of you who know what you're doing, you already know what to do at this
point. For those of you who don't, I will be kind enough to give you a step-by-
step tutorial on how to both extract the needed keys from your SB5101 running Ha
xorware and import them into your SB6120 with shelled firmware. Most of this inf
o is from other places on the board, so I'm not trying to take credit for it. Bu
t here, it is compiled into one guide from start to finish.
1) Open Haxorware on your SB5101 and go to backup tab. Select download nonvol (3
2 KB). This will download a nonvol.bin file.
2) Get the nonvol explorer program (cmnonexp.exe) by qingpu. Version 1.1.1 -> ht
tp://www.sbhacker....&attach_id=3384
3) Place nonvol.bin and cmnonexp.exe in same folder. Open CMD and navigate to th
at folder. Run "cmnonexp.exe -e -f nonvol.bin". This will extract 5 files and th
ey will appear in the folder with these names:
non01_1_public.key
non01_2_private.key
non01_3_root.key
non01_4_cm_cert.cer
non01_5_ca_cert.cer
4) Rename them as follows:
non01_1_public.key -> mfg_key_pub.bin
non01_2_private.key -> cm_key_prv.bin
non01_3_root.key -> root_pub_key.bin
non01_5_ca_cert.cer -> mfg_cert.cer
No need to rename cm_cert.cer
5) Setup FTP server. Set the directory to whatever has those files you just rena
med.
6) In SB6120 shell, navigate to "cd /nvram/1/security". Use the "ls" command to
list the contents and you should see the certs in there already.
7) Remove the links to the files in there by using:
rm mfg_key_pub.bin
rm cm_key_prv.bin
rm root_pub_key.bin
rm mfg_cert.cer
rm cm_cert.cer
8) Download the new ones (assuming your FTP server has no user/pass and using po
rt 21, adjust accordingly):
wget ftp://192.168.100.2/mfg_key_pub.bin
wget ftp://192.168.100.2/cm_cert.cer
wget ftp://192.168.100.2/mfg_cert.cer
wget ftp://192.168.100.2/cm_key_prv.bin
wget ftp://192.168.100.2/root_pub_key.bin
9) CHMOD the new files
chmod 444 mfg_key_pub.bin
chmod 444 cm_cert.cer
chmod 444 mfg_cert.cer
chmod 444 cm_key_prv.bin
chmod 444 root_pub_key.bin
Regardless if you need the root cert or not this method can be used for all 5 an
d works fine. I have confirmed that BPI+ works using this method with the matchi
ng MAC of course.