CM2000 Event Log Export Encryption

What is the file format of the exported file? 

So opening this in notepad or a text editor comes back garbled? 

When you click the export button, you get a confirmation popup:

If you confirm, you get a progress bar:

The resulting file is named NETGEAR_xxxxxxxxxxxx.bin (where xxxxxxxxxxxx is the MAC address of the modem) and opening in a text editor shows nothing human-readable (at least, not in any language I recognize).

Well probably the text that says "only for NETGEAR analysis" probably means once it's sent to NG, they only have the ability to decode and review the information. and the .bin file so this would be a encrypted binary file. So only NG can decode it. Only needed for troubleshooting extreme issues. 

Yeah, exactly. That's what I'm interested in knowing more about. Why is it encrypted? What's in the file? If someone at Netgear support can decrypt it, why can't I?

Probably due to ISP service information and other items that users may not need access too. Most of the time if there is a problem between NG and the ISP, they will collaborate on the issue to get it fixed. I've heard the modems and the FW are tightly controlled and only the ISP has the necessary information since there the ones that handle the ISP signal up to the modem and the the only ones responsible for any FW updates that NG gives them. 

Again, only for problems that can't be solved by normal means and would need NG support and engineering intervention. Otherwise,  I wouldn't worry about it. 

Yeah, not worried about it, just curious. There’s all kinds of ways to provide data to the ISP side. DOCSIS itself defines pretty much everything the head end needs to command and control a modem. Putting the customer user in charge of exporting encrypted data for the cable provider or modem manufacturer seems strange. On the other hand, for power users it’s probably got a ton of interesting data…

If you are really digging, at one time there was internet chatter about Netgear backup configuration files.  They were a XML spreadsheet compressed into a password protected zip file and then renamed.  The passwords were available in the chatter.  An internet search may find some of this history.  Maybe a similar approach on the exported event logs?

These .bin files are binary and would probably need decode tokens or keys to decode the .bin file. 

Yeah, they definitely aren't just renamed ZIP files - there is no known header in the binary data. There must be a tool that NG support and/or ISPs have access to for decrypting/decoding the file. Without access to the tool, we'd need to know the algorithm and secrets used encrypt the file. Ideally, NG is using a well known algorithm like AES, and the key is derived from some values specific to the modem and only known by the owner  - e.g. the serial number and the admin password. If this was documented, sophisticated users would be empowered to decrypt the file on their own.