[c-nsp] Cisco 827 prom cookie corrupt

Ted Mittelstaedt tedm at toybox.placo.com
Tue Jan 11 03:45:47 EST 2005



> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Mark
> Sent: Monday, January 10, 2005 8:16 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Cisco 827 prom cookie corrupt
>
>
> Hi All,
>
>    i have a some Cisco 827 that refuse to start giving these errors:
>
> "WARNING: Cookie information is corrupt"
>
> loadprog: error - Invalid image for platform
> e_machine= 62 , cpu_type = 80
>
> Cannot load "Flash:"
>
> If I understand cookie information is where cisco write all information
> identity on the router (name, serial, rma, etc) and it's also used to
> determinate if ios image is right for the platform.
>
> If i remember is possible to repopulate Cookie information but i need
> to go with "priv" on romon but to do that i need a password.
>

If the cookie info really got zapped the password is going to
be all zeros.

> These routers are out of warranty and cisco asked a price higher of
> list price to repair. Being this error only a marginal problem
> (hardware is working good, the router "only" lost his identity) I ask
> if  someone has the same problem and the way to resolve it.
>
> Maybe I can copy cookie information between identical routers?

Yes, you can.

I suspect Cisco's laywers have been busy threatening people since
no US websites contain any info on this.  But there's
plenty of info on Russian websites, though.  I wonder how long this
will post will stay in the archives. ;-)

Here's some info I found:

-----

http://ers.pp.ru/cisco/priv.html

-----

http://www.dslreports.com/forum/remark,10201299~mode=flat

-----

once you get into priv mode, "cookie ?" will give some help

-----

A word is a sequence of 16 or 32 bit (16 in this case).

A byte is a sequence of 8 bit.

So 5 words are 10 byte (in this case).

So if your cookie contain 00 01 00 80 C8 E9 8B 01 3E 00, the first word
is 0001, the second 0080, etc.

-----

Here's one from an 827-4V I found:


2. "WARNING: Cookie information is corrupt"
????????? ?? Xeon (ok) on 19-???-04, 04:27  (MSK)
>??????? ios ????? xmodem
ios ?????, ?????? cookie
? ???? ???? ?????????? ????????? ?????:

01 01 00 01 97 a4 8a 58 3e 00 01 00 02 00 00 00
00 00 00 00 00 00 00 00 4a 41 44 04 14 30 32 58
34 05 02 19 87 00 00 00 00 ff ff ff 50 04 49 10
bc 05 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

MAC ????????, ????? ?? ???? ??????????.

??? ??????????.

-------

That ought to give you enough info to fix it if your a real hacker.

next time do a better job with the search engines, this only took
me about 15 minutes to get.

Another suggestion - go to a WORKING 827 first, get a
set of hex digits for that to copy to your blown up ones -
but make sure to change the hex digits for the MAC addess.
Of course they are all going to have the same serial #'s.

And for God's sake, quit screwing around with
IOS 'images' that you find posted in some chatroom.

Ted



More information about the cisco-nsp mailing list