[c-nsp] 805 Cisco Router TinyROM Enable Password Recovery
Ted Mittelstaedt
tedm at toybox.placo.com
Sat Apr 9 23:40:17 EDT 2005
Church, Chuck wrote:
> Or it could be a secret password that is based on the serial number.
> And only TAC knows the hash function to run the SN against. That's
> how I'd do it. But I doubt they'd ever tell anyone, for obvious
> reasons.
>
That's how they do PIX licensing.
Ted
>
> Chuck Church
> Lead Design Engineer
> CCIE #8776, MCNE, MCSE
> Netco Government Services - Design & Implementation Team 1210 N.
> Parker Rd. Greenville, SC 29609
> Home office: 864-335-9473
> Cell: 703-819-3495
> cchurch at netcogov.com
> PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ted
> Mittelstaedt Sent: Saturday, April 09, 2005 5:50 PM
> To: mtinka at africaonline.co.sz; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] 805 Cisco Router TinyROM Enable Password Recovery
>
> cisco-nsp-bounces at puck.nether.net wrote:
>> On Friday 08 April 2005 21:21, Jerry K wrote:
>>
>>> it appears that a call to the Cisco TAC is in order.
>>
>> Indeed, did log a call with TAC and got some good response.
>
> Does that mean the problem is fixed or not?
>
>> Would
>> love to share on the list, but if they recommend to call TAC to fix,
>> highly doubt Cisco would be amused :).
>>
>
> Oh don't be a goose. Did you sign an NDA? If not then they
> can't touch
> you.
>
> I've never called TAC but anyone who has had long
> association with hardware knows that there's generally only a few
> ways to do this:
>
> 1) Do some manipulation with a jumper on the motherboard/pull the
> battery on the motherboard/short some traces on the motherboard
>
> 2) Enter a secret password that only TAC knows that overrides the
> security
>
> 3) Enter some secret undocumented combination of keystrokes during
> boot that overrides the security.
>
> 4) Run some seecret program on the network that goes to a hidden
> port/protocol/access whatever on the Ethernet port
>
> 5) Send the unit back to TAC where they do one of the above.
>
> If it's item 1-3 then the info is probably already out there. If it's
> 4 the program and instructions are probably already on a warez site.
>
> It would be useful to know if it's #5 or not.
>
> Ted
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list