[c-nsp] 805 Cisco Router TinyROM Enable Password Recovery

Ted Mittelstaedt tedm at toybox.placo.com
Sat Apr 9 23:40:17 EDT 2005 

Church, Chuck wrote:
> Or it could be a secret password that is based on the serial number.
> And only TAC knows the hash function to run the SN against.  That's
> how I'd do it.  But I doubt they'd ever tell anyone, for obvious
> reasons. 
> 

That's how they do PIX licensing.

Ted

> 
> Chuck Church
> Lead Design Engineer
> CCIE #8776, MCNE, MCSE
> Netco Government Services - Design & Implementation Team 1210 N.
> Parker Rd. Greenville, SC 29609
> Home office: 864-335-9473
> Cell: 703-819-3495
> cchurch at netcogov.com
> PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ted
> Mittelstaedt Sent: Saturday, April 09, 2005 5:50 PM
> To: mtinka at africaonline.co.sz; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] 805 Cisco Router TinyROM Enable Password Recovery
> 
> cisco-nsp-bounces at puck.nether.net wrote:
>> On Friday 08 April 2005 21:21, Jerry K wrote:
>> 
>>> it appears that a call to the Cisco TAC is in order.
>> 
>> Indeed, did log a call with TAC and got some good response.
> 
> Does that mean the problem is fixed or not?
> 
>> Would
>> love to share on the list, but if they recommend to call TAC to fix,
>> highly doubt Cisco would be amused :).
>> 
> 
> Oh don't be a goose.  Did you sign an NDA?  If not then they
> can't touch
> you.
> 
> I've never called TAC but anyone who has had long
> association with hardware knows that there's generally only a few
> ways to do this:
> 
> 1) Do some manipulation with a jumper on the motherboard/pull the
> battery on the motherboard/short some traces on the motherboard
> 
> 2) Enter a secret password that only TAC knows that overrides the
> security 
> 
> 3) Enter some secret undocumented combination of keystrokes during
> boot that overrides the security. 
> 
> 4) Run some seecret program on the network that goes to a hidden
> port/protocol/access whatever on the Ethernet port
> 
> 5) Send the unit back to TAC where they do one of the above.
> 
> If it's item 1-3 then the info is probably already out there.  If it's
> 4 the program and instructions are probably already on a warez site.
> 
> It would be useful to know if it's #5 or not.
> 
> Ted
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list