[c-nsp] 805 Cisco Router TinyROM Enable Password Recovery
Mark Tinka
mtinka at africaonline.co.sz
Thu Apr 14 11:50:45 EDT 2005
On Saturday 09 April 2005 23:49, Ted Mittelstaedt wrote:
> Does that mean the problem is fixed or not?
Yes, problem was fixed!
> Oh don't be a goose. Did you sign an NDA? If not then they can't touch
> you.
Actually spoke to TAC and they say it's fine, so, here is the fix (really glad
to put this up):
1. Boot router as normal and break into ROMMON mode.
2. You will be dropped into the 'boot>' prompt, meaning a TinyROM password has
been set.
3. You will need to enter the global password 'em gubed'. It's 'debug me'
spelt backwards. You need to do this in debug mode, like so:
boot> enable debug
password: em gubed
boot> [DANGER] passwd
new:
again:
boot> [DANGER] enable
boot#
You can then either type 'boot' to boot the installed IOS from flash, or
restart and re-break into ROMMON.
Mark.
>
> I've never called TAC but anyone who has had long
> association with hardware knows that there's generally only a few ways to
> do this:
>
> 1) Do some manipulation with a jumper on the motherboard/pull the battery
> on the motherboard/short some traces on the motherboard
>
> 2) Enter a secret password that only TAC knows that overrides the
> security
>
> 3) Enter some secret undocumented combination of keystrokes during boot
> that overrides the security.
>
> 4) Run some seecret program on the network that goes to a hidden
> port/protocol/access
> whatever on the Ethernet port
>
> 5) Send the unit back to TAC where they do one of the above.
>
> If it's item 1-3 then the info is probably already out there. If it's
> 4 the program and instructions are probably already on a warez site.
>
> It would be useful to know if it's #5 or not.
>
> Ted
More information about the cisco-nsp
mailing list