cisco 857 password recovery|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||||||||||||||
|
Posted by Graham Turner on July 1, 2009, 5:04 am
Please log in for more thread options
> > > > >Thanks further note back. not sure if i am being daft, but does no=
t
> > > > >appear to be any removable mem modules on the 857 we have.
pes
> > > > >there are 3 empty 'slots' - one DIMM like, and two slots of the ty= > > > > >that i have installed vpn modules in - dont know if that makes sen=
se ?
>
> > > > The 857 doesn't have removable Flash like most other Cisco routers
> > > > (including the 877 which does). >
> > > Sorry. I had the idea that the 877 was removable but I
> > > did not know about the 850. We mostly used 870's. >
> > > It's not like cisco to have something which cannot be recovered.
> > > Very, very unusual. >
> > > I am not sure what the slots are for but I would guess
> > > extra RAM and Flash. >
> > >http://www.cisco.com/en/US/docs/routers/access/800/hardware/notes/800.=
..
>
> > > Cisco 851 and 857 routers
> > > Flash Memory Card Options 4 MB, 16 MB, or 32 MB > > > Default Flash Memory 20 MB (onboard flash memory only) > > > Maximum Flash Memory 20 MB >
> > > This seems ODD.
> > > Default + Option =3D Max (which is Default) >
> > > There are no flash memory part numbers listed for the 85x.
>
> > > Thing is that it is important to remember the purpose
> > > of no service-pass. It is to *ensure* that cryptographic > > > keys cannot be recovered from the router. It is going > > > to be tough to work round. >
> > > As suggested, get it on smartnet and let cisco deal with it.
> > > Or get another one on ebay? >
> > i am totally happy with the purpose of the 'service-pass' to prevent
> > recovery of passwords, but this is not what we want to do >
> > do i have it right though that this disables the hardware reset
> > button, which seems to be ignored by the router ? >
> I think the button only does a cold boot reset - like on a PC. > I know that some other network kit does a factory reset > but cisco does not as far as I am aware. > I have never used it. > > Have you tried sending a break in the first 5 seconds after power on? > > Firstly make SURE you are sending a break - ideally test on > another router. > > I suggest then (if using hyperterminal and not using a > USB serial port adapter that does not send break) > press the <CTRL> key > power on the router > immediately begin pressing the break key every two seconds > do not hammer away at it > do this for at least ten seconds > > Power off and try again every second. > > Some USB serial port adapters do not send break signal > Some versions of hyperterminal do not send a break signal. > Various different terminal emulators use different keys > Macintoshes apparently do not send breaks (but there > is a workaround - set very slow baud rate and press some > certain key or other) > > Why not try for longer too?- Hide quoted text - > > - Show quoted text - I am sure that we are sending the break to the router - have tested same sequence on a functional 857. what i suspect is that the 'no service password-recovery' has done has manipulated the config-register so as to perhaps disable the break ? or perhaps access to the rommon completely ? Thanks again for notes back | ||||||||||||||||||||||||||||||||||
|
Posted by bod43 on July 1, 2009, 6:14 am
Please log in for more thread options >
> > > > > > > > > > >Thanks further note back. not sure if i am being daft, but does =
not
> > > > > >appear to be any removable mem modules on the 857 we have.
types
> > > > > >there are 3 empty 'slots' - one DIMM like, and two slots of the = > > > > > >that i have installed vpn modules in - dont know if that makes s=
ense ?
>
> > > > > The 857 doesn't have removable Flash like most other Cisco router=
s
> > > > > (including the 877 which does).
>
> > > > Sorry. I had the idea that the 877 was removable but I
> > > > did not know about the 850. We mostly used 870's. >
> > > > It's not like cisco to have something which cannot be recovered.
> > > > Very, very unusual. >
> > > > I am not sure what the slots are for but I would guess
> > > > extra RAM and Flash. >
> > > >http://www.cisco.com/en/US/docs/routers/access/800/hardware/notes/80=
0...
>
> > > > Cisco 851 and 857 routers
> > > > Flash Memory Card Options 4 MB, 16 MB, or 32 MB > > > > Default Flash Memory 20 MB (onboard flash memory only) > > > > Maximum Flash Memory 20 MB >
> > > > This seems ODD.
> > > > Default + Option =3D Max (which is Default) >
> > > > There are no flash memory part numbers listed for the 85x.
>
> > > > Thing is that it is important to remember the purpose
> > > > of no service-pass. It is to *ensure* that cryptographic > > > > keys cannot be recovered from the router. It is going > > > > to be tough to work round. >
> > > > As suggested, get it on smartnet and let cisco deal with it.
> > > > Or get another one on ebay? >
> > > i am totally happy with the purpose of the 'service-pass' to prevent
> > > recovery of passwords, but this is not what we want to do >
> > > do i have it right though that this disables the hardware reset
> > > button, which seems to be ignored by the router ? >
> > I think the button only does a cold boot reset - like on a PC.
> > I know that some other network kit does a factory reset > > but cisco does not as far as I am aware. > > I have never used it. >
> > Have you tried sending a break in the first 5 seconds after power on?
>
> > Firstly make SURE you are sending a break - ideally test on
> > another router. >
> > I suggest then (if using hyperterminal and not using a
> > USB serial port adapter that does not send break) > > press the <CTRL> key > > power on the router > > immediately begin pressing the break key every two seconds > > do not hammer away at it > > do this for at least ten seconds >
> > Power off and try again every second.
>
> > Some USB serial port adapters do not send break signal
> > Some versions of hyperterminal do not send a break signal. > > Various different terminal emulators use different keys > > Macintoshes apparently do not send breaks (but there > > is a workaround - set very slow baud rate and press some > > certain key or other) >
> > Why not try for longer too?- Hide quoted text -
>
> > - Show quoted text -
>
> I am sure that we are sending the break to the router - have tested > same sequence on a functional 857. > > what i suspect is that the 'no service password-recovery' has done has > manipulated the config-register so as to perhaps disable the break ? > or perhaps access to the rommon completely ? > > Thanks again for notes back My frail understanding is that no service password-rec disables access to the rommon. It seems that once IOS starts there is a short period where the serial port is monitored for a break signal which permits entry to the recovery menu which has the option of clearing the config. So with no IOS and no reasonable way to get one on board you seem to be stuffed. De-soldering and re-soldering these chips is quite possible for suitably skilled people but on a commercial basis for sure not worth it. Especially if you were to consider dismantling a good router as well!!! I think they use a hot air gun to heat the board and release/ re-attach the chip. Trick might be to make sure that not too much falls off. Still, now you have had a course on cisco boot process. Most of the routers/switches are very similar. | ||||||||||||||||||||||||||||||||||
|
Posted by Graham Turner on July 1, 2009, 6:22 am
Please log in for more thread options >
> > > > > > > > > > > > > > >Thanks further note back. not sure if i am being daft, but doe=
s not
> > > > > > >appear to be any removable mem modules on the 857 we have.
e types
> > > > > > >there are 3 empty 'slots' - one DIMM like, and two slots of th= > > > > > > >that i have installed vpn modules in - dont know if that makes=
sense ?
>
> > > > > > The 857 doesn't have removable Flash like most other Cisco rout=
ers
> > > > > > (including the 877 which does).
>
> > > > > Sorry. I had the idea that the 877 was removable but I
> > > > > did not know about the 850. We mostly used 870's. >
> > > > > It's not like cisco to have something which cannot be recovered.
> > > > > Very, very unusual. >
> > > > > I am not sure what the slots are for but I would guess
> > > > > extra RAM and Flash. >
> > > > >http://www.cisco.com/en/US/docs/routers/access/800/hardware/notes/=
800...
>
> > > > > Cisco 851 and 857 routers
> > > > > Flash Memory Card Options 4 MB, 16 MB, or 32 MB > > > > > Default Flash Memory 20 MB (onboard flash memory only) > > > > > Maximum Flash Memory 20 MB >
> > > > > This seems ODD.
> > > > > Default + Option =3D Max (which is Default) >
> > > > > There are no flash memory part numbers listed for the 85x.
>
> > > > > Thing is that it is important to remember the purpose
> > > > > of no service-pass. It is to *ensure* that cryptographic > > > > > keys cannot be recovered from the router. It is going > > > > > to be tough to work round. >
> > > > > As suggested, get it on smartnet and let cisco deal with it.
> > > > > Or get another one on ebay? >
> > > > i am totally happy with the purpose of the 'service-pass' to preven=
t
> > > > recovery of passwords, but this is not what we want to do
>
> > > > do i have it right though that this disables the hardware reset
> > > > button, which seems to be ignored by the router ? >
> > > I think the button only does a cold boot reset - like on a PC.
> > > I know that some other network kit does a factory reset > > > but cisco does not as far as I am aware. > > > I have never used it. >
> > > Have you tried sending a break in the first 5 seconds after power on?
>
> > > Firstly make SURE you are sending a break - ideally test on
> > > another router. >
> > > I suggest then (if using hyperterminal and not using a
> > > USB serial port adapter that does not send break) > > > press the <CTRL> key > > > power on the router > > > immediately begin pressing the break key every two seconds > > > do not hammer away at it > > > do this for at least ten seconds >
> > > Power off and try again every second.
>
> > > Some USB serial port adapters do not send break signal
> > > Some versions of hyperterminal do not send a break signal. > > > Various different terminal emulators use different keys > > > Macintoshes apparently do not send breaks (but there > > > is a workaround - set very slow baud rate and press some > > > certain key or other) >
> > > Why not try for longer too?- Hide quoted text -
>
> > > - Show quoted text -
>
> > I am sure that we are sending the break to the router - have tested
> > same sequence on a functional 857. >
> > what i suspect is that the 'no service password-recovery' has done has
> > manipulated the config-register so as to perhaps disable the break ? > > or perhaps access to the rommon completely ? >
> > Thanks again for notes back
>
> My frail understanding is that no service password-rec > disables access to the rommon. > > It seems that once IOS starts there is a short period > where the serial port is monitored for a break signal > which permits entry to the recovery menu which has > the option of clearing the config. > > So with no IOS and no reasonable way to get one on board > you seem to be stuffed. > > De-soldering and re-soldering these chips is quite possible > for suitably skilled people but on a commercial basis for > sure not worth it. Especially if you were to consider > dismantling a good router as well!!! > > I think they use a hot air gun to heat the board and release/ > re-attach the chip. Trick might be to make sure that not too > much falls off. > > Still, now you have had a course on cisco boot process. > Most of the routers/switches are very similar.- Hide quoted text - > > - Show quoted text - Indeed - one which we will no doubt look back on and smile - thanks for your advices on this | ||||||||||||||||||||||||||||||||||
|
Posted by Dan Lanciani on July 1, 2009, 5:46 pm
Please log in for more thread options Bod43@hotmail.co.uk (bod43) writes:
| De-soldering and re-soldering these chips is quite possible | for suitably skilled people but on a commercial basis for | sure not worth it. Especially if you were to consider | dismantling a good router as well!!! You can usually get around this kind of thing without unsoldering (or at least without fully unsoldering) anything by convincing the box that the saved configuration is corrupt. I don't know what the 857 uses for configuration storage but NVRAM, eeprom, and flash parameter blocks are common. If the architecture isolates the various busses you can often simply ground an address line on the memory device to confuse the box into thinking the configuration is bogus. This is most tricky on flash devices where the boot block is also being used to, well, boot... It helps to get the data sheet for the flash device to see the sector architecture which will in turn allow you to select good candidate address lines. If the busses are not isolated you may need to lift a pin, but don't ignore the possibility of glitching a chip enable pin to take the whole device out of memory space at the right time. Dan Lanciani ddl@danlan.*com | ||||||||||||||||||||||||||||||||||
|
Posted by Uli Link on July 1, 2009, 6:19 am
Please log in for more thread options Graham Turner schrieb:
> what i suspect is that the 'no service password-recovery' has done has
> manipulated the config-register so as to perhaps disable the break ? > or perhaps access to the rommon completely ? That's what the docs say about this feature. You can recover by completly erasing the config by sending the break sequence in the first 5 seconds after the [ok] appears after the image is decompressed. But you'll need an working IOS image on the device (or configured TFTP boot a backup image before). Without a decompressed ready to run IOS in RAM there is no (documented or known) way into the box. Smartnet -> RMA.
-- ULi | ||||||||||||||||||||||||||||||||||
| Similar Threads | Posted |
| Password Recovery for CISCO 836 | September 5, 2006, 9:16 am |
| cisco 857 password recovery | June 30, 2009, 1:45 pm |
| Cisco 1900 Password Recovery | October 6, 2006, 12:01 pm |
| Avoid Password Recovery on Cisco 5300 | October 6, 2005, 5:15 pm |
| strange cisco 7604 password recovery problem | April 3, 2009, 5:05 pm |
| Password recovery disabled on Cisco 1711 Router - cannot login or reset | May 17, 2006, 8:50 am |
| Password Recovery | November 20, 2005, 12:00 pm |
| Password recovery problem | July 20, 2005, 1:48 pm |
| Password recovery - 2900XL | July 28, 2006, 11:09 pm |
| NO SERVICE PASSWORD RECOVERY | March 6, 2008, 1:35 pm |
| HELP ON 2525 ROUTER PASSWORD RECOVERY | February 12, 2005, 12:56 pm |
| Need password recovery util for LocalDirector 430 | March 22, 2006, 1:53 am |
| PIX 520 with 5.1(4) OS enable password recovery problem | October 7, 2006, 5:27 pm |
| Password recovery without serial port | January 5, 2009, 7:45 am |
| aironet ap350 PASSWORD RECOVERY OR RESET ENTIRE CONFIG | September 13, 2006, 7:24 pm |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
>
>
>
>
>
>