• September 24, 2020, 01:15:35 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: 7131 boot DIAG password?  (Read 17397 times)

0 Members and 1 Guest are viewing this topic.

Offline donb

  • Rookie
  • **
  • Posts: 16
7131 boot DIAG password?
« on: January 06, 2015, 03:36:09 PM »
Anyone here have access to the boot diagnostic password?

I bricked one of my APs during a flash because of a power outage.. as I understand there is a way to recover using the password



Offline itm

  • Rookie
  • **
  • Posts: 15
Re: 7131 boot DIAG password?
« Reply #1 on: January 31, 2015, 06:29:23 AM »
try bruteforce )

Offline donb

  • Rookie
  • **
  • Posts: 16
Re: 7131 boot DIAG password?
« Reply #2 on: January 31, 2015, 12:33:05 PM »
What program would you suggest?

I work for a reseller of these aps...

In the process of trying to get the password though official channels..

Bur it seems dumb for this password to not he available

Especially since WiNG (and brocade mobility) is going away

Offline coz

  • Rookie
  • **
  • Posts: 17
Re: 7131 boot DIAG password?
« Reply #3 on: February 02, 2015, 12:50:40 AM »
Hello,


 i am kindah in the same boat.
got my ap-7131 bricked and also in need of that secret password.


Thumbrule from now on,  Check version number twice, flash once  :'(




Offline coz

  • Rookie
  • **
  • Posts: 17
Re: 7131 boot DIAG password?
« Reply #4 on: February 16, 2015, 11:50:49 PM »
So after countless hours scanning thru firmwares for the password i've found bobkis.

Next step JTAG i guess.

So stupid failsafe on this thing, flashing firmware on 1 sets firmware boot on 2 to go into "exiting pid blabla scheduled for restart" and then not letting me  start tftp without a password.

Offline itm

  • Rookie
  • **
  • Posts: 15
Re: 7131 boot DIAG password?
« Reply #5 on: February 16, 2015, 11:53:45 PM »
You have to write software for bruteforce this password via console.

Offline coz

  • Rookie
  • **
  • Posts: 17
Re: 7131 boot DIAG password?
« Reply #6 on: February 17, 2015, 02:43:50 PM »
somethin like this in teraterm?

fileopen fhandle 'passwords.txt' 0

while 1

    filereadln fhandle line
    if result=1 then
          break
    endif

    sendln "diag " line

  wait "boot"


endwhile

fileclose fhandle

Offline coz

  • Rookie
  • **
  • Posts: 17
Re: 7131 boot DIAG password?
« Reply #7 on: February 22, 2015, 02:00:32 PM »
ok a few days in with bruteforce =)

found one neat password!!!

diag 1915april24

gives

boot#
instead of boot>

well nothing changes in menu, buuuuut have a look at that

nor ?

can now erase or program bits and pieces of that nor...
already bricked so lets brick it some more.


and lots of more fun things i see now.

so was that the diagnose password or what?
« Last Edit: February 22, 2015, 03:20:07 PM by coz »

Offline donb

  • Rookie
  • **
  • Posts: 16
Re: 7131 boot DIAG password?
« Reply #8 on: February 22, 2015, 07:53:53 PM »
ok a few days in with bruteforce =)

found one neat password!!!

diag 1915april24

gives

boot#
instead of boot>

well nothing changes in menu, buuuuut have a look at that

nor ?

can now erase or program bits and pieces of that nor...
already bricked so lets brick it some more.


and lots of more fun things i see now.

so was that the diagnose password or what?

From what you're pasting it looks like you've hit the privileged mode of whatever that recovery shell is.. I'll be able to give it a try as well tomorrow.. hopefully we can unbrick our APs!

thanks for posting your findings

Offline coz

  • Rookie
  • **
  • Posts: 17
Re: 7131 boot DIAG password?
« Reply #9 on: February 23, 2015, 08:40:19 AM »
well, made alot of tries last night, didn't get anything usefull out of it.
one can set it to download files to NAND, or NOR from tftp.

tried progfw, it downloads .img files and bin files no problemo, but it wont flash them
"not for this device"
so that gotta be bootos firmware flasher.


found that it could do an boot from tftp, tried vmlinux.bincs from firmware, but it read it, but it did not boot of it. missing something? gonna add some NFS partition to the mix and try again.

another way might be to force it to boot with some cmdlines, (skipping that script that forces all daemons to shut down)
boot?
gives

boot (+cmdlines)

well got to experiment some more to night.

do a strings on bootos.bincs should give some partial information about things.

« Last Edit: February 23, 2015, 08:44:52 AM by coz »

Offline donb

  • Rookie
  • **
  • Posts: 16
Re: 7131 boot DIAG password?
« Reply #10 on: February 23, 2015, 08:59:55 AM »
Interesting

Have you tried any of the bin files instead of img?

Offline coz

  • Rookie
  • **
  • Posts: 17
Re: 7131 boot DIAG password?
« Reply #11 on: February 23, 2015, 09:10:10 AM »
yes, yes i have.
but i didn't get it to work either.

but my .bin file had some age to it.

one way or another i am goin to get this thing to work again.

Offline coz

  • Rookie
  • **
  • Posts: 17
Re: 7131 boot DIAG password?
« Reply #12 on: February 25, 2015, 02:47:37 PM »
Wonder how i set
Go
to boot linux 2 instead of default linux 1.

beacause
Set debug linux.c 3
Would get interesting leads i guess.


Or how do one load linux to ram? and then
Boot init=/bin/bash



Offline coz

  • Rookie
  • **
  • Posts: 17
Re: 7131 boot DIAG password?
« Reply #13 on: February 25, 2015, 05:20:32 PM »
Ok.
Got rootshell..  ;D

Offline coz

  • Rookie
  • **
  • Posts: 17
Re: 7131 boot DIAG password?
« Reply #14 on: February 25, 2015, 05:52:48 PM »
good news, it's ahliiiiive!!

set up tftp server and stick a fresh an clean vmlinux.bincs, rename it to vmlinux.bin

on ap
go to boot
diag 1915april24
set net 192.168.0.118 root=/dev/mtdblock7 debug init=/bin/ash
(your tftp ip goes there)

reset

mount -t proc proc /proc
mount -o remount,rw /

nano /etc/inittab

if two lines, delete those lines

and paste

ttyS0::sysinit:/etc/init.d/rcS
ttyS0::askfirst:/bin/login -h Console
::restart:/sbin/init
::shutdown:/usr/scripts/shutdown
::ctrlaltdel:/usr/scripts/techsupport_low_mem.sh
:10:respawn:/usr/sbin/logd -d
::respawn:/usr/sbin/rim -d
:240:respawn:/etc/init.d/cfgd start
:15:respawn:/usr/sbin/nsm -i
:0,-1:respawn:/usr/sbin/hsd -d
::respawn:/usr/sbin/mstp
:20:respawn:/etc/init.d/dpd2.init start
::finally:/usr/scripts/sysup



ctrl+x y

reboot -f

esc esc esc esc esc

diag 1915april24
set net 0.0.0.0

reset

worked for me =)    )