CLI backdoor

April 14, 2010

It appears the backdoor I found earlier in the 3coms during bootup is also available on the CLI when logged in.

First you press <CTRL-G>, then you enter the password.

Read the rest of this entry »


Uploading files with xmodem

April 14, 2010

PuTTy on Windows does not support zmodem, xmodem, etc. so I often used HyperTerminal, but the GUI of Hyperterminal annoys me.

So instead of switching between PuTTy and HyperTerminal all the time, I tried to use a different terminal emulator ‘TeraTerm Pro’. This seems fine, but for some reason it dumps a few random characters on the serial line after the file is transferred, falsely answering the multiple choice menu to decide between runtime, diag, multiple image or loader.

Read the rest of this entry »

Accton bix multiple image format

April 12, 2010

I just realized the design of and the reason for the accton multiple image format. The .BIX format for older switches only has a 32-byte header in front of the gzipped runtime:

Read the rest of this entry »

Figuring out the bootloader password

April 12, 2010

Some online documents indicated the Accton bootloader had a menu with which you can interrupt the booting process and upload files, recover from failed flash, change bootorder, etc.

This was also the case for our testsubject, but none of the passwords found online worked and just resulted in a continuing boot:

Read the rest of this entry »

Consider yourself welcomed

April 10, 2010


On this blog we’ll talk about switches.

Wouldn’t it be nice to be able to run a proper, generic operating system on these switches? Thought so.

Our current research subject is a 3Com 3870. This is a 3com-branded version of the EdgeCore ES4649, SMC87xxML3

Stay tuned for further updates.