 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
3 messages in net.nether.puck.cisco-nsp[c-nsp] Cisco 827 prom cookie corrupt| From | Sent On | Attachments |
|---|---|---|
| Mark | Jan 10, 2005 11:16 am | |
| Matt Hill | Jan 10, 2005 6:48 pm | |
| Ted Mittelstaedt | Jan 11, 2005 3:45 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | [c-nsp] Cisco 827 prom cookie corrupt | Actions... |
|---|---|---|
| From: | Ted Mittelstaedt (te...@toybox.placo.com) | |
| Date: | Jan 11, 2005 3:45:37 am | |
| List: | net.nether.puck.cisco-nsp | |
-----Original Message----- From: cisc...@puck.nether.net [mailto:cisc...@puck.nether.net]On Behalf Of Mark Sent: Monday, January 10, 2005 8:16 AM To: cisc...@puck.nether.net Subject: [c-nsp] Cisco 827 prom cookie corrupt
Hi All,
i have a some Cisco 827 that refuse to start giving these errors:
"WARNING: Cookie information is corrupt"
loadprog: error - Invalid image for platform e_machine= 62 , cpu_type = 80
Cannot load "Flash:"
If I understand cookie information is where cisco write all information identity on the router (name, serial, rma, etc) and it's also used to determinate if ios image is right for the platform.
If i remember is possible to repopulate Cookie information but i need to go with "priv" on romon but to do that i need a password.
If the cookie info really got zapped the password is going to be all zeros.
These routers are out of warranty and cisco asked a price higher of list price to repair. Being this error only a marginal problem (hardware is working good, the router "only" lost his identity) I ask if someone has the same problem and the way to resolve it.
Maybe I can copy cookie information between identical routers?
Yes, you can.
I suspect Cisco's laywers have been busy threatening people since no US websites contain any info on this. But there's plenty of info on Russian websites, though. I wonder how long this will post will stay in the archives. ;-)
Here's some info I found:
-----
http://ers.pp.ru/cisco/priv.html
-----
http://www.dslreports.com/forum/remark,10201299~mode=flat
-----
once you get into priv mode, "cookie ?" will give some help
-----
A word is a sequence of 16 or 32 bit (16 in this case).
A byte is a sequence of 8 bit.
So 5 words are 10 byte (in this case).
So if your cookie contain 00 01 00 80 C8 E9 8B 01 3E 00, the first word is 0001, the second 0080, etc.
-----
Here's one from an 827-4V I found:
2. "WARNING: Cookie information is corrupt" ????????? ?? Xeon (ok) on 19-???-04, 04:27 (MSK)
??????? ios ????? xmodem
ios ?????, ?????? cookie ? ???? ???? ?????????? ????????? ?????:
01 01 00 01 97 a4 8a 58 3e 00 01 00 02 00 00 00 00 00 00 00 00 00 00 00 4a 41 44 04 14 30 32 58 34 05 02 19 87 00 00 00 00 ff ff ff 50 04 49 10 bc 05 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
MAC ????????, ????? ?? ???? ??????????.
??? ??????????.
-------
That ought to give you enough info to fix it if your a real hacker.
next time do a better job with the search engines, this only took me about 15 minutes to get.
Another suggestion - go to a WORKING 827 first, get a set of hex digits for that to copy to your blown up ones - but make sure to change the hex digits for the MAC addess. Of course they are all going to have the same serial #'s.
And for God's sake, quit screwing around with IOS 'images' that you find posted in some chatroom.
Ted