Cisco 1841 router, corrupt cookie... 2

[gflloyds]

Hi,
I'm hoping someone can help me rebuild a corrupt cookie on a Cisco 1841 router.
I swapped over CF cards to reformat one and seem to have toasted my router.
Booting normally the router hangs:

System Bootstrap, Version 12.3(8r)T6, RELEASE SOFTWARE (fc1)
Technical Support:

http://www.cisco.com/techsupport

Copyright (c) 2004 by cisco Systems, Inc.
PLD version 0x0f
GIO FPGA version 0x128
c1841 processor with 262144 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled


Readonly ROMMON initialized
program load complete, entry point: 0x8000f000, size: 0xc100

Initializing ATA monitor library.......
program load complete, entry point: 0x8000f000, size: 0xc100

Initializing ATA monitor library.......

program load complete, entry point: 0x8000f000, size: 0x1630e0c
Self decompressing the image : #################################################
############################################################### [OK]

Smart Init is enabled
smart init is sizing iomem
ID MEMORY_REQ TYPE
0X003AA110 public buffer pools
0X00211000 public particle pools
0X00020000 Crypto module pools
0X000021B8 Onboard USB

If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.

Allocating additional 20092929 bytes to IO Memory.
PMem allocated: 239075328 bytes; IOMem allocated: 29360128 bytes

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706



Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(13b),
RELEASE SOFTWARE (fc3)
Technical Support:

http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Tue 24-Apr-07 14:06 by prod_rel_team
Image text-base: 0x60079270, data-base: 0x61C04A30


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.
------- Router always hangs at this point-------

If I force a boot from rommon I get "Corrupt or missing MAC address cookie" messages.
I can get into rommon priv mode to change the cookie but I don't have a known good example of a cookie from an 1841 to compare my corrupt cookie with, it also seems longer than any examples I've googled. See below:

monitor: command "boot" aborted due to user interrupt
rommon 1 > cookie

cookie:
04 ff 09 86 ff ff ff ff ff ff ff ff ff ff ff ff
4f 43 30 38 34 34 30 53 30 53 40 04 1b 41 04 01
82 49 1f ff 04 42 44 30 c0 46 03 20 00 5b 8a 01
88 00 00 00 00 02 04 c6 8a 49 50 4d 37 46 30 30
43 52 41 03 00 81 00 00 00 00 04 00 cb 89 43 49
53 43 4f 31 38 34 31 89 56 4e 2f 41 d9 02 c1 40
09 86 c2 8b 46 48 4b 30 38 34 36 31 34 58 4b ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
rommon 2 > priv
Password:
You now have access to the full set of monitor commands.
Warning: some commands will allow you to destroy your
configuration and/or system images and could render
the machine unbootable.
rommon 3 > ?

There is no cisco support contract etc etc...
So if someone can help me with a good example of an 1841 cookie and any other pointers that would be much appreciated or if you have any other ideas to get the router going again, let me know. Thanks

 

[jeter]

So what happen to the old CF? Where did you get the replacement CF?


Go Army!
Tek-TIP Member 19,650

 

[gflloyds]

Hi,
The old CF [cisco 32mb] seems ok and is in the router.

rommon 1 > dir flash:
program load complete, entry point: 0x8000f000, size: 0xc100

Initializing ATA monitor library.......
Directory of flash:

2 23269292 -rw- c1841-advipservicesk9-mz.124-13b.bin
5683 1187840 -rw- IPS.TAR
5973 6389760 -rw- SDM.TAR
7533 2746 -rw- sdmconfig-18xx.cfg
7534 93095 -rw- attack-drop.sdf
7557 1463 -rw- home.html
7558 112640 -rw- HOME.TAR
rommon 2 >
The CF that was formatted [128mb] was from a different bit of cisco kit. The 32mb is pretty full and with changes to be made to the config, using the 128mb CF seemed like a good bet.

 

[gflloyds]

Managed to re-create cookie using info from old logs.
Router working fine again.

Thanks.

 

[burtsbees]

I was going to say---corrupt cookies and their subsequent replacement (fix) were a problem originally with the 800/SoHo series routers. Replacing the cookie is indeed the fix, and is on Cisco.com. I imagine you know that part, seen as how you have fixed it...

Ah, the power of Deductive Reasoning...lol

/

 

[John006]

what was the password you used to go into the (priv) cookie? I've tried several but without any luck.

 

[gflloyds]

Every password is, usually, different and depends on the values set in your current cookie.
The exception being when, as in the 800/SoHo series routers, your cookie was toast and set to all 00 values. Then your password was 0000
It follows that if you change certain values in your cookie and save it the password will then change.

Google is your friend here....

If and when you do get in the only warning you get is an understated:

rommon 2 > priv
Password:
You now have access to the full set of monitor commands.
Warning: some commands will allow you to destroy your
configuration and/or system images and could render
the machine unbootable.

It means what it says don't ignore it!

 

[2shadow2]

gflloyds, do u mind giving me a step by step guide or point me to a link please. I really appreciate it
regards,
shd

 

[crapulas]

Hello,

Can somebody provide cookie layout for Cisco 1841 routers.
I have a corrupted cookie on this kind of device and I'm looking for byte significations.
For now I'm only able to identify Processor Board ID.

My cookie looks like that:

04 ff 09 86 ff ff ff ff ff ff ff ff ff ff ff ff
4f 43 31 31 32 32 32 58 31 38 40 04 1b 41 07 00
82 49 1f ff 08 42 41 30 c0 46 03 20 00 5b 8a 06
88 00 00 00 00 02 04 c6 8a 49 50 4d 37 57 30 30
43 52 41 03 00 81 00 00 00 00 04 00 cb 89 43 49
53 43 4f 31 38 34 31 89 56 30 35 20 d9 02 c1 40
09 86 c2 8b 46 43 5a 31 31 32 35 31 30 42 51 ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Thanks to anybody can help.

 

[lclc]

Hello,

I have the same probleme that gflloyds.
How can I have the priv mode password for my router 1841.

My cookie is :
04 ff 09 86 ff ff ff ff ff ff ff ff ff ff ff ff
4f 43 30 39 34 31 34 5a 33 44 40 04 1b 41 05 00
82 49 1f ff 05 42 42 30 c0 46 03 20 00 5b 8a 02
88 00 00 00 00 02 04 c6 8a 49 50 4d 37 46 30 30
43 52 42 03 00 81 00 00 00 00 04 00 cb 89 43 49
53 43 4f 31 38 34 31 89 56 30 31 20 d9 02 c1 40
09 86 c2 8b 46 43 5a 30 39 34 37 31 30 31 48 ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Please help me.

Thanks.
lclc

 

[crapulas]

I found this link to a tool generating priv password depending your cookie.

http://ers.msk.ru/cgi-bin/priv.cgi

Just paste the first 16 bytes of your cookie and submit it,
your password will be calculated.

The password is calculated with your cookie. If you change anything in the first line, you'll have to recalculate it.

 

[gflloyds]

Hi, NO guarantee this will work for you, or on anything other than an 1841.
Starting at byte 0 the first two bytes of your cookies are correct: 04 ff.
The next two bytes and the rest of the row which is all set to ff are wrong and giving you the problem. Everything else is probably ok. I suggest writing down what your first line should look like before entering it......

byte 0 04
byte 1 ff
byte 2 is the mac address type: set it to 03
byte 3 is the mac address length: set it to 06
byte 04 - 09 is the mac address of your first ethernet
byte 0a is the mac address block size type: set to 43
byte 0b - 0c is the mac address block size: set to 00 & 0a
byte 0d is the serial no type: set it to c1
byte 0e is the serial no length: set it to 8b
byte 0f is the first letter of your serial no: set it to 46
in my experience the 4f 43 was always preceded by 46

Hitting the enter key without actually entering a value leaves the previous value intact, which is handy for the other values.
Hope this helps.

 

[crapulas]

Thx gflloyds. I was able to compare my cookie with an other 1841 working.

 

[lclc]

Thanks for your help.

How is possible to know my MAC address from rommon cli?

 

[crapulas]

Not possible, if you don't find it in any logs, you are in the s... .

Or you take a old Cisco device that you won't anymore connect to the network and take its MAC address.

You can take a MAC address already used by an other device but be sure thay are not connected on the same LAN.

If you can't do any of these solutions, your device is dead.