B10B Factory Reset: Difference between revisions

(7 intermediate revisions by 2 users not shown)

Line 25:

To reset the router to the AAISP base settings, follow these steps:

#Unplug everything from the router except the power and phone line

#Switch router on, wait for it to boot up

#With a paperclip, pen, etc., hold in the reset button

Line 39:

Line 40:

A factory reset router will also be sent an updated firmware if there is one available.

==Supervisor Access==

To use the steps below here on this page, you will need to login as the supervisor user. This needs some work, and (in the case of firmware versions AAVF.10 and later) may be quite difficult.

The supervisor account uses a password which is automatically generated by the device, and unique to each device. Its format is 8 hexadecimal digits (each digit is 0-9 or a-f), and is believed to use the device's serial number as a starting point. AAISP do not know this password.

The usual way to obtain the supervisor password is to use software (e.g. hashcat) to crack the hashed version of the password which is held in the file /etc/passwd (before firmware version AAVF.10) or /etc/shadow (version AAVF.10 and later). The earlier firmware versions used an MD5 hash, and hashcat (on a fast machine) could crack the password in around 8 minutes. AAVF.10 switched to SHA-512 and hashcat takes ''much'' longer to crack the password (~9.5 hours).

Unfortunately as of firmware version AAVF.10 the admin user can't read the files /etc/passwd or /etc/shadow. This means you can't get the hashed version of the password to feed to cracking software.

If you manage to crack the supervisor password, you can login to the CLI as root with this password and get a root shell - enabling you to run commands such as ''iptables'' and ''ip6tables''.

==Reset to the ZyXEL Factory Settings==

To erase the default AAISP settings, the 'ROM-D' file needs to be cleared, this is done via the CLI (Telnet or SSH) using the supervisor user and then issuing the <syntaxhighlight inline enclose="none" lang="bash">save_default clean</syntaxhighlight> command.

To erase the default AAISP settings, the 'ROM-D' file needs to be cleared, this is done via the CLI (Telnet or SSH) using the supervisor user (see above) and then issuing the <syntaxhighlight inline enclose="none" lang="bash">zycli save_default clean</syntaxhighlight> command.

Here is an example:

Line 53:

Line 65:

VMG3925-B10B

Login: supervisor

Password: [your ~~admin~~ password]

Password: [your supervisor password]

> save_default clean

> zycli save_default clean

ROM-D cleaned.

</syntaxhighlight>

At this point you ~~can~~ reset the router for this to be applied. The router will then boot up in its original factory settings without any of the AAISP configuration settings~~. You can reset the router by holding in the reset button for 5 seconds~~.

At this point you should reset the router for this to be applied - by holding in the reset button for 5 seconds. The router will then boot up in its original factory settings without any of the AAISP configuration settings.

In this state, the router has ZyXEL's default IP address, username and password.

=Adding the AAISP rom-d file=

==Adding the AAISP rom-d file==

*This will probably not be possible to do on firmware version AAVF.10 and above as the supervisor password is now unique to the device and unknown to AAISP.*

If you need to restore an AAISP rom-d file, then here are the steps to take. Support are able to provide you with the rom-d file on request.

If you need to restore an AAISP rom-d file, then here are the steps to take. Support are able to provide you with the rom-d file on request. You have to login as the supervisor user - see above.

FTP is used to add the rom-d file. Here the AAISP provided rom-d file is actually called vmg1312-b.rom-d, so when we upload it we have to specify the target file name of rom-d. (the lines highlighted contain things you need to type in)