Research and Practice of Cisco Series Router password recovery (1)

1. Password Recovery Principle

1) The Cisco router stores several different configuration parameters and stores them in different memory modules. The memory of Cisco Series routers includes ROM, Flash memory, RAM, immutable RAM, and Dynamic memory DRAM. See table 1 ). Generally, when a vrodram starts, it first runs the program in ROM, conducts system self-check and boot, then runs the ISO in Flash, searches for vro configuration in NVRAM, and loads it into DRAM.

2) The key to password recovery is to modify the Configuration Register Value in Table 2, so that the vro can call different parameter tables from different memories for start-up. Valid passwords are stored in NVRAM. Therefore, the essence of the password modification is that the registration code does not work first, so that it can be started directly. After the password is modified, the registration code will be restored if it is forgotten to be restored, the configuration modified after the vro is restarted may be lost ).

Memory Function

The boot program of the ROM storage system, similar to the BIOS of a PC, is a read-only memory. The system power-down program will not lose the flash memory to store the Cisco IOS image, similar to the hard disk of a PC, is a erasable, programmable ROM, the system power loss data will not lose NVRAM storage configuration file Startupconfig) RAM to store the current system using the configuration Runningconfig) DRAM mainly includes the route table, ARP cache, Fastswitch cache, and data packet cache. It also contains the configuration file in progress. If the system powers down, the memory data will be lost in Table 2Cisco series router configuration login code.

Meaning of Configuration Register Value

0X2102 default settings

Bit13 = 0X2000Flash boot failure 5 times, automatically boot from ROM

Bit8 = 0X0100 disable the Break Key

Boot field = 0X20X2101 Boot normal operation mode from Flash

Bit13 = 0X2000Flash boot failure 5 times, automatically boot from ROM

Bit8 = 0X0100 disable the Break Key

Boot field = 0X10X142 enter boot ROM running mode Routerboot)>

Bit8 = 0X0040 enter the boot monitor running mode> or rommon>

Boot field = 0X2 Boot normal operation mode from Flash

2. Preparations

When designing a router product, the manufacturer reserves a Console. It is an important interface for vro configuration and the first step for password recovery: connect the terminal or PC with the Super Terminal software to the Console port of the vro by using the DB25 forwarding interface and crossover line. The terminal parameter settings are as follows: Speed: 9 600 bps; Data bit: 8; parity bit: none; stop bit: 1; traffic control: none. 1.

3800 series routers take 801 as an example) Specific Operation Method

1) press the interrupt key Ctrl + Break within 60 s of startup. If the Break is blocked, you can use the cyclic Boot Method to enable the device to enter the rom monitor status. The prompt is "> ".

2) input the set command in rom monitor:

Write down the current ios-conf value, which is 0x2102.

Boot # set

......

Set prompt = "boot"

Set ios-conf = 0X2102

3) enter set ios-conf 142, as shown in the following figure: boot # set ios-conf 142.

4) input the boot system. If the device requires Initialization Configuration During the restart process, answer "No" all the way, as shown below:

Boot # boot

......

8 kbytes of nonvolatile configuration

Memory

8 Mbytes of flash on board (4 M from flash card)

-- System configuration dialog --

Wocould you like to enter the initial configuration dialog? [Yes/no]: n

Press reture to get started! (Press enter)

5) Press enter, enable, and then press enter to enter the enable State. The command sequence is as follows:

Router> en

Router #

6) Input config mem, call the original configuration file, and enter the configuration mode. Note: Do not use conf t. The command sequence is as follows:

Router # conf mem

801 (config )#

7) restore the original configuration register value and activate all ports:

801 # configure terminal

801 (config) # configregister0X2102

801 (config) # interface xx

801 (config) # no shutdow

8) query and record the lost password:

801 # show configuration (show startupconfig)

9) modify the password:

801 # configure terminal

801 (config) line console 0

801 (configline) # login

801 (configline) # password xxxxxxxxx

801 (configline )#

801 (configline) # write memory (copy runningconfig startupconfig)