[horseman]

Quote:

Originally Posted by kwikbreaks

New ones turn up on R19 or at least they used to but once that has been updated over the wire then SFAIK there is no way back to R19.

I've factory reset them in the past when firmware glitches corrupted the port forwarding I'd set up and that didn't alter the firmware so far as I recall. I guess it's possible that there is an area of eprom memory with R19 in them still and corrupting the live firmware may just cause it to revert to that but how you'd force that I've no idea. Maybe as QAS has had them apart and checked the chips he can say if there is an eprom in them than may contain the original firmware?…...

Not neccessary to ask QAS as that info is already in the public domain however forum t&c's prevent disclosing the source although I hope just publishing a small extract is still acceptable for academic purposes only:

"With interactive access obtained it was possible to explore the eCos (embedded configurable OS) device further. From this interactive console state it was possible to read and write to the flash chip and resident memory; meaning it was possible to obtain the compressed firmware images. From the eCos CLI it was possible to extract the contents of the flash chip meaning that the compressed firmware, backup firmware, boot loader could be downloaded as well as dynamic and permanent (non-user definable) storage areas. Additionally by exploring the read_memory command it was possible to extract the uncompressed OS as it was running from resident memory on the device. MD5 sums of the extracted files from the flash storage can be seen in the terminal output below".

Of course reverse engineering any product from any vendor is invariably a contravention of service provider and/or manufacturers t&c's!

EDIT: ….and the ability to index two firmware images is by no means specific to a model or even category of network equipment as I also found a similar scenario on my (albeit still Netgear managed switch)!: