Community discussions

 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Any possible way to reformat device?

Wed Apr 25, 2018 8:18 am

I would like to be sure,
@normis, etc.

If i set reformat-hold-button to 91s
and
reformat-hold-button-max to 92s.
boot = nand only, disabled jumper reset.
enabled protected routerboard,
factory firmware = 3.41
If someone does not know those 90 and 91s numbers, values,
is there any possible way (including openin device and connecting directly with cables, electronically to pcb) to reformat it and use for something else or with diffrent configuration?

Or is it really full 100% secure, impossible to reset, reformat, without knowing password?
If such configured device will be stolen, is it possible for thief to use it for something or will it be just as brick for him?
 
User avatar
leoservices
Trainer
Trainer
Posts: 138
Joined: Fri Jan 13, 2012 2:20 am
Location: Belo Horizonte - MG - Brazil
Contact:

Re: Any possible way to reformat device?

Thu Apr 26, 2018 4:40 am

Take a test to validate.

Increase the security even further by setting the max hold time, this means that you must release the reset button within a specified time interval. If you set t he "reformat-hold-button" to 60s and "reformat-hold-button-max" to 65s, it will mean that you must hold the button 60 to 65 seconds, not less and not more, making guesses impossible. Introduced in RouterBOOT 3.38.3
font https://wiki.mikrotik.com/wiki/Manual:R ... D_settings

I believe that misuse is not possible.
I try to help !

Leonardo Vieira
https://youtube.com/contractti
Like Facebook.com/contractti
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Any possible way to reformat device?

Thu Apr 26, 2018 12:07 pm

I would like to be sure,
@normis, etc.

If i set reformat-hold-button to 91s
and
reformat-hold-button-max to 92s.
boot = nand only, disabled jumper reset.
enabled protected routerboard,
factory firmware = 3.41
If someone does not know those 90 and 91s numbers, values,
is there any possible way (including openin device and connecting directly with cables, electronically to pcb) to reformat it and use for something else or with diffrent configuration?

Or is it really full 100% secure, impossible to reset, reformat, without knowing password?
If such configured device will be stolen, is it possible for thief to use it for something or will it be just as brick for him?
I remove the nand, put it on one device like "usb stick" :lol: and read them...
Nand do not use encrypted FS, are readable by linux....
On old device without protected routerboot activated is possible to etherboot device and read inside the nand like a shared folders...
I'ts impossible to full secure anything...

Protected routerboot etc. are only for "secure" standard "end user" for reset the device, and "standard" competitor to easy read your configuration...
I'm Italian, not English. Sorry for my imperfect grammar.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Any possible way to reformat device?

Thu Apr 26, 2018 1:45 pm

I would like to be sure,
@normis, etc.

If i set reformat-hold-button to 91s
and
reformat-hold-button-max to 92s.
boot = nand only, disabled jumper reset.
enabled protected routerboard,
factory firmware = 3.41
If someone does not know those 90 and 91s numbers, values,
is there any possible way (including openin device and connecting directly with cables, electronically to pcb) to reformat it and use for something else or with diffrent configuration?

Or is it really full 100% secure, impossible to reset, reformat, without knowing password?
If such configured device will be stolen, is it possible for thief to use it for something or will it be just as brick for him?
I remove the nand, put it on one device like "usb stick" :lol: and read them...
Nand do not use encrypted FS, are readable by linux....
On old device without protected routerboot activated is possible to etherboot device and read inside the nand like a shared folders...
I'ts impossible to full secure anything...

Protected routerboot etc. are only for "secure" standard "end user" for reset the device, and "standard" competitor to easy read your configuration...
but to remove nand you have to dissassemble it, use soldering iron, station, without knowledge in electronic you wont do that, right ?

Nand is not easily replacable, removable:

Image

that level of difficulty is OK.


Removing and reading nand is cheaper than buying new device?
I think that doing that is more expensive than buying.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Any possible way to reformat device?

Thu Apr 26, 2018 7:54 pm

I would like to be sure,
@normis, etc.

If i set reformat-hold-button to 91s
and
reformat-hold-button-max to 92s.
boot = nand only, disabled jumper reset.
enabled protected routerboard,
factory firmware = 3.41
If someone does not know those 90 and 91s numbers, values,
is there any possible way (including openin device and connecting directly with cables, electronically to pcb) to reformat it and use for something else or with diffrent configuration?

Or is it really full 100% secure, impossible to reset, reformat, without knowing password?
If such configured device will be stolen, is it possible for thief to use it for something or will it be just as brick for him?
I remove the nand, put it on one device like "usb stick" :lol: and read them...
Nand do not use encrypted FS, are readable by linux....
On old device without protected routerboot activated is possible to etherboot device and read inside the nand like a shared folders...
I'ts impossible to full secure anything...

Protected routerboot etc. are only for "secure" standard "end user" for reset the device, and "standard" competitor to easy read your configuration...
but to remove nand you have to dissassemble it, use soldering iron, station, without knowledge in electronic you wont do that, right ?

Nand is not easily replacable, removable:

Image

that level of difficulty is OK.


Removing and reading nand is cheaper than buying new device?
I think that doing that is more expensive than buying.
I only want to notice you can not store security relevant information inside router.
For standard users, as I have wrote, protected-routerboot is fundamental
(sorry for my english...:((( )
I'm Italian, not English. Sorry for my imperfect grammar.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Any possible way to reformat device?

Fri Apr 27, 2018 9:07 am

I would like to be sure,
@normis, etc.

If i set reformat-hold-button to 91s
and
reformat-hold-button-max to 92s.
boot = nand only, disabled jumper reset.
enabled protected routerboard,
factory firmware = 3.41
If someone does not know those 90 and 91s numbers, values,
is there any possible way (including openin device and connecting directly with cables, electronically to pcb) to reformat it and use for something else or with diffrent configuration?

Or is it really full 100% secure, impossible to reset, reformat, without knowing password?
If such configured device will be stolen, is it possible for thief to use it for something or will it be just as brick for him?
I remove the nand, put it on one device like "usb stick" :lol: and read them...
Nand do not use encrypted FS, are readable by linux....
On old device without protected routerboot activated is possible to etherboot device and read inside the nand like a shared folders...
I'ts impossible to full secure anything...

Protected routerboot etc. are only for "secure" standard "end user" for reset the device, and "standard" competitor to easy read your configuration...
but to remove nand you have to dissassemble it, use soldering iron, station, without knowledge in electronic you wont do that, right ?

Nand is not easily replacable, removable:

Image

that level of difficulty is OK.


Removing and reading nand is cheaper than buying new device?
I think that doing that is more expensive than buying.
I only want to notice you can not store security relevant information inside router.
For standard users, as I have wrote, protected-routerboot is fundamental
(sorry for my english...:((( )
its not so much about information and data on nand.
What i care about is not accessing relevant information - but using my device by someone who stole it.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Any possible way to reformat device?

Fri Apr 27, 2018 10:31 am

I would like to be sure,
@normis, etc.

If i set reformat-hold-button to 91s
and
reformat-hold-button-max to 92s.
boot = nand only, disabled jumper reset.
enabled protected routerboard,
factory firmware = 3.41
If someone does not know those 90 and 91s numbers, values,
is there any possible way (including openin device and connecting directly with cables, electronically to pcb) to reformat it and use for something else or with diffrent configuration?

Or is it really full 100% secure, impossible to reset, reformat, without knowing password?
If such configured device will be stolen, is it possible for thief to use it for something or will it be just as brick for him?
I remove the nand, put it on one device like "usb stick" :lol: and read them...
Nand do not use encrypted FS, are readable by linux....
On old device without protected routerboot activated is possible to etherboot device and read inside the nand like a shared folders...
I'ts impossible to full secure anything...

Protected routerboot etc. are only for "secure" standard "end user" for reset the device, and "standard" competitor to easy read your configuration...
but to remove nand you have to dissassemble it, use soldering iron, station, without knowledge in electronic you wont do that, right ?

Nand is not easily replacable, removable:

Image

that level of difficulty is OK.


Removing and reading nand is cheaper than buying new device?
I think that doing that is more expensive than buying.
I only want to notice you can not store security relevant information inside router.
For standard users, as I have wrote, protected-routerboot is fundamental
(sorry for my english...:((( )
its not so much about information and data on nand.
What i care about is not accessing relevant information - but using my device by someone who stole it.
Ok, i syggest you to:
on system routerboard settings
boot-device=nand-only
enable-jumper-reset=no
protected-routerboot=enabled
reformat-hold-button = xxx (reasonable ammount of seconds)
reformat-hold-button-max = reformat-hold-button + 10s (give yourself the possibility to reset device if something go wrong...)

/partitions set [find] fallback-to=part0 (this disable etherboot on software fail)

do NOT change admin username
create one new "full admin" username with strong password
create new users group witouth any right
assign new users group to "old" admin user
disable admin user and set a random password for it
disable all unused admin services: telnet, ssh, api and api-ssl, www and www-ssl (webfig)

and if you want to be extreme:
first create some script for open winbox temporarly after knock on some port on some exact order
then disable all remote admin services: telnet, ssh, api and api-ssl, www and www-ssl (webfig), winbox

:)
I'm Italian, not English. Sorry for my imperfect grammar.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Any possible way to reformat device?

Fri Apr 27, 2018 2:28 pm



I remove the nand, put it on one device like "usb stick" :lol: and read them...
Nand do not use encrypted FS, are readable by linux....
On old device without protected routerboot activated is possible to etherboot device and read inside the nand like a shared folders...
I'ts impossible to full secure anything...

Protected routerboot etc. are only for "secure" standard "end user" for reset the device, and "standard" competitor to easy read your configuration...
but to remove nand you have to dissassemble it, use soldering iron, station, without knowledge in electronic you wont do that, right ?

Nand is not easily replacable, removable:

Image

that level of difficulty is OK.


Removing and reading nand is cheaper than buying new device?
I think that doing that is more expensive than buying.
I only want to notice you can not store security relevant information inside router.
For standard users, as I have wrote, protected-routerboot is fundamental
(sorry for my english...:((( )
its not so much about information and data on nand.
What i care about is not accessing relevant information - but using my device by someone who stole it.
Ok, i syggest you to:
on system routerboard settings
boot-device=nand-only
enable-jumper-reset=no
protected-routerboot=enabled
reformat-hold-button = xxx (reasonable ammount of seconds)
reformat-hold-button-max = reformat-hold-button + 10s (give yourself the possibility to reset device if something go wrong...)

/partitions set [find] fallback-to=part0 (this disable etherboot on software fail)

do NOT change admin username
create one new "full admin" username with strong password
create new users group witouth any right
assign new users group to "old" admin user
disable admin user and set a random password for it
disable all unused admin services: telnet, ssh, api and api-ssl, www and www-ssl (webfig)

and if you want to be extreme:
first create some script for open winbox temporarly after knock on some port on some exact order
then disable all remote admin services: telnet, ssh, api and api-ssl, www and www-ssl (webfig), winbox

:)
will do that, thank you, @rextended

Who is online

Users browsing this forum: No registered users and 115 guests