Community discussions

 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Reformatting device?

Wed Feb 10, 2016 3:04 pm

Lets say my company hire it guy, who bought few expensive mikrotik devices.
(This is theoretical question, not happened but its possible to happen)

He wanted to protect everything and give us password.
He connected through rs232 cable and set protected-routerboot
and reformat-hold-button to some XYX value cause we asked him to make router
impossible to reset to not have problems when someone will get close to our devices.

And he wanted to meet us and give all passwords and necessary information, but
day earlier he had accident and died in car crash.
So as sad as it is, we can only use all those expensive devices as bricks?

Or is it (contrary to http://wiki.mikrotik.com/wiki/Manual:Ro ... D_settings
ou will have to remember this setting, otherwise even a reformat will not be possible and the device will not be recoverable.
)

a way to format/recover ?

(for tldr or to simplify and remove drama we can just take assumption that some evil it guy did it)


But really, are all those devices unusable bricks now?
 
User avatar
PaulsMT
MikroTik Support
MikroTik Support
Posts: 283
Joined: Tue Feb 10, 2015 3:21 pm

Re: Reformatting device?

Wed Feb 10, 2016 3:35 pm

You will still be able to reformat these devices by holding reset button more than XYX value.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Reformatting device?

Wed Feb 10, 2016 5:52 pm

You will still be able to reformat these devices by holding reset button more than XYX value.
Thanks, but your information is contrary to what
http://wiki.mikrotik.com/wiki/Manual:Ro ... D_settings says:
As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for a set reformat-hold-button time. You will have to remember this setting, otherwise even a reformat will not be possible and the device will not be recoverable.

Why so?

And what if i set this time to 300s?
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Wed Feb 10, 2016 5:54 pm

Then you will need to hold the button for 5 minutes...
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re:

Wed Feb 10, 2016 6:11 pm

Then you will need to hold the button for 5 minutes...
Ok, but according to http://wiki.mikrotik.com/wiki/Manual:Ro ... D_settings

reformat-hold-button (5s .. 300s; Default: 20s)

MAX=300s, so how can i hold for MORE?
You will still be able to reformat these devices by holding reset button more than XYX value.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Reformatting device?

Wed Feb 10, 2016 6:15 pm

ummm - the universe doesn't end whenever max seconds goes by - that's just the most it will allow you to set the value to... so you should still be able to hold the button for 301 seconds....
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Reformatting device?

Wed Feb 10, 2016 9:37 pm

ummm - the universe doesn't end whenever max seconds goes by - that's just the most it will allow you to set the value to... so you should still be able to hold the button for 301 seconds....

Thanks, but this is still talk about how long to hold the button.

But http://wiki.mikrotik.com/wiki/Manual:Ro ... D_settings says it wont help cause only option is to remember this value:
As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for a set reformat-hold-button time. You will have to remember this setting, otherwise even a reformat will not be possible and the device will not be recoverable.
If holding button would help, why doc does not mention it?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Reformatting device?

Wed Feb 10, 2016 10:40 pm

I take that to mean that if you set the "hold-the-button" period to be longer than the default that you'll need to remember to hold it at least that long...
So 301 seconds should be enough for a guaranteed "long-enough" period... Not sure if holding it too long doesn't work though - otherwise that would make for a long long period of guessing...
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Reformatting device?

Thu Feb 11, 2016 8:00 am

I take that to mean that if you set the "hold-the-button" period to be longer than the default that you'll need to remember to hold it at least that long...
So 301 seconds should be enough for a guaranteed "long-enough" period... Not sure if holding it too long doesn't work though - otherwise that would make for a long long period of guessing...
And wiki.mikrotik would omit this as not important information?
Cause those doc i quoted few times already does not say about it.
But everyone here is talking about holding button and not what i asked about.
Why?

Anyone tested it on own device?
How do you know that it will help if AGAIN:
DOC DOES NOT SAY THAT IT WILL HELP!
http://wiki.mikrotik.com/wiki/Manual:Ro ... D_settings says it wont help cause only option is to remember this value:
As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for a set reformat-hold-button time. You will have to remember this setting, otherwise even a reformat will not be possible and the device will not be recoverable.
Am i the only one who see this text?

otherwise even a reformat will not be possible and the device will not be recoverable.

Why everyone is ignoring this?


There is nothing about holding button for longer period...


It strictly says device will not be recoverable.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Reformatting device?

Thu Feb 11, 2016 9:18 am

And look at this topic what happened with holding longer:

http://forum.mikrotik.com/viewtopic.php ... 3&start=50
Did you connec the PC to the Ether1 port of the router ?
-RB941-2nD is powered on with pushed RESET button for approx 15s
keep holding the button longer, until you see the device in Netinstall

also make sure PC has no firewall or antivirus that could be blocking Netinstall. Also you can try to right-click it and "Run as administrator"
I have tried holding RESET button for over 8 minutes and it didn't appear. The device is connected to ether1, I have also tried ether2. NetInstall is running on WinXP machine specially dedicated to these jobs. It's not connected to the Internet, doesn't have firewall enabled and no AV installed. There is only account - Administrator. All files are up to date as they are recently published on mikrotik.com.

Now I think the device is bricked if the RESET button doesn't need to be held for 1 hour or so...
so what happened at last? was the device bricked?
yes, bricked, changed on warranty...
I dont know if its random or if its not, because of:

This feature is not to prevent something from being stolen. It is to protect your data. The feature allows to block device from using network boot to access your data without password. By using protected routerboot, a forgotten password will mean to nullify your NAND, then Netinstall. This way, if somebody steals your device, your config and passwords are safe.
No. "Exactly" or "More" seconds will result the same - reformat NAND and Etherboot mode. Netinstall will fix the device in any case.
but wiki mikrotik does not suggest this as a solution.

It strictly says device will not be recoverable.


If holding longer is solution - why wiki does not mention it?
 
User avatar
PaulsMT
MikroTik Support
MikroTik Support
Posts: 283
Joined: Tue Feb 10, 2015 3:21 pm

Re: Reformatting device?

Thu Feb 11, 2016 10:43 am

Thanks for the correction, the wiki page has been updated to:

As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for longer than reformat-hold-button time.
Even if reformat-hold-button time is forgotten, holding the reset button for more than 300s will allow you to perform reformat.

So you will be able to restore your device, even reformat-hold-button time is forgotten.

This feature is tested, and you should not have any problems with it.

Please note that AFTER complete reformat, on some Routerboards it can take a few minutes until the device will appear in Netinstall window.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Reformatting device?

Thu Feb 11, 2016 11:13 am

Thanks for the correction, the wiki page has been updated to:

As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for longer than reformat-hold-button time.
Even if reformat-hold-button time is forgotten, holding the reset button for more than 300s will allow you to perform reformat.

So you will be able to restore your device, even reformat-hold-button time is forgotten.

This feature is tested, and you should not have any problems with it.

Please note that AFTER complete reformat, on some Routerboards it can take a few minutes until the device will appear in Netinstall window.
Thank you.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Reformatting device?

Thu Feb 11, 2016 4:33 pm

Why everyone is ignoring this?


There is nothing about holding button for longer period...


It strictly says device will not be recoverable.
It looks like we were right to ignore that. This red text didn't say "if held for any time longer than the set period, device will explode with the force of a type II supernova." So it would've taken 5 minutes to test it and go "oh - I guess it worked after all" instead of spending a day or two yelling at volunteers on the forum about your interpretation of the Wiki - which turns out to have been written in a misleading fashion.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Reformatting device?

Thu Feb 11, 2016 9:26 pm

Why everyone is ignoring this?


There is nothing about holding button for longer period...


It strictly says device will not be recoverable.
It looks like we were right to ignore that. This red text didn't say "if held for any time longer than the set period, device will explode with the force of a type II supernova." So it would've taken 5 minutes to test it and go "oh - I guess it worked after all" instead of spending a day or two yelling at volunteers on the forum about your interpretation of the Wiki - which turns out to have been written in a misleading fashion.
Why? I mentioned about it i first post.
I think wiki doc is to help, and whole topic was build on it, on this one assumption missing in wiki, as you wrote: written in misleading fashion.

I was trying to get all attention into it and nobody referred to this, but only all were talking about holding button for longer - which was NOT officially recommended in wiki doc page. Now it is. After all this yelling, ok, but if someone would check it in first place it wouldnt be needed. I might be wrong but i think that official wiki doc has more authority than forum volunteers.
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Fri Feb 12, 2016 11:43 am

Fine. Fine. Now even you know that holding the button for at least 5 minutes does the job. Now it is the time you should make a real test if you don't believe...
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re:

Fri Feb 12, 2016 12:12 pm

Fine. Fine. Now even you know that holding the button for at least 5 minutes does the job. Now it is the time you should make a real test if you don't believe...
Who said i dont believe?
After pointing out differences between whats is said here and doc, and after reading fixed doc(which now contains additional info), i have no reasons to disbelieve.
If its in doc i am sure its true.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re:

Fri Feb 12, 2016 3:32 pm

Fine. Fine. Now even you know that holding the button for at least 5 minutes does the job. Now it is the time you should make a real test if you don't believe...
Who said i dont believe?
After pointing out differences between whats is said here and doc, and after reading fixed doc(which now contains additional info), i have no reasons to disbelieve.
If its in doc i am sure its true.
I suppose if you were in a room that was on fire, if the door had a sign that said "this door is locked" you wouldn't try to open the door anyway....
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Re:

Fri Feb 12, 2016 6:47 pm

Fine. Fine. Now even you know that holding the button for at least 5 minutes does the job. Now it is the time you should make a real test if you don't believe...
Who said i dont believe?
After pointing out differences between whats is said here and doc, and after reading fixed doc(which now contains additional info), i have no reasons to disbelieve.
If its in doc i am sure its true.
I suppose if you were in a room that was on fire, if the door had a sign that said "this door is locked" you wouldn't try to open the door anyway....
It depends who put this sign on doors.
It could be good willing user - but i dont know if this user is really good...he can be good but i have no way to check it so i would have some doubts.
especially when i saw in other posts that it bricked device.

In that case the best idea would be to check if door is locked or not - i have nothing to loose.
Lets say this room is really on fire - i can check if doors are locked. I dont risk anything cause this are only doors i have to check.
Now, this example has no connection to reality.
Why?
Because device a firm bought cost some money - so there is something to loose.
Do you see it?

Your example:
Room on fire - sign "door is locked" - room is already on fire - i have nothing to loose so i can check it and save life or dont check it and loose life.

Buying device = spending money - in case i wrote about in first post = loosing money (doubts cause wiki says about UNRECOVERABLE DEVICE!!!!!) - and now seeing that i wouldnt loose money cause i CAN RECOVER!!!

Who is saying this?
Volunteers on forum or authorized wiki doc?
Risking to open door when room is on fire is not real risk cause i can win a life.

Here case is different - i can loose money if device is really unrecoverable.
Now i know that it is recoverable.

So this example is not good.
 
Sob
Forum Guru
Forum Guru
Posts: 4812
Joined: Mon Apr 20, 2009 9:11 pm

Re: Reformatting device?

Fri Feb 12, 2016 8:00 pm

When I originally read about protected RouterBOOT, I understood reformat-hold-button as something that will make it time consuming, for someone who steals the device, to make it operable. If you needed to hold the button for exact time (+- second or two), it would take you awful lot of time before you'd succeed. After half a day spent by button holding and waiting, you'd probably realize it's not worth it and next time you'd steal something else. ;)

But if all it takes is to hold the button for five minutes and it's just one time operation with guaranteed success, what's the point then? It definitely won't make life noticeably harder for thieves. So what else? To give security some time to arrive, before evil hacker reformats the device and loads own config? It would be easier for them to just swap the device. Am I missing something?
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Reformatting device?

Sat Feb 13, 2016 10:02 am

When I originally read about protected RouterBOOT, I understood reformat-hold-button as something that will make it time consuming, for someone who steals the device, to make it operable. If you needed to hold the button for exact time (+- second or two), it would take you awful lot of time before you'd succeed. After half a day spent by button holding and waiting, you'd probably realize it's not worth it and next time you'd steal something else. ;)

But if all it takes is to hold the button for five minutes and it's just one time operation with guaranteed success, what's the point then? It definitely won't make life noticeably harder for thieves. So what else? To give security some time to arrive, before evil hacker reformats the device and loads own config? It would be easier for them to just swap the device. Am I missing something?
So in that case, what would you do if situation from 1 post would happen and you are this company who is now at lost?
 
Sob
Forum Guru
Forum Guru
Posts: 4812
Joined: Mon Apr 20, 2009 9:11 pm

Re: Reformatting device?

Sat Feb 13, 2016 9:59 pm

That would be very unfortunate. But look at the bright side, there are unlimited tries. ;) So even if you'd have to try all combinations with one second steps, with lets say extra two minutes for each, in addition to button holding time, it can be done in about 22 hours (if I'm counting correctly). So it depends if the device is SXT or CCR1072. It would be worth it to hire some cheap labor to play with the latter.

Seemingly obvious flaw is that it would be also worth it for thief, but I guess it's easier to steal outside mounted SXT than something expensive that's more likely to be locked in server room, so the feature would still make sense to me.

What I don't get is what useful reformat-hold-button actually does if it works according to latest official explanation.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Sat Feb 13, 2016 11:36 pm

It's not protection against thieves but against reading security data from flash via pxe booted Linux.
 
Sob
Forum Guru
Forum Guru
Posts: 4812
Joined: Mon Apr 20, 2009 9:11 pm

Re: Reformatting device?

Sun Feb 14, 2016 12:49 am

There are two options:

1) protected-routerboot - This is the protection against unauthorized access. Enable it and you can't change boot or do netinstall, nothing except boot to installed RouterOS. I think the description in wiki is very clear (with one exception, see below).

2) reformat-hold-button - My "thief repelent" theory might of course be completely wrong, but there has to be some reason why this option exists, right? What's the advantage of configurable reset delay, compared to fixed e.g. 30 seconds?

Description for protected-rooterboot says "[to reformat the device] you have to know the reset button hold time in seconds" and right after that, description for reformat-hold-button denies it by saing "Even if reformat-hold-button time is forgotten, holding the reset button for more than 300s will allow you to perform reformat". I can't help it, I find it confusing.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Sun Feb 14, 2016 8:22 am

By the way. Thief is not informed about technical complications to bring device to life. So he will steal anyway.
 
hurymak
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Mon Oct 06, 2014 1:31 pm

Re: Reformatting device?

Mon Jul 31, 2017 3:57 pm

Thanks for the correction, the wiki page has been updated to:

As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for longer than reformat-hold-button time.
Even if reformat-hold-button time is forgotten, holding the reset button for more than 300s will allow you to perform reformat.

So you will be able to restore your device, even reformat-hold-button time is forgotten.

This feature is tested, and you should not have any problems with it.

Please note that AFTER complete reformat, on some Routerboards it can take a few minutes until the device will appear in Netinstall window.
this page should be updated again cause this:
Even if reformat-hold-button time is forgotten, holding the reset button for more than 300s will allow you to perform reformat.
is no longer valid after recently adding this:
reformat-hold-button-max (5s .. 600s; Default: 10m) Increase the security even further by setting the max hold time, this means that you must release the reset button within a specified time interval. If you set t he "reformat-hold-button" to 60s and "reformat-hold-button-max" to 65s, it will mean that you must hold the button 60 to 65 seconds, not less and not more, making guesses impossible. Introduced in RouterBOOT 3.38.3

Who is online

Users browsing this forum: No registered users and 15 guests