Community discussions

MikroTik App
 
dalvyk101
just joined
Topic Author
Posts: 1
Joined: Tue Jul 04, 2017 3:24 pm

No terminal output on serial port

Tue Jul 04, 2017 3:40 pm

I'm trying to access Terminal on my RB941-2nd using a USB-UART device. I connected the device's TX to RX, RX to TX and GND to GND.I left the 3v3 pad unconnected since I'm powering the whole board with an adaptor. I also used the router's defaults for serial, 115200 baud rate, no flow control, 8 data bits, 1 stop bits and no parity. I also double checked which COM port the USB-UART device is using. Upon rebooting (with putty terminal already listening/running), I'm not seeing any outputs. Can someone explain me why, please. Do I need something to be configured using Winbox or the web interface?

Thank you,
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: No terminal output on serial port

Tue Jul 04, 2017 4:25 pm

 
bojanpotocnik
just joined
Posts: 4
Joined: Sat Jan 02, 2021 4:05 pm

Re: No terminal output on serial port

Mon Oct 18, 2021 12:49 pm

RB941-2nd has no options under /system/console - you cannot enable it as there seemingly no ports available. But clearly there is UART port on the board.

Is there any trick to show the serial port, to then be able to enable the console?
 
r00t
Long time Member
Long time Member
Posts: 672
Joined: Tue Nov 28, 2017 2:14 am

Re: No terminal output on serial port

Tue Oct 19, 2021 4:15 am

Mikrotik intentionally disables UART ports for whatever reasons, so it can't be used for anything.
While devices with RS232 ports have boot/bios menus and spawn ROS console on the port by default, all boards with just TTL UART pins are completely useless.
I was many times in a situation where using UART I could either revive the bricked board or at least extract the configuration from it after LAN got damaged... but there is nothing you can do with Mikrotik over UART.
Yet if you install OpenWRT, it will happily spawn console on the UART port and it's fully usable. It's NOT an hardware issue.

WHY? No idea. I contacted support and all I got was total silence, no replies.
There were threads about this here on forum as well, with no official reason or any replies from Mikrotik devs.

IT JUST SUCKS
And there's nothing we can do about it...
 
User avatar
rfc1149
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Fri May 15, 2020 4:26 am
Location: England

Re: No terminal output on serial port

Thu Oct 21, 2021 11:24 am

WHY? No idea. I contacted support and all I got was total silence, no replies.
It's effectively a physical access backdoor otherwise.
This way, the adversary has to implement possibly invasive + destructive measures to read the config (or non-destructive if they're skilled enough).
 
r00t
Long time Member
Long time Member
Posts: 672
Joined: Tue Nov 28, 2017 2:14 am

Re: No terminal output on serial port

Thu Oct 21, 2021 3:16 pm

What a complete nonsense.
It would work same as on devices with rs232 port, it's NOT a backdoor! All you get is another ROS console where you have to login to access it.
You can't just "read the config" if you don't know login credentials. You can wipe the flash from bootloader menu or start netinstall, but you can do that already anyway by button press.
 
User avatar
rfc1149
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Fri May 15, 2020 4:26 am
Location: England

Re: No terminal output on serial port

Wed Jan 26, 2022 6:35 pm

What a complete nonsense.
It would work same as on devices with rs232 port, it's NOT a backdoor! All you get is another ROS console where you have to login to access it.
You can't just "read the config" if you don't know login credentials. You can wipe the flash from bootloader menu or start netinstall, but you can do that already anyway by button press.
I think you misunderstood. On-board diagnostic ports and protocols like UART/JTAG/ISP/SPI offer closer access to privileged busses.
This exposes an attack surface that makes it trivial to dump the firmware of a device without using it as intended.
You can use a Saleae and have a dump within minutes. I would know. :)
Try some basic hardware hacking and you'll find that devices without these ports disabled are prime vectors for compromise.
This is further found in various homebrew router communities who need physical vectors for flashing or cert dumps.

As for the RS232, that's exactly what it's intended for. That's intended to access an ROS terminal and functions as it should.
User was referring to UART port traces on the board not the RS232 connector. Read next time. :)
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: No terminal output on serial port

Wed Jan 26, 2022 6:59 pm

You know, physical security still counts. If one can take your device and dissect it, then .... well, use your imagination. I wouldn't store my credit card details to an AP mounted in public area.
This is one of benefits of using network controllers so that exposed devices don't have any sensitive configuration stored permanently, they get it from controller when needed.
 
r00t
Long time Member
Long time Member
Posts: 672
Joined: Tue Nov 28, 2017 2:14 am

Re: No terminal output on serial port

Wed Jan 26, 2022 10:55 pm

I think you misunderstood. On-board diagnostic ports and protocols like UART/JTAG/ISP/SPI offer closer access to privileged busses.
This exposes an attack surface that makes it trivial to dump the firmware of a device without using it as intended.
..
As for the RS232, that's exactly what it's intended for. That's intended to access an ROS terminal and functions as it should.
User was referring to UART port traces on the board not the RS232 connector. Read next time. :)
Again complete nonsense. We are talking about UART only. Don't try to include JTAG and other test connectors with direct access to CPU, flash etc. for scaremongering.

Let's compare two boards: RB411 and RB711
Same CPU, but RB411 does have RS232 port that's connected to MAX2323 level shifter and then to UART0 pins on CPU.
RB711 have exactly the same pins routed on PCB to pads marked RX and TX, without level shifter or RS232 connector.

Now tell me, how is RB711 more secure by not having exactly same bootloader menu available on internal TTL UART pins as other board have on RS232 connector?
Only difference is signal level and connector... both completely meaningless in this case.
You get exactly same access to CPU on both boards, yet on one it's disabled by software for no good reason. It would only provide exactly same level of access as on the board with RS232 console connector. There would be no difference in security what so ever. And if you don't want it, it could always be disabled in routerboot, exactly same as on boards with RS232.

You can use a Saleae and have a dump within minutes. I would know. :)
Try some basic hardware hacking and you'll find that devices without these ports disabled are prime vectors for compromise.
This is further found in various homebrew router communities who need physical vectors for flashing or cert dumps.
I have done countless NAND chip swaps to repair routerboards or to simply get higher license level... so I know how to deal with all this stuff anyway.
But UART is last on your worry list if you are talking physical device security, because then there are other ways how to get information out of the device that are much more convenient.
And talking about "prime vectors for compromise" .. you can simply put device to netinstall mode and load custom kernel from network. Having bootloader console would not change this in any way (and if you know how to disable netinstall, you surely know how to disable the boot menu).

As for homebrew, if I buy some device, it's mine and I can do what I want to do with it. With the state of WIFI support from Mikrotik, running OpenWRT might be only way to actually use this hardware to it's full potential. Devices where I can't run my own code (another good example are phones with locked bootloaders) are on my blacklist and I would never buy such crap. Being able to repurpose old hardware (that might be just a few years old) is only way to deal with e-waste problem. Reuse > Recycle

And if any of this somehow compromises your security, then you are using completely wrong devices for your project, as none of Mikrotik hardware is hardened against access at PCB component level. If you care about someone dumping certificates from your devices, then you want device with signed chain of trust from bootloader to firmware, encrypted flash and memory and other measures.

But back to the original question:
Would having exactly same access on internal UART pins as on external RS232 connector compromise security?
NO
 
User avatar
rfc1149
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Fri May 15, 2020 4:26 am
Location: England

Re: No terminal output on serial port

Wed Jan 26, 2022 11:33 pm

Again complete nonsense. We are talking about UART only. Don't try to include JTAG and other test connectors with direct access to CPU, flash etc. for scaremongering.

This is becoming quite hostile and at the same time very incorrect.
All I can say is that your response is that of someone who has never written an exploit in their life or unpacked a binary in IDA with anything other than UPX packing.
There is no scaremongering going on, you're just not aware of something you don't really understand. There's no reason to get angry about it.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: No terminal output on serial port

Thu Jan 27, 2022 2:43 am

It's serial port. If all these devices:

https://mikrotik.com/product/?filter&s=c&f=[%22serial_port%22]#!

can have it (and in ready to use form!) and survive, surely others could have incomplete "bring your own extra components if you want to play" version and be fine too.
 
r00t
Long time Member
Long time Member
Posts: 672
Joined: Tue Nov 28, 2017 2:14 am

Re: No terminal output on serial port

Thu Jan 27, 2022 3:51 am

it's hard to get a point across to someone who just doesn't want to even listen... now there are no arguments left by rfc1149, just insults.

As for actual devices, here is a good example:
https://mikrotik.com/product/rbm33g MT7621A CPU RS232 port, nice bootloader menu anyone can access to unbrick it and get ROS console
https://mikrotik.com/product/RB750Gr3 MT7621A CPU TTL UART pads on PCB, no bootloader menu, no ROS access to it at all, but magically MUCH MORE SECURE thanks to this!

And it's not just for management, having UART available for use in ROS would make it possible to use it with arduino or other gadget for monitoring etc.
As both run the same ROS version (and maybe also same routerboot), I'm sure there must be flag in factory configuration that enables/disables UART.
I will have to look into this, it would be great if this was something that could be enabled, even if just for ROS use and not routerboot.
 
User avatar
rfc1149
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Fri May 15, 2020 4:26 am
Location: England

Re: No terminal output on serial port

Thu Jan 27, 2022 4:11 pm

it's hard to get a point across to someone who just doesn't want to even listen... now there are no arguments left by rfc1149, just insults.

Actually if you read carefully, the hostility started with your large response to my earlier reply.
You think being able to do SMD level repairs with a heat gun qualifies you to understand low level boot processes and hardware initialisation when in fact it's quite the opposite.
You hammer your point across with the edge of your understanding and it clearly shows that beyond that, you don't really understand basic exploitation and why this poses a security issue.
Even if it was completely disabled at the wirebond level, it's common practice in VLSI to simplify design by removing unnecessary traces so you have more paths available for planning.
There are architectural considerations beyond the security implications. This isn't even something a network hardware vendor would consider at a high level because their PCB Designers already factor it in to the whole picture.

Now this is already getting out of hand. There is no need to fight like this on MikroTik forums. I would rather you spend your time learning more instead of picking fights.
I'm passionate about what I know because I enjoy educating others but you are clearly incapable of learning more until you calm down a bit.
Please just stop this.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: No terminal output on serial port

Thu Jan 27, 2022 5:09 pm

@rfc1149: Are you sure that it's not you who's missing the point?

Device A has complete serial console, with all components, connectors, ready to use.
Device B has has the same thing, only incomplete, you'd have to add some components to be able to use it.

Device A has serial console enabled in firmware.
Device B has serial console disabled in firmware.

And you're basically saying that if device B's firmware had the serial console enabled, it would be horribly insecure. Does it mean that device A is also horribly insecure? It has the same thing, and even more accessible...
 
User avatar
rfc1149
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Fri May 15, 2020 4:26 am
Location: England

Re: No terminal output on serial port

Thu Jan 27, 2022 5:31 pm

@rfc1149: Are you sure that it's not you who's missing the point?

I didn't respond to their scenario because in science, you don't cherry pick a scenario for your intended results and exclude the point the original person was trying to make.
UART and RS232 are very different. Let me be clear: the issue I'm pointing out here is a physical vector for compromise via exposed busses.
The response received outlines their lack of knowledge in this area and how it can allow for full device compromise.

This is NOT a vulnerability for MikroTik in-operation insofar as physical security concerns factors external to the hardware such as location, locks on the cage and authorised access.
This IS a vulnerability for device tampering or dumping device contents. Yes, MikroTik isn't built to include HW Root of Trust or TPM aided security, nor any boot time checks that cannot be easily patched with active signal-ingress. Combined, these factors make MikroTik fair game for a decent adversary.
HOWEVER, what I am describing is not within any normally considered threat model.

Maybe my perspective is just that of "Which door can I walk in through?" and I see one wide open albeit with extra steps in practice compared to theory.
I do not see the point in contending with a narrow perspective only to meet them on their level and exclude all other scenarios.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: No terminal output on serial port

Thu Jan 27, 2022 5:57 pm

You may be perfectly right in general, but this is very concrete problem.

MikroTik devices used to have ready to use serial ports, they were enabled and very useful for troubleshooting, because you could interact with device even before RouterOS booted. So mainly when it didn't want to boot. You could see error messages or change settings. It was so much better than blindly pressing reset button "the right way" and hoping that it will do what you want.

Having all devices with complete serial ports was of course waste of resources, because most of them were never used for anything. So it's ok that they stripped it from many. Also size of some devices was good reason. But the needed signals are still on board, so it could still technically work if user connected needed extra parts. Only it doesn't, because MikroTik disabled it in firmware. And there's no good reason for that. Except maybe to annoy users. If that was the plan, then it worked great.

This is what r00t is talking about, and also OP's problem.
 
User avatar
rfc1149
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Fri May 15, 2020 4:26 am
Location: England

Re: No terminal output on serial port

Thu Jan 27, 2022 6:41 pm

If that was the plan, then it worked great.

I can appreciate the annoyance for most people comfortable with using it.
I have two LtAP's with physical RS232 ports and they are handy for locking down any terminal/administrative access only to physical presence.

More importantly, if you have no port for it, leaving it enabled makes no sense.
Streamlining device operation means trimming signalling fat. Keeping clocks active for it makes no sense in that scenario.
Idle power consumption plus unnecessary complexity that can be removed for cleaner firmware and operation.
This is very easy to re-enable if the traces are connected but patching firmware will need familiarity with ROS and the architecture.
Maybe about 12-18 hours in IDA.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: No terminal output on serial port

Fri Jan 28, 2022 7:42 pm

Port is there, only some components are missing, but they can be connected by user, and then it could be perfectly usable. It's inconvenient for regular user, but it's mainly for emergencies, if other forms of communication fail. Then it's better to have chance with this, than having to throw whole device to trash. I'm not talking about any advanced firmware-patching hackers, just regular users, even determined beginner would be able to get this going.
 
User avatar
rfc1149
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Fri May 15, 2020 4:26 am
Location: England

Re: No terminal output on serial port

Fri Jan 28, 2022 11:06 pm

Port is there, only some components are missing, but they can be connected by user, and then it could be perfectly usable. It's inconvenient for regular user, but it's mainly for emergencies, if other forms of communication fail. Then it's better to have chance with this, than having to throw whole device to trash. I'm not talking about any advanced firmware-patching hackers, just regular users, even determined beginner would be able to get this going.
How will it be useable with no hw init at boot time?
You'll connect to an empty session (if it's still powered) because it's not logically addressed.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: No terminal output on serial port

Fri Jan 28, 2022 11:42 pm

Take a look at this nice example:

https://openwrt.org/toh/mikrotik/rb941- ... erial_port

There's serial port on board, it can work if enabled, everything is ready for it, but it's disabled by MikroTik, because... why? Can you see any reason for that? It's the same serial port as on devices that officially have one.
 
User avatar
rfc1149
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Fri May 15, 2020 4:26 am
Location: England

Re: No terminal output on serial port

Sat Jan 29, 2022 2:46 pm

Take a look at this nice example:

Ah okay, that's true. Older Routerboot versions still allow this and do the hw init at boot so runtime use is possible.
Actually on second thought this is really easy to patch but 6.49.2 and 7.1/7.1.1 binaries are too different to port reliably from old versions.
Need to explore it a bit more.

Can you see any reason for that? It's the same serial port as on devices that officially have one.

Functionality testing + QA verification on assembly line.
But yes, disabling it afterwards is annoying for hardware hackers. I understand the frustration.
At the same time, consumers' aftermarket or tinkerer's perspective is always beyond the product design considerations.
This is why we have hardware hacking to begin with. To push the limits of what we can do.
Just don't expect support after or stability, and when the branch maintainer disappears into thin air, good luck. :(
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: No terminal output on serial port

Sat Jan 29, 2022 8:28 pm

The point is that it was made with both hardware (it's available on board) and software (there's this nice boot menu) ready to use it, but then it was intentionally limited/crippled.

It isn't just about hardware hackers, everyone can benefit from having more options, e.g. for troubleshooting. It wouldn't cost MikroTik anything to keep it enabled. They could even sell some slightly overpriced MikroTik RouterBOARD Official Serial Port Adapter™ for it and everyone would praise them.

Who is online

Users browsing this forum: No registered users and 12 guests