Page 1 of 1

RB952Ui was hacked

Posted: Tue Mar 26, 2024 5:55 pm
by rarriazu
Hi, my RB952Ui was hacked because I didn't have a password. Now, I can't log in with Winbox or Netinstall. The reset button is disabled. Is there any way to recover it ?
Thanks

Re: RB952Ui was hacked

Posted: Tue Mar 26, 2024 6:00 pm
by mkx
If reset button is indeed disabled[*] (a.k.a. protected routerboot), then your RB951Ui just became e-waste.

[*] In theory it's not possible to enable protected routerboot without physical access to device, so it's unlikely that remote hacker did it. If you didn't do it yourself, then it still should work (getting drvice into netinstall mode is sometimes a very delicate process prone to fail). If you did it yourself but didn't set admin password, then you got what you deserve.

Re: RB952Ui was hacked

Posted: Tue Mar 26, 2024 8:51 pm
by pajapatak
Even if protected-routerboot is enabled, it is still possible to do a recovery, according to RouterBOARD documentation: https://help.mikrotik.com/docs/display/ROS/RouterBOARD.
As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for longer than reformat-hold-button time, but less than reformat-hold-button-max (new in RouterBOOT 3.38.3).

When you use the button for a complete reset, the following actions are taken:

EXTREMELY DANGEROUS. Use this only if you have lost all access to the device.

1. RouterOS, all of its files and configuration is completely and irreversibly erased by nand re-format;
2. All RouterBOOT settings are reset to defaults;
3. Board is rebooted;
4. As boot from NAND fails, it goes to etherboot automatically;
5. Netinstall is required to reinstall RouterOS.

Please note! Reformat on some RouterBOARDS can take more than 5 minutes. After formatting the board will be ready for Netinstall.

Re: RB952Ui was hacked

Posted: Tue Mar 26, 2024 9:13 pm
by patrikg
Oohhh I get it, thanks for that, but i have to make some tools for hold the reset button in in 10 min.
 reformat-hold-button-max: 10m
That have solved my own problem very early with I have change the routerboot from bootp to dhcp, and not get it back to bootp to enable use of netinstall-cli.

viewtopic.php?t=194537