SFP+ Programming FS 10Gbase-T Transceiver

Here you can ask technical questions about REVELPROG-IS and device/memory programming.
btbutts
Posts: 1
Joined: Sat Jul 27, 2024 12:19 pm

SFP+ Programming FS 10Gbase-T Transceiver

Postby btbutts » Tue Aug 13, 2024 3:26 am

I'm having issues attempting to determine the password for FS 10Gbase-T Transceivers. FS sells them as generic 10Gbase-T Transceivers, as well as for FS switches, Cisco, Dell, Brocade, etc... For the Brocade and Dell versions (marked BR and DE respectively to differentiate brand compatibility) they seem to be locked. However, for the Cisco version (they are unmarked), I was able to program a few of them as Brocade or Dell without a password. However, I needed to choose "SFP" under the EEPROM > TRANSCEIVERS device selection menu. After having previously backed up the Dell and Brocade transceiver's A0h area(s), I found I could simply load those saved A0h bin files, then adjust the S/N field in the Revelprog IS software with the S/N printed on the module, update the checksum, load the changes into the buffer and then I could simply write that to the Cisco version of the FS 10Gbase-T module without an issue. After the software runs its verification, the changes I made were retained. If I try to do the same process to any of the marked transceivers, such as reprogram the DE marked Dell transceivers for Brocade, then it fails. There's no error. The software simply runs its verify which loads the original values prior to the write attempt.

I tried running the password brute force tool. First, I ran it with the location A2h, Manufacturer (no limit access), Range limit: user defined (80 00 00 00 through FF FF FF FF) with the "Apply range to single bytes" and "Store password in manufacturer name" checkboxes checked. I left the write delay set to "Auto adjust". After several days with an average speed of 3885 passwords per second, the tool did not discover the password.

Then I attempted the password brute force tool again, with the location as A2h once more, Manufacturer (no limit access), Range limit: user defined (00 00 00 00 through FF FF FF FF) with the "Apply range to single bytes" unchecked and "Store password in manufacturer name" checkboxes checked. I left the write delay set to "Auto adjust" on this run. After about 8+ days with an average speed of 3883 passwords per second, the tool still did not discover the password.

I'm kind of at a loss here. There's no hardware difference between the Cisco compatible FS 10Gbase-T transceivers and the same company's 10Gbase-T Dell/Brocade 10Gbase-T transceivers. They are definitely reprogrammable as FS sells their own tool to do this with nearly any of their optics but so far I'm only partially successful in programming them via the unbranded/unmarked transceivers and I can't seem to obtain a password.

Please provide any assistance or perhaps there's a better way to run my password brute force search. Thank you!

ArT
Posts: 1539
Joined: Wed Mar 25, 2015 8:54 am
Location: Warsaw, Poland
Has thanked: 56 times
Been thanked: 166 times

Re: SFP+ Programming FS 10Gbase-T Transceiver

Postby ArT » Wed Aug 14, 2024 4:58 pm

Could you share me link which exactly SFP is it on FS site? I can check if I have pw for it, but on Monday.
It can be also uprotected, but may require byte by byte programming (BP checkbox) or adjust write time to 40ms directly in script.
Please check EEPROM -> TRANSCEIVERS -> SFP (without A0/A2 suffix) and check "BP" checkbox. You can also try "ND" checkbox. Please try also select page program (128B) instead of A0 block (256B) - any difference?


Return to “Technical Support”

Who is online

Users browsing this forum: No registered users and 5 guests