SFP modules GigaLight

Here you can ask technical questions about REVELPROG-IS and device/memory programming.
zburget
Posts: 27
Joined: Thu Mar 09, 2023 10:19 am
Location: Czech Republic

SFP modules GigaLight

Postby zburget » Sat Mar 18, 2023 3:02 pm

Greetings,
I have a lot of modules with the GigaLight brand. I need to modify the code in them, but they are protected by a write password.
I try to search password by bruteforce password finder. I set the password location at A2h, 7Bh, access type to Manufacturer, range 80 00 00 00 - FF FF FF FF (in accordance with the MSA standard) and I left checked "Apply range to single bytes" (which is the default setting).
Speed of password searching is approx 1660/s - ie password search took approx 15 days. Unfortunately, the password wasn't found. :-(

O.K. - I can try search password with unchecked "Apply range to singele bytes" (15 more days), or I can try search password in range 00 00 00 00 - 7F FF FF FF with and without checking "Apply range to singele bytes" (30 more days). That's quite a lot of time. Therefore, I would like to ask if any of you know the password I search. Or at least some more accurate range in which it is appropriate to look for.
Alternatively - is it possible that the password is located at some address other than the A2h, 7Bh?
Or where else can there be the snag?

Thanks
Zbyněk Burget

ArT
Posts: 1495
Joined: Wed Mar 25, 2015 8:54 am
Location: Warsaw, Poland
Has thanked: 51 times
Been thanked: 160 times

Re: SFP modules GigaLight

Postby ArT » Tue Mar 21, 2023 8:28 am

It can be not MSA compilant and password can be located in range 00 00 00 00 - 7F FF FF FF or it can be located in other area or it can be protected on other way. It's not often case, but sometimes this is the case. First of all I recommend to check range all ascii chars (you have the highest probability of success here), then please search in range 00 00 00 00 - 7F FF FF FF .

zburget
Posts: 27
Joined: Thu Mar 09, 2023 10:19 am
Location: Czech Republic

Re: SFP modules GigaLight

Postby zburget » Tue Mar 21, 2023 2:32 pm

Thanks for the ideas, I'm already working on it. :-)

However - I know for sure that SFP is protected by password. let's say I could theoretically know the password, but it doesn't work at A2h, 7Ch. Is it possible to find out at which address to be password entered?
Zbyněk Burget

ArT
Posts: 1495
Joined: Wed Mar 25, 2015 8:54 am
Location: Warsaw, Poland
Has thanked: 51 times
Been thanked: 160 times

Re: SFP modules GigaLight

Postby ArT » Wed Mar 22, 2023 7:10 am

It depends. If password is stored within the same page - yes, but if in other page, you need to first set this page. Interesting case, software does not support such feature at the moment, but I noted it to todo list :)

zburget
Posts: 27
Joined: Thu Mar 09, 2023 10:19 am
Location: Czech Republic

Re: SFP modules GigaLight

Postby zburget » Wed Mar 22, 2023 11:57 am

Based of this document - GigaLight SFP/XFP/QSFP Programmer manual, page 9 it could be guessed at which addresses the password could be.
Zbyněk Burget

ArT
Posts: 1495
Joined: Wed Mar 25, 2015 8:54 am
Location: Warsaw, Poland
Has thanked: 51 times
Been thanked: 160 times

Re: SFP modules GigaLight

Postby ArT » Wed Mar 22, 2023 2:20 pm

Do you mean page 0x10? We can try to implement such feature in brute force tool. Could you send us 1 module for testing? We will send it back when beta software will be ready. If yes, please contact with me on PM,

zburget
Posts: 27
Joined: Thu Mar 09, 2023 10:19 am
Location: Czech Republic

Re: SFP modules GigaLight

Postby zburget » Wed Mar 22, 2023 3:08 pm

I mean address 7Bh in A0h block (but I unsuccessfully try this address)
or address FCh in A2h block at unknown page.

I don't think that they would wrote the exact position of the password in the public manual. :-)
Zbyněk Burget

TRX
Posts: 2
Joined: Thu Sep 23, 2021 1:16 pm
Has thanked: 2 times

Re: SFP modules GigaLight

Postby TRX » Wed Mar 29, 2023 5:52 pm

zburget wrote:Greetings,
I have a lot of modules with the GigaLight brand. I need to modify the code in them, but they are protected by a write password.
I try to search password by bruteforce password finder. I set the password location at A2h, 7Bh, access type to Manufacturer, range 80 00 00 00 - FF FF FF FF (in accordance with the MSA standard) and I left checked "Apply range to single bytes" (which is the default setting).
Speed of password searching is approx 1660/s - ie password search took approx 15 days. Unfortunately, the password wasn't found. :-(

O.K. - I can try search password with unchecked "Apply range to singele bytes" (15 more days), or I can try search password in range 00 00 00 00 - 7F FF FF FF with and without checking "Apply range to singele bytes" (30 more days). That's quite a lot of time. Therefore, I would like to ask if any of you know the password I search. Or at least some more accurate range in which it is appropriate to look for.
Alternatively - is it possible that the password is located at some address other than the A2h, 7Bh?
Or where else can there be the snag?

Thanks

Hi. In GigaLight modules password is 38343732 and located at address A2h, FCh.

zburget
Posts: 27
Joined: Thu Mar 09, 2023 10:19 am
Location: Czech Republic

Re: SFP modules GigaLight

Postby zburget » Fri Mar 31, 2023 4:33 pm

Yes! This is it!

Thank very much!

I had the right numbers but in reverse order :?
And I didn't know the correct address.

I have tried to search the combination now (when I know it and I know where to look for it). And I found the following:
I must run serach without checked "Apply range to single bytes".
In first step is found range in which password is and in second step is found number combination by one larger. I suppose it would be good to extend "write delay" to a higher value than 10 ms (by default). Range in second step is so small, that even relatively long delay will not be a problem for password searching.
Zbyněk Burget

zburget
Posts: 27
Joined: Thu Mar 09, 2023 10:19 am
Location: Czech Republic

Re: SFP modules GigaLight

Postby zburget » Sat Apr 08, 2023 5:34 pm

…and one more knowledge/remark to password finder.
If I select Range limit to ASCII*, option Apply range to single bytes is checked without the possibility of uncheck.
Although is password for GigaLight module in range of ASCII numbers, is not possible to find it. Apply on the single bytes would need to turn off.
It would be good to make this option as "checkable" in all cases.
Zbyněk Burget


Return to “Technical Support”

Who is online

Users browsing this forum: No registered users and 3 guests

cron