I'm having issues attempting to determine the password for FS 10Gbase-T Transceivers. FS sells them as generic 10Gbase-T Transceivers, as well as for FS switches, Cisco, Dell, Brocade, etc... For the Brocade and Dell versions (marked BR and DE respectively to differentiate brand compatibility) they seem to be locked. However, for the Cisco version (they are unmarked), I was able to program a few of them as Brocade or Dell without a password. However, I needed to choose "SFP" under the EEPROM > TRANSCEIVERS device selection menu. After having previously backed up the Dell and Brocade transceiver's A0h area(s), I found I could simply load those saved A0h bin files, then adjust the S/N field in the Revelprog IS software with the S/N printed on the module, update the checksum, load the changes into the buffer and then I could simply write that to the Cisco version of the FS 10Gbase-T module without an issue. After the software runs its verification, the changes I made were retained. If I try to do the same process to any of the marked transceivers, such as reprogram the DE marked Dell transceivers for Brocade, then it fails. There's no error. The software simply runs its verify which loads the original values prior to the write attempt.
I tried running the password brute force tool. First, I ran it with the location A2h, Manufacturer (no limit access), Range limit: user defined (80 00 00 00 through FF FF FF FF) with the "Apply range to single bytes" and "Store password in manufacturer name" checkboxes checked. I left the write delay set to "Auto adjust". After several days with an average speed of 3885 passwords per second, the tool did not discover the password.
Then I attempted the password brute force tool again, with the location as A2h once more, Manufacturer (no limit access), Range limit: user defined (00 00 00 00 through FF FF FF FF) with the "Apply range to single bytes" unchecked and "Store password in manufacturer name" checkboxes checked. I left the write delay set to "Auto adjust" on this run. After about 8+ days with an average speed of 3883 passwords per second, the tool still did not discover the password.
I'm kind of at a loss here. There's no hardware difference between the Cisco compatible FS 10Gbase-T transceivers and the same company's 10Gbase-T Dell/Brocade 10Gbase-T transceivers. They are definitely reprogrammable as FS sells their own tool to do this with nearly any of their optics but so far I'm only partially successful in programming them via the unbranded/unmarked transceivers and I can't seem to obtain a password.
Please provide any assistance or perhaps there's a better way to run my password brute force search. Thank you!