Factory reset without UART

[grayver]

Hello! I've got ODI DFP-34X-2C2 from the seller you recommended. Then I tried to use the stick with my Mikrotik RB5009. I got O5 and even an IP address very quickly, however Internet hadn't been working. I was trying to play around with different stick parameters with no success. But when I set parameter LAN_SDS_MODE to 3, I lost access to the stick. Now the stick is not accessible neither via WebGUI, nor by telnet. However, Mikrotik shows module presence.

Is there a way to reset the stick to factory defaults without bringing UART converter and soldering to stick internals?

[crrodriguez]

The cheapest way is connecting the stick to a media converter (TP-Link MC220L, for 19 bucks.. gigabit only.. generic 2.5gbe one for something like 30 USD) and fix the SDS mode there.

[rajkosto]

Keep in mind you do not have to buy the 2.5gbps media converter in order to fix if you set LAN_SDS_MODE to 4 Somehow the ODI DFP-34X-2C2 can autonegotiate correct speed with Qualcomm/Realtek media converter even if you set LAN_SDS_MODE to 4, see this output with it connected to one:

# cat /proc/lan_sds/lan_sds_cfg
lan_sds_mode = 1(Fiber 1G)
# flash get LAN_SDS_MODE
LAN_SDS_MODE=4

the autonegotiation does not work with mikrotik switches/routers.

[Anime4000]

so far ODI with RTL9601D can do SFP Auto Negotiate,

for other stick like V2801F, TWCGPON657 or RTL9601CI based will lock you out, safer way is to use 2.5Gb Media Converter, no need to take apart or soldering and UART

thankful with ODI approach with SFP Auto Nego

[zentavr]

I have the same question, but a different problem: I had updated the MAC address, but did not update a key.

[Anime4000]

I have the same question, but a different problem: I had updated the MAC address, but did not update a key.

for ODI, it should allow to access WebUI, but some SFP host require fiber to present,

Like RB5009, no need fiber to be plugged can access WebUI, my self, wrong MAC Key device wont allow to connect to OLT, but able to access via Telnet or WebUI

before tear down, try plug SFP Stick to SFP media converter

[zentavr]

@Anime4000 right now I have MikroTik RB4011iGS+5HacQ2HnD and it does require fiber cable to be connected into the stick.

Should I try any SFP converter or there could be just specific models?

[Anime4000]

@zentavr SFP most Realtek based SFP Mediaconvert should work https://github.com/Anime4000/RTL960x/blob/main/Docs/2.5Gb.md#device-list

unless they change device revision or something, however, it should works

[zentavr]

I have Mikrotik RB4011iGS+5HacQ2HnD, and I could ping/access the stick over SSH/Web only when have a fiber cable inside of it. So when there are issues with the signal/provider - I cannot even debug the problem at the stick side.

[Anime4000]

I see, I guess get an RB5009, it doesn't need fiber to plug to access Telnet/SSH/WebUI

[zentavr]

Upgraded my RB4011iGS from 6.x to latest 7.8 RouterOS. Now I can see 2.5Gbps mode, but stick still wants a fiber to be plugged in.

[rajkosto]

the STICK doesnt WANT anything the STICK is reporting RX_LOS when there is no incoming PON signal, and YOUR MIKROTIK is DISABLING the ethernet on that interface while RX_LOS is active (Loss of Signal) because it thinks there wont be any packets if there is no signal (which is true on simple transcievers without SoC) go complain to mikrotik though its likely a switch chip hardware feature. or use a rj45 port and media converter while you configure the stick

[zentavr]

I was able to reset without having UART.

So:

1. In one terminal I run ping 192.168.100.100 just to see when the stick comes online. Sometimes I can see 1 ping back, sometimes 4.
2. At the second terminal just in one line: while true ; do sshpass -p admin-password ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-rsa -oCiphers=+3des-cbc -oConnectTimeout=1 -oConnectionAttempts=1 admin@192.168.100.100 -- flash_eraseall /dev/mtd3; if [ $? -eq 0 ]; then break; else sleep 1; fi; done. Yes, long-long line. If you want - you can create a bash script. I have MacOS Ventura 13.2.1. sshpass installed by brew.
3. Wait. I had waited maybe 15-20 minutes just to catch 4 pings. In such case it's enough time to make a wipe. When wipe happens - you'll see something like this in the terminal: Erasing 4 Kibyte @ 3b000 -- 98 % complete..
4. Maybe it enough, but I'd repeated the step above again.
5. Again, maybe it's ok just to re-plug the stick into the port/media converted. I made it in a long way... instead of that put another command and waited for 4 next pings: while true ; do sshpass -p admin-password ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-rsa -oCiphers=+3des-cbc -oConnectTimeout=1 -oConnectionAttempts=1 admin@192.168.100.100 -- reboot; if [ $? -eq 0 ]; then break; else sleep 1; fi; done
6. Finally the stick appeared at 192.168.1.1 and I was able to log in.

[zentavr]

Probably we can reset by curl request as well, but I had not tried that.

The process looks like this:

# Log In
curl -v -X POST http://192.168.1.1/boaform/admin/formLogin --data-raw 'challenge=&username=admin&password=admin&save=Login&submit-url=%2Fadmin%2Flogin.asp'
# Reset
curl -v --http0.9 -X POST http://192.168.1.1/boaform/formSaveConfig --data-raw 'reset=Reset&submit-url=%2Fsaveconf.asp'

How you can see - no tokens/etc are required to make a second request (WTF? Security???). It's likely web server just whitelists your IP and accepts all further admin request without authentication.

[rajkosto]

the only time i managed to "brick" my stick was by turning off "VLAN Aware Bridge" in the HGU firmware webgui... after that it never responded to pings on the LAN IP again until i did the eraseall via uart. For your method to work you must also know the LAN IP, and it must be working, which isnt always the case when people want to factory reset. So it is only useful if they don't have valid MAC_KEY while also not being able to run the stick without fiber in...

[zentavr]

@Anime4000 if you are OK - I can set up a pull request with the instructions which I'd mentioned here with the program method of how to reset the stick.

[crrodriguez]

I believe the stick has tftp recover parameters, but unfortunately I wasn't able to make it work. it is supposedly programmed to ask tftp server at 192.168.1.7 for firmware, but it does not do so at least automatically. maybe there is a prompt for it at the serial console but I do not have it attached.

[zentavr]

@crrodriguez in theory we can run firmware in qemu and test that.

[Anime4000]

@Anime4000 if you are OK - I can set up a pull request with the instructions which I'd mentioned here with the program method of how to reset the stick.

sure! no problem, improvement, documentation is very welcome

[zentavr]

@Anime4000 here we go: #143