To display the current cookie of a router, boot the router and enter into the ROMmon mode using the break sequence, followed by entering the cookie command. The show diag EXEC command can also be used to display the contents of the cookie of a router.
System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)
Copyright (c) 2002 by cisco Systems, Inc.
C2600 platform with 131072 Kbytes of main memory
PC = 0xfff0ac3c, Vector = 0x500, SP = 0x800043b4
monitor: command "boot" aborted due to user interrupt
rommon 1 > cookie
cookie:
01 01 00 0c 85 bb ef 60 43 20 80 ff 03 6e 00 20
00 00 00 00 00 00 00 00 4a 41 45 07 13 30 44 41
4c 01 00 00 00 00 00 00 00 ff ff ff 58 06 49 1e
4b 02 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
rommon 2 >
Use the following formula to find out the password to enter the PRIV ROMmon mode:
password = w1 + w2 + w3 +w4 + w5 mod 216
where w1 – w5 are the first 5 words in the cookie. 216 = 65536 = 0x10000.
The PRIV password for the cookie above is B948.
01 01 00 0c 85 bb ef 60 43 20 80 ff 03 6e 00 20 00 00 00 00 00 00 00 00 4a 41 45 07 13 30 44 41 4c 01 00 00 00 00 00 00 00 ff ff ff 58 06 49 1e 4b 02 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 0x0101 0x000C 0x85BB 0xEF60 + 0x4320 -------- 0x1B948 mod 0x10000 -------- 0xB948 --------
The PRIV password for the following cookie is 439E.
01 01 00 12 d9 ab 25 c0 43 20 80 ff 03 6e 00 20 00 00 00 00 00 00 00 00 46 43 5a 09 29 37 30 33 44 04 00 00 00 00 00 00 00 ff ff ff 50 06 49 1e 4b 06 ff ff ff ff ff ff ff ff ff ff ff ff ff ff 46 4f 43 08 50 33 38 53 56 43 20 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 0x0101 0x0012 0xD9AB 0x25C0 + 0x4320 -------- 0x1439E mod 0x10000 -------- 0x439E --------
The cookie consists of 128 bytes of data. It is normally displayed in hexadecimal format with 8 rows of 16 bytes data. Below describes the data structure of the cookie:
-
| Index | Size | Name | Description |
| 0x00 | 1 | Version | Indicates the version of the cookie format. 0x01 – Cisco 2600 Series. |
| 0x01 | 1 | Vendor | The vendor of the device. It is assumed that this value is always 0x01, as the vendor is always Cisco. |
| 0x02 | 6 | Ethernet Hardware Address | The BIA Ethernet MAC address of the 1st integrated Ethernet interface. |
| 0x08 | 1 | Processor | Indicates the type of processor (e_machine). The actual reason that a router unable to boot when the cookie is corrupt is that it compares the e_machine values in the cookie and flash image file. If these 2 values do not match, the router assumes that the image file is invalid for its platform and therefore refuses to load it. |
| 0x09 | 1 | NVRAM Size | The size index of the NVRAM. Note: This value is not the size of NVRAM in Kbytes. |
| 0x0a | 1 | CPU Speed | The speed index of the CPU. Note: It doesn’t indicate the CPU speed in MHz. |
| 0x0b | 1 | Unused | - |
| 0x0c | 2 | On-board PM ID | Not sure. |
| 0x0e | 2 | MAC Address allocated | Not sure. |
| 0x10 | 8 | Unknown | - |
| 0x18 | 9 | Processor Board ID | Indicates the encoded Processor Board ID, which is printed on a label on the router motherboard. The Processor Board ID can be different than the serial number of the router. |
| 0x21 | 2 | CPU Revision | Referred to as the Processor Revision number |
| 0x23 | 2 | Deviation | Referred to as the Hardware Revision number. |
| 0x25 | 7 | Unknown | - |
| 0x2c | 1 | CPU Type | Indicates the type of CPU (cpu_type). |
| 0x2d | 1 | Board Config | Not sure. |
| 0x2e | 4 | Unknown | - |
| 0x32 | 6 | WAN MAC Address | Not sure. |
| 0x38 | 72 | Unused |
Encoding and Decoding the Processor Board ID
Follow the following steps to encode a Processor Board ID into the cookie format:
1) Convert the ASCII values of the first 3 characters to Hexadecimal.
2) Add the next 4 numbers pair-wise as they appear in the Processor Board ID.
3) Convert the ASCII values of the last 4 characters to Hexadecimal.
The result should be a series of 7 octets.
Example 1: JAE07130DAL
| J | A | E | 07 | 13 | 0 | D | A | L |
| 0x4A | 0x41 | 0x45 | 0x07 | 0x13 | 0x30 | 0x44 | 0x41 | 0x4C |
Example 2: FCZ0929703D
| F | C | Z | 09 | 29 | 7 | 0 | 3 | D |
| 0x46 | 0x43 | 0x5A | 0x09 | 0x29 | 0x37 | 0x30 | 0x33 | 0x44 |
Example 3: FTX0945W0MY
| F | T | X | 09 | 45 | W | 0 | M | Y |
| 0x46 | 0x54 | 0x58 | 0x09 | 0x45 | 0x57 | 0x30 | 0x4D | 0x59 |
ASCII Conversion Chart
Hello just have a question, I hope you can help me the processor ID number as you explain is 0x08. Where in the router's cookie is located.
ReplyDelete01 01 00 0c 85 bb ef 60 43 20 80 ff 03 6e 00 20
00 00 00 00 00 00 00 00 4a 41 45 07 13 30 44 41
4c 01 00 00 00 00 00 00 00 ff ff ff 58 06 49 1e
4b 02 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
My very own stand-out most cherished site this is an immediate aftereffect of sensible convenience has a place with the sensible wonders all through the time span and besides for future enhancement. This assignmentmasters.co.uk review site is to a great degree valuable for the all dimension of understudies. Much gratitude to you.
ReplyDeleteI have read your blog its very attractive and impressive. I like it your blog.
ReplyDeletehotmail login process
You have performed a great job on this article. It’s very precise and highly qualitative. You have even managed to make it readable and easy to read. You have some real writing talent. Thank you so much. https://192-168-i-i.com/cisco-router-default-password/
ReplyDelete