Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
18 views3 pages

Cisco Iou

Uploaded by

dmdelaro

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt

Cisco Iou

Uploaded by

dmdelaro
18 views3 pages

Original Title

CISCO IOU

Copyright

© © All Rights Reserved

Available Formats

PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt
18 views3 pages

Cisco Iou

Uploaded by

dmdelaro

Copyright:

© All Rights Reserved
Download as PDF, TXT or read online from Scribd
Download as pdf or txt
You are on page 1/ 3

Cisco L3 and L2 IOU Hacking on Fedora

Linux – for Educational Purpose only


April 30, 2011 54 Comments

These steps are based on tutorial “Defeating Cisco IOU’s License Protection” and are
adapted for Fedora Linux. After the video from you-tube was deleted the creator of video
made the “patch” which you can check here.

Please, consider using IOU – it is meant for internal use only thus it is probably illegal to
use in case you are not Cisco employee or partner. For further information about
licensing, please visit this site. http://evilrouters.net/2011/01/18/cisco-iou-faq/

1. Download bbe – hex editor

wget http://sourceforge.net/projects/bbe-/files/bbe/0.1.8/bbe-0.1.8-
2.i386.rpm/download

2. Install rpm package

sudo rpm -ihv ./bbe-0.1.8-2.i386.rpm

3. Install openssl-devel packages and create symbolic link

The shared library libcrypto.so4 must presented either in /usr/lib/ or in /lib/. It is provided
by openssl-devel package.

sudo yum install openssl-devel

Now check the list of shared libcrypto libraries presented in your system.

ls -l /usr/lib/libcrypto*

lrwxrwxrwx. 1 root root 25 Aug 30 21:45 /usr/lib/libcrypto.so.0.9.8 ->


/lib/libcrypto.so.1.0.0d
lrwxrwxrwx. 1 root root 25 Aug 30 21:45 /usr/lib/libcrypto.so.10 -> /lib/libcrypto.so.1.0.0d

ls -l /lib/libcrypto*

lrwxrwxrwx. 1 root root 19 Jul 9 20:24 /lib/libcrypto.so.10 -> libcrypto.so.1.0.0d


-rwxr-xr-x. 1 root root 1589068 Feb 10 2011 /lib/libcrypto.so.1.0.0d

There is only one shared libcrypto library – /lib/libcrypto.so.1.0.0d presented. All other
files are symbolic links pointing to the library.
Now create a symbolic link and check the list again:

sudo ln -s /lib/libcrypto.so.1.0.0d /usr/lib/libcrypto.so.4

ls -l /usr/lib/libcrypto*

lrwxrwxrwx. 1 root root 25 Aug 30 21:45 /usr/lib/libcrypto.so.0.9.8 ->


/lib//libcrypto.so.1.0.0d
lrwxrwxrwx. 1 root root 25 Aug 30 21:45 /usr/lib/libcrypto.so.10 -> /lib//libcrypto.so.1.0.0d
lrwxrwxrwx. 1 root root 24 Jul 18 23:21 /usr/lib/libcrypto.so.4 -> /lib/libcrypto.so.1.0.0d

4. Create a license file

echo -e "[license]\n$(uname -n) = 0000000000000000" > iourc

5. Create NETMAP file

touch ./NETMAP

6. Hack L3 IOU image

for F in i86bi_linux-*;do bbe -b


"/\xfc\xff\x83\xc4\x0c\x85\xc0\x75\x14\x8b/:10" -e "r 7 \x90\x90" -o
$F.x $F;mv $F.x $F;done;chmod +x ./i86bi_linux-*

7. Crack L2 IOU image

for F in i86bi_linuxl2*;do bbe -b


"/\xa1\xff\x83\xc4\x0c\x85\xc0\x75\x17\x8b/:10" -e "r 7 \x74" -o $F.x
$F;mv $F.x $F;done;chmod +x ./i86bi_linuxl2*

Parameter r 7 replaces bytes starting at position 7 – string 75, with string 74 (counts from
zero), in the block of ten bytes – a1 ff 83 c4 0c 85 c0 75 17 8b.

8. Redirect data sent to Cisco to the localhost

When IOU image is started, IOU image sends data to xml.cisco.com. You need to make
“fake” DNS entry for xml.cisco.com to avoid this behaviour.

echo "127.0.0.1 xml.cisco.com" >> /etc/hosts

9. Run IOU image

./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 200

2222 – TCP port on which is wrapper listening 200 – application ID


In this case, none of the group of the interfaces are specified. They are two group of
Ethernet interfaces created in IOU image by default. Each group always consists from four
interfaces . The same is true for Serial interfaces.

File nvram_00200 is created and consists of saved configuration.

Examples

a) ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 — -e 1 -s 1 200

-e 1 Ethernet0/0, Ethernet0/1, Ethernet0/2, Ethernet0/3

-s 1 Serial1/0, Serial1/1, Serial1/2, Serial1/3

b) ./wrapper-linux -m ./i86bi_linux-adventerprisek9-ms -p 2222 — -e 0 -s 0 200

In this example no interface is created for IOU image.

10. Telnet to IOU image

telnet localhost 2222

Hit key enter.

11. Stopping wrapper

Ctrl-C or if wrapper is running on the background kill the process.

ps -aux | grep wrapper-linux | grep 200 | kill `echo $(cut -d " " -f2)`

About these ads

You might also like