Procedure - How to reset the security on a NXC-ME260
mush
Posts: 287
in AMX Hardware
G'day all,
For some time now I've had three NXC-ME260 masters sitting in my garage not being used as they had security set on telnet, HTTP, FTP and the serial (program) port. I purchased them on eBay and was unable to obtain the passwords.
Today I had a crack, after reading some forum entries and getting some ideas, at resetting the security and I had success. I found a security loop-hole in an older version of firmware.
All the commands entered below are via terminal over an RS232 connection (except the firmware transfers).
The procedure is..
1. Type “clean disk”
2. reboot the master
3. Load firmware v2.10.85
4. Type “security setup” a list of options is presented
5. Select option 4 ‘Edit User’ and hit enter
6. Then Select 2, which should be the ‘NetLinx’ user account
7. Then select 6 ‘Change Access Rights’ and hit enter
8. The select 6 ‘Security Configuration Access’ and hit enter
9. Then hit enter twice to return to the main Security menu.
10. Select option 4 ‘Edit User’ and hit enter
11. This time select 1, which should be the administrator account.
12. Select 1 ‘Change User Password’
13. Change the password to whatever you want
14. Hit enter to return to the main Security Menu
15. Enter 13 to save the changes
16. Reload the latest firmware (v2.31.139)
17. Reboot
17. All done!
This worked on all 3 masters so I'm fairly confident it should work for anyone. The only problem that I can see is if the NetLinx user has been deleted.
Anyway, I would love to hear of any results. Please post them here.
Cheers
For some time now I've had three NXC-ME260 masters sitting in my garage not being used as they had security set on telnet, HTTP, FTP and the serial (program) port. I purchased them on eBay and was unable to obtain the passwords.
Today I had a crack, after reading some forum entries and getting some ideas, at resetting the security and I had success. I found a security loop-hole in an older version of firmware.
All the commands entered below are via terminal over an RS232 connection (except the firmware transfers).
The procedure is..
1. Type “clean disk”
2. reboot the master
3. Load firmware v2.10.85
4. Type “security setup” a list of options is presented
5. Select option 4 ‘Edit User’ and hit enter
6. Then Select 2, which should be the ‘NetLinx’ user account
7. Then select 6 ‘Change Access Rights’ and hit enter
8. The select 6 ‘Security Configuration Access’ and hit enter
9. Then hit enter twice to return to the main Security menu.
10. Select option 4 ‘Edit User’ and hit enter
11. This time select 1, which should be the administrator account.
12. Select 1 ‘Change User Password’
13. Change the password to whatever you want
14. Hit enter to return to the main Security Menu
15. Enter 13 to save the changes
16. Reload the latest firmware (v2.31.139)
17. Reboot
17. All done!
This worked on all 3 masters so I'm fairly confident it should work for anyone. The only problem that I can see is if the NetLinx user has been deleted.
Anyway, I would love to hear of any results. Please post them here.
Cheers
0
Comments
If the previous user had the good sense not to lock out the program port with security, you can connect a serial cable and talk with NLStudio Terminal and do this same thing with any firmware. Security setup used to be available in telnet in old firmware, now just in serial terminal.
All access, except for sending programs, had been blocked. Hence my need for a work around.
Another tip for those looking to clean a NI master is to use 'clean disk -f'. The -f handler will clean out all folders and directories to include bound Duet Module files that are otherwise left on the master during a normal 'clean disk' because they are no longer in the user directory. Using 'clean disk -f' will erase everything like 'reset factory' does, but it will leave your other permissions settings in place like security and more importantly network configuration.
Thanks for the reminder!
G'day Chris,
Thanks for your input, nice to have some official advice. I'm always glad to see someone from the 'front lines' taking the time to see what's going on in the forums.
Access to all 3 masters was limited to connection via NLS only. I could change firmware, dump code and change configuration settings.
If I tried to connect via HTTP, Telnet or Terminal I was presented with the 'Login:' prompt.
I tried the generic username password combinations, administrator|password and NetLinx|password, but the passwords had been changed.
So, in this situation, I could not try 'factory rest' or 'clean disk'.
When I downgraded the firmware to v2.10.85, I am no longer presented with the 'Login:' prompt when accessing HTTP, Telnet or Terminal.
So from this point I can access 'security setup'. I am unable to change the administrator password as I still have to login to do that, but I am able to modify the NetLinx account. So all I have to do is change the password and access rights to the NetLinx account and then I'm able to login and change the administrator account.
After completing the changes and upgrading the firmware to the latest (v2.31.139) the security settings are retained.
Obviously, having performed the same procedure 3 times, I was fairly confident that I was correct but to prove it to myself I turned the security on and went through the whole process again and it all worked fine.
I tried 'reset factory' but this command is not available in v2.*.* firmware. It would appear that it was implemented in build 414.
The 'clean disk' -f handler does not work on build 85 an error is generated.
Cheers
I would suggest that if there was ever such a way to remove a password that it also destroy the program as well - essentially a factory default.
I'm not asking for a backdoor password. Note that I can already access the box via the programming port, download the source that was in it, replace the program, and change the IP configuration.
A way to reset the box is EXACTLY what I need, and I would be shocked if it doesn't actually exist. I'm sure there is a way to do this that AMX hasn't told us about. There are jumpers on the board...
AMX re-images the flash card when you return it for this service. You can't do this yourself because the image includes the unique serial number info.
No, that is not correct. The flash card can be replaced by anyone. Now, the on-board flash memory, well that's a different story.
I don't know of anyway to enter this command if all ports are password protected. Do you?
I do not believe the login passwords are kept on the CF card. Otherwise we could just replace the CF card, no? Lots cheaper than shipping the box in..
(Hi, John! Been a long time...)
Yes, that makes more sense and is probably what was meant when it was explained to me by support some time ago. I misunderstood or misremembered.