idrac-7-8-reverse-engineering
idrac-7-8-reverse-engineering copied to clipboard
Fohdeesha
UART pins and serial line parameters
The second picture is very informative, thanks for it. What is the uart pin assignment? What are the serial line parameters? Thanks.
Is this UART to iDrac console ? Can I revovery iDrac image by TFTP like iDrac6 ?
This is UART to J_IDRAC_UART. To recover via TFTP you need access to the u-boot console, which Dell has locked down and further restriced access to in 2.61.60.60.
I find 4pin BMC_UART on the mainboard, maybe it can use TTL write the image to U_EMMC, And the other 4pin is FVS_HEADER.
there are easy to use recovery commands to re-program EMMC flash from within u-boot, but you have to get there first. There is some special sequences/methods to get it to drop to a u-boot shell over the UART, I will probably publish them soon
I haven't verified this dump, but I think it's valid. from my R720
http://fohdeesha.com/data/other/R720-SPI.bin
there are easy to use recovery commands to re-program EMMC flash from within u-boot, but you have to get there first. There is some special sequences/methods to get it to drop to a u-boot shell over the UART, I will probably publish them soon
Is there any document to get into the u-boot shell?
see this post for how to interrupt uboot:
https://www.win-raid.com/t3828f16-Problem-Dell-R-xd-iDRAC-BIOS-Recovery-4.html#msg73352
note that if you have idrac 2.61.60.60 or newer then this method doesn't work anymore (dell patched it)
@dudududodododedede the SW_IDRAC_DBG jumper u-boot entry was patched out? About time, I'm surprised they left it active as long as they did. As for the method we used for the exploit in this repo, it involved shorting specific EMMC flash pins in a certain way so that u-boot could not read its boot storage, so would instead drop down into the u-boot shell. I believe dell patched this around the same version once we reported it to them
For future references pics for CP210X USB to UART pinout for PowerEdge R720
For future references pics for CP210X USB to UART pinout
A more cleaner pic with interrupt pins
note that if you have idrac 2.61.60.60 or newer then this method doesn't work anymore (dell patched it)
so, how can i interrupt uboot if i have a newer version? (mine's either 2.65.15.65.65 or 2.65.65.65.10, both versions are displayed in the terminal)
there is a way but you have to remove the 4gb flash and flash older versions of its bios located near it then could you possibly interrupt
in most cases the 4gb flash gets corrupted when we don't upgrade idrac first but bios
I would suggest that you replace the FBGA153 4GB chip with the help of a professional and reinstall idrac and use emmc to sdcard reader or emmc reader or even better make one like one in this link https://youtu.be/pFo1xvBqbqs?si=FdoZXH1flU2Z9VXX
and read using ext4 file reader and extract license for enterprise license recovery of your board
On Mon, Feb 26, 2024, 4:24 PM adiee5 @.***> wrote:
note that if you have idrac 2.61.60.60 or newer then this method doesn't work anymore (dell patched it)
so, how can i interrupt uboot if i have a newer version? (mine's either 2.65.15.65.65 or 2.65.65.65.10, both versions are displayed in the terminal)
— Reply to this email directly, view it on GitHub https://github.com/Fohdeesha/idrac-7-8-reverse-engineering/issues/1#issuecomment-1963910811, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUYVS52OY4FNK2ZFZGQQGZTYVRWF3AVCNFSM4GGNQBIKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOJWGM4TCMBYGEYQ . You are receiving this because you commented.Message ID: @.***>