lab-docu/docs/hidden.md
2021-07-28 04:51:28 -04:00

4.2 KiB

Hidden Brocade Dev Stuff

This is a collection of hidden tools, modes, and commands buried inside Brocade FastIron products.

Hidden Commands

All Fastiron platforms have hidden CLI commands, with the biggest one being dm. The dm command is available (but hidden) for diagnostic use. Type dm and hit tab to see available options, like the below for example:

FCX3(config)#dm
  HEX                           Number
  802-1w                        show 802-1w internal information
  aaa-acct-session
  acl_tcam                      command for tcam manager
  aging-loop                    Turn off/on system aging loop
  allled                        Toggle -On/Off All LED
  alt-diag                      Test only, off/on
  app_vlan_debug                App VLAN table (shadow)
  auq-resync                    Sync Auq for a device
  auq-status                    show auq status
  badaddr                       Test only, will reboot
  blink                         Show gig link changes due to PHY blink
  buffer                        DMA CPU buffer related
  cancel-flash-timeout          set flash timeout to default
  clear_boot_count              Clear crash dump
  cpld-reg-dump                 Dump the CPLD register
--More--

There's hundreds of options. These are low level debug commands, so if you don't know what they do you can easily break your switch.

Note: There's around ~700 commands that are completely hidden, they will not even show up using tab autocomplete like the above dm commands do. Click here for a full list of these commands. Many of these might delete your config, your licenses, lock the switch up, etc.

Hidden OS Console

This only works over a serial connection. It will not work over telnet/ssh/etc. Connect to a FastIron device over serial, and once it's fully booted and running, press ctrl+y, let go, then press m. Then hit enter. It should drop you down to the OS console:

OS>

Note: This is mainly for the PowerPC architecture switches (FCX, ICX6610). The ARM switches (ICX6450, ICX7xxx) still have this hidden console available, but it only has ~5 commands. For a proper low level CLI on ARM switches, use the Accessing Linux section.

Press the question mark on your keyboard for a list of all available options:

OS>
clear            Clear internal table
console          Attach console to a process
copy             Copy file
daw              Set data address watchpoint
dbg              Toggle debug mode
dq               Display memory in 64-bit quad word
dd               Display memory in 32-bit double word
del              Delete flash file
dir              List flash files
----trimmed----

You'll note the options are nearly identical to what's available in the bootloader, except while the switch is fully booted and running. There's a couple extra options here too that aren't available in just the bootloader. To exit this mode, just hit ctrl+z.

Hidden Bootloader Modes

All the newer switches that run linux (ICX6450, ICX6650, ICX7xxx) use u-boot as the bootloader. However it runs in a very locked down mode with only a few commands available. Thankfully after contacting Arris (who own Ruckus, who now owns Brocade), they published their u-boot source code.

From analyzing their u-boot source, we are able to find some hidden routines that will force the switch to boot into fully unlocked u-boot. To do so, run the following in the bootloader:

ICX6430 & ICX6450

manufacturing_diag enable
reset
## it will reboot into fully unlocked u-boot
## be sure to stop it in the bootloader (smash b)

## set it back to normal
manufacturing_diag disable
reset

ICX6650 & ICX7150 & ICX7250 & ICX7450 & ICX7750

diagmode enable
reset
## it will reboot into fully unlocked u-boot
## be sure to stop it in the bootloader (smash b)

## set it back to normal
diagmode disable
reset

ICX7650 & ICX7850

setenv diag_mode_on 1
saveenv
reset
## it will reboot into fully unlocked u-boot
## be sure to stop it in the bootloader (smash b)

## set it back to normal
setenv diag_mode_on
saveenv
reset

ICX7550

Unknown, but most likely one of the above - just try each one until the command takes.