Just wanted to add some data to this thread. I've now played with both the unmanaged MokerLink version of this switch, as well as the Sodola managed version. Not much to say about the unmanaged one except to document that it passes tagged traffic just fine through all ports, which is sometimes of use for people with wifi APs and such.
The managed switch has a few interesting quirks:
- The firmware images from several vendors seem to be bitwise identical (as confirmed by users with md5s above.)
MokerLink actually posts firmware (including the latest 1.9) on their website in the Downloads tab, which probably makes it the easiest place to stay up to date. I just checked before posting and this is no longer true. Bummer. I got 1.9 (md5: 559fbd81a07ed7ce954a710c7fb2a249) from here a few days ago.
- The management interface does not support any secure protocols, and it appears to listen on its' static IP on any VLAN on any port.
- I sometimes have timeouts when trying to update the port assignments for a given VLAN and it doesn't update. Removing that VLANs PVID from any port, deleting the VLAN, and re-creating it with the updates, then re-setting the PVIDs, seems to work.
Only complaint I have so far... the management interface is fixed on VLAN 1. By default, I don't use VLAN 1 for anything, and normally don't even trunk it anywhere, I only allow tagged traffic on trunks.
In my experience, on the Sodola with firmware 1.9, it seems that the management interface will listen on any port with any PVID where you happen to configure yourself on the correct IP/subnet to ensure communication. For example, if I set port 1 to be untagged on vlan 1 with PVID 1, and set port 2 to be untagged on vlan 2 with PVID 2, I can reach the management interface by plugging into either port as long as I set the correct static address and netmask. Given this, I haven't tried telling the management interface to use DHCP, but I would hope it only sends the DHCPREQUEST out one of the VLANs (vlan 1 maybe?)
It's not obvious, but on the VLAN screen, even if you indicate a port should be an untagged member of a specific VLAN, you still have to go into the PVID screen and set the port VLAN there as well. This really should only be a single step, not two different steps.
This is quite common on managed switches. My understanding is that an untagged member port just means that traffic within a certain VLAN will leave that port without the tag, whereas the PVID says that untagged traffic coming into a port will be assigned a certain VLAN.
Poking around in the fw file ($00044bb0) we can see the following.
hengrui 81d57ea79621e8887914f40ee4122185
admin f6fdffe48c908deb0f4c3bd36c032e72
The admin md5 hash is a combination of the login+password - ie adminadmin
Can't say I've found that password, but I can say what I've tried unsuccessfully. It
isn't any 6 char or fewer password with any case, number, special. It
isn't any 7 or 8 char lowercase-only password. Beyond that, I'd have to get GPU acceleration into hashcat and I haven't had the time to putter with that yet. Using variations of
hashcat -O -a 3 -m 0 hengrui.hash hengrui?a?a?a?a?a?a
to do it. Perhaps someone with GPU accel and some time can try adding a few ?a to that, but the complexity for a brute force goes up quick. Maybe there's a wordlist that would be a better approach.
Wouldn't be easier to edit the firmware file and replace ...
Just documenting here that I tried this and it doesn't work. There must be some checksum/hash/signature on the image. It uploaded the modified image fine, but then the switch appeared to be bricked. It would no longer boot the previous or new image and no ports would light up after the initial flicker when first powered on. Turns out it was stuck in that firmware upgrade mode, but this time needed to be accessed at 192.168.1.1/24. This address can be seen in the firmware image itself if you search for byte sequences of 192.168, ie.
env LANG=LC_ALL grep -obaP '\xc0\xa8' firmware.bin
. This seems notable to document, as I'd image a similar situation if you happen to corrupt any other part of the firmware image when downloading. I just "accidentally" corrupted the exact bytes necessary to try a known password hash.