The firmware is basically the same and all based on the Realtek SDK. The security is not impressive, read HTTP access to the GUI. But for me it is acceptable. You can take some countermeasures for this.
Horaco 2.5GbE Managed Switch (8 x 2.5GbE + 1 10Gb SFP+)
- Thread starter kevindd992002
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
its realtek reference firmware
im not saying it isnt rooted all devices
in 2024 are but i would be looking at NSA/GCHQ
if we are lucky the NSA/GCHQ backdoor will have been replaced by a china government backdoor
either way all devices are backdoored and you are worrying about something that is out of your control
there are no stray packets going out to the internet
if your that worried firewall it off from the internet
tbh which would you prefer to spy on you your government that is trying to monitor everyone
or a foreign power that has no interest in you in the slightest
im not saying it isnt rooted all devices
in 2024 are but i would be looking at NSA/GCHQ
if we are lucky the NSA/GCHQ backdoor will have been replaced by a china government backdoor
either way all devices are backdoored and you are worrying about something that is out of your control
there are no stray packets going out to the internet
if your that worried firewall it off from the internet
tbh which would you prefer to spy on you your government that is trying to monitor everyone
or a foreign power that has no interest in you in the slightest
Yes I understand what you are saying, however in Europe I would rather not have backdoors from either actor
so would we all but thats not going to happen until these powers are put back in their boxesYes I understand what you are saying, however in Europe I would rather not have backdoors from either actor
Don't assign a gateway ip and add firewall rule to block switch's ip from any internet access.Yes I understand what you are saying, however in Europe I would rather not have backdoors from either actor
I don't see any options to change management vlan. I don't recall if it listens on all defined vlans for its ip address?
Super good summary.
People need to stop being worried and shelling insane amounts of moneys out to Cisco/Ubiquiti/Arista and so on, just to be p0wned by their own govt.
Capitalism is at its best : Chinese learned to make amazing network devices and AliExpress is excellent platform to buy them very cheap. Win-Win.
In europe you dont have much rights anyway.Yes I understand what you are saying, however in Europe I would rather not have backdoors from either actor
GCHQ was europe when Snowden leaked all the info.
I'm creating a terraform provider for these switches, if you fancy having terraform in your home lab just take a look - still in early stage so any feedback is welcome!
- still in early stage so any feedback is welcome!My 4+2 xikestor managed switch boot looping after #218 firmware.
I was able to connect serial with 5v and 57600 baud rate.
By pressing ESC in console the switch goes to recover mode with 192.168.1.1 web ui.
But whatever firmware I add there it is still boot loop.
How do you recover from that ? Xikestore on aliexpress told me that it is impossible to fix ..
Recover mode boot log
There is also SPI flash menu
Maybe someone could provide a link to aliexpress flash chip, so I could buy it and resolder.
But I also would need the image to flash
I was able to connect serial with 5v and 57600 baud rate.
By pressing ESC in console the switch goes to recover mode with 192.168.1.1 web ui.
But whatever firmware I add there it is still boot loop.
How do you recover from that ? Xikestore on aliexpress told me that it is impossible to fix ..
Recover mode boot log
Code:
==========Loader start V0.2===========
Press any key to start the normal procedure.
To run SPI flash viewer, press [v]
To enforce the download of the runtime kernel, press [ESC] .....
cmd -1
Check Runtime Image.....
Chksum Correct!
RunTime Kernel Starting....
Ver8373_72: C
===========================Config Area pre-check Starts.=====================.
Pre-Check the config size structure is equal or not.
(sizeof(configCache)) a42.
(FLSH_ADDR_END-FLSH_CONFIG_ADDR_START) a42.
(FLSH_CONFIG_ADDR_START) 1fe000.
(FLSH_ADDR_END) 1fea42.
It seems no risk!..................
==============================Config Area pre-check ends.===================.
SalFlshCopyFlshToCache()
sal_sys_config_restore()
Restore dhcp state is: 0
Restore ip is: 192.168.10.12
...OK
sal_mirror_config_restore()...OK
sal_qos_config_restore()...OK
sal_vlan_config_restore()...OK
sal_rate_config_restore()...OK
sal_trunk_config_restore()...OK
sal_l2_config_restore()...OK
sal_loop_config_restore()...OK
sal_eee_config_restore()...OK
sal_stp_config_restore()...OK
sal_igmp_config_restore()...OK
sal_port_config_restore()...OK
#############According to the flash setting to set the WEB/DUMB mode
#############Read the web/dumb mode.....!!!###
#############web_dumb_cfg.vld_flag=-1, web_dumb_cfg.mode=-1
#############Begin to set the web mode
==========Loader start V0.2===========
Press any key to start the normal procedure.
To run SPI flash viewer, press [v]
To enforce the download of the runtime kernel, press [ESC] ..
cmd 27
sal_sys_runtime_crc_set
loader start
Ver8372N=2
Ver8373N=2
LINE 1462, RL6818C_pwr_on_patch_phy_v007 , patch 0xf0 finished!
IP:192.168.1.1
Mask:255.255.255.0
GW:192.168.1.254
MAC:00.23.79.00.23.79
Code:
==========Loader start V0.2===========
Press any key to start the normal procedure.
To run SPI flash viewer, press [v]
To enforce the download of the runtime kernel, press [ESC] ..
=========================SPI FLASH VIEWER=============================
b: reboot
e <addr>: Erase flash with the address of <addr>
ev <addr>: Erase flash with the address of <addr> and then Verify
r <addr> <len>: read flash from the address of <addr> and then dump
c: check runtime kernel without boot
cb: check runtime kernel and boot if checksum is pass
h: print header
l: load runtime kernel
v: show verobose information
m: print this menu
q: quit from spi flash view
>But I also would need the image to flash
Last edited:
I've dump the working flash via ch341a, chip 25Q16JVSIQ, using
(cause flashrom did not found it)
Unsolder and flash the one from the boot loop device
(ripping one cupper plate, so need to make a bridge to nearest resistor)
On boot got recover mode with this error
Upload 1.9 firmware and still boot loop. Should be corrupted flash, who knows, ordered new one from aliexpress
Unsolder and flash the one from the boot loop device
(ripping one cupper plate, so need to make a bridge to nearest resistor)
On boot got recover mode with this error
Code:
==========Loader start V0.2===========
Press any key to start the normal procedure.
To run SPI flash viewer, press [v]
To enforce the download of the runtime kernel, press [ESC] .....
cmd -1
Check Runtime Image.....
rt_header->header_chksum 0
Hdr Chksum Error
sal_sys_runtime_crc_set
loader start
Ver8372N=2
Ver8373N=2
LINE 1462, RL6818C_pwr_on_patch_phy_v007 , patch 0xf0 finished!
load MAC from nvcfg
IP:192.168.1.1
Mask:255.255.255.0
GW:192.168.1.254
MAC:8C.A6.82.70.82.CD
Last edited:
Hi,
I have XikeStor SKS3200-8E1X and arrived with 2.0.7 firmware.
I upgraded it to the most recent one: 2.0.9 and since the ping looks strange:
A normal ping should look like this:
I checked traffic with Wireshark and once my computer sent the ping a new shorter answer was coming back and there was a comment found at the sent packet: no response found. If I decrease the size of packet (-s) then the size of the response will be decreased as well so the error message will remain.
It looks like most exactly the ICMP data field has been truncated by at least 12 bytes and max 20 bytes.
Also someone mentioned maybe here that the management IP is available on all ports regardless port VLAN.
This was mentioned as something related to XikeStor and similar unknown names.
During the above issue investigation I observed this on my NetGear 308E manageable switch. However it is a bit better as at least https connection is available, while at XikerStor sends userid/password as url encoded clear text... (I thought a new firmware already fixed this but this is not the case.)
Anyone has already faced similar with 2.0.9 firmware?
UPDATE: support uploaded the 2.0.7 so I will have chance to test. Also next week or soon they will release a new firmware that is hopefully fix the issue.
I have XikeStor SKS3200-8E1X and arrived with 2.0.7 firmware.
I upgraded it to the most recent one: 2.0.9 and since the ping looks strange:
ping 192.168.10.12
PING 192.168.10.12 (192.168.10.12) 56(84) bytes of data.
44 bytes from 192.168.10.12: icmp_seq=1 ttl=64 (truncated)A normal ping should look like this:
ping 192.168.10.11
PING 192.168.10.11 (192.168.10.11) 56(84) bytes of data.
64 bytes from 192.168.10.11: icmp_seq=1 ttl=64 time=0.097 msI checked traffic with Wireshark and once my computer sent the ping a new shorter answer was coming back and there was a comment found at the sent packet: no response found. If I decrease the size of packet (-s) then the size of the response will be decreased as well so the error message will remain.
It looks like most exactly the ICMP data field has been truncated by at least 12 bytes and max 20 bytes.
Also someone mentioned maybe here that the management IP is available on all ports regardless port VLAN.
This was mentioned as something related to XikeStor and similar unknown names.
During the above issue investigation I observed this on my NetGear 308E manageable switch. However it is a bit better as at least https connection is available, while at XikerStor sends userid/password as url encoded clear text... (I thought a new firmware already fixed this but this is not the case.)
Anyone has already faced similar with 2.0.9 firmware?
UPDATE: support uploaded the 2.0.7 so I will have chance to test. Also next week or soon they will release a new firmware that is hopefully fix the issue.
Last edited:
Hello fellow Horaco users!
I have made a Prometheus exporter to scrape statistics from the switch Web UI. I use it for some time in my home LAN.
Check it out at: GitHub - stas2k/horaco_exporter: Prometheus exporter for cheap 2.5G switches
There are no example Grafana dashboard or alerts yet, and I will add them as soon as I have good, universal examples.
I have made a Prometheus exporter to scrape statistics from the switch Web UI. I use it for some time in my home LAN.
Check it out at: GitHub - stas2k/horaco_exporter: Prometheus exporter for cheap 2.5G switches
There are no example Grafana dashboard or alerts yet, and I will add them as soon as I have good, universal examples.
I only tested with WAMJHJ-8125MNG, but they all seem to have same HTML hardcoded in firmware. Just different images and CSS.
Give it a try and let me know, I will update the list of supported switches.
Port 8088 is where the exporter listens. Once Prometheus scrapes /metrics, it connects to switch at the admin UI(port 80), reads the HTML and emits Prometheus metrics.
I tried to make the code as dumb as the switches.
It uses only one external dependency, which is the official Prometheus exporter library.
Would someone please test, if Flow Control between two of these 8 + 1 Switches connected via DAC in SFP+ ports can actually be enabled?
When I connect two of my Sodola switches (v. 1.9) via 2.5G-Ports with Flow Control setting to "on", the "Actual" column switches to "on" too.
Doing the same via DAC in SFP+ Port 9 (attention: you have to select "Port 9" before applying) shows no effect in the "Actual" columns of both switches.
View attachment 38307
daaaamn that was driving me crazy! thanks for the tip, it works fine now
