GitHub - jan-provaznik/u5000: Mikrotik netboot protocol implementation.

jan-provaznik / u5000 Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Mikrotik netboot protocol implementation.

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
specs		specs
tests		tests
tools		tools
u5000		u5000
LICENSE		LICENSE
README		README

Repository files navigation

u5000, an alternative implementation of the network installation protocol used
by Mikrotik routers and switches.

Please note that the MAC addresses are anonymized in the examples. So far the
code has been tested with the following devices.

  RB493AH (mipsbe)
  RB951G-2HnD (mipsbe)
  RB962UiGS-5HacT2HnT (mipsbe)
  CRS326-24S+2Q+ (mipsbe)
  CRS354-48G-4S+2Q+ (mipsbe)
  CRS328-24P-4S+RM (arm)
  CRS305-1G-4S+ (arm)
  cAP XL ac (arm)
  cAP ax (arm64)

Device discovery

  u5000/discovery \
    --interface ens3 \
    --timespan 10

  Listens for beacons sent out by Mikrotik devices that have successfully
  entered the network installation mode. Each beacon carries information about
  the device (model, platform, version) and is sent out in 1s intervals.

  This utility collects incoming beacons over the timespan interval. It then
  produces a list of discovered devices.

  Example output

    Collecting beacons over the next 5 seconds.
    ..........
    Collected 10 beacons from 2 unique devices.

    ● Device 1 model "RB951G-2HnD"
      hardware address "DE:AD:BE:EF:C0:DE"
      platform "mips" with firmware version "6.43.2"
    ● Device 2 model "RB493AH"
      hardware address "DE:AD:BE:EF:C1:DE"
      platform "mips" with firmware version "0.0  

Firmware installation

  u5000/installer \
    --interface ens3 \
    --addresss 192.168.90.1 \
    --device de:ad:be:ef:c0:de \
    --blocksize 1000 \
      files/routeros-7.2.1-mipsbe.npk \
      files/autorun.scr

  Pushes the specified files (NPK package, autorun script) into the Mikrotik
  device identified by the MAC address.

  Example output

    ▲ Network configuration
      address "192.168.90.1"
      interface "ens3"
      send blocksize "1436"
      recv blocksize "1500"

    ⧗ Waiting for Mikrotik device with
      hardware address "DE:AD:BE:EF:C0:DE"

    ● Received a beacon from "RB951G-2HnD"
      hardware address "DE:AD:BE:EF:C0:DE"
      platform "mips" with firmware version "6.43.2"
    ● Formatting flash memory
    ● Sending file "files/routeros-7.2.1-mipsbe.npk"
      size "11885712"
      name "routeros-7.2.1-mipsbe.npk"
      .....................
    ● Sending file "files/autorun.scr"
      size "113"
      name "autorun.scr"
    ● Transmission finished.

Boot image extraction

  tools/extract \
    path/to/netinstall.exe \
    path/to/tftp/directory

  Extracts boot images from the Windows version of Netinstall.

  While Netinstall supports a number of historic platforms, the script only
  extracts boot images for MIPS (mipsbe), ARM and ARM64 platforms.

  Please note that wrestool (a part of icotools) is required.

DHCP server configuration snippet

  A configuration snippet for the ISC DHCP server follows. This configuration
  requires that some TFTP server (like atftpd) provides the boot images.

    default-lease-time 60;
    max-lease-time 120;
    authoritative;

    subnet 192.168.90.0 netmask 255.255.255.0 {
      range dynamic-bootp 192.168.90.200 192.168.90.240;

      option domain-name-servers 8.8.8.8, 1.1.1.1;
      option routers 192.168.90.1;  

      allow booting;
      allow bootp;

      next-server 192.168.90.1;

      if substring(option vendor-class-identifier, 0, 9) = "Mips_boot" {
        filename "vmlinux.mipsbe";
      }
      if substring(option vendor-class-identifier, 0, 9) = "ARM__boot" {
        filename "vmlinux.arm";
      }
      if substring(option vendor-class-identifier, 0, 11) = "ARM64__boot" {
        filename "vmlinux.arm64";
      }
    }