DComTalk.com

Hi, I'have made an upgrade with 12.05 image in my AP thinking thatthe
installation key file was included in the new image file.but now there is no
more "Installation key" file.
I'have an installation key number based on mac adress (from cisco) but
no file to put it in.
So the result is that only one client can associate to the access
point at a time.
Someone have a copy of installation key file downloaded from his AP ?I'think
that there is two files: Var_installation key and installation keyI'would
make a try in copying my key in the file or something like that.Thanks !
Memory Bank: File address size
encoding typeflags
a) Config:AWC_ConfigDB FE008000 300 AiroDB1 Data0000
b) FLASH :EnterpriseAP Sys 12.05 FE040000 1204108 gzip Exec0801
c) FLASH :EnterpriseAP Web 12.05 FE165F8C 149300 .tar.gz Web 0000
d) FLASH :Inflate Ver. c14o FE18A6C0 7556 gzip Dcdr0800
e) FLASH :AWC PCMCIA FPGA 0.14 FE18C444 37380 none FPGA0000
f) FLASH :340 Series FWare 05.20u FE195648 58656 .tar.gz Data0000
g) FLASH :PC4800 Firmware 05.20u FE1A3B68 58652 .tar.gz Data0000

I found your post when doing a Metacrawler search. I was going to offer assistance but then noticed your post was over a year ago. I have a similar problem. I am trying to undo an IOS conversion on an AP but I need an Installation Key that you can type into the browser interface on VxWorks 12.05.
I have another AP, but if I copy the two key files over, then both units will have the same MAC address which would cause the wireless network to get real ugly. The result is an error, "Too many stations in BSS"

I guess I am looking for the same thing as you were a year ago. The difference is, I have another working unit to play with. You mentioned that you have an installation key number based on MAC address. I might be able to use your text key with the correct MAC for my AP. I could generate new key files on the working AP and transfer them to the other AP via the command console.

Could you (or anyone else) send me a copy of the text key, with your unit's MAC address dashed out -- -- --?

Also, if you didn't get your AP working, I could generate new files for you too. I hope your AP hasn't been down for a year! ;-)

If you still need it, I can now provide you with an Installation Key file for your AP, with the correct MAC for the unit.

I am in Korea, but I have a trouble in working AP.

I need your help for the recovery of CISCO AP. I don't have any information of Installation Key....
I will appreciate you if I'd be given what to do for the recovery.

The Mac the adress is 00-40-96-54-06-2f.
Model : Air-ap352E2C
E-mail : devil5021@nate.com

I had the same problem with lost installation key. After some searching of my own I also found the way to create a valid installation key. I will post here the procedure to do this yourself as soon as possible. In general the procedure requires a valid installation key from another AP, patching it with the MAC address of the AP that has lost its key, recalculating the CRC32 checksum of the key and installing it to the device.

mp

Good morning,

as I promised I now post the procedure for creating a valid installation key in order to recover a lost one. Please excuse any errors in my syntax, English is not my native language.

The procedure of generating/installing a new valid installation key requires the usage of the console port of the Cisco 340/350 AP. You will need an installation key from another Cisco 340/350 AP that is working properly, which you will get by using the console port too. I have to remind you that this procedure applies to VxWorks firmware and not IOS.
The procedure we are going to use is based in the procedure of upgrading the firmware through the console port, as it is described thoroughly at http://www.cisco.com/warp/public/102/wlan/ap-fw-upgrade.html.

Step 1: Recovering a valid installation key from a Cisco 340/350 AP which operates normally.

We connect the Cisco 340/350 AP in the serial port of our computer using a simple pin to pin serial cable. We start up our terminal software (Hyperterminal is enough for people running Windows OS - for linux I had some problems with minicom and its Xmodem support). We configure the serial port as 9600bps, 8N1, no flow control. We power on our AP and wait. Depending which version of boot loader we have (1.01 and former or 1.02 and later) we will have to press ESC or Ctrl-W to enter boot-block menu. By pressing f we can see the contents of the flash memory, the output would be something like this:

Code: Select all

Memory Bank:File                     address      size   encoding type  flags
  a) Config:AP Installation Key      FE008000        68  none     Key   0000
  b) Config:AWC_ConfigDB             FE008044       248  AiroDB1  Data  0000
  c) FLASH :EnterpriseAP Sys 12.05   FE040000   1204108  gzip     Exec  0801
  d) FLASH :EnterpriseAP Web 12.05   FE165F8C    149300  .tar.gz  Web   0000
  e) FLASH :Inflate Ver. c14o        FE18A6C0      7556  gzip     Dcdr  0800
  f) FLASH :AWC PCMCIA FPGA 0.14     FE18C444     37380  none     FPGA  0000
  g) FLASH :340 Series FWare 05.20u  FE195648     58656  .tar.gz  Data  0000
  h) FLASH :PC4800 Firmware 05.20u   FE1A3B68     58652  .tar.gz  Data  0000
  i) FLASH :AP Installation Key      FE1B2084        68  none     Key   0000


Our interest is upon the file "Config:AP Installation Key". To retrieve it we press u (upload), then the letter that corrensponds to "Config:AP Installation Key" (in our example the key a), and then we choose from our terminal program the Receive File function, using protocol 1K-Xmodem. After the upload finishes we have a file of 128 bytes which is a valid installation key, for the mac address of the AP we retrieve it from. This has to be "fixed". How? Keep on reading.

Ster 2: Converting an installation key with the mac address of the Cisco 340/350 AP we want to recover.

The first 4 bytes of the file indicate the size in bytes of the installation key. I will use as an example the attached installation key that comes with this post. In this installation key the first 4 bytes are 00 00 00 44, indicating that our key has size 0x44 (hex) or 68 bytes. The next 4 bytes is the key checksum. Fortunately Cisco uses the well known CRC32 algorithm. In my example the key checksum is A4 94 CE 88. Then we find the string "AP Installation Key" and in position 0x28 (that is byte 40, counting from 0) there is the MAC address. In my example 00 40 96 34 17 6A. We have to replace those bytes with the bytes from the MAC address of the Cisco AP that we want to create a valid installation key, using any hex editor (Ultraedit for Windows OS, the internal editor of Midnight Commander for Linux etc). We then save our changed file. There are some more bytes inside the installation key file that I don't know what is their usage. Maybe these bytes tell the device if it is an AP, a Bridge, a Workgroup Bridge and so on. If you can send me your installation keys from various Cisco 340/350 based devices, we might figure out the usage of the remaining bytes.
The only thing that is left is to calculate the correct checksum for our modified key. We have to calculate the CRC32 checksum for the bytes from position 0x08 up until the last byte of the key (not the file - the file is always 128 bytes). After we calculate it we have to write it in the position 0x04. I used a simple crc32 calculation source code found at http://www.csbruce.com/~csbruce/software/. This source code calculates crc32 checksum for a given file. I used the dd command to create a file with the needed bytes for calculation.

Code: Select all

dd if=installation.key of=crcfile.key count=60 bs=1 skip=8

where count is the number of bytes of the key (68 in our example) minus the 8 first bytes of the header which we skip. Running crc32 program with this new file as input gives you the needed crc32 checksum for your new key. I intend to create a program that does all this for you but till then you can generate your keys with this procedure.

Step 3. Reprogramming your Cisco 340/350 AP with the new installation key.

We connect our AP to the serial port and we launch our terminal program. We go again to the boot-block menu. We have to erase all the contents, both of flash and config sections because unfortunately it is not possible to just "replace" installation key. Using the command ! we select the format menu (when using boot loader 1.02 or later you have to press Ctrl-Z in order for the format menu to appear). We press 2 (Config) and then Y (Y
-- *FORMAT*). We do the same for 3 (FLASH). Now our AP does not have anything written in its memory and if we press f (file dir) we will get an output like this:

Code: Select all

Memory Bank   total      used      left
  DRAM      16742392         0  16742392
  Config      229376         0    229376
  FLASH      1835008         0   1835008

Memory Bank:File                     address      size   encoding type  flags


We load our firmware (in IMG). If we don't want to wait for ages we can change the console speed to 115200 (you can read how you can do that in the cisco url I gave in the beggining of this post). We press l (download file into DRAM) and we send the firmware file. At 115200 it takes 4-5 minutes. When the transfer completes we also send our generated installation key. If we have made an error in the creation process, it will be rejected with a message of "Bad checksum". If not we will be able to see it in the list of the files inside DRAM. By returning in the root menu pressing = and then pressing f (File dir) we will get an output like the following:

Code: Select all

Memory Bank:File                     address      size   encoding type  flags
  a) DRAM  :EnterpriseAP Sys 12.05   00008808   1204108  gzip     Exec  0801
  b) DRAM  :EnterpriseAP Web 12.05   0012E794    149300  .tar.gz  Web   0000
  c) DRAM  :Inflate Ver. c14o        00152EC8      7556  gzip     Dcdr  0800
  d) DRAM  :AWC PCMCIA FPGA 0.14     00154C4C     37380  none     FPGA  0000
  e) DRAM  :340 Series FWare 05.20u  0015DE50     58656  .tar.gz  Data  0000
  f) DRAM  :PC4800 Firmware 05.20u   0016C370     58652  .tar.gz  Data  0000
  g) DRAM  :AP Installation Key      0017A88C        68  none     Key   0000


We have to copy all the files from DRAM to FLASH, one by one, and in correct order. This is done by pressing c (Copy File), 3 (FLASH), and then the corresponding letter of each file (a to g), one at a time. In the end we'll have an output like this:

Code: Select all

Memory Bank:File                     address      size   encoding type  flags
  a) DRAM  :EnterpriseAP Sys 12.05   00008808   1204108  gzip     Exec  0801
  b) DRAM  :EnterpriseAP Web 12.05   0012E794    149300  .tar.gz  Web   0000
  c) DRAM  :Inflate Ver. c14o        00152EC8      7556  gzip     Dcdr  0800
  d) DRAM  :AWC PCMCIA FPGA 0.14     00154C4C     37380  none     FPGA  0000
  e) DRAM  :340 Series FWare 05.20u  0015DE50     58656  .tar.gz  Data  0000
  f) DRAM  :PC4800 Firmware 05.20u   0016C370     58652  .tar.gz  Data  0000
  g) DRAM  :AP Installation Key      0017A88C        68  none     Key   0000
  h) FLASH :EnterpriseAP Sys 12.05   FE040000   1204108  gzip     Exec  0801
  i) FLASH :EnterpriseAP Web 12.05   FE165F8C    149300  .tar.gz  Web   0000
  j) FLASH :Inflate Ver. c14o        FE18A6C0      7556  gzip     Dcdr  0800
  k) FLASH :AWC PCMCIA FPGA 0.14     FE18C444     37380  none     FPGA  0000
  l) FLASH :340 Series FWare 05.20u  FE195648     58656  .tar.gz  Data  0000
  m) FLASH :PC4800 Firmware 05.20u   FE1A3B68     58652  .tar.gz  Data  0000
  n) FLASH :AP Installation Key      FE1B2084        68  none     Key   0000


That's all! We pull the power plug from our AP in order to make it restart. If you have previously changed the speed to 115200 in your terminal, now return it back to 9600 because this is the default when the AP boots. Now your Cisco 340/350 AP has the correct installation key and operates as it should. It has lost its configuration though, it is now configured to the default settings (ip 10.0.0.1 + dhcp).

I hope that this guide is as understanable as it can be. I will soon upload the source code for a small program that takes a valid key and a mac address and generates a new valid key for the requested mac address. In some devices there is also another key, a VAR Installation Key. This is responsible for regularity domain (US, Japan, EU etc) and you have to patch this also with the same procedure.

mp

PS: It is obvious that I take no responsibility if by using my method you destroy your AP, your computer, your relation to your beloved one or anything else that may or may not go wrong.

Hi,

I lost the keys. I appreciate if anyone can help generate new key/file for my AP340. The MAC address is 00-40-96-38-71-b5 and send them to jc9907@gmail.com

TIA.

Wow a year later than these posts and I'm in the same boat. Ive done some searching but I am unable to find an easy resolution to this problem. I was sold a second hand BR350 cheap, come to find out now I know why. No installation key.. Anyone know a solution for this? Where I can find an installation key or how I can produce one? Thanks.

Regards,