Flashing Cisco AIR-AP1142N / AIR-LAP1142N

Upgrade, downgrade or crossflash from LAP to AP style firmware on Cisco APs with serial bootloader commands.

The following procedure will format the flash entirely, set up IP address for the bootloader, restart bootloader with newly set IP address, tftp transfer and unpack the image and finally boot up the image and do initial configuration (set onboard ethernet to DHCP).


Continue ReadingFlashing Cisco AIR-AP1142N / AIR-LAP1142N

Researching Canon BCI-1431 cartridges

I’m getting a new plotter – a Canon W8400 which is a large format inkjet printer. It has no ready available CISS kit, so if you wish to use non-original ink you have two routes: 1) disable ink check in the printer, that will cause the printer no to track ink usage (at least to the users knowledge), but will generate an annoying warning every time you print (and you need to confirm it on the printer), 2) buy one-time usage chips from china and swap chips every time you refill the ink tanks.

That looks like a challenge if I ever saw one. (more…)

Continue ReadingResearching Canon BCI-1431 cartridges

Thinkpad 24RF08 SVP unlocking

I just got a donated Lenovo R500 notebook. Fortunately it works, and also includes a puzzle before I can actually use it. It has the SVP password enabled (supervisor password). This password is stored in a 24RF08 i2c EEPROM, and is NOT clearable by removing batteries, shorting stuff etc. Also the EEPROM includes two CRC fields, and can not just be patched.

I am possibly going to get pounded on for publishing this. The Lenovo support forums clearly forbid even talking about this. This is to prevent theft of notebooks they state. But there are multiple websites out there, that wants to take your hard earned cash and sell you a small device which can talk to the i2c bus on the notebook, and either display the password or reset it. If someone steals a notebook, they can unlock it with such a device.

But paying for the solution is unsportly behaviour, and not a part of this solution. I already have the Dangerous Prototypes Bus Pirate v3, which talks i2c natively, via a terminal emulator interface.

Read on for this adventure … (more…)

Continue ReadingThinkpad 24RF08 SVP unlocking