Dear Sirs,
I bought from eBay a functional Rane RPM26z processor, except it's password protected when I try to access it by it's control app DragNet. I tough that's not a problem, just have to reset it, remove a button battery or rewrite the FW, but seems it's not that simple. What I found:
"For maximum security all passwords are stored in a protected area of non-volatile memory within the RPM device itself. Updating firmware does NOT erase these passwords or disable security in any way. Please keep track of all passwords. If a password is forgotten or lost you must contact Rane tech support for information on restoring the password and gaining access to the device. There may be a charge for this service."
I sent message to Rane Commercial about the problem --they were taken by InMusicBrands in 2016-- and they replied:
"...unfortunately this item was discountinued long before we took over Rane and sadly any available documentation we have does not mention any passwords for this device sadly. This process must have been something that the previous support team provided however we are unable to confirm for sure.".
I've got refunded by the seller (obviously he doesn't know the password) but now I am standing in front of --otherwise-- a nice processor and thinking how to break in. The thing should support brute force password attack, has no unsuccessful tries limit or timeout and I want to know if anybody have any better idea what to do? Many thanks in advance for any suggestion.
Regards,
Dorin
I bought from eBay a functional Rane RPM26z processor, except it's password protected when I try to access it by it's control app DragNet. I tough that's not a problem, just have to reset it, remove a button battery or rewrite the FW, but seems it's not that simple. What I found:
"For maximum security all passwords are stored in a protected area of non-volatile memory within the RPM device itself. Updating firmware does NOT erase these passwords or disable security in any way. Please keep track of all passwords. If a password is forgotten or lost you must contact Rane tech support for information on restoring the password and gaining access to the device. There may be a charge for this service."
I sent message to Rane Commercial about the problem --they were taken by InMusicBrands in 2016-- and they replied:
"...unfortunately this item was discountinued long before we took over Rane and sadly any available documentation we have does not mention any passwords for this device sadly. This process must have been something that the previous support team provided however we are unable to confirm for sure.".
I've got refunded by the seller (obviously he doesn't know the password) but now I am standing in front of --otherwise-- a nice processor and thinking how to break in. The thing should support brute force password attack, has no unsuccessful tries limit or timeout and I want to know if anybody have any better idea what to do? Many thanks in advance for any suggestion.
Regards,
Dorin
Unfortunately, it didn't work. But nice to know that "please" --without the quotes-- is the factory default password. Thank you very much for the information.
Found this https://www.manualsdir.com/manuals/650037/rane-rpm-26.html?page=6 and it seems that "please" applies for previous version of the processor.
Still stuck in this situation for years, hopefully I have a running RPM88 for processing duties.
Still stuck in this situation for years, hopefully I have a running RPM88 for processing duties.
https://www.manualsdir.com/manuals/650037/rane-rpm-26.html?page=6
Mentions the password is stored in the computer not the rpm-26!
Mentions the password is stored in the computer not the rpm-26!
Yes, indeed. But unfortunately, it applies only to the old versions (26, or 26v) but not to the new one (26z).
Just a shot in the dark here, but have you tried flashing the "code load" firmware again (clod26_r26r2_cl2_4.bin)? I doubt they were dumb enough to let that work as a way to bypass the security, since the whole point of that firmware is to add the security, but who knows.
They say "For maximum security all passwords are stored in a protected area of non-volatile memory within the RPM device itself. Updating firmware does NOT erase these passwords or disable security in any way. Please keep track of all passwords...". Thank for the name of the FW bin, I will look after it but I don't know if I would have the nerve to run it. My question is WHY they use such a high grade securing mean for a trivial audio device? Is it not a Juniper backbone router after all.
I think they mean normal firmware updates. The "code load" FW is a one time deal that is meant to update units that were shipped before they added the security feature in Drag Net 4.0.
I'm going on the assumption that the NV area is part of this "code load" FW (bootloader?). Re-writing should then erase the password. I have a hunch the program won't even let you flash it again though. In that case it could possibly be flashed using a programmer.
Did a quick googling on Rane and the name of Steve MacAtee came up, this guy was director of product development at Rane. Might be worth reaching out:
https://www.linkedin.com/in/steve-macatee-5984302/
https://www.linkedin.com/in/steve-macatee-5984302/
...just a follow up, I managed to enter as "Operator" with no password, I can see all the configuration inside but have no means to change it. I am looking after any possible clue in the existing config, maybe there is one for the Admin password.