Oh, this is long-awaited, if it works. For context: Mikrotik uses some (semi-)proprietary, but pretty nifty protocols to manage their gear.<p>One of these protocols, MAC-telnet, has been reverse-engineered pretty extensively previously. But, due to a (not unreasonable) security-related upgrade, the login phase was changed, and 3rd-party implementations stopped working. Mikrotik has refused repeated requests to document this protocol.<p>The linked repository looks like it may re-enable MAC-telnet logins, which would be great for 3rd-party scripts and management solutions.<p>(Why? Because it allows you to connect to, and properly provision, any Mikrotik gear using your own scripts, just based on Layer-2 presence. This is very cool for many use cases...)
> The single best resource we used in reverse engineering was an unfinished IEEE submission draft courtesy of the WayBack Machine. In fact, MikroTik's implementation is nearly identical to the draft's proposed protocol. See if you can spot the minor nuances and marvel (as we did) that the shared secret remains the same.<p>That's a surprising twist. They duplicated the protocol from this unfinished draft almost exactly, but the draft doesn't appear to have gone anywhere (hence the archive link)<p>I wonder if the same person who wrote the paper consulted on this implementation, or if the MikroTik team just saw the paper at some point and decided to use it.
Amazing work and another warning that Microtik remains subpar when it comes to security and doubly worrying because their strategy seems obfuscation rather than engaging the community.<p>It’s a shame because their hardware seems great for the price point (especially their point to point mmWave gear)
The article does not explain enough the implications for us mere mortals without high math/security knowledge. I think many people owning a Mikrotik device would want to know if:<p>1 - To what extent this makes Mikrotik hardware less secure? -> solutions?<p>2 - Does this make easier to flash open 3rd party Linux/BSD/whatever based firmware on said devices? -> suggestions?
I'm confused on why this is needed. I have a couple MikroTik devices and I just use SSH to login to them. I also have automation that runs via SSH to update things on the devices.
Well this is downright scary. Homebrew crypto implementations, what could go wrong... I expect we'll see an exploit to log in with any password soon enough :).