Trustwave TS-100 NSA1083L



  • So i bought a Trustwave on ebay for like 20 bucks. I was not expecting much. When i got it i cracked it open. It has a Socket 775 in it and it can support at least 2 gb of ram (with a Max of 4GB). It has 8 1Gbps ports on it and it can boot from a CF card and or a sata hard drive (Actually it has 2 sata ports). It has what i believe to be a PCI-X slot on it (I remember seeing them on old power-macs) plus it has a miniPCI slot for your old school wireless cards.

    Point is you can get a pretty decent Firewall for not much. It comes with a P4 in it and I did try putting in a Core 2 Duo and it failed to boot so I'm not sure where the limitation of the bios is on what CPU's work and which ones don't.

    It runs pfSense just fine.

    –---------------------------------------
    Question 1. does anyone know how to get into the bios on this box? It has a VGA port and several USB ports but the bios is encrypted or something. When it boots all i see is SECURE BIOS on the screen.
    Forget question 1. I got into the bios. Apparently the VGA output is worthless because it pipes the bios through the console port on the front of the box and you connect to it via 115200 8N1.

    Question 2. If i finally manage to get into the bios can someone on here mod it for me to unlock everything, and possibly add support for the core 2 duo?

    Question 2 the answer to is Yes, I can get into the bios. Also there is no need to add support for the Core 2 DUO because this box will accept a Intel Core 2 Quad Q6600 SLACR 2.4GHz Processor. And NO there no way to edit the bios as of right now because the bios is either built wrong or is partially encrypted.

    –--------------------------------------------
    Steps for installing pfSense on it,

    Step 1. Remove the top cover
    Step 2. put Hard drive or CF card in it with pfSense on it.
    Step 3. plug it in and turn it on.

    done.

    The Ethernet ports are listed as thus from Left to Right
    | Console | 2x 1.0 USB | em6 | em7 | em0 | em1 | em2 | em3 | em4 | em5 |
    Ports em6 and em7 are "Legacy Intel Ports" I find that they tend to error on watchdog alot and recommend not using those 2 ports.

    UPDATE: Got the LCD to work. All I did was follow the instructions for getting the LCD to work on the Firebox XcoreE. The connection seems to be via the Parallel Port. Also the Watchguard Firebox SDEC driver works. Also, pfSense does not list the ethernet ports in the right order. It lists them in a random order from what I can tell. EM0 seems to be the first port and EM7 seems to be the second port. Not sure about the rest I have not tested them yet.

    Instructions to get the LCD to work:
    @stephenw10:

    1. Install the lcdproc-dev package.
    2. In the Services: LCDproc: Server: screen select:
        'Enable LCDproc at startup' yes
        Com port - Parallel Port 1
        Display Size - 2x20
        Driver - Watchguard Firebox with SDEC
        Hit the save button at the bottom.
    3. Doing the above generates the lcdd.conf file we need but it is only temporary so we need to copy it somewhere more permanent.
        Go to Diagnostics: Command Prompt and run:

    cp /usr/local/etc/LCDd.conf /conf
    

    You could also run that at the CLI but via the webgui takes care of remounting the filesystem for you.
    4. No go back to Services: LCDproc: Server: , uncheck 'Enable LCDproc at startup' and set Com Port to 'none'. You must set the com port as none, that's what the lcdproc-dev config script looks for before it removes the RC start-stop scripts.
    5. Install the Shellcmd package if you haven't already.
    6. Add the following shell commands to start the lcdproc server and client:

    /usr/bin/nice -20 /usr/local/sbin/LCDd -r 0 -c /conf/LCDd.conf > /dev/null &
    
    /usr/bin/nice -20 /usr/local/bin/lcdproc C T U & 
    

    Both are type 'shellcmd'. You can choose which screens to display, C T U works for me. See my attached screenshot from an X-e box.
    7. Reboot. Or run those two commands manually.

    Steve

    This thing must be REALLY similar to the setup of the Watchguard XTM5 because Watchguard OS boots on this thing with my CF card from my 515, everything on the watchguard os seems to work even the LCD.

    Just booted a 1TB hdd with centos on it and it loaded just fine.

    Stephen, if you read this can you do to this bios what you did to V8.1 bios that you did for the XcoreE boxes?



  • So, the bios that i ripped from the unit says it is corrupted every time I try to open it with awdbedit, So i did some searching around and found that this unit has a big brother the NSA-1108. This one opens in awdbedit without error.

    Here is the download for it https://drive.google.com/open?id=0B6eYWGFWxDP7cUo3MTdoTnQ2SU0

    I am going to get a second bios chip put it in the unit and then flash that one so I dont risk messing up the stock one.
    EDIT: I contacted Nexcom the company that made the unit and asked for the bios file. They told me that the NSA-1108 uses a completely different bios and if i flashed that it would brick the unit. SO… I am now waiting on them to get back to me with the NSA-1083 bios file. As soon as I get it I will post it here so its back on the interwebz.

    EDIT: The response from Nexcom:

    
    Hi Alup,
            Sorry to tell you that I could not find any BIOS file for this
    system since it was discontinued long time ago. BTW, if your system is
    working now, you don't need to flash the BIOS.
    
    

    sigh….



  • Ok here is a question for anyone reading this, I can not seem to take a full backup of the bios using awdflash. Anyone know why? Every time I do it says its corrupted. The unit works just fine but i want to unlock all the features of the bios. When i use awdflash on any other computer I can just back it up then edit the bios.

    The bios chip on this is a 49LF004B-33-4C-NHE and the bios is Phoenix Bios.

    I ordered an adapter to put in my willem programmer to just pop the chip in it and do a backup of the chip. But I would like to be able to do a backup using software. Does anyone know what program I need to use to back up the bios because awdflash does not work.


  • Netgate Administrator

    If it boots pfSense then I'd use flashrom to backup the file if you can.

    It may require a newer version of the bios editor perhaps. It been a while since I looked at any of them, there are probably newer versions available. I'm not at home right now to check whatever I still have in place. I don't think the machine I was using at that time is still operational unfortunately.

    Steve



  • @stephenw10:

    If it boots pfSense then I'd use flashrom to backup the file if you can.

    It may require a newer version of the bios editor perhaps. It been a while since I looked at any of them, there are probably newer versions available. I'm not at home right now to check whatever I still have in place. I don't think the machine I was using at that time is still operational unfortunately.

    Steve

    Ok so I just tried backing up the bios using flashrom and the same thing happened. It says that the backup is corrupted. looking at old articles on the flashrom site it seems i am not the only one who has problems with this chip. It seems like the "B" model of this chip has been a pain for everyone and the general suggestion is to just replace it with a "A" model.

    EDIT: Screw it, I will just wait for the socket adapter to get here to make a backup of the chip. I also bought some model "A" chips


  • Netgate Administrator

    Is that flashrom that reports the backup is corrupt or the bios editor?

    A newer BIOS than the tool may well result in a bad file report.

    Steve



  • @stephenw10:

    Is that flashrom that reports the backup is corrupt or the bios editor?

    A newer BIOS than the tool may well result in a bad file report.

    Steve

    Flashrom fails to read the entire bios. It fails on low memory. no matter the bus i select or the interface i select it still fails. flashrom says that it supports the chip that is in the box. When i get the adapter I will post the dump here so everyone has it since this seems to be the only way to back it up.

    Btw, this device is used by a bunch of different companies, Kemp 2500 and 3500/3600, Cisco CTI-VCS-Base-K9, Tandberg TTC2-04, "Network Appliance", Trustwave TS-100, and Nexcom NSA-1083/1043 I am sure there are more however those are just the ones I could find.

    There are 2 versions of this board. An 8 port and a 4 port. The 8-port version is the 1083 the 4 port is the 1043.

    KEMP Tech. has firmware downloads on their site but they are full firmware packages including their image and the bios. I have yet to find a way to extract the bios update from them. If anyone has a Cisco account can someone check to see if the VCS ever had a bios update?

    I was really hoping that dell used this board for something because they have a really good archive of stuff on their site.



  • Today I got in my Intel Core 2 Quad Q6600 SLACR 2.4GHz Processor, I popped it in the NSA1083, threw some artic silver on it, put the heatsink back on, booted it and boom. It booted. So I can 100% confirm that this box will take at least a Q6600. Quite a bit of an upgrade from the stock P4.

    An Update on the port list
    the ports from left to right are as follows:
    Console, 2x 1.0 USB, em6, em7, em0, em1, em2, em3, em4, em5.

    em6 and em7 are read in the hardware as "Intel Legacy ports". This is strange considering they are also 1gb ports. Personally I would not use the em6 and em7 ports because they seem to be… well kind of glitchy. Any of the other ports seem to have a steady bit rate and no packet drop but the 6 and 7 ports seem to drop packets sometimes and lockup with watchdog errors. This only happens if they are in use. As far as I'm concerned this device is a 6 port firewall.


  • Netgate Administrator

    Are those ports a different NIC chip?

    What does pciconf -lv show for the different NICs?

    Steve



  • Apologies for the bump. I've picked up one of these devices recently too.

    Little information below for prosperity.

    em0@pci0:4:0:0: class=0x020000 card=0x00008086 chip=0x109a8086 rev=0x00 hdr=0x00
        vendor     = 'Intel Corporation'
        device     = '82573L Gigabit Ethernet Controller'
        class      = network
        subclass   = ethernet
    em1@pci0:5:0:0: class=0x020000 card=0x00008086 chip=0x109a8086 rev=0x00 hdr=0x00
        vendor     = 'Intel Corporation'
        device     = '82573L Gigabit Ethernet Controller'
        class      = network
        subclass   = ethernet
    em2@pci0:6:0:0: class=0x020000 card=0x00008086 chip=0x109a8086 rev=0x00 hdr=0x00
        vendor     = 'Intel Corporation'
        device     = '82573L Gigabit Ethernet Controller'
        class      = network
        subclass   = ethernet
    em3@pci0:7:0:0: class=0x020000 card=0x00008086 chip=0x109a8086 rev=0x00 hdr=0x00
        vendor     = 'Intel Corporation'
        device     = '82573L Gigabit Ethernet Controller'
        class      = network
        subclass   = ethernet
    em4@pci0:8:0:0: class=0x020000 card=0x00008086 chip=0x109a8086 rev=0x00 hdr=0x00
        vendor     = 'Intel Corporation'
        device     = '82573L Gigabit Ethernet Controller'
        class      = network
        subclass   = ethernet
    em5@pci0:9:0:0: class=0x020000 card=0x00008086 chip=0x109a8086 rev=0x00 hdr=0x00
        vendor     = 'Intel Corporation'
        device     = '82573L Gigabit Ethernet Controller'
        class      = network
        subclass   = ethernet
    em6@pci0:10:14:0:       class=0x020000 card=0x10768086 chip=0x10768086 rev=0x05 hdr=0x00
        vendor     = 'Intel Corporation'
        device     = '82541GI Gigabit Ethernet Controller'
        class      = network
        subclass   = ethernet
    em7@pci0:10:15:0:       class=0x020000 card=0x10768086 chip=0x10768086 rev=0x05 hdr=0x00
        vendor     = 'Intel Corporation'
        device     = '82541GI Gigabit Ethernet Controller'
        class      = network
        subclass   = ethernet
    

    I've been able to dump the BIOS using flashrom without error, awdbedit will open it but states about possible corruption.

    flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p9 (i386)
    flashrom is free software, get the source code at https://flashrom.org
    
    Calibrating delay loop... OK.
    Found chipset "Intel ICH8/ICH8R".
    Enabling flash write... OK.
    Found SST flash chip "SST49LF004A/B" (512 kB, FWH) mapped at physical address 0xfff80000.
    Reading flash... done.
    

    BIOS version being reported is Phoenix - AwardBIOS v6.00PG



  • Ok, So… After waiting a month and a half for parts from china I can confirm this bios chip has some kind of security lock on it. The reason I say this is because If i take the chip out of the board, Put it in my programmer, Read the chip then try to write the same data back to a different chip it fails EVERY TIME. I have tried several different chips from different vendors, I even pulled one out of an old mobo that I had laying around, Still failed. I though hrm... Maybe this is an issue with my programmer. So... I bought a new one. Bought new adapters to go with it.... Tried the same thing. Got the same result.... Failed to write at 0x0FB. This was odd to me, I figured that there must be a code offset. So i tried setting the offset at the point of failure and offset before the point of failure. This results in... No solution. Still failed to write. The best read I have ever gotten from the chip was the one attached. It has diffrent data than all the others and seems to be the most "Complete" version I was able to pull. This was done after I bumped the chip power from 3.6 to 5v (Dangerous i know but I was getting irritated.)

    Can anyone else confirm if this bios has some sort of stupid lock or security bit programmed in that makes it unreadable?

    One more thing, This is an annoying chip. The chip its self is stamped as SST 49LF004B however no matter what programmer I drop it in the chip identifies as a SST 49LF004A. Trying to read/write using the settings for the A version resulted in no change.

    Looking at the data that is coming out of the bios pull It would appear that there is an included package in the rom file that is for the PCI driver, this file (assuming is the culprit of all this frustration). It is named "ROM\BA1228L2.LOM" I came to this conclusion when I tried to extract all the files from the bios image and this file fails to extract. I have found a supermicro bios online with the same pci LOM file but was able to extract this one. Any one Skilled enough to re-write a bios from scratch with all the extracted/good files up for the task? Attached below is a zip file containing all the extracts plus the working BA1228L2.LOM

    Since I have multiple chips I was thinking about just finding a compatible rom and editing it to match the settings and Chipset registers to match what I pulled and just pop it in the board and try it out. What do you guys/gals think?

    UPDATE:
    Does anyone have a KEMP LM2500 that I could get to dump the bios for me please. Looking at the update history of the KEMP LM2500 NSA-1043 I see that at some point the bios was addressed in this unit by KEMP Tech. I am willing to bet that if we can get a dump of that system that it would allow us to have a flashable bios.

    ts100-3.zip
    TS_100_extract.zip