This utility is intended solely for hobbyists and enthusiasts for learning and personal enjoyment. It is designed to be used on devices that have reached the end of their lifecycle or support cycle. Please use this tool responsibly and in good faith. Any commercial use, misuse, or use on production on active and supported devices is strictly discouraged.
By using this tool, I hope to encourage the reuse of old, discarded hardware, thereby contributing to the reduction of e-waste. The authors takes no responsibility for any consequences arising from improper use of this utility. Thank you for respecting these guidelines.
M270 reached End of Sales (EOS) Date on July 1 of 2023 and quite often you can find them really cheap on some marketplaces. These are still decent machines and can be used in homelab by enthusiast and as learning aid. Inside the case you will find Lanner motherboard NCB-WG2511A with Intel Atom C3558 processor and 4GB of DDR4/2133 RAM stick.
If the previous owner did factory reset of the device then to restore full firewall functionality you will need license for some fancier things like VPN, Network discovery etc. If you was lucky enough to get hands on not resetted box then pull out mSata drive from the appliance and backup the license file from directory /licenses/ on the last (biggest) partition on drive.
Feature key is assigned to machine by its serial number and then signed. When you enter license then its signature is checked against public key stored in /etc/lickey.pem on third partition:
-----BEGIN PUBLIC KEY-----
MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEA8Bzr9a6TxFepuDXXSZW+tiRIWjhACAv
T7+0dndwVGH2mFqj0YdPkYpN
-----END PUBLIC KEY-----
To workaround issue with license we can follow one of (at least) two ways:
- factorize private key
- replace public key by our own
for obvious reasons I choose second way.
Generate new keypair using openssl:
openssl ecparam -name sect163k1 -genkey -noout -out private_key.pem
Extract the public key from the private key:
openssl ec -in private_key.pem -pubout -out public_key.pem
Get mSata drive out of Firebox and connect to linux machine. Assuming that disk was recognized as sda you can execute following commands:
mkdir /mnt/firebox
mount /dev/sda3 /mnt/firebox
cat public_key.pem > /mnt/firebox/etc/lickey.pem
umount /dev/sda3
public_key.pem is public key generated in previous paragraph
Edit aftermarket_lic.txt file, eg. set your serial number and machine name and license items and dates then run python script:
sign_feature_key.py aftermarket_lic.txt private_key.pem
Signature will be updated in place.
You can verify signature using second script:
verify_feature_key.py aftermarket_lic.txt public_key.pem
Success! This is correct feature key
Upload license using "Update Feature Key" option in your appliance.
- this method was tested only on my
M270but it can be safely assumed that it should work also forM370M470M570andM670. - we have info that it works also on
XTM520andM200 - you can generate license with valid
LiveSecurity Serviceand therefore upgrade Fireware OS to newer version however you have to repeat procedure of replacinglickey.pembecause our modded key will be replaced to stock one by updater. - Unfortunately starting from version 12.5.9 Update 2 and higher of Fireware OS, WatchGuard introduced integrity check of file system and when you replace
lickey.pemthen kernel will throw following error:
Signature did not verify
Error: integrity check failed
initrd: Failed. Shutting down.
- Latest version which can be patched this way is 12.5.4
- Try to disable integrity check. It would decrease security but for homelab that should be reasonably safe solution
- Make a list of possible entries in license file and name of each possibly with link to official description of service
- Be more precise about which version introduced file system integrity check
Hard coded bios password for M270 with bios version V2.02 (04022018) is: WatchGuard!. If you were able to confirm that this password works for other WatchGuard's product let me know by opening new issue or just ping me on my twitter or whatever.