Symantec Endpoint Recovery Tool (SERT) Pin Number (All of Them)

The Symantec Endpoint Recovery Tool (SERT) is a great concept, it puts the power of Symantec’s Endpoint Protection antivirus scanning onto a bootable CD. If you are familiar with rootkits, you can probably see where this is useful. To scan a file for viruses an antivirus scanner makes a request to the operating system for the contents of the file. Sophisticated forms of malicious software (malware) can intercept this request. Instead of the system returning the contents of the virus to the scanner, benign data is returned instead and thus detection by the antivirus software is avoided. A rootkit can only be effective at intercepting requests while it is running in the system. By booting from a “Live CD” a rootkit-free operating system can be used to perform the antivirus inspection. A similar idea utilizing the open source ClamAV antivirus scanner can be found in the OpenDiagnostics Live CD. EDIT: Readers might also find the AVG Rescue CD of interest.

Now that I’ve said some nice things about Symantec, let us get to the crux of this article.

“The expiry is by design.”

The Symantec Endpoint Recovery Tool has developed a nasty trait of asking for a “PIN” before it will begin a scan.

According to Symantec this issue occurs whenever the SERT software is used post-April 30th, 2012. Instead of acknowledging this as a bug, Symantec asserts this annoyance is “by design”.

http://www.symantec.com/business/support/index?page=content&id=TECH159200

I have a hard time believing this claim. There is no reason given as to why this “feature” would possibly be intentional. According to the KB article, “No serial number, license number, or PIN exists for this tool”. If the intent was simply to expire the software I would have expected an error to that effect not a prompt for an imaginary pin number. Why ask for something that should “by design” never exist? If the expiry date was built-in because of licensing issues, or to get people to upgrade for some other reason shouldn’t there be a replacement release of this software ready to go prior to the April deadline? This might make a little bit of sense if the idea was to kill off SERT unceremoniously, but the KB goes on to say “A new version of the SERT tool will be made available shortly”.

A quick check of File Connect did not show me any suitable replacement candidate

The latest SERT ISO available to me continues to be the (apparently) deprecated Symantec_Endpoint_Recovery_Tool_2.0.24_AllWin_EN.iso with the SHA-1 sum matching my existing copy (ded1b82350ecfe315896630feb04938aa48e22ee).

Bug or not, someone goofed up. The alternative is that Symantec knew the software would quit working, chose to do nothing about it, and decided to be needlessly vague about the details.

Continued use

There are two ways to continue using the software, neither of which seem to be documented in the KB.

The first method is the most obvious. If the software quits working after April 30th 2012, just set an earlier date on the system.

During the normal flow of using SERT you are given an option to “Launch Command Prompt” before going into Endpoint Recovery Tool proper.

Click “Launch Command Prompt”

At the command prompt type “date 4-29-2012″ and hit enter. Then type “exit” and hit enter.

You should be back at the menu, choose “Continue loading Endpoint Recovery Tool”.

You should now see the License Agreement as you normally would have seen it pre-April 30th, 2012.

Method 2

If by “No serial number, license number, or PIN exists for this tool” Symantec actually meant “No single serial number [...]“, they would be correct, there are 15 quadrillion of them (24p13). Continuing to make the “by design” argument more perplexing, the PIN code that should not exist does in fact exist, and is extremely easy to guess. I can’t help, but wonder what possible purpose this “design” had in mind.

I started out spamming “1″‘s into the PIN field, which didn’t work, then moved on to “2″, which did work. I started making a list of the codes that worked for me.

2222222222222
3333333333333
4444444444444
6666666666666
7777777777777
8888888888888
9999999999999

Then I started playing with some variations. It didn’t take long before I realized what was going on.

2222222222223
3222222222222
2346789234678

Next, I started looking for characters other than numbers

222222222222B
222222222222C
222222222222D
222222222222F
222222222222G
222222222222H
222222222222J
222222222222K
222222222222M
222222222222P
222222222222Q
222222222222R
222222222222T
222222222222V
222222222222W
222222222222X
222222222222Y

So in the end, the PIN code is any permutation of 13 of the following 24 alphanumeric characters
{2, 3, 4, 6, 7, 8, 9, B, C, D, F, G, H, J, K, M, P, Q, R, T, V, W, X, Y}

Interesting “design” Symantec.

This entry was posted in Hacks, Helpful Tools, Rants. Bookmark the permalink.

4 Responses to Symantec Endpoint Recovery Tool (SERT) Pin Number (All of Them)

  1. Rus says:

    Thanks a lot for the work and the exceptional article. I use SEP Rec Tool daily and
    the issue was very disappointing. Thanks again!

    Rus

  2. Jacques says:

    Thanks a lot for your efforts. It was really very helpful in solving a crisis. One cannot believe that Syamantec can mess their paying clients and partners around so much.

  3. Ray says:

    Or you could have just called Symantec technical support and they will give you the code.

  4. Chris says:

    Curious, which part of your phone call led you to this article?

    That’s a joke obviously, the fact that you ended up here suggests you did more than call Symantec to get this issue resolved. It is interesting to note however that since this post was originally made the Symantec KB Article TECH159200 has been updated. Compare to the archive screen shot in my article and you’ll see that the wording has changed a bit to make them look slightly less derpy. Additionally it now says “Customers with a valid support contract may contact Technical Support for the necessary PIN”, so you are probably correct. Compare this solution with their previous statement “A new version of the SERT tool will be made available shortly”. I don’t know if it was ever made available because I am (thankfully) no longer a Symantec customer, but I can certainly attest that any vendor provided resolution wasn’t done “shortly” by my standards.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>