The Symantec Endpoint Recovery Tool (SERT) is a great concept, it puts the power of Symantec’s Endpoint Protection antivirus scanning onto a bootable CD. If you are familiar with rootkits, you can probably see where this is useful. To scan a file for viruses an antivirus scanner makes a request to the operating system for the contents of the file. Sophisticated forms of malicious software (malware) can intercept this request. Instead of the system returning the contents of the virus to the scanner, benign data is returned instead and thus detection by the antivirus software is avoided. A rootkit can only be effective at intercepting requests while it is running in the system. By booting from a “Live CD” a rootkit-free operating system can be used to perform the antivirus inspection. A similar idea utilizing the open source ClamAV antivirus scanner can be found in the OpenDiagnostics Live CD. EDIT: Readers might also find the AVG Rescue CD of interest.
Now that I’ve said some nice things about Symantec, let us get to the crux of this article.
“The expiry is by design.”
The Symantec Endpoint Recovery Tool has developed a nasty trait of asking for a “PIN” before it will begin a scan.
According to Symantec this issue occurs whenever the SERT software is used post-April 30th, 2012. Instead of acknowledging this as a bug, Symantec asserts this annoyance is “by design”.
http://www.symantec.com/business/support/index?page=content&id=TECH159200
I have a hard time believing this claim. There is no reason given as to why this “feature” would possibly be intentional. According to the KB article, “No serial number, license number, or PIN exists for this tool”. If the intent was simply to expire the software I would have expected an error to that effect not a prompt for an imaginary pin number. Why ask for something that should “by design” never exist? If the expiry date was built-in because of licensing issues, or to get people to upgrade for some other reason shouldn’t there be a replacement release of this software ready to go prior to the April deadline? This might make a little bit of sense if the idea was to kill off SERT unceremoniously, but the KB goes on to say “A new version of the SERT tool will be made available shortly”.
A quick check of File Connect did not show me any suitable replacement candidate
The latest SERT ISO available to me continues to be the (apparently) deprecated Symantec_Endpoint_Recovery_Tool_2.0.24_AllWin_EN.iso with the SHA-1 sum matching my existing copy (ded1b82350ecfe315896630feb04938aa48e22ee).
Bug or not, someone goofed up. The alternative is that Symantec knew the software would quit working, chose to do nothing about it, and decided to be needlessly vague about the details.
Continued use
There are two ways to continue using the software, neither of which seem to be documented in the KB.
The first method is the most obvious. If the software quits working after April 30th 2012, just set an earlier date on the system.
During the normal flow of using SERT you are given an option to “Launch Command Prompt” before going into Endpoint Recovery Tool proper.
At the command prompt type “date 4-29-2012” and hit enter. Then type “exit” and hit enter.
You should be back at the menu, choose “Continue loading Endpoint Recovery Tool”.
You should now see the License Agreement as you normally would have seen it pre-April 30th, 2012.
Method 2
If by “No serial number, license number, or PIN exists for this tool” Symantec actually meant “No single serial number […]”, they would be correct, there are in fact very many of them. Continuing to make the “by design” argument more perplexing, the PIN code that should not exist does in fact exist, and is extremely easy to guess. I can’t help, but wonder what possible purpose this “design” had in mind.
I started out spamming “1”‘s into the PIN field, which didn’t work, then moved on to “2”, which did work. I started making a list of the codes that worked for me.
3333333333333
4444444444444
6666666666666
7777777777777
8888888888888
9999999999999
Then I started playing with some variations. It didn’t take long before I realized what was going on.
3222222222222
2346789234678
Next, I started looking for characters other than numbers
222222222222C
222222222222D
222222222222F
222222222222G
222222222222H
222222222222J
222222222222K
222222222222M
222222222222P
222222222222Q
222222222222R
222222222222T
222222222222V
222222222222W
222222222222X
222222222222Y
So in the end, the PIN code is any combination of 13 of the following 24 alphanumeric characters
{2, 3, 4, 6, 7, 8, 9, B, C, D, F, G, H, J, K, M, P, Q, R, T, V, W, X, Y}
Interesting “design” Symantec.
7 thoughts on “Symantec Endpoint Recovery Tool (SERT) Pin Number (All of Them)”
Rus ·
Thanks a lot for the work and the exceptional article. I use SEP Rec Tool daily and
the issue was very disappointing. Thanks again!
Rus
Jacques ·
Thanks a lot for your efforts. It was really very helpful in solving a crisis. One cannot believe that Syamantec can mess their paying clients and partners around so much.
Ray ·
Or you could have just called Symantec technical support and they will give you the code.
Chris ·
Curious, which part of your phone call led you to this article?
That’s a joke obviously, the fact that you ended up here suggests you did more than call Symantec to get this issue resolved. It is interesting to note however that since this post was originally made the Symantec KB Article TECH159200 has been updated. Compare to the archive screen shot in my article and you’ll see that the wording has changed a bit to make them look slightly less derpy. Additionally it now says “Customers with a valid support contract may contact Technical Support for the necessary PIN”, so you are probably correct. Compare this solution with their previous statement “A new version of the SERT tool will be made available shortly”. I don’t know if it was ever made available because I am (thankfully) no longer a Symantec customer, but I can certainly attest that any vendor provided resolution wasn’t done “shortly” by my standards.
Alex ·
Hello,
I want to run The Symantec Endpoint Recovery Tool (SERT) CD but when I go to http://www.symantec.com/connect/articles/symantec-endpoint-recovery-tool-sert
they redirect me to
https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken
From where I take the pin to download this tool?
Niall Brady ·
hi Chris,
check this out
http://www.niallbrady.com/2015/10/08/using-symantec-endpoint-recovery-tool-and-want-to-bypass-the-pin-requirement/
it will bypass the pin.
jerome ·
Amazing how Symantec are despicable with their customers….A cd like this is quite useful for technicians, and giving them a tool they have to put a puny pin code….Sorry but, We are better of using another cd than their. Sorry SYMANTEC, but you don’t get my vote for this, only a kick in your ass!
(same thing for not making their antivirus an easy product to uninstall when you are in full admin mode…screw you!)