a blog about computers and other funny things
Month: August 2022
If for some reason you need to create a bootable DOS or Windows USB Thumb drive, Floppy Disc or CD/DVD, then this site will be useful: https://www.bootdisk.com/bootdisk.htm
On Linux you can use WoeUSB to create the bootable USB device. On Windows people normally use Rufus.
NuttX has support to /etc/passwd to console nsh login, just like almost all Unix outta here, but a developer called Petro found an issue in the TEA crypto algorithm implementation and fixed it:
https://github.com/apache/incubator-nuttx-apps/pull/1097
Unfortunately after this fixing the Console Login of the NuttX simulador stopped to work. And to make thing worst nobody noticed it until too later (during the NuttX 10.4.0-RC0 release). Then I found the issue and posted about it on NuttX mailing list. Immediately Petro realized it was caused by his Pull Request above and replied my email.
So, I decided to fix it myself. The first challenge was to find where the /etc/passwd was created. Is there some script to create it? After some investigation I found it at boards/sim/sim/sim/src/etc/passwd.
So my idea was run the command “passwd” and change it like we do in the Linux/Unix. So, the first step was to disable the Console Login in the menuconfig:
$ make menuconfig
Application Configuration --->
NSH Library --->
[ ] Console Login
But my nightmare started after doing it because NuttX has many poke-yoke to prevent users making mistakes.
For example: in apps/nshlib/nsh_passwdcmds.c we have at beginning:
#if !defined(CONFIG_DISABLE_MOUNTPOINT) && \
defined(CONFIG_NSH_LOGIN_PASSWD) && \
!defined(CONFIG_FSUTILS_PASSWD_READONLY)
...
#ifndef CONFIG_NSH_DISABLE_USERADD
int cmd_useradd(FAR struct nsh_vtbl_s *vtbl, int argc, char **argv)
{
The problem is we disabled the NSH_LOGIN_PASSWD so all commands related to login will not be compiled: useradd, userdel, passwd…
After removing these “#if defined” I compiled again, but the commands didn’t show up. Then I needed to do the same for apps/nshlib/nsh.h, apps/nshlib/nsh_command.c and apps/nshlib/Makefile.
Finally!!! Now the commands appeared at “nsh>” and I could create the new password to “admin” user:
// Let's see if "passwd" command is available nsh> ? help usage: help [-v] [<cmd>] . cp exec losetup mv rm true usleep [ cmp exit ln passwd rmdir truncate xd ? dirname false ls poweroff set uname basename dd free mkdir printf sleep umount break df help mkfatfs ps source unset cat dmesg hexdump mkrd pwd test useradd cd echo kill mount readlink time userdel Builtin Apps: sh dumpstack hello nsh gpio // List all the mounted File Systems nsh> mount /bin type binfs /etc type romfs /proc type procfs /tmp type vfat // Umount /etc since romfs is Read-Only nsh> umount /etc // Let's format a RAMDISK and mount it at /etc nsh> mkfatfs /dev/ram2 nsh> mount -t vfat /dev/ram2 /etc // Recreate the old /etc/passwd with the same (wrong) pass: nsh> echo "admin:8Tv+Hbmr3pLddSjtzL0kwC:0:0:/" > /etc/passwd nsh> cat /etc/passwd admin:8Tv+Hbmr3pLddSjtzL0kwC:0:0:/ // Create a new password to admin user: nsh> passwd admin nsh: passwd: missing required argument(s) nsh> passwd admin Administrator nsh> cat /etc/passwd admin:8Tv+Hbmr3pLVb5HHZgd26D:0:0:/ nsh>
Then I just edited the boards/sim/sim/sim/src/etc/passwd and submitted the PR:
https://github.com/apache/incubator-nuttx/pull/6843
I used a programmer written for Arduino to read the Pager’s EEPROM (thanks Dmitrii for the link)
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0000 C6 72 DE D1 64 4C 00 00 00 00 92 BC 83 3B 92 BC �r��dL �撼�;��
0010 E7 0C 00 00 00 00 70 08 08 08 08 88 88 88 88 B6 � p �爈���
0020 1C 6C 4D 82 6D E2 9C FF FF 00 00 90 09 0B 00 1D lM�m��� ✐
0030 4C 00 80 24 40 89 8F 8B 5E 5F 60 7B 93 7D 7E 20 L �$@���^_`{�}~
0040 FE BE A8 AA FE BE A8 AA B4 B4 B4 B4 B4 B4 B4 B4 ����������������
0050 AA AA CC 00 00 00 00 00 00 00 00 00 04 00 00 00 ���
0060 00 00 00 80 00 29 26 29 4B 4C 41 36 49 54 38 4E ̀ )&)KLA6IT8N
0070 31 4F 42 36 20 41 50 41 47 41 52 20 3F 20 20 44 1OB6 APAGAR ? D
0080 45 53 41 54 49 56 41 44 4F 20 20 20 20 20 20 20 ESATIVADO
0090 20 20 50 49 4C 48 41 20 47 41 53 54 41 20 4D 45 PILHA GASTA ME
00A0 4D 2E 20 43 48 45 49 41 20 20 44 55 50 4C 49 43 M. CHEIA DUPLIC
00B0 41 44 4F 20 20 20 4C 49 47 41 2F 44 45 53 4C 49 ADO LIGA/DESLI
00C0 47 41 20 53 4F 20 54 4F 4D 20 20 20 20 20 20 20 GA SO TOM
00D0 47 52 55 50 4F 20 20 20 20 20 20 20 20 20 43 4F GRUPO CO
00E0 4E 45 43 54 45 4C 20 20 20 20 20 20 41 44 31 42 NECTEL AD1B
00F0 57 48 33 52 50 33 41 44 31 42 57 48 33 52 50 33 WH3RP3AD1BWH3RP3
Pager Password:
MOUSE
This is the command that I used to program Atmega328P with a firmware to hack Motorola Advisor firmware:
$ avrdude -C /etc/avrdude.conf -c usbasp -p atmega328p -U flash:w:"v3/ADVISOR_EEP_ARD328_v3.hex":i -v
avrdude: Version 6.3-20171130
Copyright (c) 2000-2005 Brian Dean, http://www.bdmicro.com/
Copyright (c) 2007-2014 Joerg Wunsch
System wide configuration file is "/etc/avrdude.conf"
User configuration file is "/home/alan/.avrduderc"
User configuration file does not exist or is not a regular file, skipping
Using Port : usb
Using Programmer : usbasp
AVR Part : ATmega328P
Chip Erase delay : 9000 us
PAGEL : PD7
BS2 : PC2
RESET disposition : dedicated
RETRY pulse : SCK
serial program mode : yes
parallel program mode : yes
Timeout : 200
StabDelay : 100
CmdexeDelay : 25
SyncLoops : 32
ByteDelay : 0
PollIndex : 3
PollValue : 0x53
Memory Detail :
Block Poll Page Polled
Memory Type Mode Delay Size Indx Paged Size Size #Pages MinW MaxW ReadBack
----------- ---- ----- ----- ---- ------ ------ ---- ------ ----- ----- ---------
eeprom 65 20 4 0 no 1024 4 0 3600 3600 0xff 0xff
flash 65 6 128 0 yes 32768 128 256 4500 4500 0xff 0xff
lfuse 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00
hfuse 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00
efuse 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00
lock 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00
calibration 0 0 0 0 no 1 0 0 0 0 0x00 0x00
signature 0 0 0 0 no 3 0 0 0 0 0x00 0x00
Programmer Type : usbasp
Description : USBasp, http://www.fischl.de/usbasp/
avrdude: auto set sck period (because given equals null)
avrdude: warning: cannot set sck period. please check for usbasp firmware update.
avrdude: AVR device initialized and ready to accept instructions
Reading | ################################################## | 100% 0.00s
avrdude: Device signature = 0x1e950f (probably m328p)
avrdude: safemode: lfuse reads as FF
avrdude: safemode: hfuse reads as DA
avrdude: safemode: efuse reads as FD
avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed
To disable this feature, specify the -D option.
avrdude: erasing chip
avrdude: auto set sck period (because given equals null)
avrdude: warning: cannot set sck period. please check for usbasp firmware update.
avrdude: reading input file "v3/ADVISOR_EEP_ARD328_v3.hex"
avrdude: writing flash (5732 bytes):
Writing | ################################################## | 100% 3.92s
avrdude: 5732 bytes of flash written
avrdude: verifying flash memory against v3/ADVISOR_EEP_ARD328_v3.hex:
avrdude: load data flash data from input file v3/ADVISOR_EEP_ARD328_v3.hex:
avrdude: input file v3/ADVISOR_EEP_ARD328_v3.hex contains 5732 bytes
avrdude: reading on-chip flash data:
Reading | ################################################## | 100% 2.93s
avrdude: verifying ...
avrdude: 5732 bytes of flash verified
avrdude: safemode: lfuse reads as FF
avrdude: safemode: hfuse reads as DA
avrdude: safemode: efuse reads as FD
avrdude: safemode: Fuses OK (E:FD, H:DA, L:FF)
avrdude done. Thank you.
This are the instructions to wire the Arduino board and the Pager:
By request, I post the Motorola advisor EEPROM editor.
You need an arduino with AtMega328p or any other board with such a processor and 16 MHz quartz.
The program shows the password, the password can be deactivated. You can reset the lock mode and the invalid input attempt counter, you can override the serial number, you can write any data to the specified EEPROM address.
The program has a minimum of checks and warnings, whether there will be a brick, if something is written in the wrong place, I don’t know, it’s not interesting.
The program is written in a different environment than the Arduino. You need an SPI programmer or a utility that can load HEX via Boot. The connection to the pager is 6 wires, it is desirable to run the signal circuits through ~ 1K resistors.
You need to connect the ground and these lines:
Portc.1 (MISO, A1) -> 8 pin U2
Portc.0 (MOSI, A0) -> 7 pin U2
Portc.2 (SCK, A2) -> 6 pin U2
Portc.3 (CS, A3) -> 9 pin U2
Portc.4 (RST, A4) -> 41 pin CPU
Solder the wires to the U2 (Cmos Support) pins, RST is convenient to connect to the R11 resistor, from the processor side.
Terminal set to 57600 8n1/I gave up to use the Pinguino toolchain and decided to compile my own using crosstool-ng and suggested on this thread: https://lists.apache.org/thread/lgrt45t73om5gq7mq3g5982kgykw5l42
The steps where very easy to do:
STEP TO COMPILE ct-ng:
$ git clone https://github.com/crosstool-ng/crosstool-ng
$ ./bootstrap
$ ./configure
$ sudo make install
SELECTING AND COMPILE THE MIPS TOOLCHAIN:
$ ./ct-ng mips-unknown-elf
$ ./ct-ng menuconfig (NOTE: optional)
$ ./ct-ng build
Final step to copy it to right place:
$ chmod -R u+w .build/mips-unknown-elf
$ sudo cp -a .build/mips-unknown-elf/* /usr/local/
After removing some not necessary libraries like PyUSB, PySVN, I finally got a splash screen and this:
$ ./pinguino_lin64.sh
./pinguino.py:70: wxPyDeprecationWarning: Using deprecated class PySimpleApp.
app = wx.PySimpleApp(0)
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/wx-3.0-gtk3/wx/_misc.py", line 1367, in Notify
self.notify()
File "/usr/lib/python2.7/dist-packages/wx-3.0-gtk3/wx/_core.py", line 16868, in Notify
self.result = self.callable(*self.args, **self.kwargs)
File "./pinguino.py", line 43, in ShowMain
frame.__initPinguino__(None)
File "/home/alan/Downloads/pinguim/pinguinoX.3rev399/wxgui/pinguino.py", line 135, in __initPinguino__
self.buildEditor()
File "/home/alan/Downloads/pinguim/pinguinoX.3rev399/wxgui/pinguino.py", line 193, in buildEditor
self.lat = panelLateral(self)
File "/home/alan/Downloads/pinguim/pinguinoX.3rev399/wxgui/frames/framesX3.py", line 862, in __init__
fgSizer1.AddSpacer( ( 0, 0), 1, wx.EXPAND, 5 )
File "/usr/lib/python2.7/dist-packages/wx-3.0-gtk3/wx/_core.py", line 14672, in AddSpacer
return self.Add(*args, **kw)
File "/usr/lib/python2.7/dist-packages/wx-3.0-gtk3/wx/_core.py", line 14453, in Add
return _core_.Sizer_Add(*args, **kwargs)
wx._core.PyAssertionError: C++ assertion "Assert failure" failed at ../src/common/sizer.cpp(1396) in DoInsert(): too many items (5 > 2*2) in grid sizer (maybe you should omit the number of either rows or columns?)
^C
After some search in the internet I found this thread: https://github.com/springlobby/springlobby/issues/235
This issue was closed with this commit: https://github.com/springlobby/springlobby/commit/7e0fcf4aec1005557b667ce9bbd755bb556e2d04
So I just edited wxgui/frames/framesX3.py and changed:
fgSizer1 = wx.FlexGridSizer( 2, 2, 0, 0 )
to:
fgSizer1 = wx.FlexGridSizer( 0, 2, 0, 0 )
And Voilà!
Alan C. Assis 