Dune:Telnetd

From Lundman Wiki
Jump to: navigation, search

telnetd

Documenting some of the attempts at starting telnetd. Thanks to the Firmware information, I already know where all the binaries are, how they are started and that they are binary compatible with NMT. The /etc/rc.d scripts have "/usr/sbin/telnetd" commented out alas.

Inspecting the "shell" binary, which seems to be the main GUI program (when not playing media of some kind) I found the following strings:

/usr/sbin/telnetd
Performing secret action...
DEBUG
Failed to start telnetd.
Secret action failed.
Secret action performed.

This is used by subroutine at .text:00459030 (loc_458FD4), this is called during the setup of the screens, right after "sysinfo" page. So presumably there is something you can do at the System Information screen. I do not know what that is yet. The only absolute test values I found were !0xcc, !0xd0, !0x91 and 0x06. There were also server-file calls in the vicinity so it may be related to reading a service file.

Starting our own

With PCH, I simply took out the internal HDD setup with the extra applications. Then modified the FTP startup script to also start telnetd.

However, the Dune chaps took a few more steps than that. (I would expect no less from crafty Russians) and from what I have seen of their code, they are quite capable. If I were to rate the Dune and Syabas developers, I would have to say Dune has the upper hand. Clean and precise.

Dune will also format your USB-Stick with some optional Applications. In particular, samba (smbd, nmbd) and WeBroser (X11). However, there are no sh script to modify, and if you replace the binaries, they no longer run. They employ checksumming, and file-size checks. However, they are not MD5s of the entire file, but something else. (Which is a good thing, since that would be rather decremental to performance).


telnetd running

910_E1[tmp_conf]$ uname -a
Linux 910_E1 2.6.15-sigma #63 PREEMPT Tue Dec 23 19:21:50 MSK 2008 mips unknown
910_E1[tmp_conf]$ df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/mtdblock8            1.0M    412.0k    612.0k  40% /mnt
/dev/mtdblock7           53.7M     53.7M         0 100% /tango
/dev/sdc1                 1.8G     89.3M      1.7G   5% /persistfs
/dev/sdb                229.2G     32.1M    217.5G   0% /tmp/mnt/storage/0

Seriously, if they want to decrease the booting time, they really should disable kernel crypt testing all the ciphers.

The boot messages, skipping all the cipher tests:


Jan  1 16:00:03 910_E1 syslog.info syslogd started: BusyBox v1.5.0
Jan  1 16:00:03 910_E1 user.info kernel: emory 0x10020000-0x17000000 for PCI at 0x11000000
Jan  1 16:00:03 910_E1 user.notice kernel: SCSI subsystem initialized
Jan  1 16:00:03 910_E1 user.info kernel: usbcore: registered new driver usbfs
Jan  1 16:00:03 910_E1 user.info kernel: usbcore: registered new driver hub
Jan  1 16:00:03 910_E1 user.warn kernel: Created /proc/cpucache_info entry.
Jan  1 16:00:03 910_E1 user.info kernel: Initializing Cryptographic API
[snip an endless list of ciphers tests]
Jan  1 16:00:04 910_E1 user.info kernel: io scheduler noop registered
Jan  1 16:00:04 910_E1 user.info kernel: io scheduler anticipatory registered
Jan  1 16:00:04 910_E1 user.info kernel: io scheduler deadline registered
Jan  1 16:00:04 910_E1 user.info kernel: io scheduler cfq registered
Jan  1 16:00:04 910_E1 user.info kernel: Software Watchdog Timer: 0.07 initialized. soft_noboot=0 soft_margin=60 sec (nowayout= 0)
Jan  1 16:00:04 910_E1 user.info kernel: Serial: 8250/16550 driver $Revision: 1.90 $ 2 ports, IRQ sharing disabled
Jan  1 16:00:04 910_E1 user.info kernel: serial8250: ttyS0 at MMIO 0x0 (irq = 9) is a 16550A
Jan  1 16:00:04 910_E1 user.info kernel: loop: loaded (max 8 devices)
Jan  1 16:00:04 910_E1 user.info kernel: tango2_enet: ethernet driver for SMP863x internal mac
Jan  1 16:00:04 910_E1 user.err kernel: tango2_enet: detected phy at address 0x01
Jan  1 16:00:04 910_E1 user.info kernel: tango2_enet: mac address 00:16:e8:87:b0:f0
Jan  1 16:00:04 910_E1 user.info kernel: Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
Jan  1 16:00:04 910_E1 user.info kernel: ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
Jan  1 16:00:04 910_E1 user.warn kernel: ide0: SMP863x/SMP865x Bus Mastering IDE controller
Jan  1 16:00:04 910_E1 user.debug kernel: Probing IDE interface ide0...
Jan  1 16:00:04 910_E1 user.warn kernel: hda: KEK410 1.11, ATAPI CD/DVD-ROM drive
Jan  1 16:00:04 910_E1 user.warn kernel: hda: no 80 conductors cable, falling back to lower udma mode
Jan  1 16:00:04 910_E1 user.warn kernel: hda: set to Ultra DMA mode 2
Jan  1 16:00:04 910_E1 user.warn kernel: ide0: DMA enabled for ATAPI CDROM hda
Jan  1 16:00:04 910_E1 user.warn kernel: ide0 at
Jan  1 16:00:04 910_E1 user.info kernel: 0x223c0-0x223c7,0x22398 on irq 26
Jan  1 16:00:04 910_E1 user.info kernel: hda: ATAPI DVD-ROM drive, 8192kB Cache, UDMA(33)
Jan  1 16:00:04 910_E1 user.info kernel: Uniform CD-ROM driver Revision: 3.20
Jan  1 16:00:04 910_E1 user.notice kernel: physmap flash device CS2: 2000000 at 48000000
Jan  1 16:00:04 910_E1 user.info kernel: CS2: Physically mapped flash: Found 1 x16 devices at 0x0 in 16-bit bank
Jan  1 16:00:04 910_E1 user.warn kernel:  Amd/Fujitsu Extended Query Table at 0x0040
Jan  1 16:00:04 910_E1 user.warn kernel: CS2: Physically mapped flash: CFI does not contain boot bank location. Assuming top.
Jan  1 16:00:04 910_E1 user.notice kernel: number of CFI chips: 1
Jan  1 16:00:04 910_E1 user.notice kernel: cfi_cmdset_0002: Disabling erase-suspend-program due to code brokenness.
Jan  1 16:00:04 910_E1 user.notice kernel: Using physmap partition definition
Jan  1 16:00:04 910_E1 user.notice kernel: Adding partition #1-#9
Jan  1 16:00:04 910_E1 user.notice kernel: Creating 9 MTD partitions on "CS2: Physically mapped flash":
Jan  1 16:00:04 910_E1 user.notice kernel: 0x00000000-0x00020000 : "CS2-Part1"
Jan  1 16:00:04 910_E1 user.notice kernel: 0x00020000-0x00040000 : "CS2-Part2"
Jan  1 16:00:04 910_E1 user.notice kernel: 0x00040000-0x00060000 : "CS2-Part3"
Jan  1 16:00:04 910_E1 user.notice kernel: 0x00060000-0x004a0000 : "CS2-Part4"
Jan  1 16:00:04 910_E1 user.notice kernel: 0x004a0000-0x02000000 : "CS2-Part5"
Jan  1 16:00:04 910_E1 user.notice kernel: 0x004a0000-0x00620000 : "CS2-Part6"
Jan  1 16:00:04 910_E1 user.notice kernel: 0x00620000-0x01ec0000 : "CS2-Part7"
Jan  1 16:00:04 910_E1 user.notice kernel: 0x01ec0000-0x01fc0000 : "CS2-Part8"
Jan  1 16:00:04 910_E1 user.notice kernel: 0x01fc0000-0x02000000 : "CS2-Part9"
Jan  1 16:00:04 910_E1 user.info kernel: usbcore: registered new driver hiddev
Jan  1 16:00:04 910_E1 user.info kernel: usbcore: registered new driver usbhid
Jan  1 16:00:04 910_E1 user.info kernel: drivers/usb/input/hid-core.c: v2.6:USB HID core driver
Jan  1 16:00:04 910_E1 user.info kernel: mice: PS/2 mouse device common for all mice
Jan  1 16:00:04 910_E1 user.info kernel: oprofile: using timer interrupt.
Jan  1 16:00:04 910_E1 user.info kernel: NET: Registered protocol family 2
Jan  1 16:00:04 910_E1 user.warn kernel: IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
Jan  1 16:00:04 910_E1 user.warn kernel: TCP established hash table entries: 16384 (order: 4, 65536 bytes)
Jan  1 16:00:04 910_E1 user.warn kernel: TCP bind hash table entries: 16384 (order: 4, 65536 bytes)
Jan  1 16:00:04 910_E1 user.info kernel: TCP: Hash tables configured (established 16384 bind 16384)
Jan  1 16:00:04 910_E1 user.info kernel: TCP reno registered
Jan  1 16:00:04 910_E1 user.info kernel: TCP bic registered
Jan  1 16:00:04 910_E1 user.info kernel: NET: Registered protocol family 1
Jan  1 16:00:04 910_E1 user.info kernel: NET: Registered protocol family 17
Jan  1 16:00:04 910_E1 user.info kernel: Freeing unused kernel memory: 2852k freed
Jan  1 16:00:04 910_E1 user.info kernel: SMP863x ir (254:0): driver loaded (wait_period = 100ms, buffer_size = 6)
Jan  1 16:00:04 910_E1 user.warn kernel: SMP86xx fip (253:0): driver loaded (buffer_size = 2)
Jan  1 16:00:04 910_E1 user.warn kernel: driver tangox-ehci-hcd, 10 Dec 2004
Jan  1 16:00:04 910_E1 user.warn kernel: TangoX USB initializing...
Jan  1 16:00:04 910_E1 user.info kernel: tangox-ehci-hcd tangox-ehci-hcd: TangoX USB 2.0
Jan  1 16:00:04 910_E1 user.info kernel: tangox-ehci-hcd tangox-ehci-hcd: new USB bus registered, assigned bus number 1
Jan  1 16:00:04 910_E1 user.info kernel: tangox-ehci-hcd tangox-ehci-hcd: irq 48, io mem 0xa0021500
Jan  1 16:00:04 910_E1 user.info kernel: tangox-ehci-hcd tangox-ehci-hcd: USB 0.0 started, EHCI 1.00, driver 10 Dec 2004
Jan  1 16:00:04 910_E1 user.info kernel: hub 1-0:1.0: USB hub found
Jan  1 16:00:04 910_E1 user.info kernel: hub 1-0:1.0: 2 ports detected
Jan  1 16:00:04 910_E1 user.warn kernel: TangoX USB was initialized.
Jan  1 16:00:04 910_E1 user.warn kernel: Initializing TangoX USB OHCI Controller Membase=0xa0021500, irq=47
Jan  1 16:00:04 910_E1 user.info kernel: tangox-ohci-hcd tangox-ohci-hcd: USB Host Controller
Jan  1 16:00:04 910_E1 user.info kernel: tangox-ohci-hcd tangox-ohci-hcd: new USB bus registered, assigned bus number 2
Jan  1 16:00:04 910_E1 user.info kernel: usb 1-1: new high speed USB device using tangox-ehci-hcd and address 2
Jan  1 16:00:04 910_E1 user.info kernel: tangox-ohci-hcd tangox-ohci-hcd: irq 47, io mem 0xa0021500
Jan  1 16:00:04 910_E1 user.info kernel: hub 2-0:1.0: USB hub found
Jan  1 16:00:04 910_E1 user.info kernel: hub 2-0:1.0: 2 ports detected
Jan  1 16:00:04 910_E1 user.info kernel: hub 1-1:1.0: USB hub found
Jan  1 16:00:04 910_E1 user.info kernel: hub 1-1:1.0: 4 ports detected
Jan  1 16:00:04 910_E1 user.info kernel: Initializing USB Mass Storage driver...
Jan  1 16:00:04 910_E1 user.info kernel: usb 1-2: new high speed USB device using tangox-ehci-hcd and address 3
Jan  1 16:00:04 910_E1 user.info kernel: scsi0 : SCSI emulation for USB Mass Storage devices
Jan  1 16:00:04 910_E1 user.debug kernel: usb-storage: device found at 3
Jan  1 16:00:04 910_E1 user.debug kernel: usb-storage: waiting for device to settle before scanning
Jan  1 16:00:04 910_E1 user.info kernel: usbcore: registered new driver usb-storage
Jan  1 16:00:04 910_E1 user.info kernel: USB Mass Storage support registered.
Jan  1 16:00:04 910_E1 user.info kernel: usb 1-1.1: new high speed USB device using tangox-ehci-hcd and address 4
Jan  1 16:00:04 910_E1 user.warn kernel: tangox frequency scaling module installed.
Jan  1 16:00:04 910_E1 user.info kernel: scsi1 : SCSI emulation for USB Mass Storage devices
Jan  1 16:00:04 910_E1 user.debug kernel: usb-storage: device found at 4
Jan  1 16:00:04 910_E1 user.debug kernel: usb-storage: waiting for device to settle before scanning
Jan  1 16:00:04 910_E1 user.info kernel: usb 1-1.2: new high speed USB device using tangox-ehci-hcd and address 5
Jan  1 16:00:04 910_E1 user.info kernel: scsi2 : SCSI emulation for USB Mass Storage devices
Jan  1 16:00:04 910_E1 user.debug kernel: usb-storage: device found at 5
Jan  1 16:00:04 910_E1 user.debug kernel: usb-storage: waiting for device to settle before scanning
Jan  1 16:00:04 910_E1 user.info kernel: NTFS driver 2.1.25 [Flags: R/O MODULE].
Jan  1 16:00:04 910_E1 user.info kernel: JFFS2 version 2.2. (C) 2001-2003 Red Hat, Inc.
Jan  1 16:00:04 910_E1 user.notice kernel:   Vendor: USB       Model: Flash Disk        Rev: 2.00
Jan  1 16:00:04 910_E1 user.notice kernel:   Type:   Direct-Access                      ANSI SCSI revision: 02
Jan  1 16:00:04 910_E1 user.notice kernel: SCSI device sda: 1974272 512-byte hdwr sectors (1011 MB)
Jan  1 16:00:04 910_E1 user.notice kernel: sda: Write Protect is off
Jan  1 16:00:04 910_E1 user.debug kernel: sda: Mode Sense: 03 00 00 00
Jan  1 16:00:04 910_E1 user.err kernel: sda: assuming drive cache: write through
Jan  1 16:00:04 910_E1 user.notice kernel: SCSI device sda: 1974272 512-byte hdwr sectors (1011 MB)
Jan  1 16:00:04 910_E1 user.notice kernel: sda: Write Protect is off
Jan  1 16:00:04 910_E1 user.debug kernel: sda: Mode Sense: 03 00 00 00
Jan  1 16:00:04 910_E1 user.err kernel: sda: assuming drive cache: write through
Jan  1 16:00:04 910_E1 user.info kernel:  sda: sda1
Jan  1 16:00:04 910_E1 user.notice kernel: sd 0:0:0:0: Attached scsi removable disk sda
Jan  1 16:00:04 910_E1 user.notice kernel: sd 0:0:0:0: Attached scsi generic sg0 type 0
Jan  1 16:00:04 910_E1 user.debug kernel: usb-storage: device scan complete
Jan  1 16:00:04 910_E1 user.notice kernel:   Vendor: Generic   Model: External          Rev: 2.10
Jan  1 16:00:04 910_E1 user.notice kernel:   Type:   Direct-Access                      ANSI SCSI revision: 04
Jan  1 16:00:04 910_E1 user.notice kernel: SCSI device sdb: 488397168 512-byte hdwr sectors (250059 MB)
Jan  1 16:00:04 910_E1 user.err kernel: sdb: assuming drive cache: write through
Jan  1 16:00:04 910_E1 user.notice kernel: SCSI device sdb: 488397168 512-byte hdwr sectors (250059 MB)
Jan  1 16:00:04 910_E1 user.err kernel: sdb: assuming drive cache: write through
Jan  1 16:00:04 910_E1 user.info kernel:  sdb: unknown partition table
Jan  1 16:00:04 910_E1 user.notice kernel: sd 1:0:0:0: Attached scsi disk sdb
Jan  1 16:00:04 910_E1 user.notice kernel: sd 1:0:0:0: Attached scsi generic sg1 type 0
Jan  1 16:00:04 910_E1 user.debug kernel: usb-storage: device scan complete
Jan  1 16:00:04 910_E1 user.notice kernel:   Vendor: SanDisk   Model: Cruzer Micro      Rev: 8.01
Jan  1 16:00:04 910_E1 user.notice kernel:   Type:   Direct-Access                      ANSI SCSI revision: 00
Jan  1 16:00:04 910_E1 user.notice kernel: SCSI device sdc: 3907583 512-byte hdwr sectors (2001 MB)
Jan  1 16:00:04 910_E1 user.notice kernel: sdc: Write Protect is off
Jan  1 16:00:04 910_E1 user.debug kernel: sdc: Mode Sense: 45 00 00 08
Jan  1 16:00:04 910_E1 user.err kernel: sdc: assuming drive cache: write through
Jan  1 16:00:04 910_E1 user.notice kernel: SCSI device sdc: 3907583 512-byte hdwr sectors (2001 MB)
Jan  1 16:00:04 910_E1 user.notice kernel: sdc: Write Protect is off
Jan  1 16:00:04 910_E1 user.debug kernel: sdc: Mode Sense: 45 00 00 08
Jan  1 16:00:04 910_E1 user.err kernel: sdc: assuming drive cache: write through
Jan  1 16:00:04 910_E1 user.info kernel:  sdc: sdc1
Jan  1 16:00:04 910_E1 user.notice kernel: sd 2:0:0:0: Attached scsi removable disk sdc
Jan  1 16:00:04 910_E1 user.notice kernel: sd 2:0:0:0: Attached scsi generic sg2 type 0
Jan  1 16:00:04 910_E1 user.debug kernel: usb-storage: device scan complete
Jan  1 16:00:04 910_E1 user.warn kernel: llad: module license 'LGPL' taints kernel.
Jan  1 16:00:04 910_E1 user.warn kernel: em8xxx: no version for "llad_open" found: kernel tainted.
Jan  1 16:00:04 910_E1 user.warn kernel: em8xxx [/home/orlov/work/rushd/hd/thirdparty_patched/mrua_SMP8634_BD_282_42_GCC4_dev.mips/MRUA_src/rua/emhwlib_kernel/kernel_src/krua.c:1465] init_module: begun
Jan  1 16:00:04 910_E1 user.warn kernel: em8xxx0 [/home/orlov/work/rushd/hd/thirdparty_patched/mrua_SMP8634_BD_282_42_GCC4_dev.mips/MRUA_src/rua/emhwlib_kernel/kernel_src/krua.c:1353] identify: board as unknown subid
Jan  1 16:00:04 910_E1 user.warn kernel: em8xxx [/home/orlov/work/rushd/hd/thirdparty_patched/mrua_SMP8634_BD_282_42_GCC4_dev.mips/MRUA_src/rua/emhwlib_kernel/kernel_src/krua.c:1451] identify: device 0x8634 0x86 accepted with software tango2revA
Jan  1 16:00:04 910_E1 user.warn kernel: mumk_register_tasklet: (0) tasklet c804f000 status @ca2c7c04
Jan  1 16:00:04 910_E1 user.warn kernel: em8xxx [/home/orlov/work/rushd/hd/thirdparty_patched/mrua_SMP8634_BD_282_42_GCC4_dev.mips/MRUA_src/rua/emhwlib_kernel/kernel_src/krua.c:314] mumk_register_channel_tasklet[0] 0xc8051000: pE=0xca2c79e0 ch_idx=33 module_id=0x3c 0x
Jan  1 16:00:04 910_E1 user.warn kernel: em8xxx [/home/orlov/work/rushd/hd/thirdparty_patched/mrua_SMP8634_BD_282_42_GCC4_dev.mips/MRUA_src/rua/emhwlib_kernel/kernel_src/krua.c:314] mumk_register_channel_tasklet[1] 0xca09c000: pE=0xca2c79e0 ch_idx=35 module_id=0x3c 0x
Jan  1 16:00:04 910_E1 user.warn kernel: em8xxx [/home/orlov/work/rushd/hd/thirdparty_patched/mrua_SMP8634_BD_282_42_GCC4_dev.mips/MRUA_src/rua/emhwlib_kernel/kernel_src/krua.c:314] mumk_register_channel_tasklet[2] 0xca09e000: pE=0xca2c79e0 ch_idx=41 module_id=0x13c 0
Jan  1 16:00:04 910_E1 user.warn kernel: em8xxx [/home/orlov/work/rushd/hd/thirdparty_patched/mrua_SMP8634_BD_282_42_GCC4_dev.mips/MRUA_src/rua/emhwlib_kernel/kernel_src/krua.c:314] mumk_register_channel_tasklet[3] 0xca110000: pE=0xca2c79e0 ch_idx=43 module_id=0x13c 0
Jan  1 16:00:04 910_E1 user.warn kernel: em8xxx [/home/orlov/work/rushd/hd/thirdparty_patched/mrua_SMP8634_BD_282_42_GCC4_dev.mips/MRUA_src/rua/emhwlib_kernel/kernel_src/krua.c:314] mumk_register_channel_tasklet[4] 0xca112000: pE=0xca2c79e0 ch_idx=37 module_id=0x23c 0
Jan  1 16:00:04 910_E1 user.warn kernel: em8xxx [/home/orlov/work/rushd/hd/thirdparty_patched/mrua_SMP8634_BD_282_42_GCC4_dev.mips/MRUA_src/rua/emhwlib_kernel/kernel_src/krua.c:314] mumk_register_channel_tasklet[5] 0xca114000: pE=0xca2c79e0 ch_idx=39 module_id=0x23c 0
Jan  1 16:00:04 910_E1 user.warn kernel: em8xxx [/home/orlov/work/rushd/hd/thirdparty_patched/mrua_SMP8634_BD_282_42_GCC4_dev.mips/MRUA_src/rua/emhwlib_kernel/kernel_src/krua.c:1617] init_module: done. Found 1 em8xxx
Jan  1 16:00:04 910_E1 user.debug kernel: libata version 1.20 loaded.
Jan  1 16:00:04 910_E1 user.err kernel: EXT3-fs: Unrecognized mount option "iocharset=utf8" or missing value
Jan  1 16:00:04 910_E1 user.err kernel: FAT: utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
Jan  1 16:00:04 910_E1 user.warn kernel: UDF-fs: No VRS found
Jan  1 16:00:04 910_E1 user.err kernel: NTFS-fs warning (device sdc1): parse_options(): Option iocharset is deprecated. Please use option nls=<charsetname> in the future.
Jan  1 16:00:04 910_E1 user.info kernel: kjournald starting.  Commit interval 5 seconds
Jan  1 16:00:04 910_E1 user.info kernel: EXT3 FS on sdc1, internal journal
Jan  1 16:00:04 910_E1 user.info kernel: EXT3-fs: mounted filesystem with ordered data mo
Jan  1 16:00:04 910_E1 user.info kernel: de.
Jan  1 16:00:04 910_E1 user.info kernel: eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
Jan  1 16:00:04 910_E1 local0.info udhcpc[1066]: udhcpc (v1.5.0) started
Jan  1 16:00:04 910_E1 local0.info udhcpc[1066]: Sending discover...


Fuse & NTFS-3G

Testing if FUSE kernel module will load, and by extension, ntfs-3g in read/write.

910_E1[ldvd]$ insmod fuse.ko
<4>fuse init (API version 7.8)
<4>fuse distribution version: 2.7.2
910_E1[ldvd]$ fusermount
fusermount: missing mountpoint argument


FUSE loads without issue. ntfs-3g binary runs ok, but I don't actually have a NTFS volume to test with, but there is nothing indicating that it wouldn't run like it does on NMT.

910_E1[tmp]$ ./ntfs-3g-1.2506-nmt /dev/sdc /mnt
NTFS signature is missing.
Failed to mount '/dev/sdc': Invalid argument
The device '/dev/sdc' doesn't have a valid NTFS.
Maybe you selected the wrong device? Or the whole disk instead of a
partition (e.g. /dev/hda, not /dev/hda1)? Or the other way around?