NSLU2-Linux
- FAQ: Frequently Asked Questions
- Donations
- Downloads
- Trac Bug Tracker
- Package Search Engine
- All Recent Wiki Changes
General
- HowTo Recipes
- Cool Peripherals
- Cool Applications
- Information Pages
- Ideas and Wish List
- Slug Success Stories
- Slug-Related Articles
- Project Mailing Lists
- Project IRC Channels
- Donations and Sponsors
- NSLU2-Linux Photo Gallery
OS/Firmware Projects
- NSLU2-Linux Development
- How Do I Get Involved?
- Unslung Firmware
- Debian Installation
- SlugOS Firmware
- OpenSlug Firmware
- SlugOS/LE Firmware
- OpenWrt Firmware
- Angstrom Firmware
- UcSlugC Firmware
- GentooSlug Firmware
- UpSlug Upload Tool
- Puppy Topfield Access
Firmware Targets
Optware
Optware Targets
Other Hardware
Wiki Resources
Sponsored Links
hosting by:
It is interesting, though maybe not very interesting, to know that you can telnet into the default firmware without flashing it to Unslung or OpenSlug. Some time ago, a message was posted on the yahoo message board with the source code that computes a password for the user ourtelnetrescueuser. Coming across this code as pointed out by dyoung, I modified it a bit so it can give you the password for your specific box. The password is calculated by looking at the default_server_name in /etc/CGI_ds.conf, which usually consists of the letters LKG followed by part of the MAC-address.
You can compile it by saving it to slugpass.c and then typing gcc slugpass.c -oslugpass -lcrypt. You will be asked to type in the correct LKG-serial.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <crypt.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <pwd.h>
#include <unistd.h>
//--------------------------------------------------
typedef struct {
char server_default_name[10];
} sys_info;
#define _LINKSYS_
#define MAXNSLUNAME 10
int ReadSYSInfo(sys_info *info) {
char lkgname[MAXNSLUNAME];
printf("Default NSLU2 name (e.g. LKG7F11C6):");
fgets(lkgname, MAXNSLUNAME, stdin);
strcpy(info->server_default_name, lkgname);
return 0;
}
//--------------------------------------------------
char mksalt(int seed)
{
int num = seed % 64;
if (num < 26) {
return 'a' + num;
} else if (num < 52) {
return 'A' + (num - 26);
} else if (num < 62) {
return '0' + (num - 52);
} else if (num == 63) {
return '.';
} else {
return '/';
}
}
int main()
{
sys_info info;
char first[4],second[4],full[7];
long new_long1, new_long2;
char salt[3],pwd[20],pwd2[20];
char *pw;
if(ReadSYSInfo(&info)) return 1;
#ifdef _LINKSYS_
strcpy(full,&(info.server_default_name[3]));
strcpy(second,&(info.server_default_name[6]));
#else
strcpy(full,&(info.server_default_name[2]));
strcpy(second,&(info.server_default_name[5]));
#endif
strncpy(first,full,3);
new_long1 = strtol(first, '\0', 16);
new_long2 = strtol(second, '\0', 0);
salt[0] = mksalt(new_long1);
salt[1] = mksalt(new_long2);
salt[2] = '\0';
memset(&pwd[0], '\0', 20);
pw = crypt(full, salt);
memcpy(&pwd[0], pw, 16);
memset(&pwd2[0], '\0', 20);
strcpy(salt,"sc");
pw = crypt(pwd, salt);
memcpy(&pwd2[0], pw, 16);
printf("your password is: %s\n(stored encrypted on your slug as %s)\n", pwd, pwd2);
return 0;
}
Sidenote: yes, it can be a bit shorter when editing out the stub, but i wanted to stay as close to the original as possible.