NSLU2-Linux
view · edit · print · history

Info.OurTelnetRescuePasswordAlgorithm History

Hide minor edits - Show changes to markup

January 12, 2008, at 01:51 PM by EddyP -- unwikify
Changed lines 23-24 from:
      char lkgnameMAXNSLUNAME;
      printf("Default NSLU2 name (e.g. LKG7F11C6?):");
to:
      char lkgname[MAXNSLUNAME];
      printf("Default NSLU2 name (e.g. LKG7F11C6):");
January 12, 2008, at 01:49 PM by EddyP -- make the code interactive
Changed lines 3-4 from:

You can compile it by saving it to slugpass.c and then typing gcc slugpass.c -oslugpass -lcrypt. Remember to fill in the correct LKG-serial in the ReadSYSInfo() stub.

to:

You can compile it by saving it to slugpass.c and then typing gcc slugpass.c -oslugpass -lcrypt. You will be asked to type in the correct LKG-serial.

Changed lines 20-21 from:
to:
  #define MAXNSLUNAME 10 
Changed lines 23-26 from:
      strcpy(info->server_default_name, "LKG7F11C6");
to:
      char lkgnameMAXNSLUNAME;
      printf("Default NSLU2 name (e.g. LKG7F11C6?):");
      fgets(lkgname, MAXNSLUNAME, stdin);
      strcpy(info->server_default_name, lkgname);
July 14, 2005, at 04:15 AM by tman -- Removed generator
Deleted lines 4-5:

Online outtelnetrescueuser password generator at http://www.trejan.com/projects/nslu2/

April 20, 2005, at 12:15 AM by tman --
Changed lines 5-6 from:

Online outtelnetrescueuser password generator at http://www.trejan.com/projects/nslu2/#GENPASSWD

to:

Online outtelnetrescueuser password generator at http://www.trejan.com/projects/nslu2/

April 20, 2005, at 12:15 AM by tman -- Fixed code formatting
Changed lines 7-53 from:

[=

  1. include <stdio.h>
  2. include <stdlib.h>
  3. include <string.h>
  4. include <crypt.h>
  5. include <sys/stat.h>
  6. include <sys/types.h>
  7. include <pwd.h>
  8. include <unistd.h>

//-------------------------------------------------- typedef struct {

    char server_default_name[10];

} sys_info;

  1. define _LINKSYS_

int ReadSYSInfo?(sys_info *info) {

    strcpy(info->server_default_name, "LKG7F11C6?");
    return 0;

} //--------------------------------------------------

char mksalt(int seed) {

    int num = seed % 64;

    if (num < 26) {
        return 'a' + num;
    } else if (num < 52) {
        return 'A' + (num - 26);
    } else if (num < 62) {
        return '0' + (num - 52);
    } else if (num == 63) {
        return '.';
    } else {
        return '/';
    }

}

int main() {

    sys_info info;
    char first[4],second[4],full[7];
    long new_long1, new_long2;
    char salt[3],pwd[20],pwd2[20];
    char *pw;
to:
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  #include <crypt.h>
  #include <sys/stat.h>
  #include <sys/types.h>
  #include <pwd.h>
  #include <unistd.h>

  //--------------------------------------------------
  typedef struct {
      char server_default_name[10];
  } sys_info;

  #define _LINKSYS_

  int ReadSYSInfo(sys_info *info) {
      strcpy(info->server_default_name, "LKG7F11C6");
      return 0;
  }
  //--------------------------------------------------

  char mksalt(int seed)
  {
      int num = seed % 64;

      if (num < 26) {
          return 'a' + num;
      } else if (num < 52) {
          return 'A' + (num - 26);
      } else if (num < 62) {
          return '0' + (num - 52);
      } else if (num == 63) {
          return '.';
      } else {
          return '/';
      }
  }

  int main()
  {
      sys_info info;
      char first[4],second[4],full[7];
      long new_long1, new_long2;
      char salt[3],pwd[20],pwd2[20];
      char *pw;

      if(ReadSYSInfo(&info)) return 1;

  #ifdef _LINKSYS_
      strcpy(full,&(info.server_default_name[3]));
      strcpy(second,&(info.server_default_name[6]));
  #else
      strcpy(full,&(info.server_default_name[2]));
      strcpy(second,&(info.server_default_name[5]));
  #endif

      strncpy(first,full,3);
      new_long1 = strtol(first, '\0', 16);
      new_long2 = strtol(second, '\0', 0);
      salt[0] = mksalt(new_long1);
      salt[1] = mksalt(new_long2);
      salt[2] = '\0';
      memset(&pwd[0], '\0', 20);
      pw = crypt(full, salt);
      memcpy(&pwd[0], pw, 16);

      memset(&pwd2[0], '\0', 20);
      strcpy(salt,"sc");
      pw = crypt(pwd, salt);
      memcpy(&pwd2[0], pw, 16);
Changed lines 79-108 from:
    if(ReadSYSInfo?(&info)) return 1;
  1. ifdef _LINKSYS_
    strcpy(full,&(info.server_default_name[3]));
    strcpy(second,&(info.server_default_name[6]));
  1. else
    strcpy(full,&(info.server_default_name[2]));
    strcpy(second,&(info.server_default_name[5]));
  1. endif
    strncpy(first,full,3);
    new_long1 = strtol(first, '\0', 16);
    new_long2 = strtol(second, '\0', 0);
    salt[0] = mksalt(new_long1);
    salt[1] = mksalt(new_long2);
    salt[2] = '\0';
    memset(&pwd[0], '\0', 20);
    pw = crypt(full, salt);
    memcpy(&pwd[0], pw, 16);

    memset(&pwd2[0], '\0', 20);
    strcpy(salt,"sc");
    pw = crypt(pwd, salt);
    memcpy(&pwd2[0], pw, 16);

    printf("your password is: %s\n(stored encrypted on your slug as %s)\n", pwd, pwd2);
    return 0;

} =]

to:
      printf("your password is: %s\n(stored encrypted on your slug as %s)\n", pwd, pwd2);
      return 0;
  }
April 20, 2005, at 12:12 AM by tman --
Changed lines 5-7 from:
 [=
to:

Online outtelnetrescueuser password generator at http://www.trejan.com/projects/nslu2/#GENPASSWD

[=

January 04, 2005, at 01:04 PM by Lex Delani --
Changed line 1 from:

It is interesting, though maybe not very interesting, to know that you can telnet into the default firmware without flashing it to Unslung or OpenSlug. Some time ago, a message was posted on the yahoo message board with the source code that computes a password for the user ourtelnetrescueuser. Coming across this code as pointed out by djoung, I modified it a bit so it can give you the password for your specific box. The password is calculated by looking at the default_server_name in /etc/CGI_ds.conf, which usually consists of the letters LKG followed by part of the MAC-address.

to:

It is interesting, though maybe not very interesting, to know that you can telnet into the default firmware without flashing it to Unslung or OpenSlug. Some time ago, a message was posted on the yahoo message board with the source code that computes a password for the user ourtelnetrescueuser. Coming across this code as pointed out by dyoung, I modified it a bit so it can give you the password for your specific box. The password is calculated by looking at the default_server_name in /etc/CGI_ds.conf, which usually consists of the letters LKG followed by part of the MAC-address.

January 04, 2005, at 01:01 PM by Lex Delani --
Added lines 6-13:
  1. include <stdio.h>
  2. include <stdlib.h>
  3. include <string.h>
  4. include <crypt.h>
  5. include <sys/stat.h>
  6. include <sys/types.h>
  7. include <pwd.h>
  8. include <unistd.h>
Added lines 15-18:

//-------------------------------------------------- typedef struct {

    char server_default_name[10];

} sys_info;

Changed lines 20-83 from:

=]

to:
  1. define _LINKSYS_

int ReadSYSInfo?(sys_info *info) {

    strcpy(info->server_default_name, "LKG7F11C6?");
    return 0;

} //--------------------------------------------------

char mksalt(int seed) {

    int num = seed % 64;

    if (num < 26) {
        return 'a' + num;
    } else if (num < 52) {
        return 'A' + (num - 26);
    } else if (num < 62) {
        return '0' + (num - 52);
    } else if (num == 63) {
        return '.';
    } else {
        return '/';
    }

}

int main() {

    sys_info info;
    char first[4],second[4],full[7];
    long new_long1, new_long2;
    char salt[3],pwd[20],pwd2[20];
    char *pw;

    if(ReadSYSInfo?(&info)) return 1;
  1. ifdef _LINKSYS_
    strcpy(full,&(info.server_default_name[3]));
    strcpy(second,&(info.server_default_name[6]));
  1. else
    strcpy(full,&(info.server_default_name[2]));
    strcpy(second,&(info.server_default_name[5]));
  1. endif
    strncpy(first,full,3);
    new_long1 = strtol(first, '\0', 16);
    new_long2 = strtol(second, '\0', 0);
    salt[0] = mksalt(new_long1);
    salt[1] = mksalt(new_long2);
    salt[2] = '\0';
    memset(&pwd[0], '\0', 20);
    pw = crypt(full, salt);
    memcpy(&pwd[0], pw, 16);

    memset(&pwd2[0], '\0', 20);
    strcpy(salt,"sc");
    pw = crypt(pwd, salt);
    memcpy(&pwd2[0], pw, 16);

    printf("your password is: %s\n(stored encrypted on your slug as %s)\n", pwd, pwd2);
    return 0;

} =]

Sidenote: yes, it can be a bit shorter when editing out the stub, but i wanted to stay as close to the original as possible.

January 04, 2005, at 01:00 PM by Lex Delani --
Changed lines 1-8 from:

Go for it Lex.

to:

It is interesting, though maybe not very interesting, to know that you can telnet into the default firmware without flashing it to Unslung or OpenSlug. Some time ago, a message was posted on the yahoo message board with the source code that computes a password for the user ourtelnetrescueuser. Coming across this code as pointed out by djoung, I modified it a bit so it can give you the password for your specific box. The password is calculated by looking at the default_server_name in /etc/CGI_ds.conf, which usually consists of the letters LKG followed by part of the MAC-address.

You can compile it by saving it to slugpass.c and then typing gcc slugpass.c -oslugpass -lcrypt. Remember to fill in the correct LKG-serial in the ReadSYSInfo() stub.

 



January 04, 2005, at 12:45 PM by rwhitby --
Changed line 1 from:
to:

Go for it Lex.

view · edit · print · history · Last edited by EddyP.
Based on work by EddyP, tman, and Lex Delani.
Originally by rwhitby.
Page last modified on January 12, 2008, at 01:51 PM