Loading ...
Sorry, an error occurred while loading the content.

Root passwords for Linkstation?

Expand Messages
  • jceklosk
    All, I know it s possible to reset the root password the linkstation 1.44 firmware, but does anyone know the password they are using? Also when the linkstation
    Message 1 of 6 , Mar 24, 2005
    • 0 Attachment
      All,

      I know it's possible to reset the root password the linkstation 1.44
      firmware, but does anyone know the password they are using?

      Also when the linkstation is running in EM mode (running from the flash)
      does anyone know if the root login has a password or not? If so what
      is it? I know it's possible to kick it into EM mode, but does anyone
      know what the result will be?

      We know the passwords for kuro versions, but how about the Linkstation
      ones?

      Thanks!
    • irvine_stock
      Many people have tried to crack the password (including myself). A common program called johntheripper works great (except for root). I believe the problem
      Message 2 of 6 , Mar 25, 2005
      • 0 Attachment
        Many people have tried to crack the password (including myself).
        A common program called "johntheripper" works great (except for
        root). I believe the problem may be the character set used for the
        root password is not standard english ascii. Since most crackers
        use character substitution and dictionaries they never would try
        japanese characters. This would explain why its not been cracked
        yet. This group does not give up easily. One guy typed in possible
        passwords ~67000 times and overloaded his log file.
        Maybe a japanese version is out there and it can be used!
        I ran johntheripper for three days on a dual Athlon 3800 and it
        cracked all my passwords in seconds. But even after 3 days it never
        got the root password. I could see my password choices were not
        very good!!!
        I could not figure out the EM root password either. I would guess
        it's the same as the root file system. But until I know what that
        is I can't say I know either. It may just be another japanese word
        that's not easily tried.
        If somebody figures it out, I'm sure it will show up here! :-)
        Fortunately I added "myroot" to my linkstation with no password. I
        can always login even after an update. The update only resets
        the "root" password.

        Rich
        --- In LinkStation_General@yahoogroups.com, "jceklosk"
        <jceklosk@y...> wrote:
        >
        > All,
        >
        > I know it's possible to reset the root password the linkstation
        1.44
        > firmware, but does anyone know the password they are using?
        >
        > Also when the linkstation is running in EM mode (running from the
        flash)
        > does anyone know if the root login has a password or not? If so
        what
        > is it? I know it's possible to kick it into EM mode, but does
        anyone
        > know what the result will be?
        >
        > We know the passwords for kuro versions, but how about the
        Linkstation
        > ones?
        >
        > Thanks!
      • jceklosk
        Rich, I have done some extensive digging from the flash firware on the linkstation image using the following: echo /dev/fl1 firmware Working with the
        Message 3 of 6 , Mar 25, 2005
        • 0 Attachment
          Rich,

          I have done some extensive digging from the flash firware on
          the linkstation image using the following:

          echo /dev/fl1 > firmware

          Working with the information found here:

          http://www.yamasita.jp/linkstation.en/flashmemory.html

          I was able to recover the flash ext2 filesystem tinkering with a
          hexeditor and finding the kernel image in gz formate along with the
          EM root file system in gz format.

          The password for ROOT in EM mode does match the passwd file
          when running in normal mode:

          Here is the root entry:

          NORMAL:
          root:r.4feIpNeMISQ:0:0:root:/root:/bin/bash

          EM MODE:
          root:r.4feIpNeMISQ:0:0:root:/root:/bin/ash



          Joe


          --- In LinkStation_General@yahoogroups.com, "irvine_stock"
          <r_obermeyer@p...> wrote:
          >
          > Many people have tried to crack the password (including myself).
          > A common program called "johntheripper" works great (except for
          > root). I believe the problem may be the character set used for the
          > root password is not standard english ascii. Since most crackers
          > use character substitution and dictionaries they never would try
          > japanese characters. This would explain why its not been cracked
          > yet. This group does not give up easily. One guy typed in possible
          > passwords ~67000 times and overloaded his log file.
          > Maybe a japanese version is out there and it can be used!
          > I ran johntheripper for three days on a dual Athlon 3800 and it
          > cracked all my passwords in seconds. But even after 3 days it never
          > got the root password. I could see my password choices were not
          > very good!!!
          > I could not figure out the EM root password either. I would guess
          > it's the same as the root file system. But until I know what that
          > is I can't say I know either. It may just be another japanese word
          > that's not easily tried.
          > If somebody figures it out, I'm sure it will show up here! :-)
          > Fortunately I added "myroot" to my linkstation with no password. I
          > can always login even after an update. The update only resets
          > the "root" password.
          >
          > Rich
          > --- In LinkStation_General@yahoogroups.com, "jceklosk"
          > <jceklosk@y...> wrote:
          > >
          > > All,
          > >
          > > I know it's possible to reset the root password the linkstation
          > 1.44
          > > firmware, but does anyone know the password they are using?
          > >
          > > Also when the linkstation is running in EM mode (running from the
          > flash)
          > > does anyone know if the root login has a password or not? If so
          > what
          > > is it? I know it's possible to kick it into EM mode, but does
          > anyone
          > > know what the result will be?
          > >
          > > We know the passwords for kuro versions, but how about the
          > Linkstation
          > > ones?
          > >
          > > Thanks!
        • irvine_stock
          Joe, Yes that was the password I could not crack. To bad you got the same result. I am still hopeful we will crack it. We know the updater can and is sending
          Message 4 of 6 , Mar 25, 2005
          • 0 Attachment
            Joe,
            Yes that was the password I could not crack. To bad you got the
            same result. I am still hopeful we will crack it.
            We know the updater can and is sending many commands to the LS
            during a typical update. Either the updater must be sending the
            command to uncompress the file and install it or the other choice
            would mean the flash kernel knows the password and is doing it.
            With a good packet capture of the commands on the Ethernet should be
            doable.
            Tim Lewis had a great packet capture of the complete update to
            1.46. It's probably in that log.
            http://groups.yahoo.com/group/LinkStation_General/message/1423
            Maybe you can see it with the hex editor in the flash file. I
            looked but did not see anything useful. But it is a big flash. I
            also looked in the updater program but similar result.
            So where is the image.dat being decompressed? Any ideas?

            If we know the password then we can build a release with bug fixes
            that can be uploaded back into the LS. We can also change the root
            password to a known value.
            Rich
            --- In LinkStation_General@yahoogroups.com, "jceklosk"
            <jceklosk@y...> wrote:
            >
            > Rich,
            >
            > I have done some extensive digging from the flash firware on
            > the linkstation image using the following:
            >
            > echo /dev/fl1 > firmware
            >
            > Working with the information found here:
            >
            > http://www.yamasita.jp/linkstation.en/flashmemory.html
            >
            > I was able to recover the flash ext2 filesystem tinkering with a
            > hexeditor and finding the kernel image in gz formate along with the
            > EM root file system in gz format.
            >
            > The password for ROOT in EM mode does match the passwd file
            > when running in normal mode:
            >
            > Here is the root entry:
            >
            > NORMAL:
            > root:r.4feIpNeMISQ:0:0:root:/root:/bin/bash
            >
            > EM MODE:
            > root:r.4feIpNeMISQ:0:0:root:/root:/bin/ash
            >
            >
            >
            > Joe
            >
            >
            > --- In LinkStation_General@yahoogroups.com, "irvine_stock"
            > <r_obermeyer@p...> wrote:
            > >
            > > Many people have tried to crack the password (including myself).
            > > A common program called "johntheripper" works great (except for
            > > root). I believe the problem may be the character set used for
            the
            > > root password is not standard english ascii. Since most
            crackers
            > > use character substitution and dictionaries they never would try
            > > japanese characters. This would explain why its not been
            cracked
            > > yet. This group does not give up easily. One guy typed in
            possible
            > > passwords ~67000 times and overloaded his log file.
            > > Maybe a japanese version is out there and it can be used!
            > > I ran johntheripper for three days on a dual Athlon 3800 and it
            > > cracked all my passwords in seconds. But even after 3 days it
            never
            > > got the root password. I could see my password choices were not
            > > very good!!!
            > > I could not figure out the EM root password either. I would
            guess
            > > it's the same as the root file system. But until I know what
            that
            > > is I can't say I know either. It may just be another japanese
            word
            > > that's not easily tried.
            > > If somebody figures it out, I'm sure it will show up here! :-)
            > > Fortunately I added "myroot" to my linkstation with no
            password. I
            > > can always login even after an update. The update only resets
            > > the "root" password.
            > >
            > > Rich
            > > --- In LinkStation_General@yahoogroups.com, "jceklosk"
            > > <jceklosk@y...> wrote:
            > > >
            > > > All,
            > > >
            > > > I know it's possible to reset the root password the
            linkstation
            > > 1.44
            > > > firmware, but does anyone know the password they are using?
            > > >
            > > > Also when the linkstation is running in EM mode (running from
            the
            > > flash)
            > > > does anyone know if the root login has a password or not? If
            so
            > > what
            > > > is it? I know it's possible to kick it into EM mode, but
            does
            > > anyone
            > > > know what the result will be?
            > > >
            > > > We know the passwords for kuro versions, but how about the
            > > Linkstation
            > > > ones?
            > > >
            > > > Thanks!
          • jceklosk
            I think the password for the image and root are in the setup program run on windows. I would guess it s in that packet output. Just for the heck of it I sent
            Message 5 of 6 , Mar 25, 2005
            • 0 Attachment
              I think the password for the image and root are in the setup program
              run on windows. I would guess it's in that packet output.

              Just for the heck of it I sent an email to the tech's a Buffalo
              asking for the pwd for the zip and root. I wonder if they will fess
              up. I can dream right?

              Where was that dump? I just checked that link you had, but did not
              see any log. Am I blind?

              joe

              --- In LinkStation_General@yahoogroups.com, "irvine_stock"
              <r_obermeyer@p...> wrote:
              >
              > Joe,
              > Yes that was the password I could not crack. To bad you got the
              > same result. I am still hopeful we will crack it.
              > We know the updater can and is sending many commands to the LS
              > during a typical update. Either the updater must be sending the
              > command to uncompress the file and install it or the other choice
              > would mean the flash kernel knows the password and is doing it.
              > With a good packet capture of the commands on the Ethernet should be
              > doable.
              > Tim Lewis had a great packet capture of the complete update to
              > 1.46. It's probably in that log.
              > http://groups.yahoo.com/group/LinkStation_General/message/1423
              > Maybe you can see it with the hex editor in the flash file. I
              > looked but did not see anything useful. But it is a big flash. I
              > also looked in the updater program but similar result.
              > So where is the image.dat being decompressed? Any ideas?
              >
              > If we know the password then we can build a release with bug fixes
              > that can be uploaded back into the LS. We can also change the root
              > password to a known value.
              > Rich
              > --- In LinkStation_General@yahoogroups.com, "jceklosk"
              > <jceklosk@y...> wrote:
              > >
              > > Rich,
              > >
              > > I have done some extensive digging from the flash firware on
              > > the linkstation image using the following:
              > >
              > > echo /dev/fl1 > firmware
              > >
              > > Working with the information found here:
              > >
              > > http://www.yamasita.jp/linkstation.en/flashmemory.html
              > >
              > > I was able to recover the flash ext2 filesystem tinkering with a
              > > hexeditor and finding the kernel image in gz formate along with the
              > > EM root file system in gz format.
              > >
              > > The password for ROOT in EM mode does match the passwd file
              > > when running in normal mode:
              > >
              > > Here is the root entry:
              > >
              > > NORMAL:
              > > root:r.4feIpNeMISQ:0:0:root:/root:/bin/bash
              > >
              > > EM MODE:
              > > root:r.4feIpNeMISQ:0:0:root:/root:/bin/ash
              > >
              > >
              > >
              > > Joe
              > >
              > >
              > > --- In LinkStation_General@yahoogroups.com, "irvine_stock"
              > > <r_obermeyer@p...> wrote:
              > > >
              > > > Many people have tried to crack the password (including myself).
              > > > A common program called "johntheripper" works great (except for
              > > > root). I believe the problem may be the character set used for
              > the
              > > > root password is not standard english ascii. Since most
              > crackers
              > > > use character substitution and dictionaries they never would try
              > > > japanese characters. This would explain why its not been
              > cracked
              > > > yet. This group does not give up easily. One guy typed in
              > possible
              > > > passwords ~67000 times and overloaded his log file.
              > > > Maybe a japanese version is out there and it can be used!
              > > > I ran johntheripper for three days on a dual Athlon 3800 and it
              > > > cracked all my passwords in seconds. But even after 3 days it
              > never
              > > > got the root password. I could see my password choices were not
              > > > very good!!!
              > > > I could not figure out the EM root password either. I would
              > guess
              > > > it's the same as the root file system. But until I know what
              > that
              > > > is I can't say I know either. It may just be another japanese
              > word
              > > > that's not easily tried.
              > > > If somebody figures it out, I'm sure it will show up here! :-)
              > > > Fortunately I added "myroot" to my linkstation with no
              > password. I
              > > > can always login even after an update. The update only resets
              > > > the "root" password.
              > > >
              > > > Rich
              > > > --- In LinkStation_General@yahoogroups.com, "jceklosk"
              > > > <jceklosk@y...> wrote:
              > > > >
              > > > > All,
              > > > >
              > > > > I know it's possible to reset the root password the
              > linkstation
              > > > 1.44
              > > > > firmware, but does anyone know the password they are using?
              > > > >
              > > > > Also when the linkstation is running in EM mode (running from
              > the
              > > > flash)
              > > > > does anyone know if the root login has a password or not? If
              > so
              > > > what
              > > > > is it? I know it's possible to kick it into EM mode, but
              > does
              > > > anyone
              > > > > know what the result will be?
              > > > >
              > > > > We know the passwords for kuro versions, but how about the
              > > > Linkstation
              > > > > ones?
              > > > >
              > > > > Thanks!
            • irvine_stock
              Joe, Maybe not blind but close. I gave you the start of the thread. Tim s quick disassembly was at::
              Message 6 of 6 , Mar 26, 2005
              • 0 Attachment
                Joe,
                Maybe not blind but close. I gave you the start of the thread.
                Tim's quick disassembly was at::
                http://groups.yahoo.com/group/LinkStation_General/message/1427
                I was hoping he would take another look see. He seems to have a
                current run. Maybe he can find it :-)

                Rich

                --- In LinkStation_General@yahoogroups.com, "jceklosk"
                <jceklosk@y...> wrote:
                >
                > I think the password for the image and root are in the setup
                program
                > run on windows. I would guess it's in that packet output.
                >
                > Just for the heck of it I sent an email to the tech's a Buffalo
                > asking for the pwd for the zip and root. I wonder if they will
                fess
                > up. I can dream right?
                >
                > Where was that dump? I just checked that link you had, but did not
                > see any log. Am I blind?
                >
                > joe
                >
                > --- In LinkStation_General@yahoogroups.com, "irvine_stock"
                > <r_obermeyer@p...> wrote:
                > >
                > > Joe,
                > > Yes that was the password I could not crack. To bad you got the
                > > same result. I am still hopeful we will crack it.
                > > We know the updater can and is sending many commands to the LS
                > > during a typical update. Either the updater must be sending the
                > > command to uncompress the file and install it or the other
                choice
                > > would mean the flash kernel knows the password and is doing it.
                > > With a good packet capture of the commands on the Ethernet
                should be
                > > doable.
                > > Tim Lewis had a great packet capture of the complete update to
                > > 1.46. It's probably in that log.
                > > http://groups.yahoo.com/group/LinkStation_General/message/1423
                > > Maybe you can see it with the hex editor in the flash file. I
                > > looked but did not see anything useful. But it is a big flash.
                I
                > > also looked in the updater program but similar result.
                > > So where is the image.dat being decompressed? Any ideas?
                > >
                > > If we know the password then we can build a release with bug
                fixes
                > > that can be uploaded back into the LS. We can also change the
                root
                > > password to a known value.
                > > Rich
                > > --- In LinkStation_General@yahoogroups.com, "jceklosk"
                > > <jceklosk@y...> wrote:
                > > >
                > > > Rich,
                > > >
                > > > I have done some extensive digging from the flash firware on
                > > > the linkstation image using the following:
                > > >
                > > > echo /dev/fl1 > firmware
                > > >
                > > > Working with the information found here:
                > > >
                > > > http://www.yamasita.jp/linkstation.en/flashmemory.html
                > > >
                > > > I was able to recover the flash ext2 filesystem tinkering with
                a
                > > > hexeditor and finding the kernel image in gz formate along
                with the
                > > > EM root file system in gz format.
                > > >
                > > > The password for ROOT in EM mode does match the passwd file
                > > > when running in normal mode:
                > > >
                > > > Here is the root entry:
                > > >
                > > > NORMAL:
                > > > root:r.4feIpNeMISQ:0:0:root:/root:/bin/bash
                > > >
                > > > EM MODE:
                > > > root:r.4feIpNeMISQ:0:0:root:/root:/bin/ash
                > > >
                > > >
                > > >
                > > > Joe
                > > >
                > > >
                > > > --- In LinkStation_General@yahoogroups.com, "irvine_stock"
                > > > <r_obermeyer@p...> wrote:
                > > > >
                > > > > Many people have tried to crack the password (including
                myself).
                > > > > A common program called "johntheripper" works great (except
                for
                > > > > root). I believe the problem may be the character set used
                for
                > > the
                > > > > root password is not standard english ascii. Since most
                > > crackers
                > > > > use character substitution and dictionaries they never would
                try
                > > > > japanese characters. This would explain why its not been
                > > cracked
                > > > > yet. This group does not give up easily. One guy typed in
                > > possible
                > > > > passwords ~67000 times and overloaded his log file.
                > > > > Maybe a japanese version is out there and it can be used!
                > > > > I ran johntheripper for three days on a dual Athlon 3800 and
                it
                > > > > cracked all my passwords in seconds. But even after 3 days
                it
                > > never
                > > > > got the root password. I could see my password choices were
                not
                > > > > very good!!!
                > > > > I could not figure out the EM root password either. I would
                > > guess
                > > > > it's the same as the root file system. But until I know
                what
                > > that
                > > > > is I can't say I know either. It may just be another
                japanese
                > > word
                > > > > that's not easily tried.
                > > > > If somebody figures it out, I'm sure it will show up here! :-
                )
                > > > > Fortunately I added "myroot" to my linkstation with no
                > > password. I
                > > > > can always login even after an update. The update only
                resets
                > > > > the "root" password.
                > > > >
                > > > > Rich
                > > > > --- In LinkStation_General@yahoogroups.com, "jceklosk"
                > > > > <jceklosk@y...> wrote:
                > > > > >
                > > > > > All,
                > > > > >
                > > > > > I know it's possible to reset the root password the
                > > linkstation
                > > > > 1.44
                > > > > > firmware, but does anyone know the password they are using?
                > > > > >
                > > > > > Also when the linkstation is running in EM mode (running
                from
                > > the
                > > > > flash)
                > > > > > does anyone know if the root login has a password or not?
                If
                > > so
                > > > > what
                > > > > > is it? I know it's possible to kick it into EM mode, but
                > > does
                > > > > anyone
                > > > > > know what the result will be?
                > > > > >
                > > > > > We know the passwords for kuro versions, but how about the
                > > > > Linkstation
                > > > > > ones?
                > > > > >
                > > > > > Thanks!
              Your message has been successfully submitted and would be delivered to recipients shortly.