Palm Pre Root Breaking log
I "broke" my pre, as in made it available for hacking. To do this, I installed secure shell into it. This will allow me later to do other things. Here's the log for those who care... My comments are searchable by ###
$ ./novaterm
root@castle:/# df ### what does our filesystem look like?
Filesystem 1k-blocks Used Available Use% Mounted on
rootfs 452296 375684 76612 83% /
/dev/root 31728 11368 20360 36% /boot
/dev/mapper/store-root
452296 375684 76612 83% /
/dev/mapper/store-root
452296 375684 76612 83% /dev/.static/dev
tmpfs 2048 192 1856 9% /dev
/dev/mapper/store-var
253920 64860 189060 26% /var
/dev/mapper/store-log
39664 6856 32808 17% /var/log
tmpfs 65536 176 65360 0% /tmp
tmpfs 122516 0 122516 0% /media/ram
/dev/mapper/store-media
7011456 6816416 195040 97% /media/internal
root@castle:/# ls /media/internal ### that's the part I can see when I mount it from my laptop
ClassicApps magritte
DCIM more wallpapers
MarkSpace pre wallpapers
Open Source Information.pdf ringtones
Pre Synchronization screencaptures
dali thoth
downloads wallpapers
iPod_Control
root@castle:/# perl ### no perl. Ok. What do we have?
/bin/sh: perl: not found
root@castle:/# ### i hit tab here, and it displayed a list of available commands
BluetoothMonitor lvdisplay
BrowserServer lvextend
DownloadUpdate lvm
LibpurpleAdapter lvm.static
LunaSysMgr lvmchange
LunaSysService lvmdiskscan
OfficeService lvmdump
OmaDm lvmsadc
PDFService lvmsar
PalmClassic lvreduce
PmBtAtCmdSniff lvremove
PmBtCallStress lvrename
PmBtContacts lvresize
PmBtEcNr lvs
PmBtEngine lvscan
PmBtHfgCiev makedevs
PmBtStack mattrib
PmBtStart mcd
PmBtTestApi mcopy
PmBtTestContacts md5sum
PmBtTestJson mdel
PmBtTestPair mdeltree
PmBtTestScript mdir
PmBtTestStack mdu
PmCertificateMgrService mediaserver
PmConnectionManager memchute
PmIpcDispatch mesg
PmLinuxModemCmd mformat
PmLogCtl minfo
PmMediaGstBinRegistryApp minicore2
PmModemFactory mk_cmds
PmModemInfo mkbootfs.sh
PmModemUpdater mkdfiff
PmNetConfigManager mkdgiff
PmSystemTimeout mkdir
PmTpUpdater mkdosfs
PmUpdater mke2fs
PmUpdaterInitGraphics mke2fs.e2fsprogs
PmWanDaemon mkfs.ext2
PmWiFiService mkfs.ext2.e2fsprogs
SprintDaemon mkfs.ext3
TelephonyInterfaceLayerCdma mkfs.ext3.e2fsprogs
TelephonyInterfaceLayerGsm mkfs.ext4
TilIpcTest mkfs.ext4.e2fsprogs
UpdateDaemon mkfs.ext4dev
[ mkfs.ext4dev.e2fsprogs
[[ mkfs.msdos
addgroup mkfs.vfat
adduser mknod
amazonservice mkswap
amixer mkswap.util-linux-ng
aplay mktemp
ar mlabel
arecord mmd
arm-none-linux-gnueabi-addr2line mmove
arm-none-linux-gnueabi-ar modinfo
arm-none-linux-gnueabi-as modprobe
arm-none-linux-gnueabi-c++filt more
arm-none-linux-gnueabi-gprof mount
arm-none-linux-gnueabi-ld mount.cifs
arm-none-linux-gnueabi-nm mount.fuse
arm-none-linux-gnueabi-objcopy mountpoint
arm-none-linux-gnueabi-objdump mpstat
arm-none-linux-gnueabi-ranlib mpt
arm-none-linux-gnueabi-readelf mrd
arm-none-linux-gnueabi-size mren
arm-none-linux-gnueabi-strings mshowfat
arm-none-linux-gnueabi-strip mtools
arping mtoolstest
ash mtype
audiod mv
awk mvDBFiles.sh
badblocks nc
basename netcat
blkid netstat
blkid.e2fsprogs netstat.net-tools
blockdev nice
boot-init nmeter
bootchart_disable nohup
bootchart_enable novacom
bootchartd novacomd
btdbg ntpdate
bunzip2 oom_late_helper
busybox opannotate
bzcat oparchive
bzcmp opcontrol
bzdiff openssl
bzegrep openvt
bzfgrep opgprof
bzgrep ophelp
bzip2 opimport
bzip2recover opreport
bzless oprofiled
bzmore pacat
camd pacmd
cat pactl
catv palmsniffer
cexec.out paplay
chat parec
chgrp passthrud
chmod passwd
chown pasuspender
chpasswd pgrep
chroot pidof
chrt pidof.sysvinit
chvt pidstat
cksum ping
cleanupDBFiles.sh pivot_root
clear pkill
cmp pmap
compile_et pmipc-dbus-enable
contextupload pmmodempower
cp pmsyslogd
crond poff
crontab pon
crotestd powerd
cryptpw poweroff
cryptsetup pppd
curl printf
cut ps
datamigration pscan
date pstree
dbus-daemon pubsubservice
dbus-launch pulseaudio
dbus-monitor pvchange
dbus-send pvck
dbus-util pvcreate
dbus-uuidgen pvdisplay
dd pvmove
deallocvt pvremove
depmod pvresize
df pvs
dfbdump pvscan
dfbg pwd
dfbinfo pwdx
dfbinput rdxd
dfblayer rdxreporter
dfbpenmount readlink
dfbscreen reboot
dhclient recover
dhclient-script renice
diff reset
directfb-csource resize
dirname rm
dlist_test rmdir
dmesg rmmod
dmsetup rootfs_open
dmsetup.static route
dnsmasq rsync
dosfsck run-parts
dosfslabel runlevel
du sadf
dump_coords.sh sar
dump_raw_touchpanel.sh screen
dump_rawbin_touchpanel.sh screen-4.0.2
dump_touchpanel_data_complete.sh sed
dumpkmap seq
e2fsck setarch
e2fsck.e2fsprogs setcharge
e2label setconsole
echo setkeycodes
ed setlogcons
egrep setserial
enable_coredumps setup-tc.sh
env sh
esdcompat sha1sum
exmap shutdown
exmapd skill
exmapserver slabtop
expand slattach
expr sleep
extractfs sln
false snice
fbdraw sort
fbset split
ffmpeg sqlite-service-test
fgrep sqlite3
fileindexer start
find start-pulseaudio-x11
findfs start-stop-daemon
free status
freetype-config stic
fsadm stop
fsck storaged
fsck.e2fsprogs strace
fsck.ext2 strace-graph
fsck.ext2.e2fsprogs strings
fsck.ext3 stty
fsck.ext3.e2fsprogs su
fsck.ext4 suspend_action
fsck.ext4.e2fsprogs suspend_action.disabled
fsck.ext4dev swapoff
fsck.ext4dev.e2fsprogs swapoff.util-linux-ng
fsck.msdos swapon
fsck.vfat swapon.util-linux-ng
ftpget switch_root
ftpput sync
fuser sysctl
fuser.psmisc systemSoundsLoader
fusermount systool
gdb tail
gdbserver tar
generate-modprobe.conf taskset
get_device tc
get_driver tcpostflash.sh
get_module tcpsvd
getty tee
grep telinit
gst-feedback tellbootie
gst-feedback-0.10 telnet
gst-inspect telnetd
gst-inspect-0.10 test
gst-launch testlibsysfs
gst-launch-0.10 tftp
gst-typefind tidspdebug
gst-typefind-0.10 tidsprestart
gst-visualise-0.10 tidspstart
gst-xmlinspect tidspstop
gst-xmlinspect-0.10 time
gunzip tload
gzcore tokens
gzip top
halt touch
head touchpanel-measure
hexdump touchpanel_control
hidd tr
hostname traceroute
hwclock trenchcoat
id true
ifconfig tty
ifdown ttysize
ifup tune2fs
inetd tzset
init udevcontrol
initctl udevd
insmod udevmonitor
install udevsettle
integcheck udevtrigger
ionice udpsvd
ionice.util-linux-ng ulockmgr_server
iostat umount
ip umount.cifs
ip6tables uname
ip6tables-multi unexpand
ip6tables-restore uniq
ip6tables-save unzip
ipkg update-alternatives
ipkg-cl update-inetd
iptables update-modules
iptables-multi update-passwd
iptables-xml update-rc.d
iwconfig uploadd
iwgetid upstart
iwlist uptime
iwpriv usbmon
iwspy usbnet
java-serviceboot usleep
javahy utmpdump
jpegTranscodeClient uuidgen
jpegTranscodeService vgcfgbackup
jps vgcfgrestore
jsdb vgchange
jthreads vgck
jtop vgconvert
kill vgcreate
killall vgdisplay
killall.psmisc vgexport
killall5 vgextend
killwriters vgimport
klog vgmerge
last vgmknodes
lastb vgreduce
ldconfig vgremove
less vgrename
linux32 vgs
linux64 vgscan
ln vgsplit
loadkmap vi
locationadapter vmstat
logctld vtmpdp_prototype_erm
logctld-public.pem w
logctld_clear_all.sh wall
logctld_collect_all.sh watch
logd wc
logger wget
login which
losetup who
losetup.util-linux-ng whoami
ls wifi-mfg-labtool
lsmod wifidriver
luna-helper wlanconfig
luna-prefs-service wpa_supplicant
luna-send wx-config
lunaprop xargs
lvchange yes
lvconvert zcat
lvcreate
I anonymized the public addresses below. Yes, I run subnet 23 at home. The interesting
address is the ppp0 address, that's the publicly available one, but it is not the address which is returned from www.whatismyipaddress.com
root@castle:/# ifconfig ### who/what are we?
bsl0 Link encap:Ethernet HWaddr 00:1D:FE:XX:XX:XX
inet addr:10.1.1.10 Bcast:10.1.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr 00:1D:FE:XX:XX:XX
inet addr:192.168.23.150 Bcast:192.168.23.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:867 errors:0 dropped:0 overruns:0 frame:0
TX packets:801 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:378525 (369.6 KiB) TX bytes:105096 (102.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1042 errors:0 dropped:0 overruns:0 frame:0
TX packets:1042 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:165092 (161.2 KiB) TX bytes:165092 (161.2 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:xx.xx.xx.xx P-t-P:xx.xx.xx.xx Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1480 Metric:1
RX packets:84 errors:0 dropped:0 overruns:0 frame:0
TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:43721 (42.6 KiB) TX bytes:12068 (11.7 KiB)
root@castle:/# passwd root ### let's change the root password...
Changing password for root
New password:
Bad password: too weak
Retype password:
passwd: cannot update password file /etc/passwd
root@castle:/# passwd root ### hmmm, maybe it didn't like my lame password?
Changing password for root
New password:
Retype password:
passwd: cannot update password file /etc/passwd
root@castle:/# more /etc/passwd ### who else is defined?
root::0:0:root:/home/root:/bin/sh
daemon:*:1:1:daemon:/usr/sbin:/bin/sh
bin:*:2:2:bin:/bin:/bin/sh
sys:*:3:3:sys:/dev:/bin/sh
sync:*:4:65534:sync:/bin:/bin/sync
games:*:5:60:games:/usr/games:/bin/sh
man:*:6:12:man:/var/cache/man:/bin/sh
lp:*:7:7:lp:/var/spool/lpd:/bin/sh
mail:*:8:8:mail:/var/mail:/bin/sh
news:*:9:9:news:/var/spool/news:/bin/sh
uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:*:13:13:proxy:/bin:/bin/sh
pulse:*:31:31:pulse:/var/run/pulse:/bin/sh
www-data:*:33:33:www-data:/var/www:/bin/sh
backup:*:34:34:backup:/var/backups:/bin/sh
list:*:38:38:Mailing List Manager:/var/list:/bin/sh
irc:*:39:39:ircd:/var/run/ircd:/bin/sh
gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
luna:*:1000:1000:luna:/nonexistent:/bin/false
root@castle:/# rootfs_open -w ### aha, it's read only by default. PRobably a good thing.
root@castle:/# passwd root ### Can we change it now?
Changing password for root
New password:
Retype password:
Password for root changed by root
The next series of commands came from http://predev.wikidot.com/adding-the-ipkg-repository. SHould note here that changing the root password wasn't recommended by the web page, I hope I didn't just screw something up.
root@castle:/# mkdir /var/opt
root@castle:/# mkdir /opt
root@castle:/# mount -o bind /var/opt /opt
root@castle:/# echo '/var/opt /opt bind defaults,bind 0 0' >>/etc/fstab
root@castle:/# cd /tmp
root@castle:/tmp# wget http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/ipkg-opt_0.99.163-10_ar
m.ipk
Connecting to ipkg.nslu2-linux.org (140.211.169.169:80)
ipkg-opt_0.99.163-10 100% |****************************************************************| 74456 --:--:-- ETA
root@castle:/tmp# mkdir /tmp/ipkg
root@castle:/tmp# cd /tmp/ipkg/
root@castle:/tmp/ipkg# tar zxvf ../ipkg-opt_0.99.163-10_arm.ipk
./debian-binary
./data.tar.gz
./control.tar.gz
root@castle:/tmp/ipkg# cd /
root@castle:/# tar tzvf /tmp/ipkg/data.tar.gz
drwxr-xr-x 0/0 0 2008-08-22 22:29:28 ./
drwxr-xr-x 0/0 0 2008-08-22 22:29:28 ./opt/
drwxr-xr-x 0/0 0 2008-08-22 22:29:28 ./opt/bin/
-rwxr-xr-x 0/0 3236 2008-08-22 22:29:26 ./opt/bin/ipkg
lrwxrwxrwx 0/0 0 2008-08-22 22:29:28 ./opt/bin/ipkg-opt -> ipkg
-rwxr-xr-x 0/0 4248 2008-08-22 22:29:26 ./opt/bin/update-alternatives
drwxr-xr-x 0/0 0 2008-08-22 22:29:27 ./opt/etc/
-rw-r--r-- 0/0 1040 2008-08-22 22:29:28 ./opt/etc/ipkg.conf
drwxr-xr-x 0/0 0 2008-08-22 22:29:28 ./opt/lib/
lrwxrwxrwx 0/0 0 2008-08-22 22:29:26 ./opt/lib/libipkg.so -> libipkg.so.0.0.0
lrwxrwxrwx 0/0 0 2008-08-22 22:29:26 ./opt/lib/libipkg.so.0 -> libipkg.so.0.0.0
-rwxr-xr-x 0/0 150260 2008-08-22 22:29:26 ./opt/lib/libipkg.so.0.0.0
drwxr-xr-x 0/0 0 2008-08-22 22:29:26 ./opt/share/
drwxr-xr-x 0/0 0 2008-08-22 22:29:26 ./opt/share/ipkg/
drwxr-xr-x 0/0 0 2008-08-22 22:29:26 ./opt/share/ipkg/intercept/
-rwxr-xr-x 0/0 231 2008-08-22 22:29:26 ./opt/share/ipkg/intercept/depmod
-rwxr-xr-x 0/0 151 2008-08-22 22:29:26 ./opt/share/ipkg/intercept/ldconfig
-rwxr-xr-x 0/0 175 2008-08-22 22:29:26 ./opt/share/ipkg/intercept/update-modules
root@castle:/# tar xzvf /tmp/ipkg/data.tar.gz
./
./opt/
./opt/bin/
./opt/bin/ipkg
./opt/bin/ipkg-opt
./opt/bin/update-alternatives
./opt/etc/
./opt/etc/ipkg.conf
./opt/lib/
./opt/lib/libipkg.so
./opt/lib/libipkg.so.0
./opt/lib/libipkg.so.0.0.0
./opt/share/
./opt/share/ipkg/
./opt/share/ipkg/intercept/
./opt/share/ipkg/intercept/depmod
./opt/share/ipkg/intercept/ldconfig
./opt/share/ipkg/intercept/update-modules
root@castle:/# rm /tmp/ipkg-opt_0.99.163-10_arm.ipk
root@castle:/# rm -rf /tmp/ipkg
root@castle:/# mkdir -p /opt/etc/ipkg
root@castle:/# echo "src/gz cs08q1armel http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable" > /op
t/etc/ipkg/optware.conf
root@castle:/# /opt/bin/ipkg-opt update
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/Packages.gz
Inflating http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/Packages.gz
Updated list of available packages in /opt/lib/ipkg/lists/cs08q1armel
Successfully terminated.
root@castle:/# /opt/bin/ipkg-opt install dropbear
Installing dropbear (0.52-5) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/dropbear_0.52-5_arm.ipk
Installing psmisc (21.4-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/psmisc_21.4-1_arm.ipk
Installing ncurses (5.7-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/ncurses_5.7-1_arm.ipk
Configuring dropbear
update-alternatives: Linking //opt/bin/scp to /opt/sbin/dropbearmulti
update-alternatives: Linking //opt/bin/ssh to /opt/sbin/dropbearmulti
Will output 1024 bit rsa secret key to '/opt/etc/dropbear/dropbear_rsa_host_key'
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCLmlrmHg4gJbWHOAnffUB8QUb2PACKLP2Ossxy96c6KIkgPoUuCt558wsvdqqt8kUcENcIafAMrlOy3BcX810tDbbQ4+x9H4VoBhJ57d1KYtZY/LEjjCE3s1Dp6RaUGKvKrLhDiR1vIOfh820/OtlVwnyX9urrAY+/9aIUe9bJH43B root@castle
Fingerprint: md5 dc:40:18:38:18:25:70:8d:f8:32:35:0d:3d:9e:94:35
Will output 1024 bit dss secret key to '/opt/etc/dropbear/dropbear_dss_host_key'
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBALJ9O0DBGGtGyjEXicyHkWUBCWfmeubO9erEie6KcX7UbOuQRBoQXoBRAdSmrj2pOutoz64liAZ37mauHAEZjuhIEI0vUWSE+k93esz723vv1P0RJtOEPFIF77sghaMa9f/pOyiw4pAHMcrWQeTWUIVBZtv2ti5Cpry10QX6OXorAAAAFQDMtErbaLXCKc4azszo7UJZOZfMPwAAAIAgMknozgpjPRyh5UyA5yL9jq6f5XvX9LEHfL0N3/HG98qb9ratp7DAmBVenN6wXXPlLBNM7rS+2FhPQDUKCR6KoqVqiq4Qb3hVuJlRD4o1z90hTfkd8sUmbWZCorRA+yPL4HH776hKXlpx3rWk5k//yKtK+TMPQDKgdiyUcU00EgAAAIEAhcYL42dlGRzZcbSSllzWdo+3wlQwvIwd08SgrZ7sRKako7w+hEOIQ5Thh8bSEH9Yp/qN22LmjHTL838J3LA/tv3xWbJuWhA9oHGJDmoY9s8cTlCfzUJH9GUXY2IRPDHivLhMUhNTPNv3+rZLZI2FBw875WCB1zTMni9GO86UewU= root@castle
Fingerprint: md5 15:05:35:d8:25:86:07:40:9e:07:21:4d:d6:10:49:4a
Configuring ncurses
update-alternatives: Linking //opt/bin/clear to /opt/bin/ncurses-clear
Configuring psmisc
update-alternatives: Linking //opt/bin/killall to /opt/bin/psmisc-killall
update-alternatives: Linking //opt/bin/pidof to /opt/bin/psmisc-killall
Successfully terminated.
root@castle:/# pkill dropbear ; pkill -9 dropbear ### restart the dropbear daemon
root@castle:/# export MYUSER=rca ### create my username
root@castle:/# adduser -h /var/home/$MYUSER $MYUSER
Changing password for rca
New password:
Retype password:
Password for rca changed by root
root@castle:/# # install portion
root@castle:/# /opt/bin/ipkg-opt install sudo
Installing sudo (1.7.0-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/sudo_1.7.0-1_arm.ipk
Configuring sudo
Successfully terminated.
description "Dropbear SSH Daemon for WebOS"
author "Dax Kelson"
version 1.1
# don't start until the WebOS finishes it's normal boot
# that way no delay is added to the GUI startup
start on stopped finish
stop on runlevel [!2]
# The "stock" WebOS dropbear (not shipped) uses this next line
# uncomment if you want the same behavior
#stop on started start_update
# don't try to log any output
console none
# Uncomment to make sure SSH sessions don't slow down GUI use
#nice 5
# Restart the SSH daemon if it exits/dies
respawn
# -g disallow password logins for root
# -F runs in the foreground so the respawn will work
# -p sets the TCP port
exec /opt/sbin/dropbear -g -F -p 222
pre-start script
# Add firewall rule to allow SSH access over WiFi on port 222
# Remove the "-i eth0" on both of the following lines to enable SSH access
# over the cellular data network (EVDO, etc).
/usr/sbin/iptables -D INPUT -p tcp --dport 222 -j ACCEPT || /bin/true
/usr/sbin/iptables -I INPUT -p tcp --dport 222 -j ACCEPT
end script
# funny comment goes here
~
~
~
~
~
~
~
~
~
~
~
~
~
root@castle:/etc/event.d# initctl start optware-dropbear
(02366/472888183) optware-dropbear (start) waiting
(02366/474047851) optware-dropbear (start) starting
(02366/481402587) optware-dropbear (start) pre-start, process 2114
(02366/535418701) optware-dropbear (start) spawned, process 2118
(02366/536578369) optware-dropbear (start) post-start, (main) process 2118
(02366/537127685) optware-dropbear (start) running, process 2118
root@castle:/etc/event.d#
root@castle:/etc/event.d#
root@castle:/etc/event.d#
root@castle:/etc/event.d#
root@castle:/etc/event.d#
root@castle:/etc/event.d# # update the root path..
root@castle:/etc/event.d# mkdir /etc/profile.d/
root@castle:/etc/event.d# cd /etc/profile.d/
root@castle:/etc/profile.d# wget http://gitorious.org/webos-internals/bootstrap/blobs/raw/master/etc/profile.d/op
tware
Connecting to gitorious.org (87.238.52.168:80)
optware 100% |****************************************************************| 76 --:--:-- ETA
root@castle:/etc/profile.d# mount -o remount,ro /
root@castle:/etc/profile.d#
I was able to log into my unpriv'd account with ssh -p 222 rca@ipaddr I think that's all the hacking I need to do for now. Rebooting phone, make sure it still works. Seems to ok. I can still ssh into it.
$ ./novaterm
root@castle:/# df ### what does our filesystem look like?
Filesystem 1k-blocks Used Available Use% Mounted on
rootfs 452296 375684 76612 83% /
/dev/root 31728 11368 20360 36% /boot
/dev/mapper/store-root
452296 375684 76612 83% /
/dev/mapper/store-root
452296 375684 76612 83% /dev/.static/dev
tmpfs 2048 192 1856 9% /dev
/dev/mapper/store-var
253920 64860 189060 26% /var
/dev/mapper/store-log
39664 6856 32808 17% /var/log
tmpfs 65536 176 65360 0% /tmp
tmpfs 122516 0 122516 0% /media/ram
/dev/mapper/store-media
7011456 6816416 195040 97% /media/internal
root@castle:/# ls /media/internal ### that's the part I can see when I mount it from my laptop
ClassicApps magritte
DCIM more wallpapers
MarkSpace pre wallpapers
Open Source Information.pdf ringtones
Pre Synchronization screencaptures
dali thoth
downloads wallpapers
iPod_Control
root@castle:/# perl ### no perl. Ok. What do we have?
/bin/sh: perl: not found
root@castle:/# ### i hit tab here, and it displayed a list of available commands
BluetoothMonitor lvdisplay
BrowserServer lvextend
DownloadUpdate lvm
LibpurpleAdapter lvm.static
LunaSysMgr lvmchange
LunaSysService lvmdiskscan
OfficeService lvmdump
OmaDm lvmsadc
PDFService lvmsar
PalmClassic lvreduce
PmBtAtCmdSniff lvremove
PmBtCallStress lvrename
PmBtContacts lvresize
PmBtEcNr lvs
PmBtEngine lvscan
PmBtHfgCiev makedevs
PmBtStack mattrib
PmBtStart mcd
PmBtTestApi mcopy
PmBtTestContacts md5sum
PmBtTestJson mdel
PmBtTestPair mdeltree
PmBtTestScript mdir
PmBtTestStack mdu
PmCertificateMgrService mediaserver
PmConnectionManager memchute
PmIpcDispatch mesg
PmLinuxModemCmd mformat
PmLogCtl minfo
PmMediaGstBinRegistryApp minicore2
PmModemFactory mk_cmds
PmModemInfo mkbootfs.sh
PmModemUpdater mkdfiff
PmNetConfigManager mkdgiff
PmSystemTimeout mkdir
PmTpUpdater mkdosfs
PmUpdater mke2fs
PmUpdaterInitGraphics mke2fs.e2fsprogs
PmWanDaemon mkfs.ext2
PmWiFiService mkfs.ext2.e2fsprogs
SprintDaemon mkfs.ext3
TelephonyInterfaceLayerCdma mkfs.ext3.e2fsprogs
TelephonyInterfaceLayerGsm mkfs.ext4
TilIpcTest mkfs.ext4.e2fsprogs
UpdateDaemon mkfs.ext4dev
[ mkfs.ext4dev.e2fsprogs
[[ mkfs.msdos
addgroup mkfs.vfat
adduser mknod
amazonservice mkswap
amixer mkswap.util-linux-ng
aplay mktemp
ar mlabel
arecord mmd
arm-none-linux-gnueabi-addr2line mmove
arm-none-linux-gnueabi-ar modinfo
arm-none-linux-gnueabi-as modprobe
arm-none-linux-gnueabi-c++filt more
arm-none-linux-gnueabi-gprof mount
arm-none-linux-gnueabi-ld mount.cifs
arm-none-linux-gnueabi-nm mount.fuse
arm-none-linux-gnueabi-objcopy mountpoint
arm-none-linux-gnueabi-objdump mpstat
arm-none-linux-gnueabi-ranlib mpt
arm-none-linux-gnueabi-readelf mrd
arm-none-linux-gnueabi-size mren
arm-none-linux-gnueabi-strings mshowfat
arm-none-linux-gnueabi-strip mtools
arping mtoolstest
ash mtype
audiod mv
awk mvDBFiles.sh
badblocks nc
basename netcat
blkid netstat
blkid.e2fsprogs netstat.net-tools
blockdev nice
boot-init nmeter
bootchart_disable nohup
bootchart_enable novacom
bootchartd novacomd
btdbg ntpdate
bunzip2 oom_late_helper
busybox opannotate
bzcat oparchive
bzcmp opcontrol
bzdiff openssl
bzegrep openvt
bzfgrep opgprof
bzgrep ophelp
bzip2 opimport
bzip2recover opreport
bzless oprofiled
bzmore pacat
camd pacmd
cat pactl
catv palmsniffer
cexec.out paplay
chat parec
chgrp passthrud
chmod passwd
chown pasuspender
chpasswd pgrep
chroot pidof
chrt pidof.sysvinit
chvt pidstat
cksum ping
cleanupDBFiles.sh pivot_root
clear pkill
cmp pmap
compile_et pmipc-dbus-enable
contextupload pmmodempower
cp pmsyslogd
crond poff
crontab pon
crotestd powerd
cryptpw poweroff
cryptsetup pppd
curl printf
cut ps
datamigration pscan
date pstree
dbus-daemon pubsubservice
dbus-launch pulseaudio
dbus-monitor pvchange
dbus-send pvck
dbus-util pvcreate
dbus-uuidgen pvdisplay
dd pvmove
deallocvt pvremove
depmod pvresize
df pvs
dfbdump pvscan
dfbg pwd
dfbinfo pwdx
dfbinput rdxd
dfblayer rdxreporter
dfbpenmount readlink
dfbscreen reboot
dhclient recover
dhclient-script renice
diff reset
directfb-csource resize
dirname rm
dlist_test rmdir
dmesg rmmod
dmsetup rootfs_open
dmsetup.static route
dnsmasq rsync
dosfsck run-parts
dosfslabel runlevel
du sadf
dump_coords.sh sar
dump_raw_touchpanel.sh screen
dump_rawbin_touchpanel.sh screen-4.0.2
dump_touchpanel_data_complete.sh sed
dumpkmap seq
e2fsck setarch
e2fsck.e2fsprogs setcharge
e2label setconsole
echo setkeycodes
ed setlogcons
egrep setserial
enable_coredumps setup-tc.sh
env sh
esdcompat sha1sum
exmap shutdown
exmapd skill
exmapserver slabtop
expand slattach
expr sleep
extractfs sln
false snice
fbdraw sort
fbset split
ffmpeg sqlite-service-test
fgrep sqlite3
fileindexer start
find start-pulseaudio-x11
findfs start-stop-daemon
free status
freetype-config stic
fsadm stop
fsck storaged
fsck.e2fsprogs strace
fsck.ext2 strace-graph
fsck.ext2.e2fsprogs strings
fsck.ext3 stty
fsck.ext3.e2fsprogs su
fsck.ext4 suspend_action
fsck.ext4.e2fsprogs suspend_action.disabled
fsck.ext4dev swapoff
fsck.ext4dev.e2fsprogs swapoff.util-linux-ng
fsck.msdos swapon
fsck.vfat swapon.util-linux-ng
ftpget switch_root
ftpput sync
fuser sysctl
fuser.psmisc systemSoundsLoader
fusermount systool
gdb tail
gdbserver tar
generate-modprobe.conf taskset
get_device tc
get_driver tcpostflash.sh
get_module tcpsvd
getty tee
grep telinit
gst-feedback tellbootie
gst-feedback-0.10 telnet
gst-inspect telnetd
gst-inspect-0.10 test
gst-launch testlibsysfs
gst-launch-0.10 tftp
gst-typefind tidspdebug
gst-typefind-0.10 tidsprestart
gst-visualise-0.10 tidspstart
gst-xmlinspect tidspstop
gst-xmlinspect-0.10 time
gunzip tload
gzcore tokens
gzip top
halt touch
head touchpanel-measure
hexdump touchpanel_control
hidd tr
hostname traceroute
hwclock trenchcoat
id true
ifconfig tty
ifdown ttysize
ifup tune2fs
inetd tzset
init udevcontrol
initctl udevd
insmod udevmonitor
install udevsettle
integcheck udevtrigger
ionice udpsvd
ionice.util-linux-ng ulockmgr_server
iostat umount
ip umount.cifs
ip6tables uname
ip6tables-multi unexpand
ip6tables-restore uniq
ip6tables-save unzip
ipkg update-alternatives
ipkg-cl update-inetd
iptables update-modules
iptables-multi update-passwd
iptables-xml update-rc.d
iwconfig uploadd
iwgetid upstart
iwlist uptime
iwpriv usbmon
iwspy usbnet
java-serviceboot usleep
javahy utmpdump
jpegTranscodeClient uuidgen
jpegTranscodeService vgcfgbackup
jps vgcfgrestore
jsdb vgchange
jthreads vgck
jtop vgconvert
kill vgcreate
killall vgdisplay
killall.psmisc vgexport
killall5 vgextend
killwriters vgimport
klog vgmerge
last vgmknodes
lastb vgreduce
ldconfig vgremove
less vgrename
linux32 vgs
linux64 vgscan
ln vgsplit
loadkmap vi
locationadapter vmstat
logctld vtmpdp_prototype_erm
logctld-public.pem w
logctld_clear_all.sh wall
logctld_collect_all.sh watch
logd wc
logger wget
login which
losetup who
losetup.util-linux-ng whoami
ls wifi-mfg-labtool
lsmod wifidriver
luna-helper wlanconfig
luna-prefs-service wpa_supplicant
luna-send wx-config
lunaprop xargs
lvchange yes
lvconvert zcat
lvcreate
I anonymized the public addresses below. Yes, I run subnet 23 at home. The interesting
address is the ppp0 address, that's the publicly available one, but it is not the address which is returned from www.whatismyipaddress.com
root@castle:/# ifconfig ### who/what are we?
bsl0 Link encap:Ethernet HWaddr 00:1D:FE:XX:XX:XX
inet addr:10.1.1.10 Bcast:10.1.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr 00:1D:FE:XX:XX:XX
inet addr:192.168.23.150 Bcast:192.168.23.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:867 errors:0 dropped:0 overruns:0 frame:0
TX packets:801 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:378525 (369.6 KiB) TX bytes:105096 (102.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1042 errors:0 dropped:0 overruns:0 frame:0
TX packets:1042 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:165092 (161.2 KiB) TX bytes:165092 (161.2 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:xx.xx.xx.xx P-t-P:xx.xx.xx.xx Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1480 Metric:1
RX packets:84 errors:0 dropped:0 overruns:0 frame:0
TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:43721 (42.6 KiB) TX bytes:12068 (11.7 KiB)
root@castle:/# passwd root ### let's change the root password...
Changing password for root
New password:
Bad password: too weak
Retype password:
passwd: cannot update password file /etc/passwd
root@castle:/# passwd root ### hmmm, maybe it didn't like my lame password?
Changing password for root
New password:
Retype password:
passwd: cannot update password file /etc/passwd
root@castle:/# more /etc/passwd ### who else is defined?
root::0:0:root:/home/root:/bin/sh
daemon:*:1:1:daemon:/usr/sbin:/bin/sh
bin:*:2:2:bin:/bin:/bin/sh
sys:*:3:3:sys:/dev:/bin/sh
sync:*:4:65534:sync:/bin:/bin/sync
games:*:5:60:games:/usr/games:/bin/sh
man:*:6:12:man:/var/cache/man:/bin/sh
lp:*:7:7:lp:/var/spool/lpd:/bin/sh
mail:*:8:8:mail:/var/mail:/bin/sh
news:*:9:9:news:/var/spool/news:/bin/sh
uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:*:13:13:proxy:/bin:/bin/sh
pulse:*:31:31:pulse:/var/run/pulse:/bin/sh
www-data:*:33:33:www-data:/var/www:/bin/sh
backup:*:34:34:backup:/var/backups:/bin/sh
list:*:38:38:Mailing List Manager:/var/list:/bin/sh
irc:*:39:39:ircd:/var/run/ircd:/bin/sh
gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
luna:*:1000:1000:luna:/nonexistent:/bin/false
root@castle:/# rootfs_open -w ### aha, it's read only by default. PRobably a good thing.
root@castle:/# passwd root ### Can we change it now?
Changing password for root
New password:
Retype password:
Password for root changed by root
The next series of commands came from http://predev.wikidot.com/adding-the-ipkg-repository. SHould note here that changing the root password wasn't recommended by the web page, I hope I didn't just screw something up.
root@castle:/# mkdir /var/opt
root@castle:/# mkdir /opt
root@castle:/# mount -o bind /var/opt /opt
root@castle:/# echo '/var/opt /opt bind defaults,bind 0 0' >>/etc/fstab
root@castle:/# cd /tmp
root@castle:/tmp# wget http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/ipkg-opt_0.99.163-10_ar
m.ipk
Connecting to ipkg.nslu2-linux.org (140.211.169.169:80)
ipkg-opt_0.99.163-10 100% |****************************************************************| 74456 --:--:-- ETA
root@castle:/tmp# mkdir /tmp/ipkg
root@castle:/tmp# cd /tmp/ipkg/
root@castle:/tmp/ipkg# tar zxvf ../ipkg-opt_0.99.163-10_arm.ipk
./debian-binary
./data.tar.gz
./control.tar.gz
root@castle:/tmp/ipkg# cd /
root@castle:/# tar tzvf /tmp/ipkg/data.tar.gz
drwxr-xr-x 0/0 0 2008-08-22 22:29:28 ./
drwxr-xr-x 0/0 0 2008-08-22 22:29:28 ./opt/
drwxr-xr-x 0/0 0 2008-08-22 22:29:28 ./opt/bin/
-rwxr-xr-x 0/0 3236 2008-08-22 22:29:26 ./opt/bin/ipkg
lrwxrwxrwx 0/0 0 2008-08-22 22:29:28 ./opt/bin/ipkg-opt -> ipkg
-rwxr-xr-x 0/0 4248 2008-08-22 22:29:26 ./opt/bin/update-alternatives
drwxr-xr-x 0/0 0 2008-08-22 22:29:27 ./opt/etc/
-rw-r--r-- 0/0 1040 2008-08-22 22:29:28 ./opt/etc/ipkg.conf
drwxr-xr-x 0/0 0 2008-08-22 22:29:28 ./opt/lib/
lrwxrwxrwx 0/0 0 2008-08-22 22:29:26 ./opt/lib/libipkg.so -> libipkg.so.0.0.0
lrwxrwxrwx 0/0 0 2008-08-22 22:29:26 ./opt/lib/libipkg.so.0 -> libipkg.so.0.0.0
-rwxr-xr-x 0/0 150260 2008-08-22 22:29:26 ./opt/lib/libipkg.so.0.0.0
drwxr-xr-x 0/0 0 2008-08-22 22:29:26 ./opt/share/
drwxr-xr-x 0/0 0 2008-08-22 22:29:26 ./opt/share/ipkg/
drwxr-xr-x 0/0 0 2008-08-22 22:29:26 ./opt/share/ipkg/intercept/
-rwxr-xr-x 0/0 231 2008-08-22 22:29:26 ./opt/share/ipkg/intercept/depmod
-rwxr-xr-x 0/0 151 2008-08-22 22:29:26 ./opt/share/ipkg/intercept/ldconfig
-rwxr-xr-x 0/0 175 2008-08-22 22:29:26 ./opt/share/ipkg/intercept/update-modules
root@castle:/# tar xzvf /tmp/ipkg/data.tar.gz
./
./opt/
./opt/bin/
./opt/bin/ipkg
./opt/bin/ipkg-opt
./opt/bin/update-alternatives
./opt/etc/
./opt/etc/ipkg.conf
./opt/lib/
./opt/lib/libipkg.so
./opt/lib/libipkg.so.0
./opt/lib/libipkg.so.0.0.0
./opt/share/
./opt/share/ipkg/
./opt/share/ipkg/intercept/
./opt/share/ipkg/intercept/depmod
./opt/share/ipkg/intercept/ldconfig
./opt/share/ipkg/intercept/update-modules
root@castle:/# rm /tmp/ipkg-opt_0.99.163-10_arm.ipk
root@castle:/# rm -rf /tmp/ipkg
root@castle:/# mkdir -p /opt/etc/ipkg
root@castle:/# echo "src/gz cs08q1armel http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable" > /op
t/etc/ipkg/optware.conf
root@castle:/# /opt/bin/ipkg-opt update
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/Packages.gz
Inflating http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/Packages.gz
Updated list of available packages in /opt/lib/ipkg/lists/cs08q1armel
Successfully terminated.
root@castle:/# /opt/bin/ipkg-opt install dropbear
Installing dropbear (0.52-5) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/dropbear_0.52-5_arm.ipk
Installing psmisc (21.4-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/psmisc_21.4-1_arm.ipk
Installing ncurses (5.7-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/ncurses_5.7-1_arm.ipk
Configuring dropbear
update-alternatives: Linking //opt/bin/scp to /opt/sbin/dropbearmulti
update-alternatives: Linking //opt/bin/ssh to /opt/sbin/dropbearmulti
Will output 1024 bit rsa secret key to '/opt/etc/dropbear/dropbear_rsa_host_key'
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCLmlrmHg4gJbWHOAnffUB8QUb2PACKLP2Ossxy96c6KIkgPoUuCt558wsvdqqt8kUcENcIafAMrlOy3BcX810tDbbQ4+x9H4VoBhJ57d1KYtZY/LEjjCE3s1Dp6RaUGKvKrLhDiR1vIOfh820/OtlVwnyX9urrAY+/9aIUe9bJH43B root@castle
Fingerprint: md5 dc:40:18:38:18:25:70:8d:f8:32:35:0d:3d:9e:94:35
Will output 1024 bit dss secret key to '/opt/etc/dropbear/dropbear_dss_host_key'
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBALJ9O0DBGGtGyjEXicyHkWUBCWfmeubO9erEie6KcX7UbOuQRBoQXoBRAdSmrj2pOutoz64liAZ37mauHAEZjuhIEI0vUWSE+k93esz723vv1P0RJtOEPFIF77sghaMa9f/pOyiw4pAHMcrWQeTWUIVBZtv2ti5Cpry10QX6OXorAAAAFQDMtErbaLXCKc4azszo7UJZOZfMPwAAAIAgMknozgpjPRyh5UyA5yL9jq6f5XvX9LEHfL0N3/HG98qb9ratp7DAmBVenN6wXXPlLBNM7rS+2FhPQDUKCR6KoqVqiq4Qb3hVuJlRD4o1z90hTfkd8sUmbWZCorRA+yPL4HH776hKXlpx3rWk5k//yKtK+TMPQDKgdiyUcU00EgAAAIEAhcYL42dlGRzZcbSSllzWdo+3wlQwvIwd08SgrZ7sRKako7w+hEOIQ5Thh8bSEH9Yp/qN22LmjHTL838J3LA/tv3xWbJuWhA9oHGJDmoY9s8cTlCfzUJH9GUXY2IRPDHivLhMUhNTPNv3+rZLZI2FBw875WCB1zTMni9GO86UewU= root@castle
Fingerprint: md5 15:05:35:d8:25:86:07:40:9e:07:21:4d:d6:10:49:4a
Configuring ncurses
update-alternatives: Linking //opt/bin/clear to /opt/bin/ncurses-clear
Configuring psmisc
update-alternatives: Linking //opt/bin/killall to /opt/bin/psmisc-killall
update-alternatives: Linking //opt/bin/pidof to /opt/bin/psmisc-killall
Successfully terminated.
root@castle:/# pkill dropbear ; pkill -9 dropbear ### restart the dropbear daemon
root@castle:/# export MYUSER=rca ### create my username
root@castle:/# adduser -h /var/home/$MYUSER $MYUSER
Changing password for rca
New password:
Retype password:
Password for rca changed by root
root@castle:/# # install portion
root@castle:/# /opt/bin/ipkg-opt install sudo
Installing sudo (1.7.0-1) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/cs08q1armel/cross/stable/sudo_1.7.0-1_arm.ipk
Configuring sudo
Successfully terminated.
description "Dropbear SSH Daemon for WebOS"
author "Dax Kelson"
version 1.1
# don't start until the WebOS finishes it's normal boot
# that way no delay is added to the GUI startup
start on stopped finish
stop on runlevel [!2]
# The "stock" WebOS dropbear (not shipped) uses this next line
# uncomment if you want the same behavior
#stop on started start_update
# don't try to log any output
console none
# Uncomment to make sure SSH sessions don't slow down GUI use
#nice 5
# Restart the SSH daemon if it exits/dies
respawn
# -g disallow password logins for root
# -F runs in the foreground so the respawn will work
# -p sets the TCP port
exec /opt/sbin/dropbear -g -F -p 222
pre-start script
# Add firewall rule to allow SSH access over WiFi on port 222
# Remove the "-i eth0" on both of the following lines to enable SSH access
# over the cellular data network (EVDO, etc).
/usr/sbin/iptables -D INPUT -p tcp --dport 222 -j ACCEPT || /bin/true
/usr/sbin/iptables -I INPUT -p tcp --dport 222 -j ACCEPT
end script
# funny comment goes here
~
~
~
~
~
~
~
~
~
~
~
~
~
root@castle:/etc/event.d# initctl start optware-dropbear
(02366/472888183) optware-dropbear (start) waiting
(02366/474047851) optware-dropbear (start) starting
(02366/481402587) optware-dropbear (start) pre-start, process 2114
(02366/535418701) optware-dropbear (start) spawned, process 2118
(02366/536578369) optware-dropbear (start) post-start, (main) process 2118
(02366/537127685) optware-dropbear (start) running, process 2118
root@castle:/etc/event.d#
root@castle:/etc/event.d#
root@castle:/etc/event.d#
root@castle:/etc/event.d#
root@castle:/etc/event.d#
root@castle:/etc/event.d# # update the root path..
root@castle:/etc/event.d# mkdir /etc/profile.d/
root@castle:/etc/event.d# cd /etc/profile.d/
root@castle:/etc/profile.d# wget http://gitorious.org/webos-internals/bootstrap/blobs/raw/master/etc/profile.d/op
tware
Connecting to gitorious.org (87.238.52.168:80)
optware 100% |****************************************************************| 76 --:--:-- ETA
root@castle:/etc/profile.d# mount -o remount,ro /
root@castle:/etc/profile.d#
I was able to log into my unpriv'd account with ssh -p 222 rca@ipaddr I think that's all the hacking I need to do for now. Rebooting phone, make sure it still works. Seems to ok. I can still ssh into it.