En Pogoplug er fra ny konfigureret til at selv-opdatere soft-waren uden om brugerens kontrol. MEN det her er min maskine, jeg har købt den – den skal kun gøre det jeg siger, og ikke have andre guder!!!! Blandt andet derfor skal ALT software udskiftes, også “BIOS/bootloader”, dermed kan man også køre en moderne Linux.
Menuen for i dag er altså at skifte uBoot bootloaderen ud, så JEG får fuld kontrol over enheden, og vi kan boote en ganske almindelig Debian via nfs, sd-card, usb-stick, sata-disk eller intern FLASH.
Først forbinder jeg min PogoPlug til et lokalt-net der ikke har forbindelse til omverdenen, så jeg risikerer ikke at PogoPlug-en midt i det hele bestemmer sig til at opgradere sin software. Den nye u-Boot kommer fra
- 2014.07 U-Boot for FDT and Non-FDT Kernel – GoFlexNet, GoFlexHome, PogoE02, Dockstar, iConnect, NetgearStora, PogoV4/Mobile, Sheevaplug
http://forum.doozan.com/read.php?3,12381
Det er ikke strengt nødvendigt at åbne/pille i boxen, men jeg kan nu godt lide at have muligheden for en gammeldags seriel-konsol, det ved man jo hvad er. Så derfor monterer jeg normalt en 3.5mm stereo-jack-bøsning til den interne serielle “console”. Har man først en seriel consol, så har man jo magten og alt er muligt. Så lad os prøve uden at åbne den:
Nedenfor er hvordan jeg tog fuld kontrol over min nyeste PogoPlug, der er den lyserøde. Pogo80 fungerer som dhcp/dns server.
root@pogo80:~# logread | grep 00:25:31:04:b6:1d Jan 22 08:25:17 pogo80 daemon.info dnsmasq-dhcp[1816]: 822409483 DHCPDISCOVER(eth0) 00:25:31:04:b6:1d Jan 22 08:25:17 pogo80 daemon.info dnsmasq-dhcp[1816]: 822409483 DHCPOFFER(eth0) 192.168.192.149 00:25:31:04:b6:1d Jan 22 08:25:17 pogo80 daemon.info dnsmasq-dhcp[1816]: 822409483 DHCPREQUEST(eth0) 192.168.192.149 00:25:31:04:b6:1d Jan 22 08:25:17 pogo80 daemon.info dnsmasq-dhcp[1816]: 822409483 DHCPACK(eth0) 192.168.192.149 00:25:31:04:b6:1d root@pogo80:~# logread | grep 192.168.192.149 Jan 22 08:25:24 pogo80 daemon.info dnsmasq[1816]: query[A] service.cloudengines.com from 192.168.192.149 Jan 22 08:25:55 pogo80 daemon.info dnsmasq[1816]: query[A] service.cloudengines.com from 192.168.192.149 Jan 22 08:25:26 pogo80 daemon.info dnsmasq[1816]: query[A] service.cloudengines.com from 192.168.192.149 Jan 22 08:25:57 pogo80 daemon.info dnsmasq[1816]: query[A] service.cloudengines.com from 192.168.192.149 root@pogo80:~# nmap 192.168.192.149 Starting Nmap 6.00 ( http://nmap.org ) at 2015-01-22 08:20 PST Nmap scan report for 192.168.192.149 Host is up (0.00024s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 23/tcp open telnet 80/tcp open http 3333/tcp open dec-notes MAC Address: 00:25:31:04:B6:1D (Cloud Engines) Nmap done: 1 IP address (1 host up) scanned in 1.80 seconds
Efter at den lyserøde box er forbundet, finder jeg dens IP vhja. dens ethernet address (som står trykt på bunden), man kan se at den har forsøgt at “ringe hjem”, men min router er lukke for den. nmap afslører at man måske kan logge ind via telnet eller ssh
Det var nemt! – hvis det nu ikke var tilfældet, så er der hjælp her: https://www.exploitee.rs/index.php/PogoPlug_Mobile
root@pogo80:~# telnet 192.168.192.149 Trying 192.168.192.149... Connected to 192.168.192.149. Escape character is '^]'. Pogoplug login: root Password: -bash-3.2#
Vi er inde, pasword var “ceadmin” uden quotes
-bash-3.2# ps PID Uid VSZ Stat Command 1 root 3400 S init 2 root SW< [kthreadd] 3 root SWN [ksoftirqd/0] 4 root SW< [events/0] 5 root SW< [khelper] 46 root SW< [kblockd/0] 49 root SW< [khubd] 51 root SW< [kmmcd] 65 root SW [crypto] 66 root SW [crypto_ret] 71 root SW [pdflush] 72 root SW [pdflush] 73 root SW< [kswapd0] 74 root SW< [aio/0] 227 root SW< [mtdblockd] 228 root SW< [nftld] 262 root SW< [kcryptd/0] 315 root 3404 S udhcpc -b Pogoplug 317 root 3400 R telnetd 320 root 2100 S /usr/sbin/dropbear 341 root SW< [xce] 342 root 1696 S /usr/local/cloudengines/bin/hbwd /usr/local/cloudengines/bin/hbplug 343 root 2672 S -sh 344 root 11736 S /usr/local/cloudengines/bin/hbplug 415 root 2676 S -bash 416 root 3404 R ps -bash-3.2# df Filesystem 1k-blocks Used Available Use% Mounted on /dev/mtdblock2 32768 10940 21828 33% / none 128004 8 127996 0% /tmp -bash-3.2# mount -o nolock srv:/home /mnt -bash-3.2# cd /mnt/update_uboot/ -bash-3.2# find | sort ./bin/blparam ./bin/flash_erase ./bin/fw_printenv ./bin/fw_setenv ./bin/nanddump ./bin/nandwrite ./my.environment.img ./uboot.2014.07-tld-2.dockstar.mtd0.kwb ./uboot.2014.07-tld-2.environment.img ./uboot.2014.07-tld-2.pogo_e02.mtd0.kwb ./uboot.2014.07-tld-2.pogo_v4.mtd0.kwb ./update_uboot.sh
Så har vi adgang til alle remedierne
Først kører vi mit script uden parametre
-bash-3.2# ./update_uboot.sh blparam is /mnt/update_uboot/bin/blparam flash_erase is /mnt/update_uboot/bin/flash_erase fw_printenv is /mnt/update_uboot/bin/fw_printenv fw_setenv is /mnt/update_uboot/bin/fw_setenv nanddump is /mnt/update_uboot/bin/nanddump nandwrite is /mnt/update_uboot/bin/nandwrite strings is /usr/bin/strings md5sum is /usr/bin/md5sum Validating existing uBoot Current -- U-Boot 1.1.4 (Sep 28 2009 - 11:55:23) Cloud Engines v2.0 (3.4.16) -- original -- pinkpogo INSTALL -- U-Boot 2014.07-tld-2 (Sep 20 2014 - 00:52:18) -- uboot.2014.07-tld-2.pogo_e02.mtd0.kwb -- no harm done to uboot uBoot environment INSTALL -- Environment -- uboot.2014.07-tld-2.environment.img ENV arcNumber=3542 machid=dd6 ethaddr=00:25:31:04:B6:1D no harm done to uboot env nfs_boot not installed into env Done
Næste gang er det alvor
-bash-3.2# ./update_uboot.sh -nue blparam is /mnt/update_uboot/bin/blparam flash_erase is /mnt/update_uboot/bin/flash_erase fw_printenv is /mnt/update_uboot/bin/fw_printenv fw_setenv is /mnt/update_uboot/bin/fw_setenv nanddump is /mnt/update_uboot/bin/nanddump nandwrite is /mnt/update_uboot/bin/nandwrite strings is /usr/bin/strings md5sum is /usr/bin/md5sum Validating existing uBoot Current -- U-Boot 1.1.4 (Sep 28 2009 - 11:55:23) Cloud Engines v2.0 (3.4.16) -- original -- pinkpogo INSTALL -- U-Boot 2014.07-tld-2 (Sep 20 2014 - 00:52:18) -- uboot.2014.07-tld-2.pogo_e02.mtd0.kwb -- Erase Total 4 Units Performing Flash Erase of length 131072 at offset 0x60000 done Writing data to block 0 at offset 0x0 Writing data to block 1 at offset 0x20000 Writing data to block 2 at offset 0x40000 Writing data to block 3 at offset 0x60000 Block size 131072, page size 2048, OOB size 64 Dumping data starting at 0x00000000 and ending at 0x00080000... uBoot Succesfully installed -- U-Boot 2014.07-tld-2 (Sep 20 2014 - 00:52:18) uBoot environment INSTALL -- Environment -- uboot.2014.07-tld-2.environment.img ENV arcNumber=3542 machid=dd6 ethaddr=00:25:31:04:B6:1D Erase Total 1 Units Performing Flash Erase of length 131072 at offset 0xc0000 done Writing data to block 6 at offset 0xc0000 Block size 131072, page size 2048, OOB size 64 Dumping data starting at 0x000c0000 and ending at 0x000e0000... uBoot ENV from "uboot.2014.07-tld-2.environment.img" Succesfully installed --- uboot.2014.07-tld-2.environment.img arc=3542 (00:25:31:04:B6:1D) Done
Det var det, nu skal vi blot checke at alt ser fornuftigt ud, det klarer mit script igen (uden parametre)
-bash-3.2# ./update_uboot.sh blparam is /home/update_uboot/bin/blparam flash_erase is /home/update_uboot/bin/flash_erase fw_printenv is /home/update_uboot/bin/fw_printenv fw_setenv is /home/update_uboot/bin/fw_setenv nanddump is /home/update_uboot/bin/nanddump nandwrite is /home/update_uboot/bin/nandwrite strings is /usr/bin/strings md5sum is /usr/bin/md5sum Validating existing uBoot Current -- U-Boot 2014.07-tld-2 (Sep 20 2014 - 00:52:18) -- uboot.2014.07-tld-2.pogo_e02.mtd0.kwb -- pogo_e02 INSTALL -- U-Boot 2014.07-tld-2 (Sep 20 2014 - 00:52:18) -- uboot.2014.07-tld-2.pogo_e02.mtd0.kwb -- no harm done to uboot uBoot environment allready on newer uboot, env update is not strictly necessarry INSTALL -- Environment -- uboot.2014.07-tld-2.environment.img ENV arcNumber=3542 machid=dd6 ethaddr=00:25:31:04:B6:1D no harm done to uboot env nfs_boot not installed into env Done
Og vi checker for en sikkerhedsskyld environment, ethaddr er sat til os saa det er sikker OK
-bash-3.2# ./bin/fw_printenv mtdparts=mtdparts=orion_nand:1M(u-boot),4M(uImage),32M(rootfs),-(data) baudrate=115200 bootcmd_mmc=run mmc_init; run set_bootargs_mmc; run mmc_boot bootcmd_sata=run sata_init; run set_bootargs_sata; run sata_boot; bootcmd_usb=run usb_init; run set_bootargs_usb; run usb_boot; bootdelay=10 console=ttyS0,115200 device=0:1 ethact=egiga0 if_netconsole=ping $serverip led_error=orange blinking led_exit=green off led_init=green blinking mainlineLinux=yes mmc_boot=mw 0x800000 0 1; run mmc_load_uimage; if run mmc_load_uinitrd; then bootm 0x800000 0x1100000; else bootm 0x800000; fi mmc_init=mmc rescan mmc_load_uimage=ext2load mmc $device 0x800000 /boot/uImage mmc_load_uinitrd=ext2load mmc $device 0x1100000 /boot/uInitrd mmc_root=/dev/mmcblk0p1 mtdids=nand0=orion_nand partition=nand0,2 preboot_nc=run if_netconsole start_netconsole rootdelay=10 rootfstype=ext3 sata_boot=mw 0x800000 0 1; run sata_load_uimage; if run sata_load_uinitrd; then bootm 0x800000 0x1100000; else bootm 0x800000; fi sata_init=ide reset sata_load_uimage=ext2load ide $device 0x800000 /boot/uImage sata_load_uinitrd=ext2load ide $device 0x1100000 /boot/uInitrd sata_root=/dev/sda1 set_bootargs_mmc=setenv bootargs console=$console root=$mmc_root rootdelay=$rootdelay rootfstype=$rootfstype $mtdparts set_bootargs_sata=setenv bootargs console=$console root=$sata_root rootdelay=$rootdelay rootfstype=$rootfstype $mtdparts set_bootargs_usb=setenv bootargs console=$console root=$usb_root rootdelay=$rootdelay rootfstype=$rootfstype $mtdparts start_netconsole=setenv ncip $serverip; setenv bootdelay 10; setenv stdin nc; setenv stdout nc; setenv stderr nc; version; stderr=serial stdin=serial stdout=serial usb_boot=mw 0x800000 0 1; run usb_load_uimage; if run usb_load_uinitrd; then bootm 0x800000 0x1100000; else bootm 0x800000; fi usb_init=usb start usb_load_uimage=ext2load usb $device 0x800000 /boot/uImage usb_load_uinitrd=ext2load usb $device 0x1100000 /boot/uInitrd usb_root=/dev/sda1 bootcmd_uenv=run uenv_load; if test $uenv_loaded -eq 1; then run uenv_import; fi uenv_import=echo importing envs ...; env import -t 0x810000 uenv_load=usb start; mmc rescan; ide reset; setenv uenv_loaded 0; for devtype in usb mmc ide; do for disknum in 0; do run uenv_read_disk; done; done uenv_read=echo loading envs from $devtype $disknum ...; if load $devtype $disknum:1 0x810000 /boot/uEnv.txt; then setenv uenv_loaded 1; fi uenv_read_disk=if test $devtype -eq mmc; then if $devtype part; then run uenv_read; fi; else if $devtype part $disknum; then run uenv_read; fi; fi ethaddr=00:25:31:04:B6:1D arcNumber=3542 machid=dd6 nfs_init=setenv autoload no; dhcp; setenv options root=/dev/nfs rootfstype=nfs rootwait nfsroot=$rootpath ip=$ipaddr:$serverip:$gatewayip:$netmask:$hostname:eth0:off nfs_load=nfs $addr $rootpath/boot/$file set_bootargs=setenv bootargs console=$console $options $mtdparts boot=run ${dev}_init; run set_bootargs; echo ** ${dev} Booting -- $bootargs; mw 0x800000 0 1; addr=0x800000; file=uImage;run ${dev}_load; addr=0x1100000; file=uInitrd;if run ${dev}_load; then bootm 0x800000 0x1100000; else bootm 0x800000; fi bootcmd_nfs=dev=nfs;run boot bootcmd=run bootcmd_uenv; run bootcmd_usb; run bootcmd_mmc; run bootcmd_sata; run bootcmd_nfs; reset
Så er det bare tilbage og starte på en frisk
-bash-3.2# reboot -bash-3.2# Connection closed by foreign host. root@pogo80:~#
Det var det hele, Maskinen er befriet og kan starte en ny tilværelse i in min vold.
Maskinen vil nu boote via USB-stick eller NFS – næste gang ser vi på hvordan det er sat op
Selve update_uboot.sh er et lille shell-script jeg har skrevet, du kan se det her
#!/bin/sh # # Install newest uBoot on mtd0 # ideas and valid-uboot.md5 from Jeff doozan # using the uboots from bodhi http://forum.doozan.com/read.php?3,12381 # echo DANGER, only use if you know what to do when things go wrong. comment this line if you do;exit # md5sums from http://jeff.doozan.com/uboot/valid-uboot.md5 grep -v "^#" >/tmp/valid-uboot.md5 <<-e> <-n> <-s>" echo " -u update uboot DANGER no further questions asked" echo " -e update environment DANGER no further questions asked" echo " -n setup boot from nfs, last priority" echo " -s just check status of uboot (default)" exit } error() { echo $* -- please FIX exit } version() { strings $1 |awk '/^U-Boot/ { if (length($0) > length(string)) string=$0} END {print string}' } install_uboot() { NEW=`grep " $PLATFORM " /tmp/valid-uboot.md5 | tail -1` NEW_MD5=`echo $NEW | cut -f1 -d' '` NEW_UBOOT=`echo $NEW | cut -f3 -d' '` if [ x$MD5 = $NEW_MD5 ]; then echo " already on newest" return fi if [ ! -f $NEW_UBOOT ]; then error "download and unpack $NEW_UBOOT, from http://forum.doozan.com/read.php?3,12381" fi MD5=`md5sum $NEW_UBOOT | cut -f1 -d' '` grep $MD5 /tmp/valid-uboot.md5 >/dev/null if [ $? != 0 ]; then error Current uBoot unknown fi echo "INSTALL -- `version $NEW_UBOOT` -- $NEW_UBOOT --" if [ xYES != x$DO_INSTALL_UBOOT_WITHOUT_ASKING ]; then echo "no harm done to uboot" return fi flash_erase /dev/mtd0 0 4 # Erase the first 4 blocks (512k) nandwrite /dev/mtd0 $NEW_UBOOT nanddump --noecc --omitoob -l 0x80000 -f /tmp/mtd0-dump /dev/mtd0 MD5=`md5sum /tmp/mtd0-dump | cut -f1 -d' '` if [ $MD5 != $NEW_MD5 ]; then error "checksum failed $MD5 != $NEW_MD5 - DO NOT POWEROFF" fi echo "uBoot Succesfully installed -- `version /tmp/mtd0-dump`" } install_env() { echo " uBoot environment" if [ xYES = x$ON_NEVER_UBOOT ]; then echo allready on newer uboot, env update is not strictly necessarry fi if [ xYES = x$DO_INSTALL_UBOOT_WITHOUT_ASKING -a xYES != x$DO_INSTALL_U_ENV_WITHOUT_ASKING ]; then usage upgrade of original uboot, new env MUST be installed fi NEW=`grep " environment " /tmp/valid-uboot.md5 | tail -1` NEW_MD5=`echo $NEW | cut -f1 -d' '` NEW_ENV=`echo $NEW | cut -f3 -d' '` if [ ! -f $NEW_ENV ]; then error "download and unpack $NEW_ENV, from http://forum.doozan.com/read.php?3,12381" fi echo "INSTALL -- Environment -- $NEW_ENV" MD5=`md5sum $NEW_ENV | cut -f1 -d' '` if [ $MD5 != $NEW_MD5 ]; then error " md5 on $NEW_ENV does not match" fi echo "ENV arcNumber=$arcNumber machid=$machid ethaddr=$ethaddr" if [ xYES != x$DO_INSTALL_U_ENV_WITHOUT_ASKING ]; then echo "no harm done to uboot env" return fi flash_erase /dev/mtd0 0xc0000 1 nandwrite -s 786432 /dev/mtd0 $NEW_ENV nanddump --noecc --omitoob -f /tmp/mtd0-dump -s 0xc0000 -l 0x20000 /dev/mtd0 MD5=`md5sum /tmp/mtd0-dump | cut -f1 -d' '` if [ $MD5 != $NEW_MD5 ]; then error "checksum failed after flash of environment - DO NOT POWEROFF" fi fw_setenv ethaddr $ethaddr fw_setenv arcNumber $arcNumber fw_setenv machid $machid echo "uBoot ENV from \"$NEW_ENV\" Succesfully installed --- $NEW_ENV arc=$arcNumber ($ethaddr)" } install_nfs_boot() { if [ xYES != x$DO_INSTALL_U_NFS_WITHOUT_ASKING ]; then echo "nfs_boot not installed into env" return; fi fw_setenv ipaddr fw_setenv serverip fw_setenv nfs_init 'setenv autoload no; dhcp; setenv options root=/dev/nfs rootfstype=nfs rootwait nfsroot=$rootpath ip=$ipaddr:$serverip:$gatewayip:$netmask:$hostname:eth0:off' fw_setenv nfs_load 'nfs $addr $rootpath/boot/$file' fw_setenv set_bootargs 'setenv bootargs console=$console $options $mtdparts' fw_setenv boot 'run ${dev}_init; run set_bootargs; echo ** ${dev} Booting -- $bootargs; mw 0x800000 0 1; addr=0x800000; file=uImage;run ${dev}_load; addr=0x1100000; file=uInitrd;if run ${dev}_load; then bootm 0x800000 0x1100000; else bootm 0x800000; fi' fw_setenv bootcmd_nfs 'dev=nfs;run boot' BOOTCMD=`fw_printenv bootcmd | sed -e 's/^[^=]*=//' -e 's/; run bootcmd_nfs//' -e 's/; reset//'` fw_setenv bootcmd "$BOOTCMD; run bootcmd_nfs; reset" } #### Main script starts here #### while getopts "uens" o; do case "${o}" in u) DO_INSTALL_UBOOT_WITHOUT_ASKING=YES;; e) DO_INSTALL_U_ENV_WITHOUT_ASKING=YES;; n) DO_INSTALL_U_NFS_WITHOUT_ASKING=YES;; s) DO_STATUS;; *) usage wrong options;; esac done PATH=`pwd`/bin:$PATH # newer fw_setenv will not set ethaddr, use ours export PATH for i in blparam flash_erase fw_printenv fw_setenv nanddump nandwrite strings md5sum;do if ! type $i; then usage $i not found, please install f.ex in ./bin fi done echo " Validating existing uBoot" nanddump --noecc --omitoob -l 0x80000 -f /tmp/mtd0-dump /dev/mtd0 2>/dev/null if [ $? != 0 ]; then error nanddump failed; fi MD5=`md5sum /tmp/mtd0-dump | cut -f1 -d' '` LINE=`grep $MD5 /tmp/valid-uboot.md5` if [ $? != 0 ]; then error "Unknown current uBoot: `version /tmp/mtd0-dump`" fi PLATFORM=`echo $LINE | cut -f2 -d' '` UBOOT=`echo $LINE | cut -f3 -d' '` echo Current -- `version /tmp/mtd0-dump` -- $UBOOT -- $PLATFORM if [ -f /proc/board_type -o $UBOOT = original ]; then killall hbwd mount -o remount,rw / echo "/dev/mtd0 0xc0000 0x20000 0x20000" > /etc/fw_env.config # fw_setenv requires it eval `blparam | grep ethaddr` eval `blparam | grep ceboardver` case $ceboardver in REDSTONE:1.0) arcNumber=2998; machid=; PLATFORM=dockstar ;; PPV2) arcNumber=3542; machid=dd6; PLATFORM=pogo_e02 ;; PPV4A1) arcNumber=3960; machid=f78; PLATFORM=pogo_v4 ;; *) error unknown ceboardver=$ceboardver;; esac else ON_NEVER_UBOOT=YES eval `fw_printenv ethaddr` eval `fw_printenv arcNumber` eval `fw_printenv machid` case $arcNumber in 2998) PLATFORM=dockstar ;; 3542) PLATFORM=pogo_e02 ;; 3960) PLATFORM=pogo_v4 ;; *) error unknown arcNumber=$arcNumber;; esac fi if [ x$ethaddr = x ]; then error ethaddr not set in uboot environment - FIX; fi install_uboot install_env install_nfs_boot echo "Done"
You must be logged in to post a comment.