Instances of crazy fixes that actually ended up working. Or not working, I'm a description, not the cops.
Diy Electronics
/r/RetroArch is a subreddit dedicated to RetroArch and the libretro API framework. Post setup guides, questions and news here!
This subreddit has been taken private from June12 in support of the strike on reddit to protest the upcoming changes to the pricing structure for the reddit API and related rule changes. ------- You probably want all your electronics to run on the 18650 lithium-ion cell. You just don't know it yet.
Are you building a solar system for your house? Shed? RV? This subreddit is for you! Discuss your projects, show us pictures, ask for help. Anything DIY Solar!
Reddit's original DIY Audio subreddit to discuss speaker and amplifier projects of all types, share plans and schematics, and link to interesting projects.
An unofficial place for all things Arduino! We all learned this stuff from some kind stranger on the internet. Bring us your Arduino questions or help answer something you might know! 😉
Instances of crazy fixes that actually ended up working. Or not working, I'm a description, not the cops.
Instances of crazy fixes that actually ended up working. Or not working, I'm a description, not the cops.
Welcome to /WLED! This is a community mainly for WLED users to ask questions, show off their work, or help new users out!
/r/RetroArch is a subreddit dedicated to RetroArch and the libretro API framework. Post setup guides, questions and news here!
Now that the iOS fam have joined hopefully, these guides will help those unfamiliar with RetroArch:
-
RetroArch for iOS - BEGINNERS GUIDE -
-
How to use Shaders -
-
Make your own Shader presets -
-
Where do BIOS files go? -
-
how to use Cheats -
-
Preemptive Frames -
-
Change User Interface -
-
Adjust Menu Size -
-
Touch Screen Overlays -
-
Rewind -
-
Boxart and Thumbnails -
-
Automatically Load Shaders -
-
How to Calculate Run-Ahead Frames -
-
Fix Screen Tearing -
-
HDR -
-
Useful Hotkeys -
-
Improved Sega Mega Drive Rotation Fix -
-
SNES Mode 7 HD -
-
Create Views -
-
RetroArchievements -
A subreddit for practical questions about component-level electronic circuits: design, repair, component buying, test gear and tools.
Have a rotorcraft that has two or more horizontal rotors? Then you're in the right place! Bicopters, Tricopters, Quadcopters, Pentacopters, Hexacopters, Octocopters, indeed any non-fixed-wing aircraft is very welcome here.
/r/RetroArch is a subreddit dedicated to RetroArch and the libretro API framework. Post setup guides, questions and news here!
A place for solderers from around the world, to gather, help one another, and hang out.
ESP32 is a series of low cost, low power system on a chip microcontrollers with integrated Wi-Fi and dual-mode Bluetooth. The ESP32 series employs either a Tensilica Xtensa LX6, Xtensa LX7 or a RiscV processor, and both dual-core and single-core variations are available. It includes in-built antenna switches, RF balun, power amplifier, low-noise receive amplifier, filters, and power management modules as well.
/r/RetroArch is a subreddit dedicated to RetroArch and the libretro API framework. Post setup guides, questions and news here!
A subreddit for practical questions about component-level electronic circuits: design, repair, component buying, test gear and tools.
The intersection of DIY, electrical engineering, repurposing, and security. Posts or discussions about improving, repurposing, hacking, or creating new devices out of old things are all welcome.
This is a follow up post to a recent project that I've been working on where I am trying to get a root shell on a FULLHAN fh8626 camera. Because of school, I was not able to interact with it but now I was able to get a root shell on this camera.
Binwalk RootFS Extraction
When I ran binwalk on the firmware file I got an xz compressed data and a bunch of other files. After decompressing the data I ran binwalk on it which extracted a cpio archive which contains the root file system.
Password Cracking
I used john the ripper to crack the password hash using the shadow file. Which gave me root123 as the password. Even though I know it was not the password, but I gave it a shot which resulted in login incorrect.
Startup Script Analysis
Since the above password didn't work, I decided to see the rcS script in /etc/init.d/. Which just ran a lot of scripts starting from S01,S02,... in order. But, the S04app script was interesting. It ran an app_init.sh script which was no where to be found in the rootFS.
Boot Log Analysis
I was able to see the boot log using minicom. And in there i found that the system is mounting one squashfs filesystem and two jffs2 filesystems to /app , /app/userdata, /app/res.
SquashFS Analysis
In this file system I was able to see the app_init.sh file alongside with some other files.
SquashFS Modification 1
After that, I came all the way to the end of the app_init.sh script and added some linux commands which shows the contents of the shadow file and repacked the firmware and uploaded it to the camera.
Boot Log Analysis(again)
Now I saw the contents of all shadow files listed in the boot log and the shadow file from /app/userdata/shadow is copied to /etc/shadow and there was also a shadow file in the squashfs file system which is not being bothered by anyone. The shadow file which should be modified is in a jffs2 filesystem.
SquashFS Modification 2
Now, I removed the contents of app_init.sh and replaced it with /bin/sh and repacked it and uploaded it to the camera.
Changing The Password
Now, I used minicom to connect to the camera which showed me a root shell. Even though it's a root shell it's not that useful. So, I went into /app/userdata/ and changed the contents of the shadow file.
New Password Generation
In order to generate a new password I used a binary in the root file system named cryptw which spits out a DES-crypt(UNIX) hash for whatever you enter. In order to do this I chrooted into the filesystem and used qemu-user-static. I also checked the hash by using python crypt function. The first two characters in the "hash" is the salt and the rest is the actual hashed password + salt.
Now, I replaced the contents of app_init.sh back to its original.
Root Shell
After flashing the modded firmware back to the EEPROM. I was able to get a full privileged root shell through telnet using the new password.
Notes
-
The crypt function doesn't support python3.7. That's why I used python2.7
-
I know that this device is arm(armv6l) based by actually looking at the kernel zImage
-
I used ch341a BIOS flasher to conduct all firmware flashing process
-
The other jffs2 file system contains audio files which are used to indicate the user about various things
-
I could have packed the jffs file system on the computer using mkfs.jffs2 but I just wanted to see and gain some experience by going through the hard route.
-
That blue and yellow box just contains an UART to USB adapter
Reference
An unofficial place for all things Arduino! We all learned this stuff from some kind stranger on the internet. Bring us your Arduino questions or help answer something you might know! 😉
-
A subreddit for practical questions about component-level electronic circuits: design, repair, component buying, test gear and tools.
members -
members -
An unofficial place for all things Arduino! We all learned this stuff from some kind stranger on the internet. Bring us your Arduino questions or help answer something you might know! 😉
members -
/r/RetroArch is a subreddit dedicated to RetroArch and the libretro API framework. Post setup guides, questions and news here!
members -
members -
ESP32 is a series of low cost, low power system on a chip microcontrollers with integrated Wi-Fi and dual-mode Bluetooth. The ESP32 series employs either a Tensilica Xtensa LX6, Xtensa LX7 or a RiscV processor, and both dual-core and single-core variations are available. It includes in-built antenna switches, RF balun, power amplifier, low-noise receive amplifier, filters, and power management modules as well.
members -
For questions, news, and discussion about batteries, cells, chargers, charger/inverters, power banks and UPSs.
members -
This subreddit is dedicated to both amateur and professional engineers that want to build cool stuff at home, challenge themselves to learn new technologies, learn from each others' designs, and showcase their side projects.
members -
MBL.REPAIR | Mobile Device Repair Whether you are a hobbyist or a tech sitting in the shop. This sub encompasses everything from basic computer, phone & tablet repair, to also those delving into the board level repair and data recovery aspects as well. We also provide basic getting started guides as well as links to vetted parts suppliers in our sidebar. Where we believe that as long as the device turns on, the screen is repairable! Welcome to Mobile Device Repair!
members -
Are you building a solar system for your house? Shed? RV? This subreddit is for you! Discuss your projects, show us pictures, ask for help. Anything DIY Solar!
members -
**Official Printed Circuit Board (PCB) Subreddit** - schematic capture / PCB layout / PCB assembly / gerber reviews / Altium / DipTrace / KiCad / LibrePCB / OrCAD / LTspice / QSPICE / Arduino / ARM / FPGA. Please read review instructions at https://old.reddit.com/r/PrintedCircuitBoard/wiki/index#wiki_instructions_for_reviews
members -
A place for solderers from around the world, to gather, help one another, and hang out.
members -
Information sub on all types of generators: home standby, Commercial, portable, RV, marine, etc. Repair tips, ratings and maintenance information available as well as recommendations on how to repair and safely operate a generator in an emergency.
members -
Instances of crazy fixes that actually ended up working. Or not working, I'm a description, not the cops.
members -
Have a rotorcraft that has two or more horizontal rotors? Then you're in the right place! Bicopters, Tricopters, Quadcopters, Pentacopters, Hexacopters, Octocopters, indeed any non-fixed-wing aircraft is very welcome here.
members -
Welcome to /WLED! This is a community mainly for WLED users to ask questions, show off their work, or help new users out!
members -
Reddit's original DIY Audio subreddit to discuss speaker and amplifier projects of all types, share plans and schematics, and link to interesting projects.
members -
Reddit’s home for all things lighting. Commercial, Industrial, Architectural, or Residential- you name it. Ask questions, recommend products, and post cool lighting!
members -
Welcome to Meshtastic's Official Subreddit! You may also find us on [Discord](https://discord.com/invite/ktMAKGBnBs) and [Discourse](https://meshtastic.discourse.group).
members -
This subreddit has been taken private from June12 in support of the strike on reddit to protest the upcoming changes to the pricing structure for the reddit API and related rule changes. ------- You probably want all your electronics to run on the 18650 lithium-ion cell. You just don't know it yet.
members -
members -
If you want to show off your new DIY drone, or if you have questions on how to build one, this reddit is for you! Unmanned Aerial Vehicles (UAV), Unmanned Ground Vehicles (UGV) and just about any other unmanned vehicle you can think of are welcome here.
members