LittlePrinter: Unterschied zwischen den Versionen

3.231 Bytes hinzugefügt ,  16. Januar 2016
Explain how to gain access to the bridge via SSH
(Some draft)
 
(Explain how to gain access to the bridge via SSH)
== The Bridge ==
The printer does not talk to the internet directly. That's what the extra box called "bridge" is for. It has a RJ45 connector for Ethernet and a ZigBee module.
 
=== Hardware ===
 
'''TODO ADD PHOTOS OF THE BOARD'''
 
Right from the start the board offers several unpopulated pinheaders for JTAG and SERIAL. A quick check with the Oscilloscope reveals the pinout. And a logic analyser tells us the required baud settings. Baudrate: 115200 8N1 of course no hardware flow control. The voltage levels are 3.3 volts.
 
The core of the board is a '''ATMEL AT91SAM9620'''.
 
 
=== Software ===
Here is the boot chatter of the bridge.
The system is a AT91SAM9G20 at a clockspeed of 396 MHz running Linux with a kernel version of 2.6.36.4 in April of 2013
It has 32 Megs of RAM and 256 MiB of Flash (far more than required).
The boot process finishes in a login prompt.
The obvious passwords default passwords don't work.
[[Datei:Little_printer_bridge_boot_log.txt]]
 
 
However the System boots with an unlocked uboot. The classic '''INIT=/bin/sh''' work around can be applied.
When uboot asks you to press a button to stop the boot process for a uboot prompt we enter '''pri'' to get the boot parameters.
<pre>
U-Boot> pri
...
bootargs=console=ttyS0,115200 root=/dev/mtdblock6 mtdparts=atmel_nand:128k(bootstrap)ro,256k(uboot)ro,128k(env1),128k(env2),2M(linux),16M(config),-(root) rw rootfstype=jffs2
...
</pre>
 
Now we just append init=/bin/sh to the end of the boot arguments. And continue booting.
<pre>
setenv bootargs console=ttyS0,115200 root=/dev/mtdblock6 mtdparts=atmel_nand:128k(bootstrap)ro,256k(uboot)ro,128k(env1),128k(env2),2M(linux),16M(config),-(root) rw rootfstype=jffs2 init=/bin/sh
 
run bootcmd
</pre>
 
The boot ends in a root shell that we use to replace the current root password and reboot into the regular system.
 
<pre>
/ # passwd
Changing password for root
New password:
Bad password: too short
Retype password:
Password for root changed by root
/ # sync
</pre>
 
Once the default system is running you cannot make changes to the filesystem. That's why we have to remount it as writeable.
Apparently the developer used dropbear to ssh into the bridge. It does not run on boot though. We have to add a init script.
 
<pre>
# mount
rootfs on / type rootfs (rw)
/dev/root on / type jffs2 (ro,relatime)
proc on /proc type proc (rw,relatime)
devpts on /dev/pts type devpts (rw,relatime,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw,relatime,mode=777)
tmpfs on /tmp type tmpfs (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
/dev/mtdblock5 on /opt type jffs2 (rw,noatime)
# mount -o remount,rw /
#
# cd /etc/init.d
# cp S99bergcloud_bridge S99dropbear
# vi S99dropbear
# cat S99dropbear
#!/bin/sh
 
case "$1" in
start|"")
dropbear &
;;
stop)
killall dropbear
;;
*)
echo "Usage: S99dropbear {start|stop}" >&2
exit 1
;;
esac
#
# ./S99dropbear
</pre>
 
Now we can ssh into the device.
There is still a ssh key from the original developer in the system. You might want to remove that file or replace it with your own key.
 
<pre>
# cat ~/.ssh/authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAMzncdooGGcsy7Ga1Yt2OGzCfPWo1OWlzu9ocIncLXo4r7zzqX09EqB77z3esEG4u8NEkpXWJDMH4HnuEXrG8c/NNMxCKcpe6MxVwHFEkNLMZZaXLOiPgyA1dR4rbDSFoaJnqj+YZaGHnYemHVuldG6COILkJFLhW0/4vVpuoXmNAAAAFQDKyKzuZkCEjiCUNDubWO7B5G/q3QAAAIAIVPe/b64rUhAErgqtfOm/EFiaGs+XAVqla8e5BYQAQ7uLg6NoBJZG4d+y4DHwAQuxT8pYeom94XHH8W+yanD+5wV9a1pMAqMm9zzBMZzeqUDQuzJTcQ6azJCsWc6NXLHqfbLe9tPkLz0rBAhC/XOf8STgtTb0yz3xSQI1dKp/XwAAAIEAuhbVx2cSD10EMr48/1iAUYaqvOKO8uITrIxKRE93QjEq2DNZ3WilW/4SGTnxcAOVT18mtE5WqnRPR0rmy+gETWQoD2EmZD0T7GQcrMcrChgJKZoJVxovvBXwtujjSD8hMJU3Rv0mYbqtjAxfbemAb//Pvdv2jm2j9T+0Kr56PrU= nick@buildbot
</pre>
859

Bearbeitungen