我已经使用 OPOS6UL ( http://www.armadeus.org/wiki/index.php?title=OPOS6UL ) 作为单板计算机从垃圾箱中保存了一个嵌入式系统。获得 UART 控制台很容易,但我无法登录,因为我不知道密码。
获得root访问权限的方法有哪些?
我认为 :
- 尝试常用密码/开发工具包默认密码 => 不工作
- 暴力破解密码:太长,我必须在重试之间等待几秒钟
- 转储 eMMC 以读取 /etc/passwd :硬件转储是不可能的,是否可以从 u-boot ?
- 还有其他想法吗?
这是启动日志:
U-Boot SPL 2016.05 (Sep 22 2017 - 16:24:46)
Trying to boot from MMC1
U-Boot 2016.05 (Sep 22 2017 - 16:24:46 +0200)
CPU: Freescale i.MX6UL rev1.1 at 396 MHz
Reset cause: POR
Board: OPOS6UL
DRAM: 256 MiB
MMC: FSL_SDHC: 0
Video: 800x480x18
Net: FEC [PRIME]
Hit any key to stop autoboot: 0
1152122 bytes read in 140 ms (7.8 MiB/s)
5243120 bytes read in 265 ms (18.9 MiB/s)
27370 bytes read in 116 ms (229.5 KiB/s)
Kernel image @ 0x82000000 [ 0x000000 - 0x5000f0 ]
## Flattened Device Tree blob at 88000000
Booting using the fdt blob at 0x88000000
Using Device Tree in place at 88000000, end 88009ae9
Starting kernel ...
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Linux version 4.8.10 (microlide@dev-armadeus) (gcc version 6.2.1 20161016 (Linaro GCC 6.2-2016.11) ) #1 PREEMPT Mon Oct 23 18:04:19 CEST 2017
[ 0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c53c7d
[ 0.000000] CPU: div instructions available: patching division code
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[ 0.000000] OF: fdt:Machine model: Armadeus Systems OPOS6UL SoM on OPOS6ULDev board
[ 0.000000] cma: Reserved 16 MiB at 0x8f000000
[ 0.000000] Memory policy: Data cache writeback
[ 0.000000] CPU: All CPU(s) started in SVC mode.
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 65024
[ 0.000000] Kernel command line: console=ttymxc0,115200 root=/dev/mmcblk0p2 ro rootfstype=ext4 rootwait
[ 0.000000] PID hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.000000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
[ 0.000000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
[ 0.000000] Memory: 222416K/262144K available (8192K kernel code, 365K rwdata, 2296K rodata, 1024K init, 8206K bss, 23344K reserved, 16384K cma-reserved, 0K highmem)
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xffc00000 - 0xfff00000 (3072 kB)
[ 0.000000] vmalloc : 0xd0800000 - 0xff800000 ( 752 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xd0000000 ( 256 MB)
[ 0.000000] pkmap : 0xbfe00000 - 0xc0000000 ( 2 MB)
[ 0.000000] modules : 0xbf000000 - 0xbfe00000 ( 14 MB)
[ 0.000000] .text : 0xc0008000 - 0xc0900000 (9184 kB)
[ 0.000000] .init : 0xc0c00000 - 0xc0d00000 (1024 kB)
[ 0.000000] .data : 0xc0d00000 - 0xc0d5b6c0 ( 366 kB)
[ 0.000000] .bss : 0xc0d5d000 - 0xc1560bc0 (8207 kB)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] Running RCU self tests
[ 0.000000] Preemptible hierarchical RCU implementation.
[ 0.000000] RCU lockdep checking is enabled.
[ 0.000000] Build-time adjustment of leaf fanout to 32.
[ 0.000000] NR_IRQS:16 nr_irqs:16 16
[ 0.000000] Switching to timer-based delay loop, resolution 41ns
[ 0.000018] sched_clock: 32 bits at 24MHz, resolution 41ns, wraps every 89478484971ns
[ 0.000068] clocksource: mxc_timer1: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 79635851949 ns
[ 0.002539] Console: colour dummy device 80x30
[ 0.002617] Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar
[ 0.002645] ... MAX_LOCKDEP_SUBCLASSES: 8
[ 0.002669] ... MAX_LOCK_DEPTH: 48
[ 0.002692] ... MAX_LOCKDEP_KEYS: 8191
[ 0.002714] ... CLASSHASH_SIZE: 4096
[ 0.002734] ... MAX_LOCKDEP_ENTRIES: 32768
[ 0.002756] ... MAX_LOCKDEP_CHAINS: 65536
[ 0.002777] ... CHAINHASH_SIZE: 32768
[ 0.002797] memory used by lock dependency info: 5167 kB
[ 0.002820] per task-struct memory footprint: 1536 bytes
[ 0.002902] Calibrating delay loop (skipped), value calculated using timer frequency.. 48.00 BogoMIPS (lpj=240000)
[ 0.002951] pid_max: default: 32768 minimum: 301
[ 0.003414] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.003453] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.007619] CPU: Testing write buffer coherency: ok
[ 0.009185] Setting up static identity map for 0x80100000 - 0x80100058
[ 0.018704] devtmpfs: initialized
[ 0.075673] VFP support v0.3: implementor 41 architecture 2 part 30 variant 7 rev 5
[ 0.077702] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 0.079738] pinctrl core: initialized pinctrl subsystem
[ 0.088450] NET: Registered protocol family 16
[ 0.096017] DMA: preallocated 256 KiB pool for atomic coherent allocations
[ 0.121662] cpuidle: using governor menu
[ 0.235335] No ATAGs?
[ 0.235421] hw-breakpoint: found 5 (+1 reserved) breakpoint and 4 watchpoint registers.
[ 0.235466] hw-breakpoint: maximum watchpoint size is 8 bytes.
[ 0.239662] imx6ul-pinctrl 20e0000.iomuxc: initialized IMX pinctrl driver
[ 0.342756] mxs-dma 1804000.dma-apbh: initialized
[ 0.354723] SCSI subsystem initialized
[ 0.356743] usbcore: registered new interface driver usbfs
[ 0.357205] usbcore: registered new interface driver hub
[ 0.357732] usbcore: registered new device driver usb
[ 0.371759] i2c i2c-0: IMX I2C adapter registered
[ 0.371861] i2c i2c-0: can't use DMA, using PIO instead.
[ 0.375130] i2c i2c-1: IMX I2C adapter registered
[ 0.375243] i2c i2c-1: can't use DMA, using PIO instead.
[ 0.375715] Linux video capture interface: v2.00
[ 0.376298] pps_core: LinuxPPS API ver. 1 registered
[ 0.376342] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[ 0.376490] PTP clock support registered
[ 0.378804] Advanced Linux Sound Architecture Driver Initialized.
[ 0.386157] Bluetooth: Core ver 2.21
[ 0.386451] NET: Registered protocol family 31
[ 0.386493] Bluetooth: HCI device and connection manager initialized
[ 0.386657] Bluetooth: HCI socket layer initialized
[ 0.386750] Bluetooth: L2CAP socket layer initialized
[ 0.387093] Bluetooth: SCO socket layer initialized
[ 0.393353] clocksource: Switched to clocksource mxc_timer1
[ 0.394955] VFS: Disk quotas dquot_6.6.0
[ 0.395154] VFS: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
[ 0.469809] NET: Registered protocol family 2
[ 0.473710] TCP established hash table entries: 2048 (order: 1, 8192 bytes)
[ 0.473882] TCP bind hash table entries: 2048 (order: 4, 73728 bytes)
[ 0.475577] TCP: Hash tables configured (established 2048 bind 2048)
[ 0.475951] UDP hash table entries: 256 (order: 2, 20480 bytes)
[ 0.476446] UDP-Lite hash table entries: 256 (order: 2, 20480 bytes)
[ 0.478586] NET: Registered protocol family 1
[ 0.481133] RPC: Registered named UNIX socket transport module.
[ 0.481189] RPC: Registered udp transport module.
[ 0.481223] RPC: Registered tcp transport module.
[ 0.481255] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 0.490799] futex hash table entries: 256 (order: 1, 11264 bytes)
[ 0.494511] workingset: timestamp_bits=30 max_order=16 bucket_order=0
[ 0.560068] NFS: Registering the id_resolver key type
[ 0.560501] Key type id_resolver registered
[ 0.560544] Key type id_legacy registered
[ 0.562075] fuse init (API version 7.25)
[ 0.587295] io scheduler noop registered
[ 0.587357] io scheduler deadline registered
[ 0.588550] io scheduler cfq registered (default)
[ 0.599626] lcd_backlight supply power not found, using dummy regulator
[ 0.636295] Console: switching to colour frame buffer device 100x30
[ 0.653101] mxsfb 21c8000.lcdif: initialized
[ 0.657898] imx-sdma 20ec000.sdma: Direct firmware load for imx/sdma/sdma-imx6q.bin failed with error -2
[ 0.657979] imx-sdma 20ec000.sdma: external firmware not found, using ROM firmware
[ 0.684856] 2020000.serial: ttymxc0 at MMIO 0x2020000 (irq = 18, base_baud = 5000000) is a IMX
[ 1.346291] console [ttymxc0] enabled
[ 1.354793] 2024000.serial: ttymxc7 at MMIO 0x2024000 (irq = 19, base_baud = 5000000) is a IMX
[ 1.367774] 21e8000.serial: ttymxc1 at MMIO 0x21e8000 (irq = 219, base_baud = 5000000) is a IMX
[ 1.459475] brd: module loaded
[ 1.508714] loop: module loaded
[ 1.523143] libphy: Fixed MDIO Bus: probed
[ 1.530081] tun: Universal TUN/TAP device driver, 1.6
[ 1.535280] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[ 1.543022] CAN device driver interface
[ 1.554083] flexcan 2090000.flexcan: device registered (reg_base=d0988000, irq=23)
[ 1.567529] flexcan 2094000.flexcan: device registered (reg_base=d0990000, irq=24)
[ 1.585840] pps pps0: new PPS source ptp0
[ 1.592219] libphy: fec_enet_mii_bus: probed
[ 1.606885] fec 2188000.ethernet eth0: registered PHC device 0
[ 1.613883] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 1.620487] ehci-mxc: Freescale On-Chip EHCI Host driver
[ 1.628031] usbcore: registered new interface driver usb-storage
[ 1.647084] ci_hdrc ci_hdrc.0: EHCI Host Controller
[ 1.652843] ci_hdrc ci_hdrc.0: new USB bus registered, assigned bus number 1
[ 1.683587] ci_hdrc ci_hdrc.0: USB 2.0 started, EHCI 1.00
[ 1.698253] hub 1-0:1.0: USB hub found
[ 1.702545] hub 1-0:1.0: 1 port detected
[ 1.717618] mousedev: PS/2 mouse device common for all mice
[ 1.730961] input: iMX6UL Touchscreen Controller as /devices/soc0/soc/2000000.aips-bus/2040000.tsc/input/input0
[ 1.750908] snvs_rtc 20cc000.snvs:snvs-rtc-lp: rtc core: registered 20cc000.snvs:snvs-r as rtc0
[ 1.760393] i2c /dev entries driver
[ 1.769849] IR NEC protocol handler initialized
[ 1.774614] IR RC5(x/sz) protocol handler initialized
[ 1.779735] IR RC6 protocol handler initialized
[ 1.784383] IR JVC protocol handler initialized
[ 1.788975] IR Sony protocol handler initialized
[ 1.793698] IR SANYO protocol handler initialized
[ 1.798460] IR Sharp protocol handler initialized
[ 1.803216] IR MCE Keyboard/mouse protocol handler initialized
[ 1.809147] IR XMP protocol handler initialized
[ 1.818819] Driver for 1-wire Dallas network protocol.
[ 1.835814] imx2-wdt 20bc000.wdog: timeout 60 sec (nowayout=0)
[ 1.842347] Bluetooth: HCI UART driver ver 2.3
[ 1.846988] Bluetooth: HCI UART protocol H4 registered
[ 1.852186] Bluetooth: HCI UART protocol LL registered
[ 1.860610] sdhci: Secure Digital Host Controller Interface driver
[ 1.866985] sdhci: Copyright(c) Pierre Ossman
[ 1.871399] sdhci-pltfm: SDHCI platform and OF driver helper
[ 1.944150] mmc0: SDHCI controller on 2190000.usdhc [2190000.usdhc] using ADMA
[ 1.972370] sdhci-esdhc-imx 2194000.usdhc: allocated mmc-pwrseq
[ 2.049183] mmc0: new DDR MMC card at address 0001
[ 2.054202] mmc1: SDHCI controller on 2194000.usdhc [2194000.usdhc] using ADMA
[ 2.073896] usbcore: registered new interface driver usbhid
[ 2.079543] usbhid: USB HID core driver
[ 2.087169] mmcblk0: mmc0:0001 004G60 3.69 GiB
[ 2.091635] mmcblk0boot0: mmc0:0001 004G60 partition 1 2.00 MiB
[ 2.110057] mmcblk0boot1: mmc0:0001 004G60 partition 2 2.00 MiB
[ 2.124280] mmcblk0rpmb: mmc0:0001 004G60 partition 3 512 KiB
[ 2.127167] random: fast init done
[ 2.163821] mmcblk0: p1 p2 p3
[ 2.202947] ad7291: probe of 0-002b failed with error -5
[ 2.219661] ad7291: probe of 0-0028 failed with error -5
[ 2.232817] ad7291: probe of 0-002c failed with error -5
[ 2.245991] ad7291: probe of 0-002e failed with error -5
[ 2.260294] ad7291: probe of 0-002f failed with error -5
[ 2.271157] ad7291: probe of 0-0020 failed with error -5
[ 2.277839] ad7291: probe of 0-0022 failed with error -5
[ 2.284355] ad7291: probe of 0-0023 failed with error -5
[ 2.290613] 0-0035 supply vcc not found, using dummy regulator
[ 2.332144] NET: Registered protocol family 10
[ 2.370320] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 2.391321] NET: Registered protocol family 17
[ 2.396669] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[ 2.409469] can: controller area network core (rev 20120528 abi 9)
[ 2.416208] NET: Registered protocol family 29
[ 2.420807] can: raw protocol (rev 20120528)
[ 2.427567] can: broadcast manager protocol (rev 20160617 t)
[ 2.433512] can: netlink gateway (rev 20130117) max_hops=1
[ 2.440819] Key type dns_resolver registered
[ 2.448746] cpu cpu0: dev_pm_opp_get_opp_count: OPP table not found (-19)
[ 2.511731] input: gpio-keys as /devices/soc0/gpio-keys/input/input1
[ 2.520111] snvs_rtc 20cc000.snvs:snvs-rtc-lp: setting system clock to 1970-01-01 00:09:20 UTC (560)
[ 2.615271] vdd3p0: disabling
[ 2.618343] 5V: disabling
[ 2.622018] ALSA device list:
[ 2.625126] No soundcards found.
[ 2.641654] EXT4-fs (mmcblk0p2): INFO: recovery required on readonly filesystem
[ 2.650095] EXT4-fs (mmcblk0p2): write access will be enabled during recovery
[ 2.708695] EXT4-fs (mmcblk0p2): recovery complete
[ 2.717027] EXT4-fs (mmcblk0p2): mounted filesystem with ordered data mode. Opts: (null)
[ 2.725495] VFS: Mounted root (ext4 filesystem) readonly on device 179:2.
[ 2.736339] devtmpfs: mounted
[ 2.742408] Freeing unused kernel memory: 1024K (c0c00000 - c0d00000)
[ 2.857744] EXT4-fs (mmcblk0p2): re-mounted. Opts: data=ordered
[ 2.939440] EXT4-fs (mmcblk0p3): recovery complete
[ 2.945394] EXT4-fs (mmcblk0p3): mounted filesystem with ordered data mode. Opts: (null)
Starting logging: OK
Starting mdev...
Initializing random number generator... done.
Starting system message bus: done
Starting network: [ 4.657851] Micrel KSZ8081 or KSZ8091 2188000.ethernet:01: attached PHY driver [Micrel KSZ8081 or KSZ8091] (mii_bus:phy_addr=2188000.ethernet:01, irq=145)
[ 4.676761] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
udhcpc: started, v1.26.2
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover
udhcpc: no lease, failing
FAIL
Starting dropbear sshd: OK
Starting lighttpd: OK
Starting sshd: key_load_private: invalid format
key_load_public: invalid format
Could not load host key: /etc/ssh/ssh_host_rsa_key
key_load_private: invalid format
key_load_public: invalid format
Could not load host key: /etc/ssh/ssh_host_dsa_key
key_load_private: invalid format
key_load_public: invalid format
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
key_load_private: invalid format
key_load_public: invalid format
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
OK
/etc/init.d/rcS: line 26: /etc/init.d/S90init-carte-iminilide: Permission denied
hwclock: settimeofday: Invalid argument
hwclock :
Thu Jan 1 00:09:33 1970 0.000000 seconds
hwclock -r :
Thu Jan 1 00:09:33 1970 0.000000 seconds
date :
Thu Jan 1 01:09:32 CET 1970
Welcome to Armadeus development platform !
opos6ul login:
以下是可用的 u-boot 命令:
BIOS> help
? - alias for 'help'
askenv - get environment variables from stdin
base - print or set address offset
bdinfo - print Board Info structure
bmode - spi-nor|normal|usb|sata|ecspi1:0|ecspi1:1|ecspi1:2|ecspi1:3|esdhc1|esdhc2|esdhc3|esdhc4 [noreset]
bmp - manipulate BMP image data
boot - boot default, i.e., run 'bootcmd'
bootd - boot default, i.e., run 'bootcmd'
bootefi - Boots an EFI payload from memory
bootm - boot application image from memory
bootp - boot image via network using BOOTP/TFTP protocol
bootz - boot Linux zImage image from memory
clocks - display clocks
cmp - memory compare
coninfo - print console devices and information
cp - memory copy
crc32 - checksum calculation
dhcp - boot image via network using DHCP/TFTP protocol
dm - Driver model low level access
dns - lookup the IP of a hostname
echo - echo args to console
editenv - edit environment variable
env - environment handling commands
exit - exit script
ext2load- load binary file from a Ext2 filesystem
ext2ls - list files in a directory (default /)
ext4load- load binary file from a Ext4 filesystem
ext4ls - list files in a directory (default /)
ext4size- determine a file's size
ext4write- create a file in the root directory
false - do nothing, unsuccessfully
fatinfo - print information about filesystem
fatload - load binary file from a dos filesystem
fatls - list files in a directory (default /)
fatsize - determine a file's size
fdt - flattened device tree utility commands
fstype - Look up a filesystem type
fuse - Fuse sub-system
go - start application at address 'addr'
gpio - query and control gpio pins
grepenv - search environment variables
help - print command description/usage
iminfo - print header information for application image
imxtract- extract a part of a multi-image
itest - return true/false on integer compare
load - load binary file from a filesystem
loadb - load binary file over serial line (kermit mode)
loads - load S-Record file over serial line
loadx - load binary file over serial line (xmodem mode)
loady - load binary file over serial line (ymodem mode)
loop - infinite loop on address range
ls - list files in a directory (default /)
md - memory display
mdio - MDIO utility commands
meminfo - display memory information
mii - MII utility commands
mm - memory modify (auto-incrementing address)
mmc - MMC sub system
mmcinfo - display MMC info
mtest - simple RAM read/write test
mw - memory write (fill)
nfs - boot image via network using NFS protocol
nm - memory modify (constant address)
ping - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
reset - Perform RESET of the CPU
run - run commands in an environment variable
save - save file to a filesystem
saveenv - save environment variables to persistent storage
setenv - set environment variables
setexpr - set environment variable as the result of eval expression
showvar - print local hushshell variables
size - determine a file's size
sleep - delay execution for some time
source - run script from memory
test - minimal test like /bin/sh
tftpboot- boot image via network using TFTP protocol
true - do nothing, successfully
ums - Use the UMS [USB Mass Storage]
usb - USB sub-system
usbboot - boot from USB device
version - print monitor, compiler and linker version