Fixing SamyGO telnet/SSH/SCP/bash on C/D/E/F series

[sectroyer]

Heh drop bear is still not running You should not even be able to enter password...
run this:

Code: Select all

/mnt/etc/init.d/03_03_sshd.init restart

and then

Code: Select all

ps aux

[bobiturboto]

Code: Select all

root@tv:/mnt # /mnt/etc/init.d/03_03_sshd.init stop
root@tv:/mnt # /mnt/etc/init.d/03_03_sshd.init start
/dev/pts is mounted
root@tv:/mnt # ps aux
root@tv:/mnt # 

[sectroyer]

Code: Select all

root@tv:/mnt # /mnt/etc/init.d/03_03_sshd.init stop
root@tv:/mnt # /mnt/etc/init.d/03_03_sshd.init start
/dev/pts is mounted
root@tv:/mnt # ps aux
root@tv:/mnt # 

Okay ps aux not giving any output is reaaaaaallly strange Lol. You run over the telnet?
run this:

Code: Select all

which ps
/bin/ps
/bin/ps aux

[bobiturboto]

Code: Select all

root@tv:/mnt # which ps
root@tv:/mnt # 

Code: Select all

root@tv:/mnt # /bin/ps
PID   USER     TIME   COMMAND
    1 root       0:00 init
    2 root       0:00 [kthreadd]
    3 root       0:00 [ksoftirqd/0]
    4 root       0:10 [kworker/0:0]
    6 root       0:00 [migration/0]
    7 root       0:00 [migration/1]
    9 root       0:00 [ksoftirqd/1]
   10 root       0:00 [migration/2]
   11 root       0:00 [kworker/2:0]
   12 root       0:00 [ksoftirqd/2]
   13 root       0:00 [migration/3]
   14 root       0:00 [kworker/3:0]
   15 root       0:00 [ksoftirqd/3]
   16 root       0:00 [khelper]
   17 root       0:00 [sync_supers]
   18 root       0:00 [bdi-default]
   19 root       0:00 [kblockd]
   20 root       0:00 [rpciod]
   23 root       0:00 [sdp_spid00]
   24 root       0:00 [kdtvlogd]
   25 root       0:01 [kswapd0]
   26 root       0:00 [fsnotify_mark]
   27 root       0:00 [nfsiod]
   28 root       0:00 [nfs.umountd]
   29 root       0:00 [gzwqd]
   30 root       0:00 [Gunzip Manager]
   31 root       0:00 [vdbinder]
   32 root       0:11 [mmcqd/0]
   33 root       0:00 [mmcqd/0boot0]
   34 root       0:00 [mmcqd/0boot1]
   35 root       0:00 [sdp-tmu.0]
   36 root       0:00 [kworker/1:1]
   48 root       0:00 -/bin/sh
   61 root       0:00 [emmcfs-writebac]
   63 root       0:03 [kworker/2:1]
   64 root       0:00 [emmcfs-writebac]
   66 root       0:00 [emmcfs-writebac]
   68 root       0:00 {rc.local} /bin/sh /mtd_exe/rc.local
   73 root       0:00 ./servicemanager_csp -vdbinder
   75 root       0:13 ./RPCAgent_csp -vdbinder
  100 root      12:17 ./exeAPP -vdbinder
  102 root      14:36 ./exeTV -vdbinder
  105 root       0:00 [dvfs_dev]
  113 root       0:00 [khubd]
  146 root       0:00 [kworker/3:1]
  196 root       0:00 [aeMsgTaskMP0]
  257 root       0:01 /mtd_appdata/Runtime/bin/X -logfile /mtd_rwarea/Xlog.txt -modulepath /mtd_appdata/Runtime/Xo
  278 root       0:08 Compositor -vdbinder
  336 root       0:00 [emmcfs-writebac]
  356 root       0:00 /mtd_cmmlib/BT_LIB/bsa_server -all=0 -diag=0 -hci=0 -l2c=0 -app=0 -btm=0 -sdp=0 -rfc=0 -gap=
  440 root       0:00 [emmcfs-writebac]
  464 root       0:00 [loop0]
  517 root       0:00 [emmcfs-writebac]
  519 root       0:00 [emmcfs-writebac]
  527 root       0:26 /mtd_appext/WidgetEngine/WidgetEngine
  530 root       0:00 [kbase_event]
  587 root       0:00 [cfg80211]
  597 root       0:00 [ath6kl]
  615 root       0:00 /mtd_cmmlib/WIFI_LIB/QCA/wpa_supplicant -Dnl80211 -ip2p0 -c/mtd_rwarea/network/p2p_dual.conf
  625 root       0:13 /mtd_exe/Webkit/WebKitWebProcess 11 WE
  635 root       0:00 [kbase_event]
  659 root       2:54 {BrowserLauncher} /mtd_down/widgets/normal/20131000001/bin/BrowserLa ncher
  822 root       0:00 [scsi_eh_0]
  823 root       0:00 [usb-storage]
  839 root       0:00 [kworker/1:2]
 1053 root       0:00 /tmp/bin/busybox tcpsvd -vE 0.0.0.0 21 /tmp/bin/busybox ftpd -w /
 1054 root       0:00 /tmp/bin/remshd33
 1059 root       0:00 [loop3]
 1063 root       0:00 [jbd2/loop3-8]
 1064 root       0:00 [ext4-dio-unwrit]
 1172 root       0:05 /mtd_down/emps/empWebBrowser/bin/WebKitWebProcess 14
 1175 root       0:00 [kbase_event]
 1185 root       0:02 {UEP_killer.sh} /bin/sh /tmp/bin/UEP_killer.sh
 1438 root       0:00 [loop4]
 1442 root       0:07 /mtd_exe/Webkit/WebKitWebProcess 39 WE
 1468 root       0:00 /mtd_exe/WebServerApp/bin/lighttpd -D -f /mtd_exe/WebServerApp/webserver/lighttpd.conf -s
 1549 root       0:00 [SRS_MON]
 1602 root       0:00 /mnt/bin/busybox2 telnetd -p 23 -l /mnt/bin/sh
 1637 root       0:10 {empCamera} Camera -DSINGLE_PROCESS 55 0
 1653 root       0:00 [file-storage-ga]
 1655 root       0:00 [scsi_eh_1]
 1656 root       0:00 [usb-storage]
 1741 root       0:00 [crypto]
 1762 root       0:00 /mtd_rwcommon/oscam/ntpclient -h pool.ntp.org
 1769 root       0:00 /mtd_rwcommon/oscam/oscam -c /mtd_rwcommon/oscam -t /mtd_rwcommon/oscam
 1772 root       0:12 /mtd_rwcommon/oscam/oscam -c /mtd_rwcommon/oscam -t /mtd_rwcommon/oscam
 1805 root       0:01 ./MrsServer
 1806 root       0:01 ./daa
 1852 root       0:00 smbd -s /mnt/etc/samba/smb.conf --lockdir=/dtv --piddir=/dtv --private-dir=/dtv
 1859 root       0:00 smbd -s /mnt/etc/samba/smb.conf --lockdir=/dtv --piddir=/dtv --private-dir=/dtv
 1860 root       0:04 transmission-daemon --config-dir=/mtd_rwcommon/transmission
 1881 root       0:01 httpd -f /mnt/etc/apache2/httpd.conf -D PHP5CGI
 1882 root       0:00 httpd -f /mnt/etc/apache2/httpd.conf -D PHP5CGI
 1883 root       0:00 httpd -f /mnt/etc/apache2/httpd.conf -D PHP5CGI
 1884 root       0:00 httpd -f /mnt/etc/apache2/httpd.conf -D PHP5CGI
 2440 root       0:03 [kworker/u:0]
 3458 root       0:00 /mnt/bin/sh
 3960 root       0:00 [flush-179:0]
 3961 root       0:00 [kworker/0:1]
 3962 root       0:00 [kworker/u:2]
 4284 root       0:00 [flush-7:3]
 4295 root       0:00 [kworker/u:1]
 4341 root       0:00 [kbase_event]
 4357 root       0:00 [flush-8:0]
 4358 root       0:00 [flush-8:16]
 4365 root       0:00 [kworker/0:2]
 4409 root       0:00 [kbase_event]
 4611 root       0:00 dropbear
 4759 root       0:00 sleep 10
 4761 root       0:00 /bin/ps
root@tv:/mnt # 

Code: Select all

root@tv:/mnt # /bin/ps aux
PID   USER     TIME   COMMAND
    1 root       0:00 init
    2 root       0:00 [kthreadd]
    3 root       0:00 [ksoftirqd/0]
    4 root       0:10 [kworker/0:0]
    6 root       0:00 [migration/0]
    7 root       0:00 [migration/1]
    9 root       0:00 [ksoftirqd/1]
   10 root       0:00 [migration/2]
   11 root       0:00 [kworker/2:0]
   12 root       0:00 [ksoftirqd/2]
   13 root       0:00 [migration/3]
   14 root       0:00 [kworker/3:0]
   15 root       0:00 [ksoftirqd/3]
   16 root       0:00 [khelper]
   17 root       0:00 [sync_supers]
   18 root       0:00 [bdi-default]
   19 root       0:00 [kblockd]
   20 root       0:00 [rpciod]
   23 root       0:00 [sdp_spid00]
   24 root       0:00 [kdtvlogd]
   25 root       0:01 [kswapd0]
   26 root       0:00 [fsnotify_mark]
   27 root       0:00 [nfsiod]
   28 root       0:00 [nfs.umountd]
   29 root       0:00 [gzwqd]
   30 root       0:00 [Gunzip Manager]
   31 root       0:00 [vdbinder]
   32 root       0:11 [mmcqd/0]
   33 root       0:00 [mmcqd/0boot0]
   34 root       0:00 [mmcqd/0boot1]
   35 root       0:00 [sdp-tmu.0]
   36 root       0:00 [kworker/1:1]
   48 root       0:00 -/bin/sh
   61 root       0:00 [emmcfs-writebac]
   63 root       0:03 [kworker/2:1]
   64 root       0:00 [emmcfs-writebac]
   66 root       0:00 [emmcfs-writebac]
   68 root       0:00 {rc.local} /bin/sh /mtd_exe/rc.local
   73 root       0:00 ./servicemanager_csp -vdbinder
   75 root       0:14 ./RPCAgent_csp -vdbinder
  100 root      12:39 ./exeAPP -vdbinder
  102 root      15:02 ./exeTV -vdbinder
  105 root       0:00 [dvfs_dev]
  113 root       0:00 [khubd]
  146 root       0:00 [kworker/3:1]
  196 root       0:00 [aeMsgTaskMP0]
  257 root       0:01 /mtd_appdata/Runtime/bin/X -logfile /mtd_rwarea/Xlog.txt -modulepath /mtd_appdata/Runtime/Xo
  278 root       0:09 Compositor -vdbinder
  336 root       0:00 [emmcfs-writebac]
  356 root       0:00 /mtd_cmmlib/BT_LIB/bsa_server -all=0 -diag=0 -hci=0 -l2c=0 -app=0 -btm=0 -sdp=0 -rfc=0 -gap=
  440 root       0:00 [emmcfs-writebac]
  464 root       0:00 [loop0]
  517 root       0:00 [emmcfs-writebac]
  519 root       0:00 [emmcfs-writebac]
  527 root       0:27 /mtd_appext/WidgetEngine/WidgetEngine
  530 root       0:00 [kbase_event]
  587 root       0:00 [cfg80211]
  597 root       0:00 [ath6kl]
  615 root       0:00 /mtd_cmmlib/WIFI_LIB/QCA/wpa_supplicant -Dnl80211 -ip2p0 -c/mtd_rwarea/network/p2p_dual.conf
  625 root       0:13 /mtd_exe/Webkit/WebKitWebProcess 11 WE
  635 root       0:00 [kbase_event]
  659 root       3:00 {BrowserLauncher} /mtd_down/widgets/normal/20131000001/bin/BrowserLa ncher
  822 root       0:00 [scsi_eh_0]
  823 root       0:00 [usb-storage]
  839 root       0:00 [kworker/1:2]
 1053 root       0:00 /tmp/bin/busybox tcpsvd -vE 0.0.0.0 21 /tmp/bin/busybox ftpd -w /
 1054 root       0:00 /tmp/bin/remshd33
 1059 root       0:00 [loop3]
 1063 root       0:00 [jbd2/loop3-8]
 1064 root       0:00 [ext4-dio-unwrit]
 1172 root       0:05 /mtd_down/emps/empWebBrowser/bin/WebKitWebProcess 14
 1175 root       0:00 [kbase_event]
 1185 root       0:02 {UEP_killer.sh} /bin/sh /tmp/bin/UEP_killer.sh
 1438 root       0:00 [loop4]
 1442 root       0:07 /mtd_exe/Webkit/WebKitWebProcess 39 WE
 1468 root       0:00 /mtd_exe/WebServerApp/bin/lighttpd -D -f /mtd_exe/WebServerApp/webserver/lighttpd.conf -s
 1549 root       0:00 [SRS_MON]
 1602 root       0:00 /mnt/bin/busybox2 telnetd -p 23 -l /mnt/bin/sh
 1637 root       0:10 {empCamera} Camera -DSINGLE_PROCESS 55 0
 1653 root       0:00 [file-storage-ga]
 1655 root       0:00 [scsi_eh_1]
 1656 root       0:00 [usb-storage]
 1741 root       0:00 [crypto]
 1762 root       0:00 /mtd_rwcommon/oscam/ntpclient -h pool.ntp.org
 1769 root       0:00 /mtd_rwcommon/oscam/oscam -c /mtd_rwcommon/oscam -t /mtd_rwcommon/oscam
 1772 root       0:13 /mtd_rwcommon/oscam/oscam -c /mtd_rwcommon/oscam -t /mtd_rwcommon/oscam
 1805 root       0:01 ./MrsServer
 1806 root       0:01 ./daa
 1852 root       0:00 smbd -s /mnt/etc/samba/smb.conf --lockdir=/dtv --piddir=/dtv --private-dir=/dtv
 1859 root       0:00 smbd -s /mnt/etc/samba/smb.conf --lockdir=/dtv --piddir=/dtv --private-dir=/dtv
 1860 root       0:04 transmission-daemon --config-dir=/mtd_rwcommon/transmission
 1881 root       0:01 httpd -f /mnt/etc/apache2/httpd.conf -D PHP5CGI
 1882 root       0:00 httpd -f /mnt/etc/apache2/httpd.conf -D PHP5CGI
 1883 root       0:00 httpd -f /mnt/etc/apache2/httpd.conf -D PHP5CGI
 1884 root       0:00 httpd -f /mnt/etc/apache2/httpd.conf -D PHP5CGI
 2440 root       0:03 [kworker/u:0]
 3458 root       0:00 /mnt/bin/sh
 3960 root       0:00 [flush-179:0]
 3961 root       0:00 [kworker/0:1]
 4284 root       0:00 [flush-7:3]
 4295 root       0:00 [kworker/u:1]
 4341 root       0:00 [kbase_event]
 4357 root       0:00 [flush-8:0]
 4358 root       0:00 [flush-8:16]
 4365 root       0:00 [kworker/0:2]
 4409 root       0:00 [kbase_event]
 4611 root       0:00 dropbear
 4842 root       0:00 sleep 10
 4844 root       0:00 /bin/ps aux
root@tv:/mnt # 

[sectroyer]

Code: Select all

/bin/ps | grep dropbear
killall -KILL dropbear
/bin/ps | grep dropbear
dropbear -F -E

Now you will have dropbear running it in the foreground. Open another terminal window and try logging via ssh. Post the output from dropbear.

[bobiturboto]

Code: Select all

/bin/ps | grep dropbear
killall -KILL dropbear
/bin/ps | grep dropbear
dropbear -F -E

Now you will have dropbear running it in the foreground. Open another terminal window and try logging via ssh. Post the output from drop bear.

Code: Select all

root@tv:/mnt # /bin/ps | grep dropbear
 1831 root       0:00 dropbear
 2470 root       0:00 grep dropbear

Code: Select all

root@tv:/mnt # killall -KILL dropbear
root@tv:/mnt # 

Code: Select all

root@tv:/mnt # /bin/ps | grep dropbear
 2514 root       0:00 grep dropbear
root@tv:/mnt #

Code: Select all

root@tv:/mnt # dropbear -F -E
[2536] Jun 22 15:30:05 Failed reading '/etc/dropbear/dropbear_dss_host_key', disabling DSS
[2536] Jun 22 15:30:05 Not backgrounding
[2551] Jun 22 15:30:16 Child connection from 192.168.0.17:54017
[2551] Jun 22 15:30:17 User 'root' has invalid shell, rejected
[2551] Jun 22 15:30:23 User 'root' has invalid shell, rejected
[2551] Jun 22 15:30:32 User 'root' has invalid shell, rejected

[sectroyer]

Okay we are very close to making it work. Do this:

Code: Select all

cat etc/passwd
ls -l /mnt/bin/sh

[bobiturboto]

Okay we are very close to making it work. Do this:

Code: Select all

cat etc/passwd
ls -l /mnt/bin/sh

Code: Select all

root@tv:/mnt # pwd
/mnt
root@tv:/mnt # cat etc/passwd
cat: can't open 'etc/passwd': No such file or directory
root@tv:/mnt # cat /mtd_rwetc/passwd
mtd_rwarea/    mtd_rwcommon/
root@tv:/mnt # cat /mtd_rwetc/passwd
mtd_rwarea/    mtd_rwcommon/
root@tv:/mnt # cat /mtd_rwarea/passwd
root:saJvQKUdIxRW2:0:0:SamyGO secured Root:/mnt/:/mnt/bin/sh
root@tv:/mnt # 

Code: Select all

root@tv:/mnt # ls -l /mnt/bin/sh
lrwxrwxrwx    1 root     0               16 Nov 11  2013 /mnt/bin/sh -> /mnt/bin/busybox
root@tv:/mnt # 

[sectroyer]

Okay for some reason it doesn't like /mnt/bin/sh... Change this:

Code: Select all

            if [ ! -e /mtd_rwarea/passwd ]; then
                    echo "root:saJvQKUdIxRW2:0:0:SamyGO secured Root:$HOME:/mnt/bin/sh" > /mtd_rwarea/passwd
            fi

To this:

Code: Select all

         if [ ! -e /mtd_rwarea/passwd ]; then
                    echo "root:saJvQKUdIxRW2:0:0:SamyGO secured Root:$HOME:/bin/sh" > /mtd_rwarea/passwd
            fi

Then this:

Code: Select all

umount /mtd_rwarea/passwd
rm /mtd_rwarea/passwd

reboot tv and this:

Code: Select all

cat /etc/passwd

[sectroyer]

Sorry I just fixed a typo in second passwd commad there should be"/bin/sh" and not "/mnt/bin/sh"