Author Topic: Agilent E7495 linux root account  (Read 90813 times)

0 Members and 1 Guest are viewing this topic.

Offline hawaii596

  • Newbie
  • Posts: 2
  • Country: us
Re: Agilent E7495 linux root account
« Reply #200 on: May 09, 2017, 08:07:40 pm »
I've now pretty much read through the entire thread. I did read the particular post about applying the patch per the quote below:

Apply following patch to elgato binary to fix GPS time synchronisation:
0x0122880: replace 4b2585e2152882e2 with de2585e23f2882e2

As a non-programmer, that is fully above my head.  If there is a set of Linux commands that do this, I would greatly appreciate some instruction on how to do this.  Otherwise, whatever other instructions for specifically how to do this. I realize this thread is mostly for techno types who experiment with these things.  I am a techno type in metrology. I have deep understanding of how accuracies work. And I am a fast learner. But unfortunately, even with my decades in metrology, communications/navigation systems/RADAR systems/instrument calibration, this is a weak zone for me.

If anyone could explain is some detail how to apply this patch, I would be forever grateful.
 

Offline technogeeky

  • Frequent Contributor
  • **
  • Posts: 549
  • Country: us
  • Older New "New Player" Player Playa'
Re: Agilent E7495 linux root account
« Reply #201 on: May 10, 2017, 01:28:07 am »
I've now pretty much read through the entire thread. I did read the particular post about applying the patch per the quote below:

Apply following patch to elgato binary to fix GPS time synchronisation:
0x0122880: replace 4b2585e2152882e2 with de2585e23f2882e2

As a non-programmer, that is fully above my head.  If there is a set of Linux commands that do this, I would greatly appreciate some instruction on how to do this.  Otherwise, whatever other instructions for specifically how to do this. I realize this thread is mostly for techno types who experiment with these things.  I am a techno type in metrology. I have deep understanding of how accuracies work. And I am a fast learner. But unfortunately, even with my decades in metrology, communications/navigation systems/RADAR systems/instrument calibration, this is a weak zone for me.

If anyone could explain is some detail how to apply this patch, I would be forever grateful.

The original poster is basically telling us to do a binary patch on the file ("elgato" binary). The first thing you would do when doing any patch of any file (binary or not) is to make sure you have a good copy of the original, of course.

All of the important files on the device are in /flash. In prose, they are in a subfolder in the root of the filesystem. This is certainly unusual in most Linux systems. In this case, there are also a bunch of other folders in /: bin, dev, etc, lib, mnt, home, nfs, root, tmp, var, sbin, usr, xdrive. These are the usual thing you are used to in Linux systems. I think these files are generated out of files located in the /flash directory, though; but that's not important. When listing files, make sure to do ls -l so you see where the files point to (many important files point to e.g. /flash/linux/etc/...).

As for the "elgato" binary, that's in /flash/egServer/elgato. This file is the actual instrumentation server. This is what the GUI  communicates with to control the hardware. (The GUI is located in /flash/egGui, by the way).

Now that we have the location and context of the file, all we need to do is interpret the original instruction:

Apply following patch to elgato binary to fix GPS time synchronisation:
0x0122880[location]: replace 4b2585e2152882e2[old value] with de2585e23f2882e2[new value].


This line is telling us to use a hex editor (vi/vim has a hex edit mode, emacs has one, there are probably command line tools to hex edit too). It's telling us to starting changing the actual file (though we are representing this in hex for convenience) on disk at [location] bytes from the start of the file. It further specifies that we should see, at this location, the value [old value]. And we should change [old value][A] to [new value], then save the file.

Some/most editors are usually used to operate on text files, so you may need to tell the editor to load the file in binary (e.g. vi -b). Then once you open the file, you use some command to convert the binary to hex. Then you find the [old value], replace it with the [new value], convert the file back to binary from hex, and then save the file.

Since you have a backup, you can afford to make a mistake in this process. You'll probably get it right on the first try though. Note there are two hex changes (at two different locations) listed in this thread: one which changes the program which handles licensing to automatically allow all license options that are listed (regardless of them having a correct key). The other corrects the clock issue. Presumably there will be more of these in the future.

We go through all of this trouble for basically two reasons, in order:

  • We don't have access to the source code for this file, so we can't tell you a change in code to fix the problem.
  • Once you have found some change to make, you have to make the appropriate change in the binary file. People typically don't distribute the binary file since it is covered by copyright and various other things. So patch instructions are used instead.

I hope this is cleared up. Hopefully, you or someone else can find all of the binary file changes to allow the signal generator to go down to whatever the true lower limit of the hardware is, one day.


[A]: Notice that it was not necessary here to actually give the old value for this process to work (since you were told the location to start the edit). It's given as a checksum: if the value you see in your file is not [old value], then you are either at the wrong location in the file, are editing the wrong version of the file, or both.

« Last Edit: May 10, 2017, 01:31:11 am by technogeeky »
 
The following users thanked this post: mlefe

Offline DogP

  • Contributor
  • Posts: 37
  • Country: us
Re: Agilent E7495 linux root account
« Reply #202 on: May 10, 2017, 09:49:31 am »
I've now pretty much read through the entire thread. I did read the particular post about applying the patch per the quote below:

Apply following patch to elgato binary to fix GPS time synchronisation:
0x0122880: replace 4b2585e2152882e2 with de2585e23f2882e2

As a non-programmer, that is fully above my head.  If there is a set of Linux commands that do this, I would greatly appreciate some instruction on how to do this.  Otherwise, whatever other instructions for specifically how to do this. I realize this thread is mostly for techno types who experiment with these things.  I am a techno type in metrology. I have deep understanding of how accuracies work. And I am a fast learner. But unfortunately, even with my decades in metrology, communications/navigation systems/RADAR systems/instrument calibration, this is a weak zone for me.

If anyone could explain is some detail how to apply this patch, I would be forever grateful.
IMO, copying the file to a CF card, modifying in a GUI hex editor on your desktop PC, then copying it back to the box is the most intuitive way to do it... if you're familiar with hex editing.

An alternative, if you simply telnet into the box, you can run the following commands to patch the binary in place.  Once you're done, you should reboot the box to make sure it's running the modified binary.

The first line copies the binary file to be modified.  The 2nd line does the actual patch.  The 3rd line backs up the original file in case you screw something up and/or need to revert to the original.  The 4th line moves the modified binary in place of the original.  Note that Linux is case sensitive, so copy it exactly as shown (i.e. capital S on egServer).
Code: [Select]
cp /flash/egServer/elgato /flash/egServer/elgato.mod
printf '\xde\x25\x85\xe2\x3f\x28\x82\xe2' | dd of=/flash/egServer/elgato.mod bs=1 seek=1190016 count=8 conv=notrunc
mv /flash/egServer/elgato /flash/egServer/elgato.orig
mv /flash/egServer/elgato.mod /flash/egServer/elgato

Similarly, if you want to do the license patch posted earlier, you'd run this additional line (before the mv commands):
Code: [Select]
printf '\x00\x00\xa0\xe1' | dd of=/flash/egServer/elgato.mod bs=1 seek=3373692 count=4 conv=notrunc
Pat
« Last Edit: May 12, 2017, 07:21:14 pm by DogP »
 
The following users thanked this post: 300EVIL

Offline kr5j

  • Contributor
  • Posts: 17
  • Country: us
Re: Agilent E7495 linux root account
« Reply #203 on: May 10, 2017, 08:18:30 pm »
Thanks for the info! been waiting for a better description of the patch.
 

Offline ke6iyc

  • Contributor
  • Posts: 10
  • Country: us
Re: Agilent E7495 linux root account
« Reply #204 on: May 10, 2017, 10:36:30 pm »
Hello all!

Ordered one of the cheap units on fleabay (but it does power up and function) for a good price today.

Glad I found this thread AFTER I ordered (otherwise I would have been tempted to pay too much).

Thank you to all for the hard work and time you have put into this.

Will have to  disassemble to fix the screen gasket when it arrives mid next week.

Brian
KE6IYC
 

Offline technogeeky

  • Frequent Contributor
  • **
  • Posts: 549
  • Country: us
  • Older New "New Player" Player Playa'
Re: Agilent E7495 linux root account
« Reply #205 on: May 10, 2017, 11:25:11 pm »
Hello all!

Ordered one of the cheap units on fleabay (but it does power up and function) for a good price today.

Glad I found this thread AFTER I ordered (otherwise I would have been tempted to pay too much).

Thank you to all for the hard work and time you have put into this.

Will have to  disassemble to fix the screen gasket when it arrives mid next week.

Brian
KE6IYC

This reminds me...

Q: What kind of plastic is the screen protector, and how can I clean the adhesive gunk off of it?

Unless you are a better chemist than I am (entirely possible...) , you're going to find that the only solution (no pun intended) which actually releases the gasket adhesive is acetone. This same acetone will destroy the top layer of the plastic (and/or the UV coating, or something). It doesn't look great. It looks pretty awful, actually. Since I used acetone, and hence destroyed the plastic (or its coating), I decided to try and identify the exact plastic so I could find a replacement. I did some destructive testing to determine exactly what kind of plastic the screen protector is, and after some burning, melting, and inhaling burned plastic odors... I am pretty sure I came up with an answer. And probably nose cancer. PVF. Polyvinyl Fluoride. And while this link (it's a good URL to bookmark. As is the other one. Do it.) wasn't helpful, further browsing and this site convinced me that PVF is an understandable choice for this screen. It could also be any of the self-extinguishing, non-dripping ones (PPO, PVC). In any case, I couldn't find a good supplier of PVF clear sheets, and I could easily find many places to get PVC clear sheets.

In any case, I wasn't able to find any easy to way to buy PVF glass sheets, so I eventually went with plain PVC. I got them custom cut from an Amazon vendor, and I still have three sheets exactly cut to size. I will be happy to send them out if you want, or otherwise I can just share the measurements I took so you can see if you agree; and we can learn where and how to buy PVF plastic clear thick sheets.


Q: What facts do we know about the plastic type of the screen?

  • available in clear, rather rigid sheets that do not crease
  • some sort of UV or anti-reflective coating
  • softens, not burns (thermoplastic)
  • sinks in water
  • does not appear to have flames (50%?)
  • does not continue to burn (95%?)
  • does not appear to drip (50%)

No, the stuff I have does not have any anti-glare or anti-reflective coating. Yes, it's slightly worse than the original. Yes, you would about $1 plus shipping. Oh, thanks for the interest. My address is, roughly speaking:

Atlanta, GA, USA, Earth, Sol, Milky Way, Universe A

So if shipping to you would be uncomplicated, let me know. I have 3 more of them. They still have the factory tape on them, so there should not be any defects.

« Last Edit: May 10, 2017, 11:32:21 pm by technogeeky »
 

Offline ke6iyc

  • Contributor
  • Posts: 10
  • Country: us
Re: Agilent E7495 linux root account
« Reply #206 on: May 11, 2017, 11:44:37 am »
That would be most helpful, but I would only need one (share the love).

I am, roughly speaking, Boise, Idaho, USA, Earth, Sol, Milky Way, Universe A

Currently sitting in Florida, however, so that might be a tad cheaper.

If you have PayPal, I would happily reimburse for any costs incurred......

Email would look something like ke6iyc (at) mac (dot) com , but with the generally accepted punctuation and symbology, instead of the parenthetical words.

Thank you in advance!

Brian
KE6IYC
 

Offline ke6iyc

  • Contributor
  • Posts: 10
  • Country: us
Re: Agilent E7495 linux root account
« Reply #207 on: May 12, 2017, 03:36:45 pm »
Simple question,

Is the RS-232 cable for Telnet straight through, or null modem?

Thanks!
 

Offline kirill_ka

  • Regular Contributor
  • *
  • Posts: 247
  • Country: ru
Re: Agilent E7495 linux root account
« Reply #208 on: May 12, 2017, 03:56:12 pm »
Is the RS-232 cable for Telnet straight through, or null modem?
E7495 ports are normal "DTE" ports. So the cable should have TX to RX connections (null modem).
 

Offline kirill_ka

  • Regular Contributor
  • *
  • Posts: 247
  • Country: ru
Re: Agilent E7495 linux root account
« Reply #209 on: May 12, 2017, 04:13:00 pm »
An alternative, if you simply telnet into the box, you can run the following commands to patch the binary in place.  Once you're done, you should probably reboot the box to make sure it's running the modified binary.

The first line backs up the binary file, in case you screw something up, or need to revert back to the original.  The 2nd line does the actual patch.  Note that Linux is case sensitive, so copy it exactly as shown (i.e. capital S on egServer).
Code: [Select]
cp /flash/egServer/elgato /flash/egServer/elgato.bak
printf '\xde\x25\x85\xe2\x3f\x28\x82\xe2' | dd of=/flash/egServer/elgato bs=1 seek=1190016 count=8 conv=notrunc
I would hesitate to use that command unless I'm absolutely sure the binary is the right one.
There are few caveats:
1. Original binary should be the same version. Probably we'd post md5sums of original and patched files.
2. Writing to the executable which is running may fail.
3. There are number of "printf" versions you can find on the same system. Some of them may not support hex escape sequences. E.g. bash built-in printf, /bin/sh built-in printf, /usr/bin/printf.
 

Offline ke6iyc

  • Contributor
  • Posts: 10
  • Country: us
Re: Agilent E7495 linux root account
« Reply #210 on: May 12, 2017, 04:36:04 pm »
Thank you on the cable question.

As for the patching in place, has anyone ACTUALLY tried it?

I am out of state right now, and have a unit waiting for me at my hotel.  I would like to patch it (Would like to try out the Interference analyzer) before I return home, but not at the risk of bricking the unit.

Thanks a bunch to all!

Brian
 

Offline technogeeky

  • Frequent Contributor
  • **
  • Posts: 549
  • Country: us
  • Older New "New Player" Player Playa'
Re: Agilent E7495 linux root account
« Reply #211 on: May 12, 2017, 06:27:09 pm »
Thank you on the cable question.

As for the patching in place, has anyone ACTUALLY tried it?

I am out of state right now, and have a unit waiting for me at my hotel.  I would like to patch it (Would like to try out the Interference analyzer) before I return home, but not at the risk of bricking the unit.

Thanks a bunch to all!

Brian

Once you connect to the unit via telnet, the the first thing you'll want to do is make a copy of all of the files in /flash. The easiest way to do this, in my opinion, is to setup a FTP server on your computer and run an ftp client on the E7495a. The easiest way to modify the elgato binary is simply to do it on your host computer (using a tool that does hex editing -- there are plenty of these for windows, osx, linux). Then, you can use the FTP client to get the file back.

The other obvious way to make a backup is to simply dump things onto the CF card, insert into host computer, copy, and put it back in.

Destroying the elgato binary won't brick the unit, as far as I know. You'll still have telnet access. Plus, you can just 'cp elgato elgato.original'. There is enough space to have a few copies of the binary around.


 

Online PA0PBZ

  • Super Contributor
  • ***
  • Posts: 4514
  • Country: nl
Re: Agilent E7495 linux root account
« Reply #212 on: May 12, 2017, 06:33:33 pm »
you can just 'cp elgato elgato.original'. There is enough space to have a few copies of the binary around.

Yup, and a 'killall elgato' to make sure you are not trying to patch a running executable.
Keyboard error: Press F1 to continue.
 

Offline technogeeky

  • Frequent Contributor
  • **
  • Posts: 549
  • Country: us
  • Older New "New Player" Player Playa'
Re: Agilent E7495 linux root account
« Reply #213 on: May 12, 2017, 06:36:48 pm »
you can just 'cp elgato elgato.original'. There is enough space to have a few copies of the binary around.

Yup, and a 'killall elgato' to make sure you are not trying to patch a running executable.

For future reference, in Linux there is no risk of modifying a running executable. The entire process tree of the executable (e.g. elgato and anything it runs or calls) will only be able to reference the original file. I am about 99% sure this is the case, at least.
 

Online PA0PBZ

  • Super Contributor
  • ***
  • Posts: 4514
  • Country: nl
Re: Agilent E7495 linux root account
« Reply #214 on: May 12, 2017, 06:39:22 pm »
For future reference, in Linux there is no risk of modifying a running executable. The entire process tree of the executable (e.g. elgato and anything it runs or calls) will only be able to reference the original file. I am about 99% sure this is the case, at least.

I was thinking about copying back the patched file, that doesn't work when it's running, not sure about patching.
Keyboard error: Press F1 to continue.
 

Offline DogP

  • Contributor
  • Posts: 37
  • Country: us
Re: Agilent E7495 linux root account
« Reply #215 on: May 12, 2017, 07:28:27 pm »
Ah, yes... before posting, I ran the commands to make sure they worked, but not on the file actually running (since mine was already patched).  I just reverted mine to the original and tested it, and dd didn't like modifying the running file, so I updated the instructions to modify the copy of the file and then move the files.

I just tested it, and the new instructions do work.  All you have to do is simply telnet into the box, log in as root, and run the commands exactly as shown.  As pointed out, no matter how you patch the files, you need to make sure you're on the correct version.  I believe all of these patches are for 6.25.

There should be no reason that you'll brick your box though, since you should be able to simply telnet back in, and move the elgato.orig file back in place of the patched elgato binary.

Pat
 

Offline DogP

  • Contributor
  • Posts: 37
  • Country: us
Re: Agilent E7495 linux root account
« Reply #216 on: May 12, 2017, 07:46:27 pm »
Q: What kind of plastic is the screen protector, and how can I clean the adhesive gunk off of it?
BTW, did you rule out Polycarbonate?  That would have been my first guess, just from looks and feel, and because it's commonly used for these types of things.  It definitely had an anti-glare coating or something on it... mine was REALLY scratched up (and had a few large gouges), so I used some Novus on it, and it took care of a lot of the scratches, but of course also took off the coating.  It's really nice and shiny now though. ;)

Pat
 

Offline technogeeky

  • Frequent Contributor
  • **
  • Posts: 549
  • Country: us
  • Older New "New Player" Player Playa'
Re: Agilent E7495 linux root account
« Reply #217 on: May 12, 2017, 07:55:11 pm »
Q: What kind of plastic is the screen protector, and how can I clean the adhesive gunk off of it?
BTW, did you rule out Polycarbonate?  That would have been my first guess, just from looks and feel, and because it's commonly used for these types of things.  It definitely had an anti-glare coating or something on it... mine was REALLY scratched up (and had a few large gouges), so I used some Novus on it, and it took care of a lot of the scratches, but of course also took off the coating.  It's really nice and shiny now though. ;)

Pat

Pat: I can not rule out polycarbonate by the tests that I performed. PVF actually seems unlikely since I can't find it in sheets anywhere. Polycarbonate does seem more likely. It's hard to know, really. I don't remember a "phenol" smell when I burned it.

Nevertheless, since I agree it's far more likely to be polycarbonate, I'll switch the answer in the comment.
 

Offline usagi

  • Frequent Contributor
  • **
  • Posts: 366
  • Country: us
Re: Agilent E7495 linux root account
« Reply #218 on: May 12, 2017, 08:43:50 pm »
yes, far more likely its polycarbonate - the rigidity of the protector screams polycarbonate to me. also the fact acetone damaged it.

Offline ke6iyc

  • Contributor
  • Posts: 10
  • Country: us
Re: Agilent E7495 linux root account
« Reply #219 on: May 13, 2017, 12:09:34 am »
Good evening all!

OK, got the instrument in.

Two batteries, but I suspect one to be trashed (reading as 227% charged) other one is charging.

Also had a 64 MB PCMCIA Flash card in it (BIG bonus!).

Powered up no issue (once I figured out the operation of said power button).

Has all factory hardware options installed (per internal reporting) and there is only one software option I really want to enable (Interference ID).

Measured a good test cable, and it told me it was good.

Will do an update next (currently it has 5.00 on it....)

THEN on to the patches, and figuring out where to find an SMA GPS antenna locally.....

Thanks to all!

Brian
« Last Edit: May 13, 2017, 12:20:25 am by ke6iyc »
 

Offline ke6iyc

  • Contributor
  • Posts: 10
  • Country: us
Re: Agilent E7495 linux root account
« Reply #220 on: May 13, 2017, 01:09:41 am »
Update to 6.25 went smoothly, as described here.

Telnet will have to wait until tomorrow, as the computer I have with me (that has a hardware serial port) has decided not to acknowledge that telnet is, in fact, installed....

Thanks to all!

Brian
 

Offline technogeeky

  • Frequent Contributor
  • **
  • Posts: 549
  • Country: us
  • Older New "New Player" Player Playa'
Re: Agilent E7495 linux root account
« Reply #221 on: May 13, 2017, 02:01:33 am »
Update to 6.25 went smoothly, as described here.

Telnet will have to wait until tomorrow, as the computer I have with me (that has a hardware serial port) has decided not to acknowledge that telnet is, in fact, installed....

Thanks to all!

Brian

Use putty like all of us.
 

Offline ke6iyc

  • Contributor
  • Posts: 10
  • Country: us
Re: Agilent E7495 linux root account
« Reply #222 on: May 14, 2017, 02:15:12 pm »
Quote from DogP on Dec. 8 2016:

"I spent a bit of time looking at this again, trying to get some remote access/control working.  As noted earlier, the E7495 has a webpage, but doesn't accept the normal login.  I noticed a similar non-working login on port 5025.  Using netstat, I saw that elgato was listening on those ports.  When looking in the /flash/egServer directory, I noticed a passwd file.  It looked different than the standard *nix passwd file, but appeared to have a hashed root password in it (RzSdSbSdye).

Rather than trying to crack the password, I decided to try simply renaming the passwd file and rebooting.  Surprisingly, it didn't recreate it, and now simply accepts any login! (on both the webpage and port 5025)."

In playing around, I did as advised above, and renamed the passwd file, then rebooted.

I had PuTTY running on Serial port 2 during the reboot, and the last thing it spat out was:
"Note: No passwd file found. Adding user 'root' with password 'changeme'"

Not overly useful info, but something...

Brian
 

Offline DogP

  • Contributor
  • Posts: 37
  • Country: us
Re: Agilent E7495 linux root account
« Reply #223 on: May 14, 2017, 04:19:31 pm »
Adding user 'root' with password 'changeme'"
I had come across "changeme" as well, but didn't see where it was used.  It didn't work as the original password, and once I got rid of the password file, it took any login (didn't require root/changeme).  Have you found where it's actually used?

Pat
 

Offline ke6iyc

  • Contributor
  • Posts: 10
  • Country: us
Re: Agilent E7495 linux root account
« Reply #224 on: May 14, 2017, 05:10:02 pm »
No, thus the limited usefulness of the result....

Brian
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf