Products > Test Equipment
Siglent .ads firmware file format
ewaller:
--- Quote from: rf-loop on December 06, 2018, 09:49:47 am ---There is normal telnet port 23 open.
For access to system you need know user and password.
You can try bruteforce these using telnet connection and loose your rest limited life time or scope limited life time. Which one is first reached. But if you are lucky of course randonmly it may open this worm can tomorrow... who knows.
--- End quote ---
All true and fully understood.
--- Quote ---But there is other way... I will recommend you now take some time for carefully read this forum and you soon hit how all works (tip, first you need change other OSV in scope (and after then "close door" changing original genuine OSV with unknown usr/pw back to scope) = "RTFM" (what is scattered around inside the forum.)
--- End quote ---
And, I have read the fine manual -- fully -- and I do understand it. But, if one uploads an OS with a modified /etc/shadow file, then I do know the password -- and so do a lot of other people. Granted, a lot of other people who have no access to my instrument. I would prefer to find a transient solution the leaves the instrument with official firmware that vanishes with the next reboot. That seems to be that tv84 had been suggesting.
--- Quote ---There is also other ports open for use SCPI commands.
https://www.siglentamerica.com/application-note/verification-lan-connection-using-telnet/
--- End quote ---
Which is another vector I would consider. It sounds like the SCPI which permits one to execute shell command lines does so as root. That should provide the necessary privilege escalation to punch a temporary hole.
tv84:
--- Quote from: ewaller on December 06, 2018, 03:17:53 pm ---I am not overly concerned about security for my instrument.
...
so I would have to trust you as to what they do.
--- End quote ---
Contradiction? You are not obliged to trust me. You must weight the pros and cons of what the script allegedly allows you to do - open a transient port with root access, versus not being able to audit the script and continue without access.
Of course, i'm not a TPM so you decide who/what to trust.
If you don't feel comfortable, put it aside and move on.
ewaller:
--- Quote from: tv84 on December 06, 2018, 10:43:31 am ---You cannot change the pwd since the FS is RO. To change the pwd you need to patch the FS and flash it again. That's what janekivi usually creates for forum members.
--- End quote ---
I understand that the cramfs is read only and is stored in flash. Often in systems like this, the file system is shadowed in RAM allowing files to be created and changed in RAM; these files exist in their modified state until the instrument starts the next time and the cramfs is once again copied from non-volatile memory to RAM. Note that I am not asserting that this is how it is implemented, but it is how I might have expected to be implemented. If my expectation is correct (could be a long shot :) ), then it would be possible to change the root password for the duration of the session; reverting to stock after the next restart.
As some background, I am one who does not tend to follow step-by-step instructions where the goal is to merely install as a means to an end. My goal (and motivation) is to fully understand each step in the process and to consider the best solution. "Best" is defined by me and is subject to change as I learn; it can be swayed by good arguments too ;)
ewaller:
--- Quote from: tv84 on December 06, 2018, 03:42:32 pm ---
Contradiction? You are not obliged to trust me. You must weight the pros and cons of what the script allegedly allows you to do
--- End quote ---
Absolutely a contradiction. Anyone who runs a random script from the Internet without considering and mitigating the risks is a fool. I fully appreciate, and admire your efforts and have absolutely no reason to not trust you or your contributions. OTOH, well, it is the Internet.
--- Quote ---open a transient port with root access, versus not being able to audit the script and continue without access.
--- End quote ---
That really is not the choice. It does answer my question though, thanks. It was unclear whether this was a transient port, or whether the ads script installed something permanent. Correct me if I am wrong, but these scripts instantiate a port at 10101 that stays open until the next restart, and that after restart, the instrument has stock firmware, unchanged by the script.
--- Quote ---Of course, i'm not a TPM so you decide who/what to trust.
If you don't feel comfortable, put it aside and move on.
--- End quote ---
I am feeling out my comfort level. And I do trust you. But I do intend to understand what will happen to my instrument. At this point, I believe yours to be the "Best" solution in that it seems to not do anything permanent.
tv84:
--- Quote from: ewaller on December 06, 2018, 03:55:52 pm ---Correct me if I am wrong, but these scripts instantiate a port at 10101 that stays open until the next restart, and that after restart, the instrument has stock firmware, unchanged by the script.
--- End quote ---
I could answer yes but, since I'm not a TPM, you would have to trust me... Do you?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version