Products > Test Equipment
Trying to hack the DSOX1204(A/G) firmware
stafil:
Another possible way is to go in through SCPI.
Either using the "syst:prod:sscr", which I believe sets bootup parameters, and change it to boot into "single user" mode
Or using the command that calls "setSystProdRunProcess". It's not "syst:prod:run:process" however, so probably we have to do a bit of decoding of their SCPI command tree to find which SCPI command it is.
Also there is this "deb:command" command, that expects xml. Not sure the exact format though.
Edit: I believe that the scpi command that will invoke the "setSystProdRunProcess" is ":syst:prod:rpr"
Edit2: Found something interesting in the symbols:
0x00807b58 .dword 0x00808020 ; str.500MHz_Bandwidth
0x00807b5c .dword 0x00808034 ; str.BW50
Capable of 500Mhz maybe?!?
thomasb9511:
1. If you can change the root password, can you login as root?
2. What are the file permissions on `usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem` and the folder it is in?
stafil:
--- Quote from: thomasb9511 on April 17, 2020, 01:42:47 am ---1. If you can change the root password, can you login as root?
2. What are the file permissions on `usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem` and the folder it is in?
--- End quote ---
1.
I cannot find a way to even get to a login prompt (telnet, ssh, etc..)
2.
# ls -ld usr/share/ca-certificates/keysight/
drwxr-xr-x 2 root root 4096 Nov 12 19:31 usr/share/ca-certificates/keysight/
# ls -l usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem
-rw-r--r-- 1 root root 272 Nov 12 19:31 usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem
thomasb9511:
--- Quote from: stafil on April 17, 2020, 02:12:31 am ---1.
I cannot find a way to even get to a login prompt (telnet, ssh, etc..)
2.
# ls -ld usr/share/ca-certificates/keysight/
drwxr-xr-x 2 root root 4096 Nov 12 19:31 usr/share/ca-certificates/keysight/
# ls -l usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem
-rw-r--r-- 1 root root 272 Nov 12 19:31 usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem
--- End quote ---
1. Wonder if the binaries even exist. How are you running these commands?
2. can you do whoami?
I wonder what perms the running user have in terms of launching processes in bin/.
thomasb9511:
Maybe you could run sshd(if it exists) as the running user - https://serverfault.com/questions/344295/is-it-possible-to-run-sshd-as-a-normal-user
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version