Products > Test Equipment

Trying to hack the DSOX1204(A/G) firmware

<< < (4/10) > >>

stafil:
Another possible way is to go in through SCPI.

Either using the "syst:prod:sscr", which I believe sets bootup parameters, and change it to boot into "single user" mode

Or using the command that calls "setSystProdRunProcess". It's not "syst:prod:run:process" however, so probably we have to do a bit of decoding of their SCPI command tree to find which SCPI command it is.

Also there is this "deb:command" command, that expects xml. Not sure the exact format though.

Edit: I believe that the scpi command that will invoke the "setSystProdRunProcess" is ":syst:prod:rpr"

Edit2: Found something interesting in the symbols:

0x00807b58      .dword 0x00808020 ; str.500MHz_Bandwidth
0x00807b5c      .dword 0x00808034 ; str.BW50


Capable of 500Mhz maybe?!?

thomasb9511:
1. If you can change the root password, can you login as root?
2. What are the file permissions on `usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem` and the folder it is in?

stafil:

--- Quote from: thomasb9511 on April 17, 2020, 01:42:47 am ---1. If you can change the root password, can you login as root?
2. What are the file permissions on `usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem` and the folder it is in?

--- End quote ---

1.
I cannot find a way to even get to a login prompt (telnet, ssh, etc..)

2.
# ls -ld usr/share/ca-certificates/keysight/
drwxr-xr-x 2 root root 4096 Nov 12 19:31 usr/share/ca-certificates/keysight/

# ls -l usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem
-rw-r--r-- 1 root root 272 Nov 12 19:31 usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem

thomasb9511:

--- Quote from: stafil on April 17, 2020, 02:12:31 am ---1.
I cannot find a way to even get to a login prompt (telnet, ssh, etc..)

2.
# ls -ld usr/share/ca-certificates/keysight/
drwxr-xr-x 2 root root 4096 Nov 12 19:31 usr/share/ca-certificates/keysight/

# ls -l usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem
-rw-r--r-- 1 root root 272 Nov 12 19:31 usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem

--- End quote ---

1. Wonder if the binaries even exist. How are you running these commands?
2. can you do whoami?

I wonder what perms the running user have in terms of launching processes in bin/.

thomasb9511:
Maybe you could run sshd(if it exists) as the running user - https://serverfault.com/questions/344295/is-it-possible-to-run-sshd-as-a-normal-user

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod