|
これまでは標準ファームで起動、
ログインして、ftp で旧型 LS-GL に put していたけれど、
今回は、ちょっと違うやり方をしてみる。
yasunari@ude:~$ tail -f /var/log/messages : : Mar 23 04:25:32 ude kernel: usb 2-1: new high speed USB device using ehci_platform and address 2 Mar 23 04:25:32 ude kernel: usb 2-1: configuration #1 chosen from 1 choice Mar 23 04:25:32 ude kernel: scsi2 : SCSI emulation for USB Mass Storage devices Mar 23 04:25:38 ude kernel: Vendor: ST310212 Model: 8CA3 Rev: Mar 23 04:25:38 ude kernel: Type: Direct-Access ANSI SCSI revision: 02 Mar 23 04:25:38 ude kernel: SCSI device sdb: 20005650 512-byte hdwr sectors (10243 MB) Mar 23 04:25:38 ude kernel: sdb: Write Protect is off Mar 23 04:25:38 ude kernel: SCSI device sdb: 20005650 512-byte hdwr sectors (10243 MB) Mar 23 04:25:38 ude kernel: sdb: Write Protect is off Mar 23 04:25:38 ude kernel: sdb: sdb1 sdb2 sdb4 < sdb5 sdb6 > Mar 23 04:25:38 ude kernel: sd 2:0:0:0: Attached scsi disk sdb Mar 23 04:25:38 ude kernel: sd 2:0:0:0: Attached scsi generic sg1 type 0正常に、sdb と認識された。
yasunari@ude:~$ su - root Password: ude:~# mkdir /tmp/boot ude:~# mount /dev/sdb1 /tmp/boot ude:~# ls /tmp/boot conf_save.tgz initrd.buffalo.orig patch.buffalo.zip uImage.buffalo.orig hack initrd.gz u-boot.buffalo uImage.buffalo_2.6.12.6 initrd.buffalo log.tgz uImage.buffalo ude:~#
ude:~# cd /tmp/boot ude:/tmp/boot# ls /srv/tftp/ HS-DHGL_1.20 LS-GL_1.15 LS-XHL_1.02 initrd.buffalo LS-CL+HackKit LS-QL_1.05+telnet LS-XHL_1.02+telnet uImage.buffalo ude:/tmp/boot# mkdir /srv/tftp/LS-LGL_2.01 ude:/tmp/boot# tar cf - initrd.buffalo uImage.buffalo |(cd !$; tar xvf -) tar cf - initrd.buffalo uImage.buffalo |(cd /srv/tftp/LS-LGL_2.01; tar xvf -) initrd.buffalo uImage.buffalo tar: uImage.buffalo: time stamp 2015-01-10 16:24:14 is 183091989.12313 s in the future ude:/tmp/boot#
ude:/tmp/boot# cd / ude:/# umount /tmp/boot ude:/#USB ケーブルを抜く。
ude:/# cd /srv/tftp/ ude:/srv/tftp# ls -l total 6604 drwxr-s--- 2 yasunari root 48 Mar 22 10:12 HS-DHGL_1.20 drwxrwxr-x 2 root root 48 Jan 24 09:31 LS-CL+HackKit drwxrwxr-x 2 yasunari root 48 Mar 20 14:32 LS-GL_1.15 drwxr-sr-x 2 root root 48 Mar 23 13:31 LS-LGL_2.01 drwxrwxr-x 2 root root 48 Feb 20 12:00 LS-QL_1.05+telnet drwxrwxr-x 2 root root 48 Jan 24 18:00 LS-XHL_1.02 drwxrwxr-x 2 root root 64 Jan 24 22:17 LS-XHL_1.02+telnet -rw-rw-r-- 2 yasunari root 4926390 Mar 22 10:12 initrd.buffalo -rw-rw-r-- 2 yasunari root 1834900 Mar 22 10:12 uImage.buffalo ude:/srv/tftp# ls -l LS-LGL_2.01/ total 2712 -rw-r--r-- 1 root root 1490384 Sep 9 2008 initrd.buffalo -rw-r--r-- 1 root root 1284160 Jan 10 2015 uImage.buffalo ude:/srv/tftp#特に問題なく読めそうだ。
ude:/srv/tftp# rm initrd.buffalo uImage.buffalo ude:/srv/tftp#/srv/tftp/LS-LGL_2.01 に置いたので、/srv/tftp にリンクを貼る。
ude:/srv/tftp# ln LS-LGL_2.01/* . ude:/srv/tftp# ls -l total 2712 drwxr-s--- 2 yasunari root 48 Mar 22 10:12 HS-DHGL_1.20 drwxrwxr-x 2 root root 48 Jan 24 09:31 LS-CL+HackKit drwxrwxr-x 2 yasunari root 48 Mar 20 14:32 LS-GL_1.15 drwxr-sr-x 2 root root 48 Mar 23 13:31 LS-LGL_2.01 drwxrwxr-x 2 root root 48 Feb 20 12:00 LS-QL_1.05+telnet drwxrwxr-x 2 root root 48 Jan 24 18:00 LS-XHL_1.02 drwxrwxr-x 2 root root 64 Jan 24 22:17 LS-XHL_1.02+telnet -rw-r--r-- 2 root root 1490384 Sep 9 2008 initrd.buffalo -rw-r--r-- 2 root root 1284160 Jan 10 2015 uImage.buffalo ude:/srv/tftp#
ude:/srv/tftp# tail -f /var/log/messages : : Mar 23 13:37:25 ude kernel: usb 2-1: new high speed USB device using ehci_platform and address 3 Mar 23 13:37:25 ude kernel: usb 2-1: configuration #1 chosen from 1 choice Mar 23 13:37:25 ude kernel: scsi3 : SCSI emulation for USB Mass Storage devices Mar 23 13:37:30 ude kernel: Vendor: Maxtor 6 Model: ANLE Rev: 1HW0 Mar 23 13:37:30 ude kernel: Type: Direct-Access ANSI SCSI revision: 02 Mar 23 13:37:30 ude kernel: SCSI device sdb: 320173056 512-byte hdwr sectors (163929 MB) Mar 23 13:37:30 ude kernel: sdb: Write Protect is off Mar 23 13:37:30 ude kernel: SCSI device sdb: 320173056 512-byte hdwr sectors (163929 MB) Mar 23 13:37:30 ude kernel: sdb: Write Protect is off Mar 23 13:37:30 ude kernel: sdb: sdb1 sdb2 sdb4 < sdb5 sdb6 > Mar 23 13:37:30 ude kernel: sd 3:0:0:0: Attached scsi disk sdb Mar 23 13:37:30 ude kernel: sd 3:0:0:0: Attached scsi generic sg1 type 0
ude:/srv/tftp# fdisk /dev/sdb WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util fdisk doesn't support GPT. Use GNU Parted. The number of cylinders for this disk is set to 19929. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with: 1) software that runs at boot time (e.g., old versions of LILO) 2) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) Command (m for help): p Disk /dev/sdb: 163.9 GB, 163928604672 bytes 255 heads, 63 sectors/track, 19929 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk identifier: 0x00000000 Device Boot Start End Blocks Id System /dev/sdb1 1 25 200781 83 Linux /dev/sdb2 26 87 498015 83 Linux /dev/sdb4 88 19929 159380865 5 Extended /dev/sdb5 88 104 136521 82 Linux swap / Solaris /dev/sdb6 105 19929 159244281 83 Linux Command (m for help): d Partition number (1-6): 4 Command (m for help): d Partition number (1-4): 2 Command (m for help): d Selected partition 1 Command (m for help): p Disk /dev/sdb: 163.9 GB, 163928604672 bytes 255 heads, 63 sectors/track, 19929 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk identifier: 0x00000000 Device Boot Start End Blocks Id System Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks. ude:/srv/tftp#
bootstrap 02.09 **Small NAS Series** ** LOADER ** ** Buffalo BOARD: MVISAH -xx Hassi Board LE ** U-boot Version 1.02L-1.00 ** Build Date Jun 11 2007-11:39:48 U-Boot 1.1.4 (Jun 11 2007 - 11:39:53) Marvell version: 2.2.4-TINY-NQ U-Boot code: 00200000 -> 0023EE00 BSS: -> 0024A420 Soc: 88F6082 A1 (DDR1) CPU running @ 333Mhz SysClock = 166Mhz , TClock = 133Mhz DRAM CS[0] base 0x00000000 size 8MB DRAM CS[1] base 0x01000000 size 8MB DRAM Total size 16MB [256kB@f8100000] Flash: 256 kB Addresses 4M - 0M are saved for the U-Boot usage. Mem malloc Initialization (4M - 3M): Done CPU : ARM926 (Rev 0) misc_init_r_env u-boot stop condition :MagicKey =(67, 24, 58, 2, 92, 113, 0) misc_init_r_env > fHddBootWaitEnabled Please Press HDD power button to continue ...電源ボタンを押す
USB 0: device mode
DDR SDRAM Pads Driving Nch (Manu) = c
DDR SDRAM Pads Driving Pch (Manu) = c
DDR SDRAM Drive Strength 0-3 = 3
DDR SDRAM Pads Driving Nch (Auto) = c
DDR SDRAM Pads Driving Pch (Auto) = c
Using 88E1112 phy
Marvell Serial ATA Adapter
Integrated Sata device found
Device 0: OK
Model: Maxtor 6Y160M0 Firm: YAR51HW0 Ser#: Y48CANLE
Type: Hard Disk
Supports 48-bit addressing
Capacity: 156334.5 MB = 152.6 GB (320173056 x 512)
Net: egiga0 [PRIME], egiga1
hit any key to switch tftp boot.
Hit any key to stop autoboot: 0
Hit any key to stop autoboot: 0
** Bad partition 1 **
** Bad partition 1 **
## Booting image at 01200000 ...
Bad Magic Number
bootm fail.
Using egiga0 device
TFTP from server 192.168.2.39; our IP address is 192.168.2.41
Filename 'uImage.buffalo'.
Load address: 0x1200000
Loading: #################################################################
#################################################################
#################################################################
########################################################
done
Bytes transferred = 1284160 (139840 hex)
Using egiga0 device
TFTP from server 192.168.2.39; our IP address is 192.168.2.41
Filename 'initrd.buffalo'.
Load address: 0x13fffc0
Loading: #################################################################
#################################################################
#################################################################
#################################################################
################################
done
Bytes transferred = 1490384 (16bdd0 hex)
## Booting image at 01200000 ...
Image Name: Linux-2.6.12.6-arm1
Created: 2008-09-09 5:52:00 UTC
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 1284096 Bytes = 1.2 MB
Load Address: 00008000
Entry Point: 00008000
Verifying Checksum ... OK
OK
## Loading Ramdisk Image at 013fffc0 ...
Image Name: initrd
Created: 2008-09-09 5:52:14 UTC
Image Type: ARM Linux RAMDisk Image (gzip compressed)
Data Size: 1490320 Bytes = 1.4 MB
Load Address: 00000000
Entry Point: 00000000
Verifying Checksum ... OK
Starting kernel ...
CONFIG_BUFFALO_PLATFORM CONFIG_BUFFALO_LINKSTATION_LSLGL ---
Uncompressing Linux.................................................................................... decompress done, booting the kernel.
Linux version 2.6.12.6-arm1 (root@build.dd-hot24.nas.buffalo.local) (gcc version 3.4.4 (release) (CodeSourcery ARM 2005q3-2)) #26 Tue Sep 9 14:51:53 JST 2008
CPU: ARM926EJ-Sid(wb) [41069260] revision 0 (ARMv5TEJ)
CPU0: D VIVT write-back cache
CPU0: I cache: 16384 bytes, associativity 1, 32 byte lines, 512 sets
CPU0: D cache: 16384 bytes, associativity 1, 32 byte lines, 512 sets
Machine: Feroceon
Using UBoot passing parameters structure
Sys Clk = 166666667, Tclk = 133333333
Memory policy: ECC disabled, Data cache writeback
Built 1 zonelists
Kernel command line: console=ttyS0,115200 root=/dev/sda2 rw initrd=0x01400000,4M panic=5 BOOTVER=1.02L tftpmode=yes
PID hash table entries: 128 (order: 7, 2048 bytes)
Console: colour dummy device 80x30
Dentry cache hash table entries: 4096 (order: 2, 16384 bytes)
Inode-cache hash table entries: 2048 (order: 1, 8192 bytes)
Memory: 8MB 8MB 0MB 0MB = 16MB total
Memory: 9416KB available (2186K code, 361K data, 96K init)
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
checking if image is initramfs...it isn't (no cpio magic); looks like an initrd
Freeing initrd memory: 4096K
NET: Registered protocol family 16
CPU Interface
-------------
SDRAM_CS0 ....base 00000000, size 16MB
SDRAM_CS1 ....base 01000000, size 16MB
PEX0_MEM ....base e0000000, size 128MB
PEX0_IO ....base f2000000, size 1MB
INTER_REGS ....base f1000000, size 1MB
NFLASH_CS ....base f9000000, size 2MB
MFLASH_CS ....base f8100000, size 256KB
SPI_CS ....base fa000000, size 8MB
BOOT_ROM_CS ....base fc000000, size 1MB
DEV_BOOTCS ....base fc000000, size 1MB
CRYPT_ENG ....base f0000000, size 64KB
mv_mtd_initialize Error : Unknown board
Marvell Development Board (LSP Version 2.1.10_TG)-- RD-88F6082-DAS-PLUS Soc: MV88F6082 Rev 1
Detected Tclk 133333333 and SysClk 166666667
Marvell USB EHCI Gadget controller #0: c02efb00
mvPexBarSet: ERR. Target 2 window invalid
mvPexInit: ERR. mvPexBarSet 2 failed
pci_init:Error calling mvPciIfInit for pciIf 0
IO Request resource failed - Pci If 0
PCI: bus0: Fast back to back transfers enabled
SCSI subsystem initialized
Fast Floating Point Emulator V0.9 (c) Peter Teichmann.
inotify device minor=63
SGI XFS with no debug enabled
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing disabled
ttyS0 at MMIO 0x0 (irq = 3) is a 16550A
io scheduler noop registered
RAMDISK driver initialized: 3 RAM disks of 5120K size 1024 blocksize
loop: loaded (max 8 devices)
Marvell Gigabit Ethernet Driver 'egiga':
o Ethernet descriptors in DRAM
o DRAM SW cache-coherency
o Checksum offload enabled
o Marvell ethtool proc enabled
o Rx desc: 64
o Tx desc: 128
o Loading network interface 'eth0' 'eth1'
Intergrated Sata device found
scsi0 : Marvell SCSI to SATA adapter
Vendor: Maxtor Model: 6Y160M0 Rev: YAR5
Type: Direct-Access ANSI SCSI revision: 03
SCSI device sda: 320173056 512-byte hdwr sectors (163929 MB)
SCSI device sda: drive cache: write back
SCSI device sda: 320173056 512-byte hdwr sectors (163929 MB)
SCSI device sda: drive cache: write back
sda:
Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
Attached scsi generic sg0 at scsi0, channel 0, id 0, lun 0, type 0
physmap flash device: 40000 at f8100000
Marvell Flash Detected @ 0xf8100000, 256KB Main region (64sec x 4KB), 2KB Information region
mice: PS/2 mouse device common for all mice
mvGppValueSet: Err. An attempt to set output value to GPP 3 in input mode.
Buffalo Platform Linux Driver(Light) (C) BUFFALO INC. Ver.0.01 installed.
Kernel message queue controll (C) BUFFALO INC. Ver.1.00 installed.
Kernel event for procfs (C) BUFFALO INC. Ver.1.00 installed.
Buffalo CPU Inerupts Driver (C) BUFFALO INC. Ver.0.01 alpha1 installed.
NET: Registered protocol family 2
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP established hash table entries: 1024 (order: 1, 8192 bytes)
TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
TCP: Hash tables configured (established 1024 bind 1024)
NET: Registered protocol family 1
NET: Registered protocol family 17
RAMDISK: Compressed image found at block 0
EXT2-fs warning: checktime reached, running e2fsck is recommended
VFS: Mounted root (ext2 filesystem).
---- in linuxrc ---
===== Starting CheckDevices =====
===== Checking RTC...[Success]
[Finished]
linuxrc:choose operation (timeout 4[s])
1:RamRoot other:HddRoot ? -HddRoot-
mount: you must specify the filesystem type
mount: you must specify the filesystem type
checking local disk....
fsck 1.38 (30-Jun-2005)
fsck.ext2: while trying to open /dev/disk1_1
Possibly non-existent or swap device?
fsck.ext2:
fsck 1.38 (30-Jun-2005)
fsck.ext2: while trying to open /dev/disk1_2
Possibly non-existent or swap device?
fsck.ext2:
done
-- linuxrc finished. --
Freeing init memory: 96K
init started: BusyBox v1.2.2 (2006.12.26-08:28+0000) multi-call binary
Starting pid 226, console /dev/ttyS0: '/etc/init.d/rcS'
--- rcStart (initrd) ---
===== Starting MountSystemFolders =====
[Success]
===== Starting checkroot.sh =====
chmod: /home: No such file or directory
rm: /var/lock/perfmon: is a directory
rm: /var/lock/printing: is a directory
rm: /var/lock/subsys: is a directory
swapon: /dev/disk1_5: No such device or address
create dir : /home
create dir : /var/www
[Success]
===== Starting create_devlink.sh =====
[Success]
===== Starting fwupdate.sh =====
umount: /boot: not mounted
mount: you must specify the filesystem type
[Failed ]
===== Starting kernelmon.sh =====
[Success]
===== Starting EnablingAutoip.sh =====
[Success]
===== Starting sethostname.sh =====
configure files from Buffalo parameters.
[Success]
===== Starting restore_config.sh =====
mount: you must specify the filesystem type
Update configuration files
** fail. not found initfile.tar.gz
[Success]
===== Starting networking.sh =====
create network files..
IP=[dhcp], netmask=[], dgw=[], dns1=[], dns2=[]
killall: dhcpcd: no process killed
route: SIOC[ADD|DEL]RT: No such process
Configuration network interface: lo eth0
requesting DHCP tout=30[s]
networking.sh: dhcp requesting...
DontDownIface
alwaysFork
eth0: link down
eth0: link up<5>, full duplex<5>, speed 100 Mbps<5>
sendto: count 6 sync 1
sendto: count 5 sync 0
sendto: count 6 sync 0
`/var/tmp/dhcpcstate' exists
dhcpcd.exe: interface eth0 has been configured with new IP=192.168.2.41 GATEWAY=192.168.2.1
: already running
** networking.sh dhcp fin.
configure files from Buffalo parameters.
[Success]
===== Starting clientUtil_servd.sh =====
Starting clientUtil_server:starting on eth0
[Success]
===== Starting bootcomplete.sh =====
[Success]
Starting pid 757, console /dev/ttyS0: '/sbin/getty'
BUFFALO INC. LinkStation series LS-LGL(SUIZEI)
LS-LGL-EMFF7 login:
'09/5/5 追記
LS-LGL ファームウェア 2.01 には
セキュリティホールが存在します。
|
|
← まっさらにする |
ハックの記録 LinkStation/玄箱 をハックしよう |
→ まっさらにする |
