After we found the TX pin in previous blog post and can have a look at the console messages, we can continue to look for the RX pin.
The RX pin is still unknown, but we couldn’t test for it, as serial logins are prohibited on the Home Base.
Luckily the Home Base firmware files are released under GPL, this allows me to have a peek around in the code and look for the protection.
After that I could compile a custom firmware without the protection. Compiling of the firmware is beyond the subject of this blog post, but it’s not that complicated if you follow Belkin’s guidelines.
Please note that flashing custom firmware’s can wreck your device! I am pretty confident of doing this, I have done it several times in the past with other devices. Another reason which makes me just do it, is that I have serial console access. So, there must be some way to unbrick this device.
After looking around in the firmware structure I found a startup file (in preinstall/etc/rc.d/rc.S) with the following content:
# serial login DEBUGMODE=`sxromconf -c GET_DEBUG` if [ "${DEBUGMODE}" = "on" ]; then /sbin/getty -L ttyS0 115200 vt100 & else echo "Serial login always is disabled by DEBUGMODE setting!" fi
Aha! Now that looks familiar, it’s the code preventing us to login to the console.
I changed the code to the following:
/sbin/getty -L ttyS0 115200 vt100 &
After that I compiled the new firmware, and restarted the device. Does it work?
Success! Now we can continue to find the RX pin, just connect a test wire to the USB-BUB TX pin and randomly test the pins. After a few attempts I found out that pin 3 is the RX pin.
Now let’s try to login, and check our privileges:
Belkin Home Base root privileges
So there you have it! Full root access on the Belkin Home Base. Time to celebrate, cheers!
Hmmm, they’re not making this very difficult. No root password?
Cheers! The beer was well deserved.
Cheers!
I would have expected something essential missing from the firmware files 😉
This is just what I’ve been looking for!
Could you pls compile another firmware with telnetd started in rc.S?
Please.. Please..
I would be very gratefull!
@Andy: http://forum.nas-central.org/viewtopic.php?f=26&t=2809
Anyone created and useful custom firmware yet, and willing to share it?
In particular, I’d be really interested in something that replaces the supplied uShare media server with miniDLNA …
uShare seems to have major problems with large media archives since it holds all the metadata in memory and hits the heap limit.
Hi,
I have one of these. Why would I want to get root access? What could you do with this box given it’s limited CPU power?
DJ