PDA

View Full Version : Enabling backdoors on S2

rpl
08-09-2003, 02:43 PM
Everything that I been reading indicates that this is automatically done when you have eth0. For some reason I do not have backdoors enabled but do have network capablity. I can telenet and ftp as well as use tivoweb. Its not a big deal but I would like to see the backdoors enabled also. Here is my hackinit. Should I be doing something different?
Thanks

#!/bin/bash
date>>/var/hack/hackinit.log
echo "Starting Hackinit... " > /dev/ttyS2
PATH=/var/hack/bin:/sbin:/bin:/tivobin:/tvbin:.
TIVO_ROOT=
MFS_DEVICE=/dev/hda10
IGNOREEOF=1000
TERM=xterm
PS1="[\\w]\\\$ "
export PATH TIVO_ROOT MFS_DEVICE IGNOREEOF TERM PS1

mount -o remount,rw /

# replace rc.sysinit with modified copy
rm -rf /etc/rc.d/rc.sysinit
cp /var/hack/rc.sysinit /etc/rc.d/rc.sysinit

echo "Starting Bash... " > /dev/ttyS2
/bin/bash</dev/ttyS2&>/dev/ttyS2&

insmod /diag/usbcore.o
insmod /diag/usb-ohci.o
sleep 15
insmod /diag/pegasus.o
sleep 15
#ifconfig eth0 up
ifconfig eth0 192.168.0.40 broadcast 192.168.0.255 netmask 255.255.255.0
# route add default gw 192.168.0.1 netmask 255.255.255.0 metric 1
tnlited 23 /bin/bash -login &
tivoftpd
/var/hack/tivoweb-tcl/tivoweb console
TheWickedPriest
08-09-2003, 05:26 PM
It's not truly having eth0 up that enables backdoors, but rather what rc.sysinit does when it sees that eth0 is up. In the original 3.1.0 version, on my system, that was this:

if checkEther ; then
PATH=/bin:/sbin:/tvbin:/devbin
export PATH
echo "Starting network ..."
configGateway

export TMK_DEBUGGER=sleep
export DEBUG_BOARD=true
echo "Starting Telnet Listener..."
if [ -x /bin/bash ] ; then
tnlited 23 -r 9911 /bin/bash -login &
else
export TIVOSH_POOLSIZE=800000
tnlited 23 -r 9911 /tvbin/tivosh -login &
fi

echo "Starting /proc Listener..."
procd
fi

I took all that out in my hacked version of rc.sysinit, so initially I didn't have backdoors enabled, even though eth0 was up. I put just the lines "export DEBUG_BOARD=true" and "export TMK_DEBUGGER=sleep" back in (without the test), and I had backdoors on the next boot. These lines assign environment variables that tivoapp must check on startup. I suspect that only DEBUG_BOARD is required to enable backdoors, but I'm afraid to test that; I don't know what TMK_DEBUGGER would do if it weren't sleeping. ;-)
rpl
08-10-2003, 12:21 AM
Thanks TWP. I didn't change any of these lines in the rc.sysinit file. But you got me thinking that maybe I had eth0 started to late. So I commented out the two sleep commands I had in my hackinit file and backdoors came on. I had the delays so that noPPV hack wouldn't start until after the aquire sat was completed. I just added a 2 minute delay before that hack is called.

Thanks again.