[HOWTO] Get root access to your Lightningasic controller.

[maardein]

Ok, I will post this here, since I think people could benefit from it. I'll have to give most of the credits to Girhes, since he told me about the failsafe mode of openWRT, and assisted me while trying to gain access (he did not have a controller himself yet).

Please note that this is at YOUR OWN RISK, you could brick your device when you have root access to the controller. Please do NOT install any programs when you have root access, unless you really know what you are doing. There is almost no room left on the device, so installing a program could brick your device.

1 - Start the controller in failsafe mode:

There are different HW versions of the TL-WR703N - on version 1.6 you have to power on the controller, wait until the led starts flashing twice a second (it takes about 4 seconds to get there), then push the reset button immediately. When the led starts to flash much faster your device is in failsafe mode. All other HW versions: power on the controller, wait 10-12 seconds until the led starts flashing, then immediately push the reset button for 1-2 seconds. Again, if the led will start blinking rapidly you are in failsafe mode.

The versioin of your device is stated on the back of the device, underneath the barcode.

2 - Telnet into the device:

On windows go to start, type 'cmd' in the search bar, and start 'cmd.exe'. In the command window you get afterwards, type 'telnet 192.168.1.1'. Make sure you use the correct IP, my device used 192.168.1.1 in failsafe mode.

There is no user/pass required in failsafe mode.

3 - Switch to the live partition:

Type 'mount_root'

Warning! You are in the live partition now, with root permissions. You could seriously fuck thing up now!

4 - Change the root password:

Type 'passwd', and enter the password you would like (twice).

5 - Enable SSH:

Type 'vim /etc/config/dropbear', this will open the SSH config file in the vim text editor. You need to change "option enable" to "on".

You can start editing the file by hitting the 'i' key. You can now insert/delete characters. After you are finished editing hit the 'esc' key to stop editing. Now hit the ':' key, and type 'wq'. This will write the file, and quit the editor. If you made mistakes while editing, and just want to quit (without writing the file), type 'q' instead of 'wq'.

6 - Reboot the device:

Just unplug the usb power, and plug it in again.

7 - Have fun!

You can now SSH into the device while it is running in normal mode. (user: root, password whatever you entered in step 4). Just be carefull not to mess things up. If you are not at least a little familiar with linux, please be very carefull.

[1714110828]

1714110828

[1714110828]

1714110828

[1714110828]

1714110828

[1714110828]

1714110828

[1714110828]

1714110828

[1714110828]

1714110828

[worldlybedouin]

Ok, so I'm not this adventurous but I do appreciate all your hard work!   

[andre1980]

Tried after enabling telnet op W8.1:

Still asks me to login (v1.6) though. Doesn't accept any password i try..

Will try later, somehow i'm locked out from both controllers. (Could be router or firewall issue)

[maardein]

Tried after enabling telnet op W8.1:

Still asks me to login (v1.6) though. Doesn't accept any password i try..

Will try later, somehow i'm locked out from both controllers. (Could be router or firewall issue)

Are you sure you are in failsafe mode? Is your blue led flashing like crazy?

Depending on your LAN setup, you may have to set a static ip on you computer (ip 192.168.1.2, subnet 255.255.255.0).

[andre1980]

Tried after enabling telnet op W8.1:

Still asks me to login (v1.6) though. Doesn't accept any password i try..

Will try later, somehow i'm locked out from both controllers. (Could be router or firewall issue)

Are you sure you are in failsafe mode? Is your blue led flashing like crazy?

Depending on your LAN setup, you may have to set a static ip on you computer (ip 192.168.1.2, subnet 255.255.255.0).

Well,

After using a paperclip to press the reset button behind the hole (after 2 flashes in the regular speed), it changes to a rapid pace.
So, i assume that's correct. Well, the controllers are (both) connected to my router via assigned DHCP. Should i connect directly to my computer instead?

One gets 192.168.1.112 in regular mode, the other .129. I was able to connect a few times in failsafe mode. I'll try it later, because i don't like the idea that Jack or anyone is able to log in remotely, and i don't even have the password..

Thanks.

Andre

[maardein]

Tried after enabling telnet op W8.1:

Still asks me to login (v1.6) though. Doesn't accept any password i try..

Will try later, somehow i'm locked out from both controllers. (Could be router or firewall issue)

Are you sure you are in failsafe mode? Is your blue led flashing like crazy?

Depending on your LAN setup, you may have to set a static ip on you computer (ip 192.168.1.2, subnet 255.255.255.0).

Well,

After using a paperclip to press the reset button behind the hole (after 2 flashes in the regular speed), it changes to a rapid pace.
So, i assume that's correct. Well, the controllers are (both) connected to my router via assigned DHCP. Should i connect directly to my computer instead?

One gets 192.168.1.112 in regular mode, the other .129. I was able to connect a few times in failsafe mode. I'll try it later, because i don't like the idea that Jack or anyone is able to log in remotely, and i don't even have the password..

Thanks.

Andre

I think DHCP is disabled on the controller in failsafe mode, the IP will always be 192.168.1.1


Anyone who understands what this script in /bin does?

Code:

#!/bin/sh
# Copyright (C) 2006-2011 OpenWrt.org

if ( ! grep -qs '^root:[!x]\?:' /etc/shadow || \
     ! grep -qs '^root:[!x]\?:' /etc/passwd ) && \
   [ -z "$FAILSAFE" ]
then
	echo "Login failed."
	exit 0
else
cat << EOF
 === IMPORTANT ============================
  Use 'passwd' to set your login password
  this will disable telnet and enable SSH
 ------------------------------------------
EOF
fi

exec /bin/ash --login

[asiabtc]

Ok, I will post this here, since I think people could benefit from it. I'll have to give most of the credits to Girhes, since he told me about the failsafe mode of openWRT, and assisted me while trying to gain access (he did not have a controller himself yet).

Please note that this is at YOUR OWN RISK, you could brick your device when you have root access to the controller. Please do NOT install any programs when you have root access, unless you really know what you are doing. There is almost no room left on the device, so installing a program could brick your device.

1 - Start the controller in failsafe mode:

There are different HW versions of the TL-WR703N - on version 1.6 you have to power on the controller, wait until the led starts flashing twice a second (it takes about 4 seconds to get there), then push the reset button immediately. When the led starts to flash much faster your device is in failsafe mode. All other HW versions: power on the controller, wait 10-12 seconds until the led starts flashing, then immediately push the reset button for 1-2 seconds. Again, if the led will start blinking rapidly you are in failsafe mode.

The versioin of your device is stated on the back of the device, underneath the barcode.

2 - Telnet into the device:

On windows go to start, type 'cmd' in the search bar, and start 'cmd.exe'. In the command window you get afterwards, type 'telnet 192.168.1.1'. Make sure you use the correct IP, my device used 192.168.1.1 in failsafe mode.

There is no user/pass required in failsafe mode.

3 - Switch to the live partition:

Type 'mount_root'

Warning! You are in the live partition now, with root permissions. You could seriously fuck thing up now!

4 - Change the root password:

Type 'passwd', and enter the password you would like (twice).

5 - Enable SSH:

Type 'vim /etc/config/dropbear', this will open the SSH config file in the vim text editor. You need to change "option enable" to "on".

You can start editing the file by hitting the 'i' key. You can now insert/delete characters. After you are finished editing hit the 'esc' key to stop editing. Now hit the ':' key, and type 'wq'. This will write the file, and quit the editor. If you made mistakes while editing, and just want to quit (without writing the file), type 'q' instead of 'wq'.

6 - Reboot the device:

Just unplug the usb power, and plug it in again.

7 - Have fun!

You can now SSH into the device while it is running in normal mode. (user: root, password whatever you entered in step 4). Just be carefull not to mess things up. If you are not at least a little familiar with linux, please be very carefull.

well done.someday, i will public all source code.
thanks a lot.

[MWNinja]

Making the source code open and free is what is best for the community.  I know your team worked hard to develop the controller firmware, but really much of that firmware is based on GPL open source projects such as cgminer and cpuminer. By making it open and free, you will have the force of the community there to make improvements and make it better for everyone. I'd love to get in there and modify some simple things right now, such as the timeout.  Also I would implement a cold reboot call for when the USB bus hangs.

[sandor111]

Making the source code open and free is what is best for the community.  I know your team worked hard to develop the controller firmware, but really much of that firmware is based on GPL open source projects such as cgminer and cpuminer. By making it open and free, you will have the force of the community there to make improvements and make it better for everyone. I'd love to get in there and modify some simple things right now, such as the timeout.  Also I would implement a cold reboot call for when the USB bus hangs.

Firmware coder speaking here. I have been looking into a cold reboot call, it does not seem possible with the controller, as there is no way to toggle the controller's USB power. If you're lucky your USB hub supports per port switching, then you can use hub-ctrl.c Your best bet is using a relay to switch the 5v from the USB (works for me). Anyway this is only a problem with the red miners, the new miners have a ST32 MCU which fixes the hanging problem.

[maardein]

...

well done.someday, i will public all source code.
thanks a lot.

I hope you are not mad at me 

You must have known it was only a matter of time before someone found this. Especially since it is clearly documented in the openwrt wiki.

Why don't you just publish the source now? I don't really see the problem. You will just get a lot of programmers who can improve your software for free.

Really, bitcoin (and altcoins) wouldn't have been where they are now if everything would have been closed source.

[worldlybedouin]

...

well done.someday, i will public all source code.
thanks a lot.

I hope you are not mad at me 

You must have known it was only a matter of time before someone found this. Especially since it is clearly documented in the openwrt wiki.

Why don't you just publish the source now? I don't really see the problem. You will just get a lot of programmers who can improve your software for free.

Really, bitcoin (and altcoins) wouldn't have been where they are now if everything would have been closed source.

Yes, I'd love to see the source code for the firmware released to open source.  Clearly the delay in sorting out the issues with the miners could be much quicker if we had a community of developers who could help out instead of the single developer at LightingASIC.  A great example of this is how cgminer has been modified and improved...there's cgminer for various OSes, a scrypt-only version, optimizations for various GPUs/pools, and even new algorithms...none of this would have happened if the community relied only on a single developer and closed-source code.

[chMiner]

....someday, i will public all source code.
thanks a lot.

Please today Jack and not someday ... 

It would help you and us.

Thanks in advance.

[andre1980]

Hi,

Was finally able to login and change password..
I now want to enable SSH, but unsure what to do..

No option enable listed..

These are my options:

" === IMPORTANT ============================
  Use 'passwd' to set your login password
  this will disable telnet and enable SSH
 ------------------------------------------


BusyBox v1.19.4 (2013-03-14 11:28:31 UTC) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
config dropbear
        option PasswordAuth 'on'
        option RootPasswordAuth 'on'
        option Port         '22'
#       option BannerFile   '/etc/banner'
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
- /etc/config/dropbear 1/5 20%"

This is the RC1 firmware, is the edit not needed? (Since it mentions password change will enable SSH?)
Will a FW upgrade overwrite this?

Besides that:

Has anyone found where you can disable the controller reboots?
Don't want anyone besides myself messing with settings..

[maardein]

Hi,

I somehow are unable to connect via telnet after first try..
It just won't respond..

The weird thing is: SSH works somehow without enabling it.. I have no idea what the password is though.
Tried 123456, and the one i tried to set.. No joy.
Any way to reset the pass from SSH?

Thanks

No, there is no way to change the pass over SSH if you can not login. You should really try to get into failsafe mode. When SSH is enabled, telnet only works in failsafe mode. Did your led start flashing very fast when you tried to enter failsafe mode?

[andre1980]

Hi,

I somehow are unable to connect via telnet after first try..
It just won't respond..

The weird thing is: SSH works somehow without enabling it.. I have no idea what the password is though.
Tried 123456, and the one i tried to set.. No joy.
Any way to reset the pass from SSH?

Thanks

No, there is no way to change the pass over SSH if you can not login. You should really try to get into failsafe mode. When SSH is enabled, telnet only works in failsafe mode. Did your led start flashing very fast when you tried to enter failsafe mode?

See above. No idea why i was locked out of telnet earlier, but now tried on 1 controller from my computer directly.
Now i got the correct telnet, etc.

Still unsure if it's safe to reboot.

[maardein]

My config looks like this:

Code:

config dropbear
	option enable	'on'
	option PasswordAuth 'on'
	option RootPasswordAuth 'on'
	option Port         '22'
#	option BannerFile   '/etc/banner'

You could add the 'option enable' line, but I don't think it is necessary.

[andre1980]

My config looks like this:

Code:

config dropbear
	option enable	'on'
	option PasswordAuth 'on'
	option RootPasswordAuth 'on'
	option Port         '22'
#	option BannerFile   '/etc/banner'

You could add the 'option enable' line, but I don't think it is necessary.

You're right, it worked! Tried on one controller first, and it still works and SSH as well.
I think you used the previous firmware?

Anyway, hopefully someone knows what options we could change to prevent resets, etc..

[maardein]

My config looks like this:

Code:

config dropbear
	option enable	'on'
	option PasswordAuth 'on'
	option RootPasswordAuth 'on'
	option Port         '22'
#	option BannerFile   '/etc/banner'

You could add the 'option enable' line, but I don't think it is necessary.

You're right, it worked! Tried on one controller first, and it still works and SSH as well.
I think you used the previous firmware?

Anyway, hopefully someone knows what options we could change to prevent resets, etc..

My firmware is the one it came with from lightningasic.

[andre1980]

My config looks like this:

Code:

config dropbear
	option enable	'on'
	option PasswordAuth 'on'
	option RootPasswordAuth 'on'
	option Port         '22'
#	option BannerFile   '/etc/banner'

You could add the 'option enable' line, but I don't think it is necessary.

You're right, it worked! Tried on one controller first, and it still works and SSH as well.
I think you used the previous firmware?

Anyway, hopefully someone knows what options we could change to prevent resets, etc..

My firmware is the one it came with from lightningasic.

I received RC1 from a tech, don't know what was on the units. Did notice a drop in hashspeed, but i didn't find a copy of the older FW elsewhere.

[maardein]

My config looks like this:

Code:

config dropbear
	option enable	'on'
	option PasswordAuth 'on'
	option RootPasswordAuth 'on'
	option Port         '22'
#	option BannerFile   '/etc/banner'

You could add the 'option enable' line, but I don't think it is necessary.

You're right, it worked! Tried on one controller first, and it still works and SSH as well.
I think you used the previous firmware?

Anyway, hopefully someone knows what options we could change to prevent resets, etc..

My firmware is the one it came with from lightningasic.

I received RC1 from a tech, don't know what was on the units. Did notice a drop in hashspeed, but i didn't find a copy of the older FW elsewhere.

That's a new update? Could you upload it somewhere? I'm interested