I still have no clue what initiates the software image upload. As you said somewhere before, there are no obvious ports open from the WAN side. I am not sure about a SNMP port because I have no experience with that.
It can be that some watchdog process checks for updates. Enough processes in ps that suggests that. Have you run the dload command? I don't know what would happen and where the download would be stored. The dir command suggests (in my case) that I have two images present:
MAIN> dir
Filename in sector 1->CVE-30360-3.1.1.29-IMS-KDG-131106.sbn
Filename in sector 2->CVE-30360-3.1.1.22-IMS-KDG-130528.sbn
Selected sector is 1
and with me the newer one is active. The dates of the sector 1 file check with the dates found in the filesystem. Is 3.1.1.29 the newest image? may be a factory reset would get you the 3.1.1.22 image.
How did you get your image downloaded so that you could examine that?
It is vital that we get a new image immediately on a computer to get the password. The easiest way to stop us would be a new image with a new password, unless you could get it on your computer to search the password.
Carefull examination of the /etc/init.d/rcS script show that there is a file /nvram/0/0 that steers the startup process. If you could change a string there you could make your own startup additions. Unfortunately nvread is used to extract a string and an integer and there is no nvwrite. The workings of nvread is not completely clear to me and if you change this file /nvram/0/0 boot may be not possible anymore. I suppose that nvread is a lowlevel blockreader. Maybe there is another way to change things in nvram?
It can be that some watchdog process checks for updates. Enough processes in ps that suggests that. Have you run the dload command? I don't know what would happen and where the download would be stored. The dir command suggests (in my case) that I have two images present:
MAIN> dir
Filename in sector 1->CVE-30360-3.1.1.29-IMS-KDG-131106.sbn
Filename in sector 2->CVE-30360-3.1.1.22-IMS-KDG-130528.sbn
Selected sector is 1
and with me the newer one is active. The dates of the sector 1 file check with the dates found in the filesystem. Is 3.1.1.29 the newest image? may be a factory reset would get you the 3.1.1.22 image.
How did you get your image downloaded so that you could examine that?
It is vital that we get a new image immediately on a computer to get the password. The easiest way to stop us would be a new image with a new password, unless you could get it on your computer to search the password.
Carefull examination of the /etc/init.d/rcS script show that there is a file /nvram/0/0 that steers the startup process. If you could change a string there you could make your own startup additions. Unfortunately nvread is used to extract a string and an integer and there is no nvwrite. The workings of nvread is not completely clear to me and if you change this file /nvram/0/0 boot may be not possible anymore. I suppose that nvread is a lowlevel blockreader. Maybe there is another way to change things in nvram?
Zuletzt bearbeitet: