2701HGV-C system services XML config file

Mar9

While poking around in the flash dump images of the 2701HGV-C to discover the FTL mapping algorithm, a number of XML config files were unearthed.

One of those XML files is listed below. It contains the system services that are started at boot time. Some of those services are shown as “DISABLED”. One such service is sshd, the secure shell daemon. See element ROW ID=”15″ below.

sshd is presumably present for remote management. It would be great if it could be re-enabled to allow LAN-side shell access to the 2Wire.

Before that is possible, several things need doing:

  • the flash block(s) holding that XML file needs to be erased and re-written with the enabling config element.
  • the out-of-band ECC bytes need to be re-written to reflect the new content of the data block
  • a new ssh key pair must be generated for the sshd server
  • the flash block(s) holding those keys need identifying, erasing and re-writing.
<?xml version="1.0" encoding="UTF-8"?>
<CM VERS="1">
  <TABLE NAME="initd" B="6.3.9.41" B0="6" B1="3" B2="9" B3="41">
    <ROW ID="0">
      <P N="name" T="S">mifd</P>
      <P N="path" T="S">/usr/bin/mifd</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000004</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="1">
      <P N="name" T="S">pkgd</P>
      <P N="path" T="S">/usr/bin/pkgd</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000004</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="2">
      <P N="name" T="S">pkgc</P>
      <P N="path" T="S">/usr/bin/pkgc</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000002</P>
      <P N="runlevel" T="U">0x00000004</P>
      <P N="args" T="M">
        <E N="arg1">00032d5200</E>
        <E N="arg2">000773797374656d00</E>
        <E N="arg3">00032d5400</E>
        <E N="arg4">000433303000</E>
      </P>
    </ROW>
    <ROW ID="3">
      <P N="name" T="S">pkgc</P>
      <P N="path" T="S">/usr/bin/pkgc</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000002</P>
      <P N="runlevel" T="U">0x00000004</P>
      <P N="args" T="M">
        <E N="arg1">00032d5200</E>
        <E N="arg2">0007636f6e66696700</E>
        <E N="arg3">00032d5400</E>
        <E N="arg4">000433303000</E>
        <E N="arg5">00032d4d00</E>
      </P>
    </ROW>
    <ROW ID="4">
      <P N="name" T="S">login</P>
      <P N="path" T="S">/usr/bin/login</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000004</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="5">
      <P N="name" T="S">syslogd</P>
      <P N="path" T="S">/usr/bin/syslogd</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000004</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="6">
      <P N="name" T="S">lmd</P>
      <P N="path" T="S">/usr/bin/lmd</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000005</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="7">
      <P N="name" T="S">nodesd</P>
      <P N="path" T="S">/usr/bin/nodesd</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000006</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="8">
      <P N="name" T="S">dhcpd</P>
      <P N="path" T="S">/usr/bin/dhcpd</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000006</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="9">
      <P N="name" T="S">named</P>
      <P N="path" T="S">/usr/bin/named</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000006</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="10">
      <P N="name" T="S">rpcbind</P>
      <P N="path" T="S">/usr/bin/rpcbind</P>
      <P N="status" T="ENUM">DISABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000006</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="11">
      <P N="name" T="S">pkgc</P>
      <P N="path" T="S">/usr/bin/pkgc</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000002</P>
      <P N="runlevel" T="U">0x00000007</P>
      <P N="args" T="M">
        <E N="arg1">00032d5200</E>
        <E N="arg2">0004616c6c00</E>
        <E N="arg3">00032d5400</E>
        <E N="arg4">000433303000</E>
      </P>
    </ROW>
    <ROW ID="12">
      <P N="name" T="S">rfsd</P>
      <P N="path" T="S">/usr/bin/rfsd</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000007</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="13">
      <P N="name" T="S">httpd</P>
      <P N="path" T="S">/usr/bin/httpd</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000007</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="14">
      <P N="name" T="S">hostapd</P>
      <P N="path" T="S">/usr/bin/hostapd</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000007</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="15">
      <P N="name" T="S">sshd</P>
      <P N="path" T="S">/usr/bin/sshd</P>
      <P N="status" T="ENUM">DISABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000007</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="16">
      <P N="name" T="S">ssdpd</P>
      <P N="path" T="S">/usr/bin/ssdpd</P>
      <P N="status" T="ENUM">DISABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000007</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="17">
      <P N="name" T="S">puckd</P>
      <P N="path" T="S">/usr/bin/puckd</P>
      <P N="status" T="ENUM">DISABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000007</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="18">
      <P N="name" T="S">sntpcd</P>
      <P N="path" T="S">/usr/bin/sntpcd</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000008</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="19">
      <P N="name" T="S">iked</P>
      <P N="path" T="S">/usr/bin/iked</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000008</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="20">
      <P N="name" T="S">cwmd</P>
      <P N="path" T="S">/usr/bin/cwmd</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000001</P>
      <P N="runlevel" T="U">0x00000009</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="21">
      <P N="name" T="S">csd</P>
      <P N="path" T="S">/usr/bin/csd</P>
      <P N="status" T="ENUM">DISABLED</P>
      <P N="type" T="U">0x00000003</P>
      <P N="runlevel" T="U">0x00000009</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="22">
      <P N="name" T="S">fwmond</P>
      <P N="path" T="S">/usr/bin/fwmond</P>
      <P N="status" T="ENUM">DISABLED</P>
      <P N="type" T="U">0x00000003</P>
      <P N="runlevel" T="U">0x00000009</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="23">
      <P N="name" T="S">hotspotd</P>
      <P N="path" T="S">/usr/bin/hotspotd</P>
      <P N="status" T="ENUM">DISABLED</P>
      <P N="type" T="U">0x00000003</P>
      <P N="runlevel" T="U">0x00000009</P>
      <P N="args" T="M"></P>
    </ROW>
    <ROW ID="24">
      <P N="name" T="S">voiced</P>
      <P N="path" T="S">/usr/bin/voiced</P>
      <P N="status" T="ENUM">ENABLED</P>
      <P N="type" T="U">0x00000003</P>
      <P N="runlevel" T="U">0x00000007</P>
      <P N="args" T="M"></P>
    </ROW>
</TABLE>
</CM>

The hex-encoded parameters for /usr/bin/pkgc are:

/usr/bin/pkgc -R system -T 300
/usr/bin/pkgc -R config -T 300 -M
/usr/bin/pkgc -R all -T 300
About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s