

Ask HN: Extracing HP-UX Based HDD Image into BSD or Linux FS - datenwolf

Here in the lab I&#x27;ve got a HP&#x2F;Agilent (the label on the device says HP, but the software on it already carries the Agilent brand) HP86142A Optical Spectrum Analyzer.<p>When we got this device the first thing I did was opening the case, get to the HDD and take a backup image.<p>Eventually I&#x27;m going to root the thing, by restoring that image and thereby conveniently replacing the bytes in the blocks carrying &#x2F;etc&#x2F;passwd (there&#x27;s apparently no shadow system on this thing) with a password-less login entry for root. If somebody wants to have a go at brute forcing the password (this seems to be one of the ancient crypt based, easily broken entries), here&#x27;s the passwd entry:<p>root:z1sH85tcwYkQg:0:3::&#x2F;:&#x2F;sbin&#x2F;sh<p>Anyway: Until then I&#x27;d really like to extract that HDD image into a filesystem I can traverse using Linux or BSD. What would be your approach of choice on this?<p>The ultimate goal would be to reverse the drivers talking to the spectrum analyzer hardware and maybe implement my own ones so that I could run Linux or a BSD on it.
======
jgeorge
Your root password is "wumpus1". Enjoy! :-)

$ openssl passwd -salt z1 -crypt wumpus1

z1sH85tcwYkQg

~~~
datenwolf
Haha, success!!!

    
    
        hilbert /home/dw exited sigint
        1002 ~ % telnet 10.153.218.24
        Trying 10.153.218.24...
        Connected to 10.153.218.24.
        Escape character is '^]'.
    
        HP-UX unknown B.11.00 A 9000/779 (t1)
    
        login: root
        Password: 
        Please wait...checking for disk quotas
        (c)Copyright 1983-1997 Hewlett-Packard Co.,  All Rights Reserved.
        (c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
        (c)Copyright 1980, 1984, 1986 Novell, Inc.
        (c)Copyright 1986-1992 Sun Microsystems, Inc.
        (c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
        (c)Copyright 1989-1993  The Open Software Foundation, Inc.
        (c)Copyright 1986 Digital Equipment Corp.
        (c)Copyright 1990 Motorola, Inc.
        (c)Copyright 1990, 1991, 1992 Cornell University
        (c)Copyright 1989-1991 The University of Maryland
        (c)Copyright 1988 Carnegie Mellon University
        (c)Copyright 1991-1997 Mentat, Inc.
        (c)Copyright 1996 Morning Star Technologies, Inc.
        (c)Copyright 1996 Progressive Systems, Inc.
        (c)Copyright 1997 Isogon Corporation
    
    			       RESTRICTED RIGHTS LEGEND
        Use, duplication, or disclosure by the U.S. Government is subject to
        restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in
        Technical Data and Computer Software clause in DFARS 252.227-7013.
    
    			       Hewlett-Packard Company
    			       3000 Hanover Street
    			       Palo Alto, CA 94304 U.S.A.
          
        Rights for non-DOD U.S. Government Departments and Agencies are as set
        forth in FAR 52.227-19(c)(1,2).
        You have mail.
    
        Value of TERM has been set to "xterm". 
        WARNING:  YOU ARE SUPERUSER !!
    
        # mail
        From root@wumpus15.sr.hp.com Tue Apr 13 17:19:03 MDT 1999
        Received: (from root@localhost) by wumpus15.sr.hp.com (8.7.6/8.7.1) id RAA01584 for root; Tue, 13 Apr 1999 17:19:03 -0600 (MDT)
        Date: Tue, 13 Apr 1999 17:19:03 -0600 (MDT)
        From: root@wumpus15.sr.hp.com
        Message-Id: <199904132319.RAA01584@wumpus15.sr.hp.com>
        Subject: at
        Status: RO
    
        WARNING: POTENTIAL SYSTEM PROBLEM - For Series 700 Machines
    
    	     System   Diagnostics  &  Error  Logging  programs  have  NOT  been
    	     installed  on  your   system.  Without   these  tools   installed,
    	     information that could help prevent a system or peripheral failure
    	     will be lost.  In addition, if a failure  occurs, HP will not have
    	     the tools or data to diagnose the cause of the problem in a timely
    	     manner.  This MAY CAUSE  INCREASED  DOWNTIME  and possible  future
    	     failures.  HP strongly  suggests  that you load these tools, which
    	     are provided on the Support Media included with your  installation
    	     or update software.
    
    
        *************************************************
        Cron: The previous message is the standard output
    	  and standard error of one of your at commands.
    
        ? ^D
    
        # uname -a
        HP-UX unknown B.11.00 A 9000/779 2009020299 two-user license
    

EDIT: formatting

~~~
opless
Thanks for the update!

What format is the filesystem in?

(Have you got a write up somewhere?)

~~~
datenwolf
> What format is the filesystem in?

VxFS, which (according to Wikipedia) is claimed to be supported by Linux. The
HDD is partitioned into several logical volumes. Interestingly enough the LVM
utilities have the same command names as Linux LVM2, but I don't know if it
follows the same on-disk structure.

It would be really handy if Linux supported something like a loopback virtual
disk drive into which you could bind whole disk images (instead of just loop
block devices to which you can bind only partition images). Maybe there's some
(3rd party) kernel module I don't know about for this.

> Have you got a write up somewhere?

Right now I'm just looking around, what's in the system. There's an ancient C
compiler on the system but it does only K&R syntax. All the system utilities
apparently have been compiled on an external build system. There's an ancient
version of Samba there. For simple file transfers I made me a netcat binary by
pasting source code into the terminal and compiling

    
    
        cat > nc.c
        ^D
        cc -o nc nc.c
    

Used that to

    
    
        cd /
        tar cf - | nc ... ...
    

HP was nice and left behind source code for the really interesting stuff, i.e.
the sources for the userlevel programs and kernel drivers of the nonstandard,
proprietary devices that make this thing a measurement instrument. This seemed
to be completely unintentional, but this is what you get if your build system
can not do out-of-tree builds and the developer just slaps the build directory
into a installation tarball. I mean: Who except for the maintenance guy, who's
updating the box is going to be able to access that directory? m(

Oh, that covers the source code of several revisions of the software, by which
I mean the kernel drivers _and_ the user interface.

Thanks HP! :D

This will of course not compile for Linux. But hey, I don't care. The kernel
drivers are easy enough to re-write from scratch over the course of a few
weekends. The userland stuff takes much more work though.

~~~
opless
Wow! That's an awesome find.

I wish I had enough spare time to do some computer archaeology - but too much
to do already, and barely enough time to fit it all in!

------
opless
Are you sure it's HP-UX? what does uname -a say?

What does running "file -s /dev/sdX" say?

~~~
datenwolf
Yes, it's pretty much sure HP-UX, you can see it in banners several times
throughout booting. Also this thing being made by HP using HP custom hardware
you can be quite sure that it runs HP's Unix.

Since this device is still not rooted I don't have access to a command line...
yet. There's a telnet daemon listening on the network interface, but that's it
(I didn't crack the passwd entry yet).

