From fe at dev.tdt.de Tue Feb 5 10:59:51 2019 From: fe at dev.tdt.de (Florian Eckert) Date: Tue, 05 Feb 2019 11:59:51 +0100 Subject: EC25 password for the Debug uart interface Message-ID: <9a921a90c7273709c5a0c0e46a1ea7c8@dev.tdt.de> Hello, I am working on a EC25-1 which has problem with the USB communication with a dwc2 usb host controller [1]. To find the problem my next step was to connect to the EC25 debug UART on pin 11/12. But the system needs a root password! The one you have on your wiki does not work anymore [2]. I think I have the same version "msm LNX.LE.5.0.1-57031-9x40 mdm9607-perf /dev/ttyHSL0" Do you have another password for this interface or where did you get this information from? Thanks for help Flo [1] https://www.spinics.net/lists/linux-usb/msg176613.html [2] https://osmocom.org/projects/quectel-modems/wiki/EC25_Linux#root-password From laforge at gnumonks.org Wed Feb 6 08:12:15 2019 From: laforge at gnumonks.org (Harald Welte) Date: Wed, 6 Feb 2019 09:12:15 +0100 Subject: EC25 password for the Debug uart interface In-Reply-To: <9a921a90c7273709c5a0c0e46a1ea7c8@dev.tdt.de> References: <9a921a90c7273709c5a0c0e46a1ea7c8@dev.tdt.de> Message-ID: <20190206081215.GX24515@nataraja> Hi Florian, On Tue, Feb 05, 2019 at 11:59:51AM +0100, Florian Eckert wrote: > I am working on a EC25-1 which has problem with the USB communication with a > dwc2 usb host controller [1]. Thanks for letting us know. > To find the problem my next step was to connect to the EC25 debug UART on > pin 11/12. > But the system needs a root password! > The one you have on your wiki does not work anymore [2]. > I think I have the same version "msm LNX.LE.5.0.1-57031-9x40 mdm9607-perf > /dev/ttyHSL0" > Do you have another password for this interface or where did you get this > information from? I suspect your easiest approach is to obtain the firmware update file and then extract the rootfs, specifically the /etc/passwd or /etc/shadow file, and then use a password cracker on that. Regards, Harald -- - Harald Welte http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6) From fe at dev.tdt.de Wed Feb 6 13:36:22 2019 From: fe at dev.tdt.de (Florian Eckert) Date: Wed, 06 Feb 2019 14:36:22 +0100 Subject: EC25 password for the Debug uart interface In-Reply-To: <20190206081215.GX24515@nataraja> References: <9a921a90c7273709c5a0c0e46a1ea7c8@dev.tdt.de> <20190206081215.GX24515@nataraja> Message-ID: <4b6b6bab447ae9703a78ea8f9da5ea33@dev.tdt.de> Hello Harald, > >> To find the problem my next step was to connect to the EC25 debug UART >> on >> pin 11/12. >> But the system needs a root password! >> The one you have on your wiki does not work anymore [2]. >> I think I have the same version "msm LNX.LE.5.0.1-57031-9x40 >> mdm9607-perf >> /dev/ttyHSL0" >> Do you have another password for this interface or where did you get >> this >> information from? > > I suspect your easiest approach is to obtain the firmware update file > and > then extract the rootfs, specifically the /etc/passwd or /etc/shadow > file, > and then use a password cracker on that. Thanks for the note. I got the latest firmware version and extracted the passwd Let's run the password cracker and see what comes out. I will contact you again when I have the password. Thanks Flo From mashkur14 at gmail.com Thu Feb 7 00:51:38 2019 From: mashkur14 at gmail.com (Mashkur Ahmad) Date: Thu, 7 Feb 2019 09:51:38 +0900 Subject: Addme Message-ID: Hi Addme -------------- next part -------------- An HTML attachment was scrubbed... URL: From mashkur14 at gmail.com Thu Feb 7 00:54:19 2019 From: mashkur14 at gmail.com (Mashkur Ahmad) Date: Thu, 7 Feb 2019 09:54:19 +0900 Subject: Quectel EC25-J Dial up failure Message-ID: Hi All, i found the problem to start the qmi dial up, can someone help me out. sudo qmi-network /dev/cdc-wdm0 start Loading profile at /etc/qmi-network.conf... APN: isp.docomoiot.net APN user: unset APN password: unset qmi-proxy: yes Checking data format with 'qmicli -d /dev/cdc-wdm0 --wda-get-data-format --device-open-proxy'... [07 Feb 2019, 09:52:49] -Warning ** [/dev/cdc-wdm0] requested auto mode but no MBIM QMUX support available Device link layer protocol retrieved: raw-ip Getting expected data format with 'qmicli -d /dev/cdc-wdm0 --get-expected-data-format'... [07 Feb 2019, 09:52:49] -Warning ** [/dev/cdc-wdm0] requested auto mode but no MBIM QMUX support available Expected link layer protocol retrieved: 802-3 Updating kernel link layer protocol with 'qmicli -d /dev/cdc-wdm0 --set-expected-data-format=raw-ip'... [07 Feb 2019, 09:52:49] -Warning ** [/dev/cdc-wdm0] requested auto mode but no MBIM QMUX support available error: cannot set expected data format: Expected data format not updated properly to 'raw-ip': got '802-3' instead Error updating kernel link layer protocol Starting network with 'qmicli -d /dev/cdc-wdm0 --wds-start-network=apn=' isp.docomoiot.net' --client-no-release-cid --device-open-proxy'... [07 Feb 2019, 09:52:49] -Warning ** [/dev/cdc-wdm0] requested auto mode but no MBIM QMUX support available error: couldn't start network: QMI protocol error (26): 'NoEffect' Saving state at /tmp/qmi-network-state-cdc-wdm0... (CID: 20) error: network start failed, no packet data handle [07 Feb 2019, 09:52:49] -Warning ** [/dev/cdc-wdm0] requested auto mode but no MBIM QMUX support available Clearing state at /tmp/qmi-network-state-cdc-wdm0... Thanks Mashur Khadmi -------------- next part -------------- An HTML attachment was scrubbed... URL: From pshinjo at sect.tu-berlin.de Thu Feb 7 09:01:53 2019 From: pshinjo at sect.tu-berlin.de (Shinjo Park) Date: Thu, 07 Feb 2019 10:01:53 +0100 Subject: EC25 password for the Debug uart interface In-Reply-To: <4b6b6bab447ae9703a78ea8f9da5ea33@dev.tdt.de> References: <9a921a90c7273709c5a0c0e46a1ea7c8@dev.tdt.de> <20190206081215.GX24515@nataraja> <4b6b6bab447ae9703a78ea8f9da5ea33@dev.tdt.de> Message-ID: <2457827.Il4AkFNv49@brandenburg> 2019? 2? 6? ??? ?? 2? 36? 22? CET? Florian Eckert ?? ? ?: > Hello Harald, > > >> To find the problem my next step was to connect to the EC25 debug UART > >> on > >> pin 11/12. > >> But the system needs a root password! > >> The one you have on your wiki does not work anymore [2]. > >> I think I have the same version "msm LNX.LE.5.0.1-57031-9x40 > >> mdm9607-perf > >> /dev/ttyHSL0" > >> Do you have another password for this interface or where did you get > >> this > >> information from? > > > > I suspect your easiest approach is to obtain the firmware update file > > and > > then extract the rootfs, specifically the /etc/passwd or /etc/shadow > > file, > > and then use a password cracker on that. > > Thanks for the note. > I got the latest firmware version and extracted the passwd > Let's run the password cracker and see what comes out. > I will contact you again when I have the password. > > Thanks > Flo > > _______________________________________________ > qc-linux-modems mailing list > qc-linux-modems at lists.osmocom.org > https://lists.osmocom.org/mailman/listinfo/qc-linux-modems Hello, While I am not using the same model (EC21), but I got a root shell via adb in this modem by using AT+QCFG command. This is the result of AT+QCFG=? on our modem: AT+QCFG=? +QCFG: "usbcfg",,,,,,,,, AT+QCFG="usbcfg"? +QCFG: "usbcfg",0x2C7C,0x0121,1,1,1,1,1,1,0 Unfortunately AT+QLINUXCMD is not available in this firmware revision (EC21EFAR06A02M4G). Although the Linux lsusb shows interface #5 with an ADB interface activated, the latest revision of adb in Linux does not pick up the interface. I tried putting the vendor ID in ~/.android/adb_usb.ini and checked udev permissions, but no avail. Meanwhile I could get the ADB shell in Windows. Does someone have any ideas why it is not working in Linux? Shinjo -- Shinjo Park Security in Telecommunications TU Berlin / Telekom Innovation Laboratories Ernst-Reuter-Platz 7, Sekr TEL 17 / D - 10587 Berlin, Germany Phone: +49 30 8353 58272