Find telnet SU password and rg linux root passowrd

[shuaigai2020]

I have Ubee product :UBC1319 and UBC1322 Broadcom SOC modem. i want to have the cm ecos su passowrd and rg linux root password. who know that , could you please provide that

thanks

[jclehner]

If the eCOS password isn't ubeecable, you'll have to dump the firmware using bcm2dump, and send it to me!

[shuaigai2020]

thanks , it is correct

[shuaigai2020]

do you konw that is the RG linux login user name and password :

i try to login :

RDK (A Yocto Project based Distro) 2.0 Docsis-Gateway

Docsis-Gateway login:

but i don't know the user name and password for rg console . could you help me ?

thanks

[PatrykMis]

You probably have to obtain it via SNMP. Use Net-SNMP package Try:

snmpget -Ir -v 2C -c "ubeecable" 192.168.0.1 1.3.6.1.2.1.69.1.2.1.4.1
snmpget -Ir -v 2C -c "ubeecable" 192.168.0.1 1.3.6.1.4.1.4684.38.2.2.2.1.1.1.2.0
snmpget -Ir -v 2C -c "ubeecable" 192.168.0.1 1.3.6.1.4.1.4684.38.2.2.2.1.1.1.3.0

where 192.168.0.1 is your device IP. By the way - it's not easy to help without image/kernel/bootloader dump.

[shuaigai2020]

i see the tool https://github.com/jclehner/bcm2-utils, and i also download that , but i don't find the binary for bcm2dump, where i can find it , could you please show me ? thanks

i see the example: ./bcm2dump -P tc7200 info

[PatrykMis]

https://github.com/jclehner/bcm2-utils/releases/tag/v0.9.4

[shuaigai2020]

thank PatrykMis ; i get this tool now , but i can not dump successful , as below error :

C:\bcm2utils-v0.9.4-win32>bcm2dump.exe dump 192.168.100.1,foo,bar flash image1 image.bin

error: telnet: read1: No such file or directory

may that is related the board don't enable the telnet . strange , i let the board online to CMTS, i can walk the Ubee private snmp objects . but i can not walk successful the Broadcom private objects: Name: broadcom Type: OBJECT-IDENTIFIER OID: 1.3.6.1.4.1.4413 Full path: iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).broadcom(4413) Module: BRCM-SMI

Parent: enterprises

do you know where is the limitation .

but strange , i can active the factory mode , then can walk success the factory objects: Name: cableDataPrivate Type: OBJECT-IDENTITY OID: 1.3.6.1.4.1.4413.2.99 Full path: iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).broadcom(4413).cableData(2).cableDataPrivate(99) Module: BRCM-CABLEDATA-SMI

Parent: cableData

[PatrykMis]

Try:

bcm2dump.exe -vv -L log.txt dump 192.168.100.1,foo,bar flash image1 image.bin

Then post logs.

[shuaigai2020]

i find the root cause for dump failed, that is really related the telnet disabled. so i face the issue is how to enabled the telnet .i already include the mib configuration in the cm config file as below : SnmpMibObject iso.3.6.1.4.1.4413.2.2.2.1.1.1.1.0 HexString 0xc8 ; SnmpMibObject iso.3.6.1.4.1.4413.2.2.2.1.1.1.3.0 String "telnet" ; SnmpMibObject iso.3.6.1.4.1.4413.2.2.2.1.1.1.2.0 String "telnet" ; SnmpMibObject iso.3.6.1.4.1.4413.2.2.2.1.1.1.4.0 Integer 1 ; SnmpMibObject iso.3.6.1.4.1.4413.2.2.2.1.1.1.11.0 Integer 60 ;

but after the board online , i still can not access by telnet , recheck by walk snmp from CM wan , i can not access any broadcom private objects, as the telnet objects belong the broadcom node , so i think my telnet configuration don't take accout . do you know where is the limitation , why i can not access broadcom private mib ?

thanks

[PatrykMis]

Did you try to login via SSH? Try to set object 3.6.1.4.1.4413.2.2.2.1.1.1.1.0 to 0x08 instead of 0xc8. It is probably interface on which Telnet is listening to.

[shuaigai2020]

i think the issue related to the all broadcom private mib are limited , so though the config file included the telnet configuration , but finally that don't take accout, then telnet still disabled . but right now i don't know how to remove or disable this limitation.

ps : 0xc8 are both for CM WAN, and LAN