The OS/2 Museum recently acquired a Quantum Bigfoot TS hard disk in mint condition. The Bigfoot drives, as some readers may remember, were rather oddball late-1990s 5.25″ IDE drives that were cheap, slow, and relatively big. There was a sticker on the disk that suggested the drive once lived inside a Compaq machine. After attaching the disk to a Linux system, it turned out that the drive was not empty but the contents were too foreign for Linux to handle.
After hooking up the image of the drive to a VM, it turned out that the drive is not only bootable but actually boots into some… bizarre thing that Compaq and SCO cooked up. Here’s what the screen looks like when booted up:
Not much to see there. At all. After switching the virtual terminal (with Alt-F2, where did you think Linux stole that idea?) it turned out to be a curious mix of an off-the-shelf OS with some heavy custom tweaking:
Okay, so it’s SCO OpenServer Release 5, but with some sort of Compaq modifications. With the “ASOS” keyword there’s something to search for. It turns out the hard disk came out of a Compaq Prosignia NeoServer, an oddball late-1990s network server. In other words, a low-powered cheapo Celeron PC running a web server, file server, print server, etc., all remotely manageable. For whatever reason, Compaq decided to base that on top of SCO OpenServer. The NeoServer looked a bit like a shredder or a trash can but it was 1999 and it said “network” and “internet” so it had to be good. A significant chunk of the NeoServer functionality relied on a product called VisionFS, which was roughly similar to Samba.
Now, the NeoServer line was clearly not very successful and finding documentation is tricky. There are lots of dead links. Anyone know of a complete Compaq FTP archive? (The one on archive.org isn’t and lacks the entire /pub/supportinformation/techpubs/user_reference_guides subtree.)
Then again, according to one old forum post, the NeoServer was locked down such that it was actually not possible to log in as root on the console. So, how does one break down into OpenServer?
ASOS is configured with the semi-undocumented QUIET=YES boot option. That means there is no opportunity to interrupt the boot process. I found no way to get to any kind of single-user boot in an OpenServer configured that way.
The obvious alternative would be attaching the disk (image) to Linux… but that’s no good because Linux does not support the OpenServer file system (HTFS). The only remaining alternative is then booting the OpenServer installation CD.
Even that provides no obvious way to get to a command shell, but there are actually two ways. One is pressing the F8 key (not documented) after the installer boots. That brings up a debug screen with a “Shell escape” option:
The other option is entering ‘tools’ on the OpenServer installer boot menu, like this:
Once the installer boots up, instead of installing the OS it goes to this menu:
With that, we finally get a root shell and we can mount the hard disk file system with mount /mnt /dev/hd0root. At this point it should be possible to run passwd and reset/remove the root password. But alas, it’s not that simple. It should be and there are guides on resetting the root password, but none of that works on Compaq’s ASOS. The trouble is that /etc/passwd is just a symlink to /rwroot/etc/passwd and I simply don’t know where that is. The “rwroot” concept must be something ASOS specific since I could not find any references to it elsewhere.
Looking inside the root filesystem’s /idev directory, there is /idev/rwroot with a major of 1 and minor of 43. So let’s try mknod /dev/rwroot b 1 43, then mkdir /rwroot and finally mount /dev/rwroot /rwroot. That actually works and now we can can finally open the real /etc/passwd file in vi:
Of course the actual passwords are in the shadow file but it’s trivial to zap the root password. One reboot later… and it’s a success! We’re in:
This information might have even helped someone 20 years ago…
PS: It turned out that getting root access wasn’t that useful. The system configuration is effectively fixed, the kernel can’t be reconfigured etc. In the end the best approach turned out to be setting up an OpenServer VM, configuring networking for file exchange, and then attaching the Bigfoot drive image. It was not trivial to figure out what’s where on the disk between fdisk partitions and divvy divisions but this explainer helped a lot. The drive really appears to have been used in a Compaq ProSignia NeoServer and decommissioned in 2002.
from Hacker News https://ift.tt/31a5LAX
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.