total code rework. add telnet on 22111 port.

2025-12-10 07:44:40 +01:00 · 2019-03-09 20:14:29 +03:00 · 2019-03-09 20:14:29 +03:00 · 4b0f055771
commit 4b0f055771
parent edb6236d4b
13 changed files with 83 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -1 +1,5 @@
-# mtik_initrd_hacks
+# Mikrotik netboot/initrd jailbreak
+
+1) Upload ./for_ftp_upload to target RouterOS device via FTP
+2) Netboot with kernel-new.elf
+3) telnet x.x.x.x 22111
--- a/cpio-fs-busybox/bin/busybox
+++ b/cpio-fs-busybox/bin/busybox
--- a/cpio-fs-busybox/etc/rc.d/rc.S
+++ b/cpio-fs-busybox/etc/rc.d/rc.S
@ -0,0 +1,28 @@
+#!/bin/sh
+
+/bin/busybox --install -s /bin
+
+reset
+echo ""
+echo "Starting system...."
+
+mount -v proc /proc -n -t proc
+mount -v sysfs /sys -n -t sysfs
+mount -v devtmpfs /dev -n -t devtmpfs
+
+echo "Done. Enjoy the power of linux."
+echo
+echo "Reboot is not working!"
+echo "So just type an exit if you want for reboot."
+echo
+
+sh
+
+echo "Reboot(r) or start RouterOS(s) ?"
+ANSV="r"
+read -n1 ANSV
+
+[ "${ANSV}" == "r" ] && exit 0
+
+echo "Ok. Ok. Let's run an RouterOS"
+/oldinit
--- a/cpio-fs-busybox/init
+++ b/cpio-fs-busybox/init
--- a/cpio-fs-busybox/oldinit
+++ b/cpio-fs-busybox/oldinit
--- a/cpio-fs-busybox/order
+++ b/cpio-fs-busybox/order
--- a/cpio-fs/etc/rc.d/rc.S
+++ b/cpio-fs/etc/rc.d/rc.S
@ -1,9 +0,0 @@
-#!/bin/sh
-
-/bin/busybox --install /bin
-
-mount -v proc /proc -n -t proc
-mount -v sysfs /sys -n -t sysfs
-mount -v devtmpfs /dev -n -t devtmpfs
-
-sh
--- a/cpio-fs/init
+++ b/cpio-fs/init
--- a/for_ftp_upload/OWL.sh
+++ b/for_ftp_upload/OWL.sh
@ -0,0 +1,10 @@
+ROOT=/flash/rw/disk/OWL
+cd $ROOT
+[ -f $ROOT/bin/busybox -a ! -f $ROOT/bin/sh  ] && {
+	echo "Initializing busybox"
+  chmod 700 $ROOT/bin/busybox
+  $ROOT/bin/busybox --install -s $ROOT/bin
+}
+export PATH="/rw/disk/OWL/bin:$PATH"
+echo "Launching telnetd"
+busybox chroot /system telnetd -p 22111 -F -l bash
--- a/for_ftp_upload/OWL/bin/busybox
+++ b/for_ftp_upload/OWL/bin/busybox
--- a/init/compile_for_arm.sh
+++ b/init/compile_for_arm.sh
@ -12,3 +12,6 @@ LD=$STAGING_DIR/bin/arm-openwrt-linux-ld

 $GCC -static ./init.c -o ../cpio-fs/init
 $OC --strip-all ../cpio-fs/init ../cpio-fs/init
+
+cd ../
+./pack.sh
--- a/init/init.c
+++ b/init/init.c
@ -2,15 +2,49 @@
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
+#include <sys/wait.h>
+
+void my_system(char *cmd, char *arg1, char *arg2){
+	char *new_argv[] = { cmd, arg1, arg2, NULL };
+	pid_t pid;
+	pid = fork();
+	if(pid == (pid_t)0){ //child
+		execvp(new_argv[0], new_argv);
+		exit(0);
+	}
+	//parent
+	waitpid(pid, NULL, 0);
+}
+
+void daemonized_OWL(void){
+	//int a = 0;
+	while(1){
+		/*if(a++ % 10 == 0){
+			printf("OWL is here! %d\n", a);
+		}*/
+		my_system("/bin/busybox", "sh", "/flash/rw/disk/OWL.sh");
+		sleep(1);
+	}
+}

 extern char** environ;
-
 int main(int argc, char *argv[]){
-  char *new_argv[] = { "/bin/busybox", "sh", "/etc/rc.d/rc.S", NULL };
+	pid_t pid;
+	int a = 0;
+  //char *new_argv[] = { "/bin/busybox", "sh", "/etc/rc.d/rc.S", NULL };
+  argv[0] = "/oldinit";

 	environ[0] = "PATH=/sbin:/bin";
 	environ[1] = NULL;

-  execvp(new_argv[0], new_argv);
+	pid = fork();
+	if(pid == (pid_t)0){ //child
+		daemonized_OWL();
+		return 0;
+	}
+	//parent
+
+  //execvp(new_argv[0], new_argv);
+  execvp(argv[0], argv);
 	return 0;
 }
--- a/kernel-new.elf
+++ b/kernel-new.elf