Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Recovering a login password for a 3B1
54 views
Skip to first unread message
Philip Pemberton
Jun 16, 2013, 5:17:49 PM6/16/13
to
Hi guys,
I'm sure a few of you will remember my other thread about bringing a 3B1
back to life ("3B1 Parts Needed"). Well, that 3B1 is working -- I've
replaced:
* The burned and oxidised power supply connectors.
* The equally burned power-supply-to-motherboard cable. Replaced with a
bundle of Alpha Wire ECO-WIRE 18SWG in red, black, yellow and blue (coded
to match the power rail per ATX specs).
* The utterly defunct PCB-mount CMOS memory backup battery - now a
CR2032 in a cute little PCB-mount holder.
I had a bit of a false-start to begin with - it seems the power rails
aren't commoned at the motherboard (though the grounds are). Basically,
the different 5V/12V pins go to different places... this might explain
why some pins on the PSU burn out sooner than others (overloading?),
causing the well-known connector burning.
My power supply of choice is a Seasonic 235W ATX PC power supply. It
seems happy enough and can deal with the inrush current demanded by the
two Miniscribe 5.25" HH MFM drives.
But back to my point :)
The machine boots quite happily from the hard drives, sets up the
screen... then promptly asks me for a login and password. Which I don't
know.
Does the standard 3B1 install have any accounts without passwords set (or
with known default passwords) which I could use to get in?
Failing that -- is there any way I can force the kernel to boot single-
user, or will I need to make some install disks?
Thanks,
--
Phil.
phi...@philpem.me.uk
http://www.philpem.me.uk/
I'm sure a few of you will remember my other thread about bringing a 3B1
back to life ("3B1 Parts Needed"). Well, that 3B1 is working -- I've
replaced:
* The burned and oxidised power supply connectors.
* The equally burned power-supply-to-motherboard cable. Replaced with a
bundle of Alpha Wire ECO-WIRE 18SWG in red, black, yellow and blue (coded
to match the power rail per ATX specs).
* The utterly defunct PCB-mount CMOS memory backup battery - now a
CR2032 in a cute little PCB-mount holder.
I had a bit of a false-start to begin with - it seems the power rails
aren't commoned at the motherboard (though the grounds are). Basically,
the different 5V/12V pins go to different places... this might explain
why some pins on the PSU burn out sooner than others (overloading?),
causing the well-known connector burning.
My power supply of choice is a Seasonic 235W ATX PC power supply. It
seems happy enough and can deal with the inrush current demanded by the
two Miniscribe 5.25" HH MFM drives.
But back to my point :)
The machine boots quite happily from the hard drives, sets up the
screen... then promptly asks me for a login and password. Which I don't
know.
Does the standard 3B1 install have any accounts without passwords set (or
with known default passwords) which I could use to get in?
Failing that -- is there any way I can force the kernel to boot single-
user, or will I need to make some install disks?
Thanks,
--
Phil.
phi...@philpem.me.uk
http://www.philpem.me.uk/
DoN. Nichols
Jun 18, 2013, 1:09:45 AM6/18/13
to
On 2013-06-16, Philip Pemberton <phi...@philpem.me.uk> wrote:
> Hi guys,
>
> I'm sure a few of you will remember my other thread about bringing a 3B1
> back to life ("3B1 Parts Needed"). Well, that 3B1 is working -- I've
> replaced:
>
> * The burned and oxidised power supply connectors.
> * The equally burned power-supply-to-motherboard cable. Replaced with a
> bundle of Alpha Wire ECO-WIRE 18SWG in red, black, yellow and blue (coded
> to match the power rail per ATX specs).
> * The utterly defunct PCB-mount CMOS memory backup battery - now a
> CR2032 in a cute little PCB-mount holder.
Great! Yes, that soldered-in cell for the CMOS is a poor
> Hi guys,
>
> I'm sure a few of you will remember my other thread about bringing a 3B1
> back to life ("3B1 Parts Needed"). Well, that 3B1 is working -- I've
> replaced:
>
> * The burned and oxidised power supply connectors.
> * The equally burned power-supply-to-motherboard cable. Replaced with a
> bundle of Alpha Wire ECO-WIRE 18SWG in red, black, yellow and blue (coded
> to match the power rail per ATX specs).
> * The utterly defunct PCB-mount CMOS memory backup battery - now a
> CR2032 in a cute little PCB-mount holder.
design. A coin cell clip is a good improvement, and what I did years
ago.
> I had a bit of a false-start to begin with - it seems the power rails
> aren't commoned at the motherboard (though the grounds are). Basically,
> the different 5V/12V pins go to different places... this might explain
> why some pins on the PSU burn out sooner than others (overloading?),
> causing the well-known connector burning.
result. That which provides power to the floppy and hard disk
controller chips results in increasing counts of bad blocks -- as blocks
are being written during a glitch, resulting in a corrupted sector, or if
you are really unlucky, a damaged sector ID record. Memory and the CPU
result in the system going off to never-never land until you reboot,
usually by forcing a power cycle. :-)
> My power supply of choice is a Seasonic 235W ATX PC power supply. It
> seems happy enough and can deal with the inrush current demanded by the
> two Miniscribe 5.25" HH MFM drives.
> But back to my point :)
>
> The machine boots quite happily from the hard drives, sets up the
> screen... then promptly asks me for a login and password. Which I don't
> know.
> Does the standard 3B1 install have any accounts without passwords set (or
> with known default passwords) which I could use to get in?
owner was. There is a guest account, which has no password. You can
use this to create your boot disks, once you install some kind of modem
program (kermit is nice, or was back when you did not have to pay for
the PC version of that. :-) Since the format of the floppys is either 8
sectors/track or 10 sectors/track, instead of the IBM PC's 9
sectors/track, making boot disks on a PC is tricky. There was a driver
for older versions of lunix which could be installed to do this.
Anyway -- there was a trick to use the e-mail system to allow
you to exit from the guest account and reset the root password. I
forget what it was, but it should be documented somewhere, likely in the
archives of this newsgroup. IIRC, you sent yourself an e-mail, then
when the mail icon popped up, you clicked on it and '!' (banged) out of
the editor, at which point you were root, and could change the root
password.
> Failing that -- is there any way I can force the kernel to boot single-
> user, or will I need to make some install disks?
not a 10 S/T) can be used. You get a shell, mount the hard disk, and
edit the /etc/passwd file to null out the root password. (That was
before the shadow file became common.) Beware that unless the
development system was installed, all you will have is ed(1) (or was it
just plain e(1)?. Anyway, one of the terrible design ideas was to make
it the default editor when you click on a file -- and the man page for
everything comes with the development system -- which also gives you
vi(1)
Maybe you want to save the old root password, if you are curious
enough to run crack50 or john the ripper on it -- and any other
passwords.
I rather quickly compiled and installed jove (Jonathon's Own
Version of Emacs), as I dislike vi, and ed is just too klugy. It really
does not give you a clue what is happening (no useful prompt, even).
Picture what happens when Mr. Businessman clicks on a file with no other
editor installed, no prompting, and no documentation on how to use it.
(Not even a way to know that it is ed(1) and not some other editor, so
he could *maybe* look it up somewhere else. He is just trapped in the
editor, doing various things to the file as he tries to find letters
which will get him out of the editor. (And if he did have something
else installed, it would be something like WordMark Composer -- a word
processor, not a programming editor.)
It would be interesting to see what is actually installed in the
system -- and what survived the power glitches which flooded the system.
Note that once you have the system running, and have everything
explored, you really should do a fresh install (including low-level
format from the diagnostic disk) to clean up all the hard disk errors.
You should be able to dd the image of the diagnostic floppy to
an 8 S/T formatted floppy even as guest -- once you have a way to copy
it to the system from some other system.
IIRC, the menus enable copying from a MS/DOS formatted floppy to
the system disk, so you may not need kermit or whatever to get your
network cards and the floppy tape system) in /kernel, so I could boot to
image of the diagnostic disk. (Note that I make a practice of putting
all the special kernels like the diagnostic (named "s4test", and the
ones for testing one of them instead of the normal OS. (You can simply
put it in the root directory and boot to that, too.) I forget whether
the reboot command allowed me to specify the kernel to boot or not.
If you have the encryption disk set (they used to be forbidden
to export them from the US, which is why they were separate), and don't
have the development set, it is possible to get vi/ex from that. You
have to create a dummy file for ex/vi (link one to the other) before
running the encryption install, and it will replace the (supposedly
neutered vi/ex with the version which will encrypt files as it saves,
and decrypt as it reads them back in.) Since the encryption system is
not that good anyway, this is mostly a way to get vi/ex to work with.
(If you don't have the development set, you won't be able to compile
something like jove or emacs anyway. But hopefully, you do have the
development set.
Note that the encryption set should be the last thing to
install, because it does tricky things to decide what to install, based
on what it finds. And the test for the presence of "vi" was especially
tricky -- but it did not run a checksum on what called itself "vi". :-)
The following four lines at the top if the install script:
======================================================================
ENHED=`echo "\0166\0151"`
EDLINK1=`echo "\0145\0144\0151\0164"`
EDLINK2=`echo "\0145\0170"`
EDLINK3=`echo "\0166\0151\0145\0167"`
======================================================================
become:
vi
edit
ex
and
view
all alterate names for vi.
O.K. It tests for them in /usr/bin.
And it only works if the install is done in the /tmp directory,
*and* /tmp is not on a different partition from /usr/bin, since it does
it all with links, leaving the normal clean of /tmp during reboot to get
rid of the excess copy.
Interesting -- Solaris 10 "file" returns the following on "vi":
======================================================================
vi: iAPX 286 executable large model (COFF)
======================================================================
I guess that 68010 magic numbers are just too old. :-)
Good Luck,
Don.
--
Remove oil spill source from e-mail
Email: <BPdnic...@d-and-d.com> | Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---
Thad Floryan
Jun 18, 2013, 1:40:27 AM6/18/13
to
On 6/17/2013 10:09 PM, DoN. Nichols wrote:
> [...]
Hmmm, I sort of remember that technique, too, but I recall there was an
easier way. Googling "3b1 trick to become root" found the answer, and
guess where it is?
It's in the comp.sys.3b1 FAQ part 2. Not only that, the email trick is
also documented there. D'oh! Head slap and face palm. :-)
Here they are from the FAQ part 2:
[...]
There are several serious problems with the UNIX PC's software,
specifically the User Agent (UA). The UA (the windowing environment,
also known as the Office environment) has some serious security
problems. The best solution, of course, would be to remove the entire
UA system from your machine. This isn't the easiest procedure (since
there are lots of programs scattered all around the disk that are tied
into the UA) and probably not the most desirable for some novice users.
What's so wrong with it? Well, look in your trusty manuals, in section
4. The manual UA(4) states (talking about UA configuration files):
[...] (page 4)
EXEC and SH have a number of variations, which are used depending
on the intelligence of the process being invoked.
[...]
The variations are specified via option characters as follows:
-n Run the process without a window
-w Run the process without waiting
-d Run the process in a dimensionless window
-p Run the process with superuser privileges
[...]
The "-p" option being the problem. For a little experiment to show to a
security conscious user (who still likes the UA), start out in a
non-privileged user account.
First create a file in your home directory called "Office" with the
following lines:
Name=Super User UNIX
Default = Run
Run=EXEC -pwd $SHELL
Then type:
$ exec /usr/bin/ua
Select the new object that you just created ("Super User UNIX") and then
at the "#" prompt type "id" for the effect.
# id
uid=0(root) gid=0(root)
OK, convinced?
If you really *LOVE* the UA, you can do something about this. Protect
the programs /usr/lib/ua/uasetx and /usr/lib/ua/uasig so they are not
executable by "other" and only executable by a "trusted" group.
-rwsr-x--- 1 root trusted 4268 Jan 1 1970 /usr/lib/ua/uasetx
-rwsr-x--- 1 root trusted 2068 Jan 1 1970 /usr/lib/ua/uasig
Another problem involves UA mail-handling. Send yourself some
electronic mail. Nothing elaborate is necessary.
$ mail myself < /dev/null
Select the [mailbox] icon when it comes up, and then when you're in
/bin/mail, at the "?" prompt type "! /bin/sh". Poof! Root shell.
# id
uid=0(root) gid=0(root)
# pwd
/etc/lddrv
This last problem can easily be corrected with Lenny Tropiano's "email"
program that is archived on OSU as "email.sh.Z". That program sets the
correct user id, group id, and home directory.
The other things to look for are covered in lots of books on UNIX
security: directories with 777 permissions (world writable), setuid
programs that aren't very security conscious, etc.
> [...]
> Anyway -- there was a trick to use the e-mail system to allow
> you to exit from the guest account and reset the root password. I
> forget what it was, but it should be documented somewhere, likely in the
> archives of this newsgroup. IIRC, you sent yourself an e-mail, then
> when the mail icon popped up, you clicked on it and '!' (banged) out of
> the editor, at which point you were root, and could change the root
> password.
> [...]
> you to exit from the guest account and reset the root password. I
> forget what it was, but it should be documented somewhere, likely in the
> archives of this newsgroup. IIRC, you sent yourself an e-mail, then
> when the mail icon popped up, you clicked on it and '!' (banged) out of
> the editor, at which point you were root, and could change the root
> password.
Hmmm, I sort of remember that technique, too, but I recall there was an
easier way. Googling "3b1 trick to become root" found the answer, and
guess where it is?
It's in the comp.sys.3b1 FAQ part 2. Not only that, the email trick is
also documented there. D'oh! Head slap and face palm. :-)
Here they are from the FAQ part 2:
[...]
There are several serious problems with the UNIX PC's software,
specifically the User Agent (UA). The UA (the windowing environment,
also known as the Office environment) has some serious security
problems. The best solution, of course, would be to remove the entire
UA system from your machine. This isn't the easiest procedure (since
there are lots of programs scattered all around the disk that are tied
into the UA) and probably not the most desirable for some novice users.
What's so wrong with it? Well, look in your trusty manuals, in section
4. The manual UA(4) states (talking about UA configuration files):
[...] (page 4)
EXEC and SH have a number of variations, which are used depending
on the intelligence of the process being invoked.
[...]
The variations are specified via option characters as follows:
-n Run the process without a window
-w Run the process without waiting
-d Run the process in a dimensionless window
-p Run the process with superuser privileges
[...]
The "-p" option being the problem. For a little experiment to show to a
security conscious user (who still likes the UA), start out in a
non-privileged user account.
First create a file in your home directory called "Office" with the
following lines:
Name=Super User UNIX
Default = Run
Run=EXEC -pwd $SHELL
Then type:
$ exec /usr/bin/ua
Select the new object that you just created ("Super User UNIX") and then
at the "#" prompt type "id" for the effect.
# id
uid=0(root) gid=0(root)
OK, convinced?
If you really *LOVE* the UA, you can do something about this. Protect
the programs /usr/lib/ua/uasetx and /usr/lib/ua/uasig so they are not
executable by "other" and only executable by a "trusted" group.
-rwsr-x--- 1 root trusted 4268 Jan 1 1970 /usr/lib/ua/uasetx
-rwsr-x--- 1 root trusted 2068 Jan 1 1970 /usr/lib/ua/uasig
Another problem involves UA mail-handling. Send yourself some
electronic mail. Nothing elaborate is necessary.
$ mail myself < /dev/null
Select the [mailbox] icon when it comes up, and then when you're in
/bin/mail, at the "?" prompt type "! /bin/sh". Poof! Root shell.
# id
uid=0(root) gid=0(root)
# pwd
/etc/lddrv
This last problem can easily be corrected with Lenny Tropiano's "email"
program that is archived on OSU as "email.sh.Z". That program sets the
correct user id, group id, and home directory.
The other things to look for are covered in lots of books on UNIX
security: directories with 777 permissions (world writable), setuid
programs that aren't very security conscious, etc.
Philip Pemberton
Jun 19, 2013, 7:21:16 PM6/19/13
to
On Mon, 17 Jun 2013 22:40:27 -0700, Thad Floryan wrote:
> On 6/17/2013 10:09 PM, DoN. Nichols wrote:
>> [...]
>> Anyway -- there was a trick to use the e-mail system to allow
>> you to exit from the guest account and reset the root password. I
>> forget what it was, but it should be documented somewhere, likely in
>> the archives of this newsgroup. IIRC, you sent yourself an e-mail,
>> then when the mail icon popped up, you clicked on it and '!' (banged)
>> out of the editor, at which point you were root, and could change the
>> root password.
>> [...]
>
> Hmmm, I sort of remember that technique, too, but I recall there was an
> easier way. Googling "3b1 trick to become root" found the answer, and
> guess where it is?
>
> It's in the comp.sys.3b1 FAQ part 2. Not only that, the email trick is
> also documented there. D'oh! Head slap and face palm. :-)
Well, it turns out the previous owner was big on security (or at least
> On 6/17/2013 10:09 PM, DoN. Nichols wrote:
>> [...]
>> Anyway -- there was a trick to use the e-mail system to allow
>> you to exit from the guest account and reset the root password. I
>> forget what it was, but it should be documented somewhere, likely in
>> the archives of this newsgroup. IIRC, you sent yourself an e-mail,
>> then when the mail icon popped up, you clicked on it and '!' (banged)
>> out of the editor, at which point you were root, and could change the
>> root password.
>> [...]
>
> Hmmm, I sort of remember that technique, too, but I recall there was an
> easier way. Googling "3b1 trick to become root" found the answer, and
> guess where it is?
>
> It's in the comp.sys.3b1 FAQ part 2. Not only that, the email trick is
> also documented there. D'oh! Head slap and face palm. :-)
read the 3B1 FAQ). As this thing was running as a UUCP node (and the
former owner was a Linux kernel developer!), that's not at all surprising.
All the common guest accounts were either nologin or password protected.
Same for install, root and tutorial. I managed to start up UUCP (by
logging in as 'uucp') which revealed that the machine's hostname was
'quagga'.
Out of idle curiosity, I used a DiscFerret (www.discferret.com) and the
(highly experimental!) ST-506 pod to image both hard drives. Feeding the
resulting magnetic flux image to a Python script got me... an empty .BIN
file for drive 0 (boot volume). Tried drive 1 for a laugh, that seems to
be a UUCP spool or something -- but there was also the remains of a
backup file containing part of the password file.
A few hours with John The Ripper got me a set of passwords -- one was
still working and got me into the system. A quick 'cat /etc/passwd' and a
bit more JTR-ing got me the passwords for all but a few of the accounts.
So I'm in - time to explore... ideally I'd like to image the first drive
(or as much as I can) to examine off-line.
My main problem at the moment is not having the 3.51m update -- which I'm
definitely going to need as this machine has a WD2010 hard disc
controller, P5.1 update *and* a pair of big hard drives...
I have install media (actually disc images) for 3.51, but not 3.51m :(
Thanks,
Phil.
DoN. Nichols
Jun 20, 2013, 1:05:09 AM6/20/13
to
On 2013-06-19, Philip Pemberton <phi...@philpem.me.uk> wrote:
> On Mon, 17 Jun 2013 22:40:27 -0700, Thad Floryan wrote:
>
>> On 6/17/2013 10:09 PM, DoN. Nichols wrote:
>>> [...]
>>> Anyway -- there was a trick to use the e-mail system to allow
>>> you to exit from the guest account and reset the root password. I
>>> forget what it was, but it should be documented somewhere, likely in
>>> the archives of this newsgroup. IIRC, you sent yourself an e-mail,
>>> then when the mail icon popped up, you clicked on it and '!' (banged)
>>> out of the editor, at which point you were root, and could change the
>>> root password.
>>> [...]
>>
>> Hmmm, I sort of remember that technique, too, but I recall there was an
>> easier way. Googling "3b1 trick to become root" found the answer, and
>> guess where it is?
[ ... ]
> On Mon, 17 Jun 2013 22:40:27 -0700, Thad Floryan wrote:
>
>> On 6/17/2013 10:09 PM, DoN. Nichols wrote:
>>> [...]
>>> Anyway -- there was a trick to use the e-mail system to allow
>>> you to exit from the guest account and reset the root password. I
>>> forget what it was, but it should be documented somewhere, likely in
>>> the archives of this newsgroup. IIRC, you sent yourself an e-mail,
>>> then when the mail icon popped up, you clicked on it and '!' (banged)
>>> out of the editor, at which point you were root, and could change the
>>> root password.
>>> [...]
>>
>> Hmmm, I sort of remember that technique, too, but I recall there was an
>> easier way. Googling "3b1 trick to become root" found the answer, and
>> guess where it is?
> Well, it turns out the previous owner was big on security (or at least
> read the 3B1 FAQ). As this thing was running as a UUCP node (and the
> former owner was a Linux kernel developer!), that's not at all surprising.
> All the common guest accounts were either nologin or password protected.
> Same for install, root and tutorial. I managed to start up UUCP (by
> logging in as 'uucp') which revealed that the machine's hostname was
> 'quagga'.
from where exactly. Likely comp.sys.3b1.
> Out of idle curiosity, I used a DiscFerret (www.discferret.com) and the
> (highly experimental!) ST-506 pod to image both hard drives. Feeding the
> resulting magnetic flux image to a Python script got me... an empty .BIN
> file for drive 0 (boot volume). Tried drive 1 for a laugh, that seems to
> be a UUCP spool or something -- but there was also the remains of a
> backup file containing part of the password file.
> A few hours with John The Ripper got me a set of passwords -- one was
> still working and got me into the system. A quick 'cat /etc/passwd' and a
> bit more JTR-ing got me the passwords for all but a few of the accounts.
> So I'm in - time to explore... ideally I'd like to image the first drive
> (or as much as I can) to examine off-line.
>
> My main problem at the moment is not having the 3.51m update -- which I'm
> definitely going to need as this machine has a WD2010 hard disc
> controller, P5.1 update *and* a pair of big hard drives...
>
> I have install media (actually disc images) for 3.51, but not 3.51m :(
3.51 to 3.51m. (But you probably need to start with an installation on
a hard disk formatted to look like an older one -- that is, using no
more than 8 heads/surfaces, and no more than 1024 cylinders. Use that
to format the disk, install on that, apply the Fixdisk-2.0, and then use
that disk to format the other and to build a new system on the other
drive, then swap the two drives, and re-format the first drive to use
its full size.
Perhaps make a new diagnostic floppy with the 3.51m kernel, and
use that to build everything from scratch.
Here are the instructions for Fixdisk 2.0:
======================================================================
FIX 1020
NATIONAL SYSTEMS SUPPORT CENTER
Instructions for installing the 3.51 Fix Disk Ver 2.0
1. Login as 'install'
2. Select 'Administration'
3. Select 'Software Setup'
4. Select 'Install Software from Floppy'
5. When prompted, insert the Fix Disk 1 of 2, and
hit 'Enter', and then insert 2 when prompted.
6. You will be informed of each fix being installed.
7. In order for the new Unix operating system to take effect,
you will need to perform 'Shutdown' from the 'Cmd'
list in the 'Office of install'.
8. Then when prompted, hit 'Return' to Re-Boot the system.
9. There will be a 'Readme.Fix' file placed in the
'Filecabinet of Install' with a description
of what each fix is supposed to do.
======================================================================
BTW The first floppy of the foundation set is the diagnostics floppy.
And I believe that has some tables on it which define disk
formats. You'll need to expand that to allow formatting the
larger disks. I'm trying to remember/discover what those files
were called -- and whether all the sizes were in the same file,
or whether there were separate files for each format.
I've found a copy of the floppy image for the enhanced
diagnostic, and it gzips down to 56k (from 365k). If you want, I
can send it to you. -- If you can receive that big an e-mail,
probably closer to 80K after uuencodign or base64 encoding.
I don't know what disk drive descriptors it may have in it,
since all I can do is run strings on the disk image.
Oh yes -- and for fun on your system, even with the old OS
installed, try running ".!." as a command name. :-)
Good Luck,
DoN.
Philip Pemberton
Jun 23, 2013, 6:15:56 AM6/23/13
to
On Thu, 20 Jun 2013 05:05:09 +0000, DoN. Nichols wrote:
>> All the common guest accounts were either nologin or password
>> protected. Same for install, root and tutorial. I managed to start up
>> UUCP (by logging in as 'uucp') which revealed that the machine's
>> hostname was 'quagga'.
>
> Intersting. That system name rings some bells, but I'm not sure
> from where exactly. Likely comp.sys.3b1.
Yep. The last few hops on the bangpath would have been something to the
>> All the common guest accounts were either nologin or password
>> protected. Same for install, root and tutorial. I managed to start up
>> UUCP (by logging in as 'uucp') which revealed that the machine's
>> hostname was 'quagga'.
>
> Intersting. That system name rings some bells, but I'm not sure
> from where exactly. Likely comp.sys.3b1.
effect of scicom!quagga. It appears to have been owned by a Vernon C.
Hoxie.
>> A few hours with John The Ripper got me a set of passwords -- one was
>> still working and got me into the system. A quick 'cat /etc/passwd' and
>> a bit more JTR-ing got me the passwords for all but a few of the
>> accounts.
>
> Great! Was the root password among those which you got?
three left which have not yet been cracked.
> Do you have FIXDISK-2.0? That is all that is needed to turn
> 3.51 to 3.51m. (But you probably need to start with an installation on
> a hard disk formatted to look like an older one -- that is, using no
> more than 8 heads/surfaces, and no more than 1024 cylinders. Use that
> to format the disk, install on that, apply the Fixdisk-2.0, and then use
> that disk to format the other and to build a new system on the other
> drive, then swap the two drives, and re-format the first drive to use
> its full size.
along with a copy of the Enhanced Diagnostics.
> BTW The first floppy of the foundation set is the diagnostics floppy.
>
> And I believe that has some tables on it which define disk
formats.
> You'll need to expand that to allow formatting the larger disks.
I'm
> trying to remember/discover what those files were called -- and
whether
> all the sizes were in the same file, or whether there were
separate
> files for each format.
use the UNIX kernel - it loads instead of the kernel). There is a "set
options manually" option, though.
> Oh yes -- and for fun on your system, even with the old OS
> installed, try running ".!." as a command name. :-)
Thanks,
Phil.
Aharon Robbins
Jun 23, 2013, 8:33:39 AM6/23/13
to
In article <51c6cadc$0$24483$c3e8da3$28e7...@news.astraweb.com>,
>>> A few hours with John The Ripper got me a set of passwords -- one was
>>> still working and got me into the system. A quick 'cat /etc/passwd' and
>>> a bit more JTR-ing got me the passwords for all but a few of the
>>> accounts.
>>
>> Great! Was the root password among those which you got?
>
>Yep. 'root', 'install', 'tutor' and a couple of user accounts. There are
>three left which have not yet been cracked.
Once you have root you can just change the password on the other
accounts to whatever you want:
# passwd user_name
But I would figure you knew that. :-)
Best of luck. I'm looking forward to your emulator. My first home
system was a 3B1 and I spent many enjoyable hours developing gawk on it.
(There was a separate 3b1.* net news network for a while before comp.sys.3b1
came into being. I had a connection to a nice lady in North Carolina, IIRC,
but I don't remember her name or the name of her system. Kathy Something,
I think. :-)
[ We now return you to your regularly scheduled work day. We hope you have
enjoyed this Nostalgia Break(tm). ]
--
Aharon (Arnold) Robbins arnold AT skeeve DOT com
P.O. Box 354 Home Phone: +972 8 979-0381
Nof Ayalon
D.N. Shimshon 9978500 ISRAEL
Philip Pemberton <phi...@philpem.me.uk> wrote:
>On Thu, 20 Jun 2013 05:05:09 +0000, DoN. Nichols wrote:
>
>>> All the common guest accounts were either nologin or password
>>> protected. Same for install, root and tutorial. I managed to start up
>>> UUCP (by logging in as 'uucp') which revealed that the machine's
>>> hostname was 'quagga'.
>>
>> Intersting. That system name rings some bells, but I'm not sure
>> from where exactly. Likely comp.sys.3b1.
>
>Yep. The last few hops on the bangpath would have been something to the
>effect of scicom!quagga. It appears to have been owned by a Vernon C.
>Hoxie.
That rings a vague bell too.
>On Thu, 20 Jun 2013 05:05:09 +0000, DoN. Nichols wrote:
>
>>> All the common guest accounts were either nologin or password
>>> protected. Same for install, root and tutorial. I managed to start up
>>> UUCP (by logging in as 'uucp') which revealed that the machine's
>>> hostname was 'quagga'.
>>
>> Intersting. That system name rings some bells, but I'm not sure
>> from where exactly. Likely comp.sys.3b1.
>
>Yep. The last few hops on the bangpath would have been something to the
>effect of scicom!quagga. It appears to have been owned by a Vernon C.
>Hoxie.
>>> A few hours with John The Ripper got me a set of passwords -- one was
>>> still working and got me into the system. A quick 'cat /etc/passwd' and
>>> a bit more JTR-ing got me the passwords for all but a few of the
>>> accounts.
>>
>> Great! Was the root password among those which you got?
>
>Yep. 'root', 'install', 'tutor' and a couple of user accounts. There are
>three left which have not yet been cracked.
accounts to whatever you want:
# passwd user_name
But I would figure you knew that. :-)
Best of luck. I'm looking forward to your emulator. My first home
system was a 3B1 and I spent many enjoyable hours developing gawk on it.
(There was a separate 3b1.* net news network for a while before comp.sys.3b1
came into being. I had a connection to a nice lady in North Carolina, IIRC,
but I don't remember her name or the name of her system. Kathy Something,
I think. :-)
[ We now return you to your regularly scheduled work day. We hope you have
enjoyed this Nostalgia Break(tm). ]
--
Aharon (Arnold) Robbins arnold AT skeeve DOT com
P.O. Box 354 Home Phone: +972 8 979-0381
Nof Ayalon
D.N. Shimshon 9978500 ISRAEL
DoN. Nichols
Jun 24, 2013, 10:56:50 PM6/24/13
to
On 2013-06-23, Philip Pemberton <phi...@philpem.me.uk> wrote:
> On Thu, 20 Jun 2013 05:05:09 +0000, DoN. Nichols wrote:
>
>>> All the common guest accounts were either nologin or password
>>> protected. Same for install, root and tutorial. I managed to start up
>>> UUCP (by logging in as 'uucp') which revealed that the machine's
>>> hostname was 'quagga'.
>>
>> Intersting. That system name rings some bells, but I'm not sure
>> from where exactly. Likely comp.sys.3b1.
>
> Yep. The last few hops on the bangpath would have been something to the
> effect of scicom!quagga. It appears to have been owned by a Vernon C.
> Hoxie.
O.K. The name is also familiar.
> On Thu, 20 Jun 2013 05:05:09 +0000, DoN. Nichols wrote:
>
>>> All the common guest accounts were either nologin or password
>>> protected. Same for install, root and tutorial. I managed to start up
>>> UUCP (by logging in as 'uucp') which revealed that the machine's
>>> hostname was 'quagga'.
>>
>> Intersting. That system name rings some bells, but I'm not sure
>> from where exactly. Likely comp.sys.3b1.
>
> Yep. The last few hops on the bangpath would have been something to the
> effect of scicom!quagga. It appears to have been owned by a Vernon C.
> Hoxie.
>>> A few hours with John The Ripper got me a set of passwords -- one was
>>> still working and got me into the system. A quick 'cat /etc/passwd' and
>>> a bit more JTR-ing got me the passwords for all but a few of the
>>> accounts.
>>
>> Great! Was the root password among those which you got?
>
> Yep. 'root', 'install', 'tutor' and a couple of user accounts. There are
> three left which have not yet been cracked.
of the better ones. Perhaps he changed it to a throwaway one before
parting with the system, to give the next owner. a chance for using it.
But I would have expected that he would have cleaned out the uucp
configurations. :-)
>> Do you have FIXDISK-2.0? That is all that is needed to turn
>> 3.51 to 3.51m. (But you probably need to start with an installation on
>> a hard disk formatted to look like an older one -- that is, using no
>> more than 8 heads/surfaces, and no more than 1024 cylinders. Use that
>> to format the disk, install on that, apply the Fixdisk-2.0, and then use
>> that disk to format the other and to build a new system on the other
>> drive, then swap the two drives, and re-format the first drive to use
>> its full size.
>
> I do have a copy of FIXDISK-2.0 - I believe you sent me a copy of it,
> along with a copy of the Enhanced Diagnostics.
>> BTW The first floppy of the foundation set is the diagnostics floppy.
>>
>> And I believe that has some tables on it which define disk
> formats.
>> You'll need to expand that to allow formatting the larger disks.
> I'm
>> trying to remember/discover what those files were called -- and
> whether
>> all the sizes were in the same file, or whether there were
> separate
>> files for each format.
>
> I think the disk tables were compiled into the diagnostic (which doesn't
> use the UNIX kernel - it loads instead of the kernel). There is a "set
> options manually" option, though.
(among other things):
======================================================================
%s:Disk is not S4 Format: Run the Format Test.
Select disk type:
Drive Type Formatted Capacity cyls heads
---------- ------------------ ---- -----
0 - Miniscribe ( 10 Megabyte ) 612 2
1 - Atasi ( 36 Megabyte ) 645 7
2 - Maxtor ( 36 Megabyte ) 903 5
3 - Seagate ( 10 Megabyte ) 306 4
4 - Miniscribe ( 20 Megabyte ) 612 4
5 - Rodime ( 40 Megabyte ) 640 8
6 - Atasi ( 40 Megabyte ) 704 7
7 - Hitachi ( 40 Megabyte ) 714 7
8 - Miniscribe ( 40 Megabyte ) 1024 5
9 - Miniscribe ( 64 Megabyte ) 1024 8
10 - MicroSci1050 ( 40 Megabyte ) 1024 5
11 - CDC WREN ( 40 Megabyte ) 989 5
12 - Others
Please select a number:( Current selection is %d )
This disk is not formatted.
Initialize the %s disk ?
( ALL DATA WILL BE ERASED ! ) - Yes or No :
Do you want to modify bad blocks ( Yes or No ) ?
Bad block not found!
Bad block table lost!
Do you have an internal disk drive
( this is standard ) - Yes or No ?
======================================================================
and later
======================================================================
1 - (Cylinder, Head and Byte)
2 - Physical Sector
3 - Logical Block
Which format ?
Give Cylinder Number
Cylinder numbers are in the range 0 - %d.
Give Head Number
Head numbers are in the range 0 - %d.
Give Byte Number
No Bad Block Recovery for Floppy Disk.
Give Physical Sector Number
Give Logical Block Number
Another? (Y/N: RETURN = No)
Add, Delete, Ignore?( A, D, I )
Deleting bad block failed. Response is %x
Winchester
Cartridge
Floppy
Unknown (%d)
disk
Volume Name: %6.6s
%d Cylinders. %d Heads per Cylinder.
There are %d Physical Sectors (of %d bytes) per Track.
%d Physical Sectors per Cylinder, %d Physical Sectors per Disk.
There are %d Logical Blocks (of 1024 bytes) per Track.
%d Logical Blocks per Cylinder, %d Logical Blocks per Disk.
The Floppy is
Single density on Cylinder 0.
Double density everywhere else.
Double density
Single density
Head select bit 3 is valid.
Reduced write current is valid.
The Step Rate supplied to the Controller is %d.
Old style partition table
Partition %d: start Track=%d, size (in Blocks)=%d
, automount on %s
Loader
Bad Block Table
Dump Area
Down Load File
Bootable Program
Unused Area
Cylinder %d, Track %d, Physical Sector %d, uses Track %d as Alternate.
Total space =%8d
Blocks
Partition %d =%8d
Blocks
( SWAP )
Park Disk Heads
Hard Disk parking done!
Must be a track multiple. Try again with %d blocks
Do you wish to have Multiple file systems partitions
( Non-standard, default is No )Yes or No ?
Do not set up more than one partition unless you are an experienced
UNIX system administrator. Do you wish to continue( Yes or No )?
There are %d disk blocks available for the file system partitions.
There can be up to 14 file system partitions. A minimum of %d blocks must
be allocated for the first partition(root file system). You will be prompted
for the size of each partition until all disk space has been allocated.
Enter file system block size for partition %d(default is %d)?
Must be a track multiple. Try again with %d blocks
Root file system partition size is less than %d blocks
%s %s
Can't recal the %s disk, test aborted.
======================================================================
O.K. The enhanced one has the following additional entries:
======================================================================
12 - Maxtor XT1140( 140 Megabyte ) 1024 15
13 - Maxtor XT2190( 190 Megabyte ) 1224 15
14 - Others
======================================================================
And choice 13 also works for the Priam of the same size.
I think that it read them from a text file. I do remember
adding the necessary data for the Priam/Maxtor 190 MB disks. (I once
thought that was so large, and now I'm trying to fix some 146 GB drives
(Fibre Channel, not normal SCSI) which had been formatted to 520 byte
sectors, instead of 512=byte ones. These were used in some hardware
RAID setup, which uses the extra bytes for something. I had no real
problem fixing this on some earlier drives -- 36 GB and 72 GB also
FC-AL -- but the 146 GB ones are really fighting me.
If it were only a couple of drives I would just shrug it off,
but I got 50 of these beasties. :-(
>> Oh yes -- and for fun on your system, even with the old OS
>> installed, try running ".!." as a command name. :-)
>
> Ah yes, the old rolling-credits easter-egg. :)
sorted to the top in a directory listing), and just had to try it. :-)
Enjoy,
DoN. Nichols
Jun 24, 2013, 11:01:26 PM6/24/13
to
On 2013-06-23, Aharon Robbins <arn...@skeeve.com> wrote:
> In article <51c6cadc$0$24483$c3e8da3$28e7...@news.astraweb.com>,
> Philip Pemberton <phi...@philpem.me.uk> wrote:
>>On Thu, 20 Jun 2013 05:05:09 +0000, DoN. Nichols wrote:
[ ... ]
> In article <51c6cadc$0$24483$c3e8da3$28e7...@news.astraweb.com>,
> Philip Pemberton <phi...@philpem.me.uk> wrote:
>>On Thu, 20 Jun 2013 05:05:09 +0000, DoN. Nichols wrote:
>>Yep. The last few hops on the bangpath would have been something to the
>>effect of scicom!quagga. It appears to have been owned by a Vernon C.
>>Hoxie.
>
> That rings a vague bell too.
*think* that was the name of the fellow who had the 3B1 unix source
code. If so, it is probably out of copyright by now, and it would be a
shame to lose it.
[ ... ]
> Best of luck. I'm looking forward to your emulator. My first home
> system was a 3B1 and I spent many enjoyable hours developing gawk on it.
>
> (There was a separate 3b1.* net news network for a while before comp.sys.3b1
> came into being. I had a connection to a nice lady in North Carolina, IIRC,
> but I don't remember her name or the name of her system. Kathy Something,
> I think. :-)
remembering?
> [ We now return you to your regularly scheduled work day. We hope you have
> enjoyed this Nostalgia Break(tm). ]
Enjoy,
Aharon Robbins
Jun 25, 2013, 12:53:09 AM6/25/13
to
>> (There was a separate 3b1.* net news network for a while before comp.sys.3b1
>> came into being. I had a connection to a nice lady in North Carolina, IIRC,
>> but I don't remember her name or the name of her system. Kathy Something,
>> I think. :-)
>
> There was a "unix-pc.*" usenet heirarchy. Was that what you are
>remembering?
Yes, that's it. It was a lot of fun.
>> came into being. I had a connection to a nice lady in North Carolina, IIRC,
>> but I don't remember her name or the name of her system. Kathy Something,
>> I think. :-)
>
> There was a "unix-pc.*" usenet heirarchy. Was that what you are
>remembering?
Arnold
Bill Gunshannon
Jun 25, 2013, 8:32:08 AM6/25/13
to
In article <slrnksi1uk.hh...@katana.d-and-d.com>,
also registered trade secrets. The previous owner would be in serious
violation of their NDA's if they didn't wipe it all off the disk. And
I would not want to be the one who publicly released it.
And I don't think the Copyrights are expired yet either as
even SYS III has yet to see public release. Nothing newer
than Version 7 that I know of.
>
> [ ... ]
>
>> Best of luck. I'm looking forward to your emulator. My first home
>> system was a 3B1 and I spent many enjoyable hours developing gawk on it.
>>
>> (There was a separate 3b1.* net news network for a while before comp.sys.3b1
>> came into being. I had a connection to a nice lady in North Carolina, IIRC,
>> but I don't remember her name or the name of her system. Kathy Something,
>> I think. :-)
>
> There was a "unix-pc.*" usenet heirarchy. Was that what you are
> remembering?
>
>> [ We now return you to your regularly scheduled work day. We hope you have
>> enjoyed this Nostalgia Break(tm). ]
>
> *I* have.
>
> Enjoy,
> DoN.
>
bill
--
Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
bill...@cs.scranton.edu | and a sheep voting on what's for dinner.
University of Scranton |
Scranton, Pennsylvania | #include <std.disclaimer.h>
"DoN. Nichols" <BPdnic...@d-and-d.com> writes:
> On 2013-06-23, Aharon Robbins <arn...@skeeve.com> wrote:
>> In article <51c6cadc$0$24483$c3e8da3$28e7...@news.astraweb.com>,
>> Philip Pemberton <phi...@philpem.me.uk> wrote:
>>>On Thu, 20 Jun 2013 05:05:09 +0000, DoN. Nichols wrote:
>
> [ ... ]
>
>>>Yep. The last few hops on the bangpath would have been something to the
>>>effect of scicom!quagga. It appears to have been owned by a Vernon C.
>>>Hoxie.
>>
>> That rings a vague bell too.
>
> Hmm ... check that system carefully before you wipe the disk. I
> *think* that was the name of the fellow who had the 3B1 unix source
> code. If so, it is probably out of copyright by now, and it would be a
> shame to lose it.
Careful there. It was AT&T SYSV. It contains not only Copyrights but
> On 2013-06-23, Aharon Robbins <arn...@skeeve.com> wrote:
>> In article <51c6cadc$0$24483$c3e8da3$28e7...@news.astraweb.com>,
>> Philip Pemberton <phi...@philpem.me.uk> wrote:
>>>On Thu, 20 Jun 2013 05:05:09 +0000, DoN. Nichols wrote:
>
> [ ... ]
>
>>>Yep. The last few hops on the bangpath would have been something to the
>>>effect of scicom!quagga. It appears to have been owned by a Vernon C.
>>>Hoxie.
>>
>> That rings a vague bell too.
>
> Hmm ... check that system carefully before you wipe the disk. I
> *think* that was the name of the fellow who had the 3B1 unix source
> code. If so, it is probably out of copyright by now, and it would be a
> shame to lose it.
also registered trade secrets. The previous owner would be in serious
violation of their NDA's if they didn't wipe it all off the disk. And
I would not want to be the one who publicly released it.
And I don't think the Copyrights are expired yet either as
even SYS III has yet to see public release. Nothing newer
than Version 7 that I know of.
>
> [ ... ]
>
>> Best of luck. I'm looking forward to your emulator. My first home
>> system was a 3B1 and I spent many enjoyable hours developing gawk on it.
>>
>> (There was a separate 3b1.* net news network for a while before comp.sys.3b1
>> came into being. I had a connection to a nice lady in North Carolina, IIRC,
>> but I don't remember her name or the name of her system. Kathy Something,
>> I think. :-)
>
> There was a "unix-pc.*" usenet heirarchy. Was that what you are
> remembering?
>
>> [ We now return you to your regularly scheduled work day. We hope you have
>> enjoyed this Nostalgia Break(tm). ]
>
> *I* have.
>
> Enjoy,
> DoN.
>
--
Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
bill...@cs.scranton.edu | and a sheep voting on what's for dinner.
University of Scranton |
Scranton, Pennsylvania | #include <std.disclaimer.h>
Aharon Robbins
Jun 26, 2013, 9:30:07 AM6/26/13
to
In article <b2tgu8...@mid.individual.net>,
>It was AT&T SYSV. It contains not only Copyrights but
>also registered trade secrets.
(Side note, let's not start a flame war... I don't think there is such
a thing as "registered" trade secrets, although often AT&T code had
notices that it contained trade secrets. :-)
>The previous owner would be in serious
>violation of their NDA's if they didn't wipe it all off the disk. And
>I would not want to be the one who publicly released it.
>
>And I don't think the Copyrights are expired yet either as
>even SYS III has yet to see public release. Nothing newer
>than Version 7 that I know of.
I would recommend making a safe private copy of it, no matter what.
Then I would talk, offline, with Warren Toomey of The Unix
Historical Society (www.tuhs.org).
If the source is indeed there, it's invaluable.
HTH,
Arnold
Bill Gunshannon <bill...@cs.uofs.edu> wrote:
>> Hmm ... check that system carefully before you wipe the disk. I
>> *think* that was the name of the fellow who had the 3B1 unix source
>> code. If so, it is probably out of copyright by now, and it would be a
>> shame to lose it.
>
>Careful there.
Good advice.
>> Hmm ... check that system carefully before you wipe the disk. I
>> *think* that was the name of the fellow who had the 3B1 unix source
>> code. If so, it is probably out of copyright by now, and it would be a
>> shame to lose it.
>
>Careful there.
>It was AT&T SYSV. It contains not only Copyrights but
>also registered trade secrets.
a thing as "registered" trade secrets, although often AT&T code had
notices that it contained trade secrets. :-)
>The previous owner would be in serious
>violation of their NDA's if they didn't wipe it all off the disk. And
>I would not want to be the one who publicly released it.
>
>And I don't think the Copyrights are expired yet either as
>even SYS III has yet to see public release. Nothing newer
>than Version 7 that I know of.
Then I would talk, offline, with Warren Toomey of The Unix
Historical Society (www.tuhs.org).
If the source is indeed there, it's invaluable.
HTH,
Arnold
0 new messages