5362 Inqury??
Jack Thompson
Just brought home today a Treasure I found at the local Comm Collage.
An almost new in apperence 5362 complete with terminal,But no papers or
manuals, Set it up and am able to get to the IPL logon screen and thats
it,
Having looked at several other related post ,I have opend the box and
no paper work inside,, Bummer
My Question is, Is there a way to get around this? I just want to play
with it to see if I can see what is loaded up on it or if its Blank,,Any
HELP
would be most welcomed.Thanks JBT.
--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG
Michael Ross
<jthom...@centurytel.net> wrote:
>Hello,
>Just brought home today a Treasure I found at the local Comm Collage.
>
>An almost new in apperence 5362 complete with terminal,But no papers or
>manuals, Set it up and am able to get to the IPL logon screen and thats
>it
OK first you have to figure the login... a couple of years ago, myself
and another guy posted the procedure for breaking into a S/36 when the
master password was not known. Here goes, good luck!
(be sure to use a fixed-pitch font to read this message so the tables
look right!)
I finally found something I mislaid two years ago, and promised to
post - the full instructions on breaking a lost password on S/36. I
don't have a functional 36 here just now, so I can't debug this or
offer advice beyond this verbatim transcript, but I do know it worked
for me once!
either
a)
Put 36 into service mode
Press MSP stop (for alter/display menus)
Option 1 - display main storage address 0A17
This is a three byte address of start of VTOC on disk.
Display this disk address (Option 2).
Scroll through VTOC until you find "F1 *.SECUID0
At displacement Hex 27 into this entry is the three byte address
of the start of thesecurity file data.
or
b)
Put 36 into service mode
Press MSP stop (for alter/display menus)
Option 1 - display main storage address 0A47
This is the three byte address of the start of thesecurity file
data. (Should be the same as found by method a) ).
The first sector displayed is a header. Scroll to the next sector,
this
contains the first two security entries - the first hex 7F bytes are
the first entry, the seconf hex 7F bytes are the second entry.
Scrollling to the next sector with give third and fourth entroes etc.
Write down the first sixteen bytes (address 0000 to 000F) of the top
line and split as below:
XX|XXXXXX XXXXXXXX XX|XXXX|XX XXXXXX|XX
| I.D. | | PASS |
The ID and password are as above, but encoded.
To obtain the ID, you must subtract, byte for byte, the following
constants: 32 0A B9 16 8C 59 7E A3
No carry to or from any adjoining byte is necessary. Where the value
to be subtracted from is less than the constant, add hex 100 then
subtract the constant, E.G. :
01 | 16 EC 7E EF 7D 99 BE E3 | 48 F6 | 0D DA CE E3 | C3
| 32 0A B9 16 8C 59 7E A3 | | |
byte 1: 16 but add 100 gives 116
32- 32-
-- --
E4- E4
byte 2: EC
0A-
--
E2
ETC ETC
doh! damn!
I've just realised that page two of this procedure, which deals with
the password, isn't in this folder. grrrrrrrrrrrr. If I can find it,
I'll post it. If anyone can confirm the constants and procedure for
the password, please let me know. I can't recall if it is a simple
subtraction, and there are some scribbled notes which seem to indicate
that the password constants are: AD 00 00 1E - but I may be very
wrong.
Well this is a start anyway!
Mike
Michael Ross wrote:
> I finally found something I mislaid two years ago, and promised to
> post - the full instructions on breaking a lost password on S/36.
Well, this morning I figured it all out ... :-)
Since my machine is a 5362 I don't have a MSP button to find the
starting sector of the #SECUID0 file. However, during previous
attempts I have been looking (staring) at this file. There are two
other methods to find the start of this file:
1. The table of contents can be found near the beginning of the
harddisk. Using PATCH F1 I found that sector 1965 is the lowest
accessable sector. Browsing through the next sectors the TOC is easily
recognized. Michael is absolutely right about: "you find 'F1
*.SECUID0'. At displacement hex 27 into this entry is the three byte
address of the start of the security file data." I found the address
01 09 B6.
2. Using the CATALOG procedure, it is possible to list the contents of
the harddisk, sorted on location. With this list I found two
libraries, with the system file #SECUID0 in between. A different
procedure (don't remember right now) can be used to list the
properties of the two libraries, including the starting sector
addresses. Again, PATCH F1 can be used to browse through the
sectors to look for the #SECUID0 file, which is easily recognized
(sector is completely filled with data).
Michael is also right about the constant 32 0A B9 16 8C 59 7E A3,
which has to be substracted from the username data. The position of
the username and password are also correct. After substraction, an
EBCDIC code table can be used to decode the username.
Well, finally the password. In fact, the password is encrypted using
two substractions: one based on the middle four characters of the 8
character password. The second substration is a constant value, but
not the one according to Michael. The constant I found is B9 16 8C 59.
So for example:
encrypted username: 06 CB 9B F9 51 32 BE E3
substraction: 32 0A B9 16 8C 59 7E A3
-----------------------
result: D4 C1 E2 E3 C5 D9 40 40
readable (EBCDIC): M A S T E R
use encrypted use decrypted
username: username:
encrypted password: 28 50 3B D4 28 50 3B D4
substr. part of username: 9B 56 CC 99 E2 E3 C5 D9
----------- -----------
result: 8D FA 6F 3B 46 6D 76 FB
substract constant: B9 16 8C 59 72 89 93 19
----------- -----------
result: D4 E4 E3 E2 D4 E4 E3 E2
readable (EBCDIC): M U T S M U T S
http://www.corestore.org
The avalanche had already started
It is too late for the pebbles to vote...