求大神破解登录账号密码!
本帖最后由 1053541731 于 2018-1-5 13:20 编辑如图常用账号密码试过了,网上搜不到。现在编程器备份原厂固件,希望大神能破解!
现重新编辑,上传至百度云,链接: https://pan.baidu.com/s/1eSMvrou 密码: wu8v
配置为mt7620N8M+64M,双wan口,三lan口
帮破还收钱啊 什么配置的,文件应该放到百度盘啊, 第一发帖不知道怎么取消金币!不好意思。 下载文件看不出所以然,建议还是上TTL来查还好些,好像波特率是57600。
固件应该是维盟做的,不妨试一下维盟的账号 nnsat 发表于 2018-1-7 23:17
下载文件看不出所以然,建议还是上TTL来查还好些,好像波特率是57600。
固件应该是维盟做的,不妨试一下维 ...
帮忙看下ttl信息,焊了ttl针,只是刷了breed启动文件。下面是ttl信息。
Boot and Recovery Environment for Embedded Devices
Copyright (C) 2017 HackPascal <hackpascal@gmail.com>
Build date 2017-12-26
Version 1.1 (r1163)
DRAM: 64MB
Platform: MediaTek MT7620N ver 2, eco 6
Board: Reference design
Clocks: CPU: 580MHz, Bus: 193MHz
Flash: Winbond W25Q128 (16MB) on rt2880-spi
rt2880-eth: Using MAC address 00:0c:43:76:20:77
eth0: MediaTek MT7620N built-in 5-port 10/100M switch
Network started on eth0, inet addr 192.168.1.1, netmask 255.255.255.0
Press any key to interrupt autoboot ... 0
Trying to boot firmware from 0x00050000 in flash bank 0 ...
Reading data into memory ...
U-Boot firmware image header detected.
Image Name: Linux Kernel Image
Data Size: 5897183 Bytes
Load Address: 80000000
Entry Point:8000c2f0
Uncompressing data (LZMA) ... done.
Flushing cache ... done.
Starting kernel at 0x8000c2f0...
LINUX started...
THIS IS ASIC
rt_board_ram_size: 0x4000000
Linux version 2.6.36+ (root@jhl-ubuntu) (gcc version 3.4.2) #5139 Fri Oct 30 20:05:21 EDT 2015
The CPU feqenuce set to 580 MHz
MIPS CPU sleep mode enabled.
PCIE: bypass PCIe DLL.
PCIE: Elastic buffer control: Addr:0x68 -> 0xB4
disable all power about PCIe
PCIE: PLL power down for MT7620N
CPU revision is: 00019650 (MIPS 24Kc)
Determined physical RAM map:
memory: 04000000 @ 00000000 (usable)
Initrd not found or empty - disabling initrd
Zone PFN ranges:
Normal 0x00000000 -> 0x00004000
Movable zone start PFN for each node
early_node_map active PFN ranges
0: 0x00000000 -> 0x00004000
Built 1 zonelists in Zone order, mobility grouping on.Total pages: 16256
Kernel command line: console=ttyS1,57600n8 root=/dev/ram0 panic=1 console=ttyS0
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
Primary data cache 32kB, 4-way, PIPT, no aliases, linesize 32 bytes
Writing ErrCtl register=0000000a
Readback ErrCtl register=0000000a
Memory: 54436k/65536k available (3059k kernel code, 11100k reserved, 659k data, 4672k init, 0k highmem)
NR_IRQS:128
MTK/Ralink System Tick Counter init... cd:8038fd48, m:214748, s:32
console enabled
Calibrating delay loop... 392.19 BogoMIPS (lpj=196096)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
NET: Registered protocol family 16
bio: create slab <bio-0> at 0
SCSI subsystem initialized
Switching to clocksource Ralink external timer
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 2048 (order: 2, 16384 bytes)
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 2048 bind 2048)
TCP reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
Load Kernel WDG Timer Module
fuse init (API version 7.15)
msgmni has been set to 106
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254)
io scheduler noop registered (default)
create proc entry led success!
Ralink gpio driver initialized
Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
serial8250: ttyS0 at MMIO 0x10000500 (irq = 37) is a 16550A
serial8250: ttyS1 at MMIO 0x10000c00 (irq = 12) is a 16550A
brd: module loaded
deice id : ef 40 18 0 0 (40180000)
W25Q128BV(ef 40180000) (16384 Kbytes)
mtd .name = raspi, .size = 0x01000000 (0M) .erasesize = 0x00000010 (0K) .numeraseregions = 65536
Creating 7 MTD partitions on "raspi":
0x000000000000-0x000001000000 : "ALL"
0x000000000000-0x000000030000 : "Bootloader"
0x000000030000-0x000000040000 : "Config"
0x000000040000-0x000000050000 : "Factory"
0x000000050000-0x0000007b0000 : "Kernel"
0x0000007b0000-0x0000007f0000 : "modules"
0x0000007f0000-0x000000800000 : "buginfo"
rdm_major = 253
SMACCR1 -- : 0x0000000c
SMACCR0 -- : 0x43762077
Ralink APSoC Ethernet Driver Initilization. v3.0256 rx/tx descriptors allocated, mtu = 1500!
NAPI enable, Tx Ring = 1024, Rx Ring = 256
SMACCR1 -- : 0x0000000c
SMACCR0 -- : 0x43762077
PROC INIT OK!
PPP generic driver version 2.4.2
PPP Deflate Compression module registered
PPP BSD Compression module registered
PPP MPPE Compression module registered
NET: Registered protocol family 24
PPTP driver version 0.8.5
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
jhl_order: (C) 2007 jianhl
jhl_share_initstart
jhl_share_init ok
jhl_ipdo_init: (C) 2009 jianhl
ksys_log : create a netlink socket ok!
jianhl_arp_initstart
jhl hostinfo init
jhl_conn_init start
jhl_conn_init end
jhl_dns_cache_init ok
jhl_dnsc_rule_init start
jhl_pppoe_init start
jhl_pppoe_init ok
jhl_user_init ok
jhl_session_init start
jhl_session_init ok
jhl_nvram_init: (C) 2007 jianhl
jhl_msg_init start
mroute_init: (C) 2009 jianhl
jingx_init: (C) 2007 jianhl
jhl_ddos_init ok
jhlradius : create a netlink socket ok!
shibie_url_init ok
jhl_url_init ok
urlrd_init: (C) 2009 jianhl
fastping_init: (C) 2009 jianhl
http_init: (C) 2014 jianhl
simple_cache_init: (C) 2013 jianhl
jianhl_anyip_init ok
jianhl_br_init
jhl_third_auth_init ok
jhl_simple_gg_init start
Netfilter messages via NETLINK v0.30.
nf_conntrack version 0.5.0 (850 buckets, 3400 max)
ctnetlink v0.93: registering with nfnetlink.
nf_conntrack_rtsp v0.6.21 loading
matchsize=264
xt_time: kernel timezone is -0000
GRE over IPv4 demultiplexor driver
gre: can't add protocol
nf_nat_rtsp v0.6.21 loading
ip_tables: (C) 2000-2006 Netfilter Core Team, Type=Linux
arp_tables: (C) 2002 David S. Miller
TCP cubic registered
NET: Registered protocol family 17
NET: Registered protocol family 15
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
Freeing unused kernel memory: 4672k freed
Hit ENTER for console...
Algorithmics/MIPS FPU Emulator v1.5
Performed 4762 set and 0 unset operations. 10 required no changes.
Not commiting.
going to insmod wys_pg2.ko
md5 checking succeed!
wys_pg2: module license 'unspecified' taints kernel.
Disabling lock debugging due to kernel taint
ShiBie_LV0_Init xxxxxx start
LV_http_Init start
LV_P2P_XunLei_Init start
LV_WLYY_Init start
LV_Mobile_Init start
LV_DianShi_Init start
LV_gupiao_Init start
LV_tongxin_app_Init start
LV_GameMaintenance_Init start
LV_YouXi_Init start
LV_YunPan_Init start
LV_Mobile_Game_Init start
wys_pg2 insert succeedly!
switch reg write offset=2004, value=ff0003
switch reg write offset=2104, value=ff0003
switch reg write offset=2204, value=ff0003
switch reg write offset=2304, value=ff0003
switch reg write offset=2404, value=ff0003
switch reg write offset=2504, value=ff0003
switch reg write offset=2010, value=810000c0
switch reg write offset=2110, value=810000c0
switch reg write offset=2210, value=810000c0
switch reg write offset=2310, value=810000c0
switch reg write offset=2410, value=810000c0
switch reg write offset=2510, value=810000c0
switch reg write offset=2610, value=81000000
switch reg write offset=2710, value=81000000
switch reg write offset=2604, value=20ff0003
switch reg write offset=2704, value=20ff0003
12345
switch reg write offset=2014, value=10001
switch reg write offset=2114, value=10002
switch reg write offset=2214, value=10003
switch reg write offset=2314, value=10004
switch reg write offset=2414, value=10005
switch reg write offset=2514, value=10006
REG_ESW_WT_MAC_ATC is 0x7ff0002
done.
Raeth v3.0 (NAPI
)
phy_tx_ring = 0x00464000, tx_ring = 0xa0464000
phy_rx_ring0 = 0x00463000, rx_ring0 = 0xa0463000
SMACCR1 -- : 0x0000000c
SMACCR0 -- : 0x43762077
ESW: Link Status Changed - Port0 Link UP
CDMA_CSG_CFG = 81000000
GDMA1_FWD_CFG = 20710000
ra2880stop()...Done
Free TX/RX Ring Memory!
Raeth v3.0 (NAPI
)
phy_tx_ring = 0x027ac000, tx_ring = 0xa27ac000
phy_rx_ring0 = 0x0046f000, rx_ring0 = 0xa046f000
SMACCR1 -- : 0x00008081
SMACCR0 -- : 0x001d4981
CDMA_CSG_CFG = 81000000
GDMA1_FWD_CFG = 20710000
device eth2 entered promiscuous mode
=== pAd = c0731000, size = 785480 ===
<-- RTMPAllocTxRxRingMemory, Status=0
<-- RTMPAllocAdapterBlock, Status=0
----name:ra0--pAd:c0731000--
RX DESC a27f2000size = 4096
1. Phy Mode = 9
2. Phy Mode = 9
rtmp_ee_flash_init() ok
3. Phy Mode = 9
AntCfgInit: primary/secondary ant 0/1
Current Temperature from BBP_R49=0xffffffef
MCS Set = ff ff 00 00 00
Main bssid = 80:81:00:1d:49:88
<==== rt28xx_init, Status=0
0x1300 = 00064380
device ra0 entered promiscuous mode
device ra1 entered promiscuous mode
device ra2 entered promiscuous mode
reset dual lan end
br1: port 1(ra0) entering forwarding state
br1: port 1(ra0) entering forwarding state
br2: port 1(ra1) entering forwarding state
br2: port 1(ra1) entering forwarding state
br3: port 1(ra2) entering forwarding state
br3: port 1(ra2) entering forwarding state
ESW: Link Status Changed - Port0 Link Down
ESW: Link Status Changed - Port0 Link UP
led=38, on=4000, off=1, blinks,=1, reset=1, time=4000
led=9, on=4000, off=1, blinks,=1, reset=1, time=4000
system init ok
Factory test start init
set rFactory Test Start Router,LAN:eth2.1,WAN:eth2.5
ole!!
ok
Factory test init OK
nnsat 发表于 2018-1-7 23:17
下载文件看不出所以然,建议还是上TTL来查还好些,好像波特率是57600。
固件应该是维盟做的,不妨试一下维 ...
帮忙看下ttl信息,焊了ttl针,只是刷了breed启动文件。下面是ttl信息。
Boot and Recovery Environment for Embedded Devices
Copyright (C) 2017 HackPascal <hackpascal@gmail.com>
Build date 2017-12-26
Version 1.1 (r1163)
DRAM: 64MB
Platform: MediaTek MT7620N ver 2, eco 6
Board: Reference design
Clocks: CPU: 580MHz, Bus: 193MHz
Flash: Winbond W25Q128 (16MB) on rt2880-spi
rt2880-eth: Using MAC address 00:0c:43:76:20:77
eth0: MediaTek MT7620N built-in 5-port 10/100M switch
Network started on eth0, inet addr 192.168.1.1, netmask 255.255.255.0
Press any key to interrupt autoboot ... 0
Trying to boot firmware from 0x00050000 in flash bank 0 ...
Reading data into memory ...
U-Boot firmware image header detected.
Image Name: Linux Kernel Image
Data Size: 5897183 Bytes
Load Address: 80000000
Entry Point:8000c2f0
Uncompressing data (LZMA) ... done.
Flushing cache ... done.
Starting kernel at 0x8000c2f0...
LINUX started...
THIS IS ASIC
rt_board_ram_size: 0x4000000
Linux version 2.6.36+ (root@jhl-ubuntu) (gcc version 3.4.2) #5139 Fri Oct 30 20:05:21 EDT 2015
The CPU feqenuce set to 580 MHz
MIPS CPU sleep mode enabled.
PCIE: bypass PCIe DLL.
PCIE: Elastic buffer control: Addr:0x68 -> 0xB4
disable all power about PCIe
PCIE: PLL power down for MT7620N
CPU revision is: 00019650 (MIPS 24Kc)
Determined physical RAM map:
memory: 04000000 @ 00000000 (usable)
Initrd not found or empty - disabling initrd
Zone PFN ranges:
Normal 0x00000000 -> 0x00004000
Movable zone start PFN for each node
early_node_map active PFN ranges
0: 0x00000000 -> 0x00004000
Built 1 zonelists in Zone order, mobility grouping on.Total pages: 16256
Kernel command line: console=ttyS1,57600n8 root=/dev/ram0 panic=1 console=ttyS0
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
Primary data cache 32kB, 4-way, PIPT, no aliases, linesize 32 bytes
Writing ErrCtl register=0000000a
Readback ErrCtl register=0000000a
Memory: 54436k/65536k available (3059k kernel code, 11100k reserved, 659k data, 4672k init, 0k highmem)
NR_IRQS:128
MTK/Ralink System Tick Counter init... cd:8038fd48, m:214748, s:32
console enabled
Calibrating delay loop... 392.19 BogoMIPS (lpj=196096)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
NET: Registered protocol family 16
bio: create slab <bio-0> at 0
SCSI subsystem initialized
Switching to clocksource Ralink external timer
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 2048 (order: 2, 16384 bytes)
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 2048 bind 2048)
TCP reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
Load Kernel WDG Timer Module
fuse init (API version 7.15)
msgmni has been set to 106
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254)
io scheduler noop registered (default)
create proc entry led success!
Ralink gpio driver initialized
Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
serial8250: ttyS0 at MMIO 0x10000500 (irq = 37) is a 16550A
serial8250: ttyS1 at MMIO 0x10000c00 (irq = 12) is a 16550A
brd: module loaded
deice id : ef 40 18 0 0 (40180000)
W25Q128BV(ef 40180000) (16384 Kbytes)
mtd .name = raspi, .size = 0x01000000 (0M) .erasesize = 0x00000010 (0K) .numeraseregions = 65536
Creating 7 MTD partitions on "raspi":
0x000000000000-0x000001000000 : "ALL"
0x000000000000-0x000000030000 : "Bootloader"
0x000000030000-0x000000040000 : "Config"
0x000000040000-0x000000050000 : "Factory"
0x000000050000-0x0000007b0000 : "Kernel"
0x0000007b0000-0x0000007f0000 : "modules"
0x0000007f0000-0x000000800000 : "buginfo"
rdm_major = 253
SMACCR1 -- : 0x0000000c
SMACCR0 -- : 0x43762077
Ralink APSoC Ethernet Driver Initilization. v3.0256 rx/tx descriptors allocated, mtu = 1500!
NAPI enable, Tx Ring = 1024, Rx Ring = 256
SMACCR1 -- : 0x0000000c
SMACCR0 -- : 0x43762077
PROC INIT OK!
PPP generic driver version 2.4.2
PPP Deflate Compression module registered
PPP BSD Compression module registered
PPP MPPE Compression module registered
NET: Registered protocol family 24
PPTP driver version 0.8.5
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
jhl_order: (C) 2007 jianhl
jhl_share_initstart
jhl_share_init ok
jhl_ipdo_init: (C) 2009 jianhl
ksys_log : create a netlink socket ok!
jianhl_arp_initstart
jhl hostinfo init
jhl_conn_init start
jhl_conn_init end
jhl_dns_cache_init ok
jhl_dnsc_rule_init start
jhl_pppoe_init start
jhl_pppoe_init ok
jhl_user_init ok
jhl_session_init start
jhl_session_init ok
jhl_nvram_init: (C) 2007 jianhl
jhl_msg_init start
mroute_init: (C) 2009 jianhl
jingx_init: (C) 2007 jianhl
jhl_ddos_init ok
jhlradius : create a netlink socket ok!
shibie_url_init ok
jhl_url_init ok
urlrd_init: (C) 2009 jianhl
fastping_init: (C) 2009 jianhl
http_init: (C) 2014 jianhl
simple_cache_init: (C) 2013 jianhl
jianhl_anyip_init ok
jianhl_br_init
jhl_third_auth_init ok
jhl_simple_gg_init start
Netfilter messages via NETLINK v0.30.
nf_conntrack version 0.5.0 (850 buckets, 3400 max)
ctnetlink v0.93: registering with nfnetlink.
nf_conntrack_rtsp v0.6.21 loading
matchsize=264
xt_time: kernel timezone is -0000
GRE over IPv4 demultiplexor driver
gre: can't add protocol
nf_nat_rtsp v0.6.21 loading
ip_tables: (C) 2000-2006 Netfilter Core Team, Type=Linux
arp_tables: (C) 2002 David S. Miller
TCP cubic registered
NET: Registered protocol family 17
NET: Registered protocol family 15
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
Freeing unused kernel memory: 4672k freed
Hit ENTER for console...
Algorithmics/MIPS FPU Emulator v1.5
Performed 4762 set and 0 unset operations. 10 required no changes.
Not commiting.
going to insmod wys_pg2.ko
md5 checking succeed!
wys_pg2: module license 'unspecified' taints kernel.
Disabling lock debugging due to kernel taint
ShiBie_LV0_Init xxxxxx start
LV_http_Init start
LV_P2P_XunLei_Init start
LV_WLYY_Init start
LV_Mobile_Init start
LV_DianShi_Init start
LV_gupiao_Init start
LV_tongxin_app_Init start
LV_GameMaintenance_Init start
LV_YouXi_Init start
LV_YunPan_Init start
LV_Mobile_Game_Init start
wys_pg2 insert succeedly!
switch reg write offset=2004, value=ff0003
switch reg write offset=2104, value=ff0003
switch reg write offset=2204, value=ff0003
switch reg write offset=2304, value=ff0003
switch reg write offset=2404, value=ff0003
switch reg write offset=2504, value=ff0003
switch reg write offset=2010, value=810000c0
switch reg write offset=2110, value=810000c0
switch reg write offset=2210, value=810000c0
switch reg write offset=2310, value=810000c0
switch reg write offset=2410, value=810000c0
switch reg write offset=2510, value=810000c0
switch reg write offset=2610, value=81000000
switch reg write offset=2710, value=81000000
switch reg write offset=2604, value=20ff0003
switch reg write offset=2704, value=20ff0003
12345
switch reg write offset=2014, value=10001
switch reg write offset=2114, value=10002
switch reg write offset=2214, value=10003
switch reg write offset=2314, value=10004
switch reg write offset=2414, value=10005
switch reg write offset=2514, value=10006
REG_ESW_WT_MAC_ATC is 0x7ff0002
done.
Raeth v3.0 (NAPI
)
phy_tx_ring = 0x00464000, tx_ring = 0xa0464000
phy_rx_ring0 = 0x00463000, rx_ring0 = 0xa0463000
SMACCR1 -- : 0x0000000c
SMACCR0 -- : 0x43762077
ESW: Link Status Changed - Port0 Link UP
CDMA_CSG_CFG = 81000000
GDMA1_FWD_CFG = 20710000
ra2880stop()...Done
Free TX/RX Ring Memory!
Raeth v3.0 (NAPI
)
phy_tx_ring = 0x027ac000, tx_ring = 0xa27ac000
phy_rx_ring0 = 0x0046f000, rx_ring0 = 0xa046f000
SMACCR1 -- : 0x00008081
SMACCR0 -- : 0x001d4981
CDMA_CSG_CFG = 81000000
GDMA1_FWD_CFG = 20710000
device eth2 entered promiscuous mode
=== pAd = c0731000, size = 785480 ===
<-- RTMPAllocTxRxRingMemory, Status=0
<-- RTMPAllocAdapterBlock, Status=0
----name:ra0--pAd:c0731000--
RX DESC a27f2000size = 4096
1. Phy Mode = 9
2. Phy Mode = 9
rtmp_ee_flash_init() ok
3. Phy Mode = 9
AntCfgInit: primary/secondary ant 0/1
Current Temperature from BBP_R49=0xffffffef
MCS Set = ff ff 00 00 00
Main bssid = 80:81:00:1d:49:88
<==== rt28xx_init, Status=0
0x1300 = 00064380
device ra0 entered promiscuous mode
device ra1 entered promiscuous mode
device ra2 entered promiscuous mode
reset dual lan end
br1: port 1(ra0) entering forwarding state
br1: port 1(ra0) entering forwarding state
br2: port 1(ra1) entering forwarding state
br2: port 1(ra1) entering forwarding state
br3: port 1(ra2) entering forwarding state
br3: port 1(ra2) entering forwarding state
ESW: Link Status Changed - Port0 Link Down
ESW: Link Status Changed - Port0 Link UP
led=38, on=4000, off=1, blinks,=1, reset=1, time=4000
led=9, on=4000, off=1, blinks,=1, reset=1, time=4000
system init ok
Factory test start init
set rFactory Test Start Router,LAN:eth2.1,WAN:eth2.5
ole!!
ok
Factory test init OK
开启终端,加电的同时按下enter,进入LINUX系统,登录用户名密码试一下root和admin,是维盟的默认。
然后查找配置文件,看看能不能找到web登录帐号密码 nnsat 发表于 2018-1-10 22:20
开启终端,加电的同时按下enter,进入LINUX系统,登录用户名密码试一下root和admin,是维盟的默认。
然后 ...
密码实在解不出来,已刷华硕N14固件,正常使用中。
在此,谢谢各位帮忙!
页:
[1]