Topic: Locked Router/Lost root password on wrt54gs

I have a OpenWRT install that for some reason won't respond to the root password that I set.   It was setup with telnet disabled and SSH enabled.  For some reason I can't figure out what happened to the root password.

Is there a way I can get into the box, or did I sucessfully turn this into a doorstop?

I tried resetting my router, including holding down the reset button while booting.  I read in the documentation that this requires 5 seconds, however, a friend of mine saids 10 seconds.   I have tried this for 5 seconds with no luck.  Interesting enough, however, my SSID changed to "linksys" it still will not allow me to login.  Is there any other way of totally resetting everything back to factory defaults, or, OpenWRT defaults?

Also, if this doesn't work and all else fails is there a way I can build a JTAG interface and reset the /etc/passwd file? Has anyone successfully done this or something like it?

Thanks for any help

Re: Locked Router/Lost root password on wrt54gs

openwrt failsafe:
wait for the dmz light; hold reset for 2 seconds. telnet 192.168.1.1

3 (edited by dl 2005-10-27 07:33:12)

Re: Locked Router/Lost root password on wrt54gs

I just had the same issue. SSH was working fine but root password suddenly doesn't work anymore. Went to failsafe but can't access from lan even after clearing arp cache. Managed to get in from wireless side (in failsafe) but when I re-enter the passwd I get an error updating passwd file. Mounted the jffs and still get the same error. Probably a simple solution but I'm clueless here.

Router is functioning fine otherwise, I just wanted to make some admin changes and can't get in.

- DL

- old enough to know better (yet I do it anyway)

4 (edited by emss 2006-02-18 18:11:06)

Re: Locked Router/Lost root password on wrt54gs

Hi,

dl wrote:

I just had the same issue. SSH was working fine but root password suddenly doesn't work anymore. Went to failsafe but can't access from lan even after clearing arp cache. Managed to get in from wireless side (in failsafe) but when I re-enter the passwd I get an error updating passwd file. Mounted the jffs and still get the same error. Probably a simple solution but I'm clueless here.

Same problem here, I can reach the gs in failsafe mode but can't change the root password.

[edit]

Solved, mount_root worked flawlessly, then I used the password line mentionned at the end of this page :
http://rotz.org/archives/2005/03/openwrt_root_pa.html

After reboot, I was then able to log in and then upgrade to RC4

[/edit]

I've tried available howtos to reset root password, but none has worked till now (the main problem is that I can't mount / read write to change /etc/passwd)
Is there any way to mount / rw or is it easier to upgrade to the lastest RC available ?

Some more information regarding the settings :


BusyBox v1.00 (2005.07.14-12:13+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
|       |.-----.-----.-----.|  |  |  |.----.|  |_
|   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
|_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
WHITE RUSSIAN (RC1) -------------------------------
  * 2 oz Vodka   Mix the Vodka and Kahlua together
  * 1 oz Kahlua  over ice, then float the cream or
  * 1/2oz cream  milk on the top.
---------------------------------------------------
root@OpenWrt:/# ps ax
  PID  Uid     VmSize Stat Command
    1 root        392 S   init
    2 root            SW  [keventd]
    3 root            RWN [ksoftirqd_CPU0]
    4 root            SW  [kswapd]
    5 root            SW  [bdflush]
    6 root            SW  [kupdated]
    7 root            SW  [mtdblockd]
   14 root        424 S   /bin/sh /etc/preinit noinitrd
   41 root        384 S   syslogd -C 16
   45 root        340 S   klogd
   50 root        392 S   init
  752 nobody      432 S   dnsmasq -l /tmp/dhcp.leases -K -F 192.168.1.100,192.1
  766 root        420 S   /usr/sbin/dropbear
  767 root        388 S   httpd -p 80 -h /www -r WRT54G Router
  829 root        324 S   telnetd -l /bin/login
1004 root        472 S   /bin/ash --login
1124 root        384 R   ps ax
root@OpenWrt:/# mount
/dev/root on / type jffs2 (ro)
none on /dev type devfs (rw)
none on /proc type proc (rw)
none on /tmp type tmpfs (rw,nosuid,nodev)
none on /dev/pts type devpts (rw)
root@OpenWrt:/# ls -al /dev/mtd/*
crw-rw-rw-    1 root     root      90,   0 Jan  1  1970 /dev/mtd/0
cr--r--r--    1 root     root      90,   1 Jan  1  1970 /dev/mtd/0ro
crw-rw-rw-    1 root     root      90,   2 Jan  1  1970 /dev/mtd/1
cr--r--r--    1 root     root      90,   3 Jan  1  1970 /dev/mtd/1ro
crw-rw-rw-    1 root     root      90,   4 Jan  1  1970 /dev/mtd/2
cr--r--r--    1 root     root      90,   5 Jan  1  1970 /dev/mtd/2ro
crw-rw-rw-    1 root     root      90,   6 Jan  1  1970 /dev/mtd/3
cr--r--r--    1 root     root      90,   7 Jan  1  1970 /dev/mtd/3ro
root@OpenWrt:/# ls -al /dev/mtdblock/*
brw-rw-rw-    1 root     root      31,   0 Jan  1  1970 /dev/mtdblock/0
brw-rw-rw-    1 root     root      31,   1 Jan  1  1970 /dev/mtdblock/1
brw-rw-rw-    1 root     root      31,   2 Jan  1  1970 /dev/mtdblock/2
brw-rw-rw-    1 root     root      31,   3 Jan  1  1970 /dev/mtdblock/3
root@OpenWrt:/# ls -al
drwxr-xr-x    1 root     root            0 Jun 25  2005 .
drwxr-xr-x    1 root     root            0 Jun 25  2005 ..
drwxr-xr-x    1 root     root            0 Jul 16  2005 bin
drwxr-xr-x    1 root     root            0 Jan  1  1970 dev
drwxr-xr-x    1 root     root            0 Jan  1 00:03 etc
drwxr-xr-x    1 root     root            0 Jul 16  2005 lib
dr-xr-xr-x   26 root     root            0 Jan  1 00:00 proc
drwxr-xr-x    1 root     root            0 Apr 20  2005 rom
drwxr-xr-x    1 root     root            0 Jul 16  2005 sbin
drwxrwxrwt    4 root     root          100 Jan  1 00:00 tmp
drwxr-xr-x    1 root     root            0 Jun 25  2005 usr
lrwxrwxrwx    1 root     root            4 Jul 16  2005 var -> /tmp
drwxr-xr-x    1 root     root            0 Feb  6  2005 www
root@OpenWrt:/#

Regards

Eric Masson

Re: Locked Router/Lost root password on wrt54gs

I had a similar problem until I realized my problem; I wasn't using the root user account with SSH.  On a linux box, the command is: ssh -l root 192.168.1.1

Hope this helps

Re: Locked Router/Lost root password on wrt54gs

I just updated two of my whiterussian WRT54G/S's after months without updates. Here are the updates on one of the boxes:

Upgrading base-files on root from 8 to 9...
Upgrading busybox on root from 1.00-3 to 1.00-5...
Upgrading dnsmasq on root from 2.27-1 to 2.35-1...
    *** dnsmasq.conf (Y/I/N/O) [default=N] ? N
Upgrading kmod-brcm-wl on root from 2.4.30-brcm-3 to 2.4.30-brcm-5...
Upgrading kmod-diag on root from 2.4.30-brcm-3 to 2.4.30-brcm-5...
Upgrading kmod-ppp on root from 2.4.30-brcm-3 to 2.4.30-brcm-5...
Upgrading kmod-ppp on root from 2.4.30-brcm-3 to 2.4.30-brcm-5...
Upgrading kmod-pppoe on root from 2.4.30-brcm-3 to 2.4.30-brcm-5...
Upgrading kmod-wlcompat on root from 2.4.30-brcm-3 to 2.4.30-brcm-4...
Upgrading mtd on root from 4 to 5...
Upgrading uclibc on root from 0.9.27-8 to 0.9.27-9...
Installing libgcc (3.4.4-9) to root...

  Fortunately I went on to play with the firewall, which prompted me to try shelling in with a second session rather than disconnecting my first session. That's when I found out that my root (and only) password on both routers no longer worked:

jenkster@earth:~/web/puzzle$ ssh root@75.36.158.117
root@75.36.158.117's password:
Permission denied, please try again.
root@75.36.158.117's password:

  Since I still had sessions on both routers, I was able to successfully set the passwords back using passwd, and then ssh worked again. Nearly bricking the router is a stinky problem to have from merely updating.

  Yours,

    Chris

Re: Locked Router/Lost root password on wrt54gs

Another idea is get a serial connection to your router. There should be some information where to find the serial connector on your board.
For my WL-500gP I found the information here: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=42261

When you are using a serial console, you see all the boot messages of the device and you can login as root without a passwort. (just hit enter)

Worked for me but involves some hardware knowledge.