Device: Technisat MIB STD2 PQ nav
This device does not have serial shell .
But I successfully hacked the emmc filesystem
Now serial port has a shell
Step1.
Desolder the EMMC chip
Step2.
Dump EMMC chip via SD card reader
Step3.
qemu-img convert -f raw d:\682C_EMMC_DUMP.bin -O vmdk d:\682c.vmdk
Step4.
Start QNX x86 vmware machine to modify the 682c.vmdk
Step5.
modify the file /fs/hd1-qnx6/tsd/bin/system/startup
add following line
--------------------
echo ser1 "/bin/login -f root" qansi-m on > /tmp/ttys
/sbin/tinit -f /tmp/ttys &
--------------------
Save the file
Step6.
Shutdown QNX6 VM
Step7.
qemu-img convert -f vmdk d:\682c.vmdk -O raw C:\682C_EMMC_DUMP.bin
Step8.
write C:\682C_EMMC_DUMP.bin to EMMC via SD card reader
Step9.
Solder the EMMC chip back
done.
This device does not have serial shell .
But I successfully hacked the emmc filesystem
Now serial port has a shell
Step1.
Desolder the EMMC chip
Step2.
Dump EMMC chip via SD card reader
Step3.
qemu-img convert -f raw d:\682C_EMMC_DUMP.bin -O vmdk d:\682c.vmdk
Step4.
Start QNX x86 vmware machine to modify the 682c.vmdk
Step5.
modify the file /fs/hd1-qnx6/tsd/bin/system/startup
add following line
--------------------
echo ser1 "/bin/login -f root" qansi-m on > /tmp/ttys
/sbin/tinit -f /tmp/ttys &
--------------------
Save the file
Step6.
Shutdown QNX6 VM
Step7.
qemu-img convert -f vmdk d:\682c.vmdk -O raw C:\682C_EMMC_DUMP.bin
Step8.
write C:\682C_EMMC_DUMP.bin to EMMC via SD card reader
Step9.
Solder the EMMC chip back
done.