|
本帖最后由 poiu321 于 2024-4-2 03:36 编辑
& [* W S3 U9 W* k( X+ f
" D4 t. V9 ?# S7 C$ S光猫,huawei HS8546V,修改登录界面为huawei界面,终于获得了超户权限,发现管理页面中有个“Bundle”选项,打开后,里面存在三个插件信息:! H6 X- {2 G! S) v" B4 S
% M: p) I( q9 u/ B
Bundle > Bundle信息' @( L) V/ q" R6 e' B) N
在本页面上,您可以查询bundle信息。
" Z; c) I, o% T7 ^0 i1 INSTALLED com.chinamobile.smartgateway.appcore 2.4.1
6 `5 Y" [ U$ n, s" A3 G- d2 INSTALLED com.chinamobile.smartgateway.andlink 2.3
9 v. l, R: G$ ?3 INSTALLED com.chinamobile.smartgateway.cmccdpi 1.1.3
# D% q8 ]% I& b: `
! L+ s0 v. L% n1 G! }搜了一下,这三个是中国移动在光猫中内置的收集信息并上报的间谍插件,在shell中执行查找find命令,没有搜索结果:1 w; _- O3 G6 g! ]5 E3 j# X5 c: Q3 H
WAP(Dopra Linux) # find / -name com.chinamobile.smartgateway.cmccdpi% C# I; Q! k5 Z( h4 H
WAP(Dopra Linux) #! D: n) g+ _, R) u$ p! [* t* [
WAP(Dopra Linux) # find / -name com.chinamobile.smartgateway.andlink
2 U$ _3 d8 H1 W/ v# u3 n+ C/ ?WAP(Dopra Linux) #
7 }- m% l) `; H7 HWAP(Dopra Linux) # find / -name com.chinamobile.smartgateway.appcore1 g% h4 _+ i+ J/ F+ R; W0 F
find: /proc/10607: No such file or directory! s) E) S6 \& f5 T& Y
WAP(Dopra Linux) #9 B# ]+ e$ \4 O8 M) V
/ u+ [$ @7 C8 j* g2 D* x
- `. b( Q( d! Z1 Y9 k8 u a$ m/ l, ?在网上搜了下“光猫 插件 禁用”,按照搜索结果中的教程,find搜osgi:9 w7 [* b- U. L, [' r8 e
WAP(Dopra Linux) # find / -name osgi& q7 V: @8 @; N4 l U. Z) c! v5 [& y
/mnt/jffs2/app/osgi. {- n p1 P! Y# H6 g
/usr/osgi
2 ~3 x+ ~2 ^( z& B/var/osgi
- J+ w9 \1 {' a, u, EWAP(Dopra Linux) # cd /mnt/jffs2/app/osgi/
) U8 T$ G; s- l4 x# p7 ~" ~3 ]WAP(Dopra Linux) #
! K5 j2 ^2 P" CWAP(Dopra Linux) # ls
/ m# i2 f: s2 k$ h ndata felix-cache security# f. I0 O; i' C9 u
WAP(Dopra Linux) #2 \) C W# ]+ H P7 X5 K3 P9 s* m
WAP(Dopra Linux) # cd /usr/osgi/
5 _3 |% y7 O& |! @7 DWAP(Dopra Linux) #
8 d) L. W4 J5 |WAP(Dopra Linux) # ls9 R: V( [3 s5 S9 Z e+ w
bin conf lib secure.policy
$ o. ^0 O7 F: ?! \! ybundle java release security
) v: Y% `: @: O2 C, S' |4 q7 YWAP(Dopra Linux) #1 u" e0 S. V. D8 {2 n
WAP(Dopra Linux) # cd /var/osgi
; d5 s2 o* s5 A. H- F; t AWAP(Dopra Linux) #
8 A! H4 k/ T4 [/ Q, f( ?4 XWAP(Dopra Linux) # ls: T( e' X$ v- \2 j$ W! T
OSGi0.log felixrecord0.log pd_dynamic_attr
E+ X' h, Y6 p# Q4 G. u7 c YOSGi0.log.lck felixrecord0.log.lck spec.bak& C: ]( Q/ C# j) Y8 | r3 y- Y+ d5 j* K
bundlechange0.log java_log_0.log temp
& ^, U$ q% K+ e1 e1 }/ \5 x' Lbundlechange0.log.lck java_log_0.log.lck timezonecfg! H5 O9 J1 u# I+ R. w( X3 E; P
bundlelist.info log_module.log9 B/ z, V( E3 j6 I2 i7 {' \
bundlestate log_module.log.lck' n0 D% N" P8 r3 o
WAP(Dopra Linux) #9 U0 }' d% v( V u
, v3 M7 m/ R6 k! Q) D! C
7 b2 d, |; `" E6 F1 p; ]( P& o
查看进程:
3 @( K# O7 m( _* k' r2 ?4 [3 e( m, D8 }" ?, A& {, j8 Z
WAP(Dopra Linux) #top
7 ]- L3 U' p) u- yMem: 190260K used, 313460K free, 0K shrd, 7696K buff, 37408K cached a, y0 @9 C3 U
CPU: 0.0% usr 3.8% sys 0.0% nic 92.3% idle 0.0% io 0.0% irq 3.8% sirq; X+ `' c. i' q" k7 w7 N
Load average: 1.29 1.42 1.55 1/284 10689, {1 P# M8 _1 B- H9 o
PID PPID USER STAT VSZ %MEM CPU %CPU COMMAND# {8 ~# q p: R: s0 r% [: ^
10689 10553 srv_ssmp R 1356 0.2 0 3.8 top- ?$ S f, V) @/ M+ l
2576 2575 osgi_pro S 205m 41.8 0 0.0 java -Djava.security.policy=secur% G$ W9 [/ u2 h9 C
1179 1 root S 188m 38.3 0 0.0 bbsp, ?1 g6 N! y& P, x
6600 1 root S 145m 29.6 0 0.0 upnpdmain !br+ br0 49652
7 N8 \. ?2 `/ W) }6 m' H- A) M% M 2508 1 root S 122m 24.9 0 0.0 udm* Y' ~6 t7 G% u5 J" |* o; j2 t
1198 1 srv_ssmp S 109m 22.1 0 0.0 ssmp" `" u/ j: A) }$ X! f2 J$ ^
2579 1 root S 102m 20.7 0 0.0 app_m
5 V4 L6 ^" v5 C. V% w2 X. y 9425 1 srv_ssmp S 98m 20.0 0 0.0 clid
/ M! Q3 Z$ c4 W/ T) _- y% i4 v 2555 1 root S 92780 18.4 0 0.0 osgi_proxy7 x' z6 G: A7 U
2501 1 srv_web S 87644 17.3 0 0.0 web
$ E" K9 X3 ^/ M( D 1204 1 cfg_omci S 86304 17.1 0 0.0 omci/ a( k* g$ c0 s6 l$ F3 ?
1197 1 srv_voic S 78808 15.6 0 0.0 voice_h248sip3 `5 m) i+ [9 g% C0 d# Z
1202 1 srv_amp S 70532 13.9 0 0.0 amp
( F4 p% Q3 d) u* E' b6 { 1199 1 srv_wifi S 65016 12.9 0 0.0 wifi
% I& K0 r$ S0 ~7 ^( H o2 N; | 1203 1 srv_igmp S 51620 10.2 0 0.0 igmp6 |( p2 N) o' h2 f; f% e9 L
2292 1 root S 45052 8.9 0 0.0 usb_mngt9 C+ `7 |9 d& A, X; b* U. b
1201 1 srv_etho S 44784 8.8 0 0.0 ethoam& g% ^5 s# P y3 K
1315 1 root S 42100 8.3 0 0.0 procmonitor ssmp amp voice_h248si, K! C) T3 v: d' k; Q8 i
1200 1 cfg_cwmp S 38068 7.5 0 0.0 cwmp7 R0 S/ H) I; q$ b
^C491 1 root S N 27536 5.4 0 0.0 apm9 X! @3 T0 K3 _7 V! V. ?# ^
WAP(Dopra Linux) # df -h; x* f- K h: o+ F
Filesystem Size Used Available Use% Mounted on
7 R8 D9 W! l' x. h1 E# g/ [7 v, p/dev/root 34.9M 34.9M 0 100% /4 w) L% y# X9 _# J
tmpfs 246.0M 0 246.0M 0% /dev
0 }9 O1 `: N6 T2 Z2 otmpfs 512.0M 4.0K 512.0M 0% /dev/shm4 \! z# Q2 ]) a( U4 s8 f. G* Z
none 10.0M 32.0K 10.0M 0% /tmp: w. P8 _% [6 x& w
none 512.0M 656.0K 511.4M 0% /var
+ B- U B) I8 G# f# b5 k3 ^none 4.0K 0 4.0K 0% /mnt& G. U- \. b" k8 A( Z
none 16.0M 120.0K 15.9M 1% /var/osgi
' S1 q. m/ _% a/ [- unone 30.0M 0 30.0M 0% /var/felix-temp
6 ^* R% W; S2 `9 Y6 ]none 2.0M 0 2.0M 0% /tmp/QoE- ]3 ?2 b0 w' O
/dev/ubi0_13 16.7M 2.1M 14.5M 13% /mnt/jffs2
$ X9 C g$ w: d9 tnone 8.0M 0 8.0M 0% /var/spool/cups
! O( q( |( S/ A/dev/ubi0_14 116.6M 10.8M 101.1M 10% /mnt/jffs2/app
% ?0 s b- Z3 T. J3 d. i9 \4 b4 C& F
5 l5 A3 `4 E+ r& S' Z3 X% [- D5 z4 H论坛上有相关指导说,直接删掉“osgi:x:1000:1000:OSGi User,,,:/var/osgi:/bin/sh”和“osgi:$1$U6vz.JFk$robzQ3kXsVf/GNcal1VS/1:0:0:99999:7:::”8 I1 `. U; i/ S# B4 Q
链接:https://www.chinadsl.net/forum.php?mod=viewthread&tid=158725
( Z$ \5 L1 v5 A
+ f# L, ?6 I& y! D! [, a+ t7 T* WWAP(Dopra Linux) # cat /etc/passwd
# Z2 x$ o( `8 `/ D7 G. Oroot:x:0:0:root:/root:/bin/sh
! ~: ]5 B2 i2 g* y3 wosgi:x:1000:1000:OSGi User,,,:/var/osgi:/bin/sh, W# E1 ~3 {7 L2 n" ^2 Z
web:x:1001:1001:Cfg User,,,:/var/web:/bin/false6 j9 ?. \7 _* J( ]4 K6 A" }7 L
cli:x:1002:1001:Cfg User,,,:/var/cli:/bin/false# O1 ?- K5 r. Z9 J
srv_usb:x:3001:2002:hw_srv_usb:/var/srv_usb:/bin/sh
4 D3 ?4 ~4 M; Q6 K0 Rsrv_samba:x:3002:2002:hw_srv_samba:/var/srv_samba:/bin/sh
O( H3 o& V Q8 X. G9 ?7 u Vsrv_amp:x:3003:2002:hw_srv_amp:/var/srv_amp:/bin/sh) F, m; w: o3 a8 r! k: O% J# \
srv_web:x:3004:2002:hw_srv_web:/var/srv_web:/bin/sh
' H! _5 r2 e3 \8 a, t- y' uosgi_proxy:x:3005:2000:hw_osgi_proxy:/var/osgi_proxy:/bin/sh- z8 O$ E+ q4 b" j/ n. N
srv_igmp:x:3006:2002:hw_srv_igmp:/var/srv_igmp:/bin/sh$ U3 V( _! b3 O* f7 a' k
cfg_cwmp:x:3007:2001:hw_cfg_cwmp:/var/cfg_cwmp:/bin/sh
9 O# i4 A8 @/ L g" S+ Psrv_ssmp:x:3008:2002:hw_srv_ssmp:/var/srv_ssmp:/bin/sh
' Q7 j% [5 _+ p. u4 {" Gcfg_omci:x:3009:2001:hw_cfg_omci:/var/cfg_omci:/bin/sh P0 M6 x/ @8 x; N' I' m+ h
cfg_cli:x:3010:2001:hw_cfg_cli:/var/cfg_cli:/bin/sh* [0 X" P& c! g; i) s
cfg_oam:x:3011:2001:hw_cfg_oam:/var/cfg_oam:/bin/sh
+ q/ B( H3 D) J6 r j/ e& b) psrv_bbsp:x:3012:2002:hw_srv_bbsp:/var/srv_bbsp:/bin/sh
+ i$ c7 m; O2 V' b& e8 D% r8 ^' |2 C* \srv_ethoam:x:3013:2002:hw_srv_ethoam:/var/srv_ethoam:/bin/sh
# n) z' ]) \$ {. s7 asrv_dbus:x:3014:2002:hw_srv_dbus:/var/srv_dbus:/bin/sh6 o+ s" c) {: [* y1 S! N9 M
srv_wifi:x:3015:2002:hw_srv_wifi:/var/srv_wifi:/bin/sh
- c _+ A1 J7 p8 U% `tool_mu:x:3016:2003:hw_tool_mu:/var/tool_mu:/bin/sh
0 p, J* F" w% D5 y, Ksrv_snmp:x:3017:2002:hw_srv_snmp:/var/srv_snmp:/bin/sh
6 {/ @ m5 ?0 j4 usrv_apm:x:3018:2002:hw_srv_apm:/var/srv_apm:/bin/sh
Y* v- h O- ~3 @; U8 k& G( atool_iac:x:3019:2003:hw_tool_iac:/var/tool_iac:/bin/sh
* O5 l! f$ _0 h! G1 _3 H' Nnobody:x:65534:65534::/tmp:/bin/false
9 r/ T4 W) `% f X0 }5 ~srv_ldsp:x:4001:2002:srv_ldsp:/var/service:/bin/sh
( B& z, O) S9 f" ksrv_voice:x:4002:2002:srv_voice:/var/service:/bin/sh8 f5 f; d7 W+ c, } j, @
srv_appm:x:4003:2002:srv_appm:/var/service:/bin/sh2 \1 c# V. _8 G$ G9 I% w
srv_user:x:4004:2002:srv_user:/var/srv_user:/bin/sh
6 W3 O/ X/ }( D' [+ J% z6 ]% u2 NWAP(Dopra Linux) # cat /etc/shadow, N t5 x6 W: Q7 K2 c% w
root:aqnaBbVaP.9Zo:14453:0:99999:7:::
1 L6 X- l. p0 y. Nosgi:$1$U6vz.JFk$robzQ3kXsVf/GNcal1VS/1:0:0:99999:7:::
0 t, D( O1 @% o3 o5 H. knobody:!:11141:0:99999:7:::* J2 g9 |% Q1 z* I) E& o, p; w
sshd:*:11880:0:99999:7:-1:-1:0+ S, D) v9 g) w& l5 X
$ D' K N) m7 r6 b( k+ b
1 m0 m! k8 ]: F8 C1 l) F) p
我没敢做……然后,想通过修改java文件名的方法禁用“ 2576 2575 osgi_pro ”进程,提示没有权限:6 ^/ P7 }* o& v! Y% i
WAP(Dopra Linux) # mv java javaCMCC
" j, V6 m" P4 G% f( z) ^mv: can't rename 'java': Read-only file system/ o: ?3 [: o8 E/ y" F$ \
5 [/ q: I4 N, j% `9 S4 j( S+ q
想请教下,如果强制更改这个java的文件权限,并重命名或者直接删除,或者删除上面两个文件中,osgi相关的行数据,对固件正常运行,是否有影响,谁有类似经验,请赐教,先谢谢了。
: ]8 b8 O7 f* [" L
0 |2 {2 I$ ~: _/ }7 w! s. c$ R
+ y8 J ~6 y# x% W* x: n
$ F4 i) C) l' [+ E1 T& z+ w$ o+ R, z [" s9 X3 \! }
' L5 D8 W/ q2 @. q
6 a7 f3 O& j$ ^9 | u9 X( ^% j9 ^) Y
; [$ Y- T/ F3 [% Z3 S3 i3 y W L0 y
|
|