jetson tk1 got "hacked" and someone changed its password

Hello, someone has gotten access to our jetson tk1 card and changed its password.
The auto-login is on, so its possible to use the machine, however changing anything isn’t possible as it requires the password.

We really don’t want to do a reflash. Have tried multiple tricks from the internet like holding down shift to enter into the bootloader (But to no success obviously), CTRL+ALT+F1 to enter TTY1 requires the password aswell, so that doesn’t work either.

Do you have any tips on how to get it changed again?

Have a look at http://elinux.org/Jetson/Cloning .
You can download your system partition, mount it, replace the /ets/shadow by the original one (user:ubuntu pwd:ubuntu) and reflash its contents.

Quick note on that: it is obviously a bad idee to continue running a system that was obviously hacked, because nobody knows what was changed afterwards.

At least, you can access and recover all root-only files and prepare a new flash with the existend user-related files.

I think it’s also possible to modify the kernel parameters in u-boot and append “init=/bin/bash”. That should skip all the boot up scripts and just start bash with full root access without any passwords asked.

But as said, if you assume that it’s hacked (instead of just remembering the wrong password), you don’t really have a choice but to do a full flash to make sure it’s clean.

Test message…tried to reply the wiki blocked me.

I don’t know why the wiki blocked my previous message. I was agreeing that a new flash really is mandatory in the case of a hack, and that anyone visible to the internet with default ubuntu name and password is a guaranteed target…every ubuntu system starts with this and the entire world knows the root authority password.

The cloning idea is really nice if you must recover, as the sample rootfs contains the shadow file you need.

you could also try to set the user in the serial console to root:

vi /etc/init/ttyS0.conf

exec /sbin/getty -a root -L 115200 ttyS0

The trouble with that is the files which need to be changed require root access if a running system is used for the change…and there is no root access. Flash bypasses this.

Assuming have access to u-boot…

Why not temporary change (ie don’t call saveenv) the u-boot boot parameters to load a known filesystem from an external source.

Mount the main filesystem and edit the passwd file with a known password hash?

That could work…if he has u-boot flashed. It’d still be ideal to reflash, there’s nothing to trust after getting hacked.

Okay, thanks for all the tips guys! Lets say that we are 99.9% sure that this is a physical “hack” where someone at the university found the card turned on, already logged in… So they must have changed the password as a joke.

With this as the basis, what is the easiest way?

Trying to reply the forum is blocking me. Will try again later.

I think the spam filter issue got fixed but needs to propagate…I can still only post a partial reply without getting blocked. Here’s a short list of information. This depends on if you use R19.x or R21.x…which version is installed on your Jetson?

Mark this link and read:
http://elinux.org/Jetson/Cloning

Basically you want a loopback mountable root partition you can edit, but if you succeed at getting a clone keep an untouched back-up copy.

Thanks! Have started doing the whole cloning thing, getting the image to my host station was okay, mounted and changed out the shadow file. Started flashing it back a couple of hours ago, but it’s still just saying “flashing started”… Let’s see tomorrow, i’ll keep you updated.