Hello, someone has gotten access to our jetson tk1 card and changed its password.
The auto-login is on, so its possible to use the machine, however changing anything isn’t possible as it requires the password.
We really don’t want to do a reflash. Have tried multiple tricks from the internet like holding down shift to enter into the bootloader (But to no success obviously), CTRL+ALT+F1 to enter TTY1 requires the password aswell, so that doesn’t work either.
Do you have any tips on how to get it changed again?
Have a look at Jetson/Cloning - eLinux.org .
You can download your system partition, mount it, replace the /ets/shadow by the original one (user:ubuntu pwd:ubuntu) and reflash its contents.
Quick note on that: it is obviously a bad idee to continue running a system that was obviously hacked, because nobody knows what was changed afterwards.
At least, you can access and recover all root-only files and prepare a new flash with the existend user-related files.
I think it’s also possible to modify the kernel parameters in u-boot and append “init=/bin/bash”. That should skip all the boot up scripts and just start bash with full root access without any passwords asked.
But as said, if you assume that it’s hacked (instead of just remembering the wrong password), you don’t really have a choice but to do a full flash to make sure it’s clean.
I don’t know why the wiki blocked my previous message. I was agreeing that a new flash really is mandatory in the case of a hack, and that anyone visible to the internet with default ubuntu name and password is a guaranteed target…every ubuntu system starts with this and the entire world knows the root authority password.
The cloning idea is really nice if you must recover, as the sample rootfs contains the shadow file you need.
The trouble with that is the files which need to be changed require root access if a running system is used for the change…and there is no root access. Flash bypasses this.
Okay, thanks for all the tips guys! Lets say that we are 99.9% sure that this is a physical “hack” where someone at the university found the card turned on, already logged in… So they must have changed the password as a joke.
I think the spam filter issue got fixed but needs to propagate…I can still only post a partial reply without getting blocked. Here’s a short list of information. This depends on if you use R19.x or R21.x…which version is installed on your Jetson?
Thanks! Have started doing the whole cloning thing, getting the image to my host station was okay, mounted and changed out the shadow file. Started flashing it back a couple of hours ago, but it’s still just saying “flashing started”… Let’s see tomorrow, i’ll keep you updated.