Question about reset password

Since I start using xavier, I never change my password, keep using the default password.
But few days before, my password was been changed(might be hack).

After the inquiry, I learned that I could clone my xavier, place the password files on top of the loopback mounted clone using the sample rootfs to reset password, and then flash the xavier using the clone instead of a new image

Is there anyone know the detail about the process? like how to clone out my xavier, flash the clone back…

Clone procedure and restore can depend on which release you are using (see “head -n 1 /etc/nv_tegra_release”…this will still exist in your host’s “Linux_for_Tegra/rootfs/etc/nv_tegra_release” if you kept your flash setup).

Basically a clone means you put it in recovery mode, and then run something like this, depending on release (it takes a lot of space…make sure you have over 30GB of spare space…e.g, “df -H /where/ever/you/clone/Linux_for_Tegra/”):

sudo ./flash.sh -r -k APP -G "backup.img" jetson-xavier mmcblk0p1

This will produce two files, “backup.img” and “backup.img.raw”. You can throw away the smaller “backup.img”. Keep a safe copy of “backup.img.raw” somewhere (it’ll be about 28GB in size…might take an hour just to copy the file). This is the file you can loopback mount. Example:

sudo mount -o loop backup.img.raw /mnt
# ...do stuff there..., then umount:
sudo umount /mnt
sudo losetup -D

If you still have the original flash in “Linux_for_Tegra/rootfs/”, then you might be able to copy in these files, but keep in mind that if first boot was needed, then these files won’t have your account listed:

Linux_for_Tegra/rootfs/etc/
... group  group-  gshadow  gshadow-  passwd  passwd-  shadow  shadow-

In reality, if someone did hack in, then there might be more changed than just a password and you probably shouldn’t trust it. What you could do instead is take any valuable code, copy it into the “rootfs/” directory, and then flash normally (you have a backup, and so it doesn’t hurt if you fail). You’d get the sample rootfs plus whatever edits you made (the image would be created from rootfs plus some boot content based on arguments to flash.sh).

If you do want to use the backup.img.raw, then place a copy with the name “system.img” at:

Linux_for_Tegra/bootloader/system.img

…then flash:

sudo ./flash.sh <b><i>-r</i></b> jetson-xavier mmcblk0p1

I didn’t keep my flash setup, so I don’t have the flash.sh.
Can I get it from another way or only can reflash?

You can use either the L4T download to manually get the content, or you can use JetPack/SDK Manager and tell it to download, but not flash or install. There are dependencies on release version, so you can’t mix flashing of content from one release into another (but you can probably clone any release from any JetPack/SDK Manager…since you want to reflash after fixing the issue, this means you have to use the same release now as you used during the original flash). Which JetPack or L4T release did you use?

Here is a list of versions (redirect doesn’t work, so you will probably need to go there, log in, and then click the link again if it doesn’t show up correctly):
https://developer.nvidia.com/embedded/jetpack
https://developer.nvidia.com/embedded/jetpack-archive
https://developer.nvidia.com/linux-tegra

I use Jetpack 4.1.1, L4T31.1

Within R31.1 the flash.sh needs a minor patch:

diff --git a/flash.sh b/flash.sh
    index 5242a68..d21d7ca 100755
    --- a/flash.sh
    +++ b/flash.sh
    @@ -2049,7 +2049,7 @@ if [ "${target_partname}" != "" ]; then
            else
                    FLASHARGS+="$BCT ${bctfilename} ";
            fi
    -       FLASHARGS+="${BCTARGS} ";
    +       FLASHARGS+="${BCTARGS}${NV_ARGS} ";
            FLASHARGS+="--cfg  ${localcfgfile} ${BINSARGS} ";
            FLASHARGS+=" --cmd \"";
            FLASHARGS+="${pre_cmds}";

Original URL for the patch:
https://devtalk.nvidia.com/default/topic/1047737/jetson-agx-xavier/36-partitions/post/5320286/#5320286

This is just a human readable script file…any editor will do. The patch simply says to change this line:

FLASHARGS+="${BCTARGS} ";

…and make it instead this:

FLASHARGS+="${BCTARGS}${NV_ARGS} ";

The other code is just to help you see where the edit is. The particular code block starts near line 2049.

Thank for your help!!!
I successfully reset password, really appreciate!!