Nothing special, just use undocumented command sh and you are there (I found it out by a mistake):
danman@silverhorse:~$ nmap 10.0.0.138 Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-26 22:54 CEST Nmap scan report for 10.0.0.138 Host is up (0.013s latency). Not shown: 996 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 3.14 seconds danman@silverhorse:~$ telnet 10.0.0.138 Trying 10.0.0.138... Connected to 10.0.0.138. Escape character is '^]'. ZyXEL VDSL Router Login: admin Password: admin > help ? help logout exit quit reboot adsl xdslctl xtm brctl cat loglevel logdest virtualserver ddns df dumpcfg dumpmdm meminfo psp kill dumpsysinfo dnsproxy syslog echo ifconfig ping ps pwd sntp snmp sysinfo tftp wlctl arp defaultgateway dhcpserver dhcpcondserv dns lan lanhosts passwd ppp restoredefault route save swversion uptime cfgupdate swupdate exitOnIdle wan rip igmp wlan telnetd natp sysstate sipalgctl celld autoexec fileShare igmp btt ledctl > sh shell Password: admin ~ # ls bin etc linuxrc proc tmp vmlinux.lz data firmware mnt sbin usr webs dev lib opt sys var
~ # cat /proc/cpuinfo
system type : 963168VXB
processor : 0
cpu model : Broadcom4350 V8.0
BogoMIPS : 398.33
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : no
hardware watchpoint : no
ASEs implemented :
shadow register sets : 1
core : 0
VCED exceptions : not available
VCEI exceptions : not available
unaligned exceptions : 1399
processor : 1
cpu model : Broadcom4350 V8.0
BogoMIPS : 402.43
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : no
hardware watchpoint : no
ASEs implemented :
shadow register sets : 1
core : 0
VCED exceptions : not available
VCEI exceptions : not available
unaligned exceptions : 1399
~ # cat /proc/devices
Character devices:
1 mem
2 pty
3 ttyp
4 ttyS
5 /dev/tty
5 /dev/console
5 /dev/ptmx
10 misc
90 mtd
108 ppp
128 ptm
136 pts
180 usb
189 usb_device
206 brcmboard
208 adsl
227 p8021ag
228 bcmxtmcfg
233 spu
238 bcmvlan
240 pwrmngt
241 bcmfap
242 fcache
243 ingqos
244 bpm
245 bcmarl
246 chipinfo
254 usb_endpoint
Block devices:
259 blkext
8 sd
31 mtdblock
65 sd
66 sd
67 sd
68 sd
69 sd
70 sd
71 sd
128 sd
129 sd
130 sd
131 sd
132 sd
133 sd
134 sd
135 sd
~ # lsmod
Module Size Used by Tainted: P
nf_nat_tftp 1152 0
nf_nat_irc 1888 0
nf_nat_rtsp 4320 0
nf_nat_h323 6640 0
nf_nat_ftp 2608 0
nf_conntrack_tftp 4032 1 nf_nat_tftp
nf_conntrack_irc 5264 1 nf_nat_irc
nf_conntrack_rtsp 9872 1 nf_nat_rtsp
nf_conntrack_ftp 7088 1 nf_nat_ftp
nf_conntrack_h323 47520 1 nf_nat_h323
nf_nat_pptp 2416 0
nf_conntrack_pptp 5840 1 nf_nat_pptp
nf_nat_proto_gre 1840 1 nf_nat_pptp
nf_conntrack_proto_gre 5104 1 nf_conntrack_pptp
nfnetlink_queue 8864 0
ipt_REJECT 2960 0
ipt_LOG 7520 13
ipt_REDIRECT 1504 0
ipt_MASQUERADE 4368 1
nfnetlink 4080 1 nfnetlink_queue
xt_SKIPLOG 1200 0
xt_TCPMSS 4224 1
xt_limit 2112 17
xt_state 1728 32
nf_conntrack_ipv6 13568 15
xt_pkttype 1296 2
xt_recent 9728 6
iptable_nat 4896 1
nf_nat 16608 10 nf_nat_tftp,nf_nat_irc,nf_nat_rtsp,nf_nat_h323,nf_nat_ftp,nf_nat_pptp,nf_nat_proto_gre,ipt_REDIRECT,ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4 13360 20 iptable_nat,nf_nat
nf_defrag_ipv4 1536 1 nf_conntrack_ipv4
nf_conntrack 60848 19 nf_nat_tftp,nf_nat_irc,nf_nat_rtsp,nf_nat_h323,nf_nat_ftp,nf_conntrack_tftp,nf_conntrack_irc,nf_conntrack_rtsp,nf_conntrack_ftp,nf_conntrack_h323,nf_nat_pptp,nf_conntrack_pptp,nf_conntrack_proto_gre,ipt_MASQUERADE,xt_state,nf_conntrack_ipv6,iptable_nat,nf_nat,nf_conntrack_ipv4
ip6table_filter 2144 1
ip6table_mangle 2256 1
ip6_tables 13184 2 ip6table_filter,ip6table_mangle
iptable_mangle 2304 1
iptable_filter 2240 1
ip_tables 12080 3 iptable_nat,iptable_mangle,iptable_filter
xt_multiport 2720 0
xt_MARK 1888 25
xt_mark 1376 21
xt_length 1408 0
xt_mac 1264 0
xt_DSCP 2992 1
xt_dscp 2064 0
pwrmngtd 7216 0
bcmvlan 99472 0
wl 3450288 0
bcmarl 7440 0
bcm_usb 26512 0
bcm_enet 125584 2 pwrmngtd,wl
adsldd 349600 0
bcmxtmcfg 78512 1 adsldd
bcmfap 185120 1 bcmarl
pktflow 112464 1 bcmfap
bcm_bpm 208736 0 [permanent]
bcm_ingqos 10560 0
chipinfo 1712 0
~ # ifconfig
bcmsw Link encap:Ethernet HWaddr 1C:74:0D:04:9F:30
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Base address:0xda00
br0 Link encap:Ethernet HWaddr 1C:74:0D:04:9F:30
inet addr:10.0.0.138 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::1/64 Scope:Link
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:477641 errors:2994 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:183 overruns:1293627 carrier:0
collisions:2473 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
br1 Link encap:Ethernet HWaddr B2:C8:2D:87:EA:13
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::b0c8:2dff:fe87:ea13/64 Scope:Link
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:1556 carrier:0
collisions:26 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr 1C:74:0D:04:9F:30
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:105842 carrier:0
collisions:493 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth1 Link encap:Ethernet HWaddr 1C:74:0D:04:9F:30
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth2 Link encap:Ethernet HWaddr 1C:74:0D:04:9F:30
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth3 Link encap:Ethernet HWaddr 1C:74:0D:04:9F:30
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth4 Link encap:Ethernet HWaddr 1C:74:0D:04:9F:30
inet6 addr: fe80::1e74:dff:fe04:9f30/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:101428 carrier:0
collisions:443 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:19586 errors:91 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:19586 carrier:0
collisions:91 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ppp1.1 Link encap:Point-to-Point Protocol
inet addr:85.135.150.207 P-t-P:84.16.59.41 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:859177 errors:1602 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:308035 carrier:0
collisions:1759 txqueuelen:3
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ptm0 Link encap:Ethernet HWaddr 1C:74:0D:04:9F:34
inet6 addr: fe80::1e74:dff:fe04:9f34/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:902686 errors:1629 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:355872 carrier:0
collisions:1790 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ptm0.1 Link encap:Ethernet HWaddr 1C:74:0D:04:9F:35
inet6 addr: fe80::1e74:dff:fe04:9f35/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:873364 errors:1629 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:355023 carrier:0
collisions:1787 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wl0 Link encap:Ethernet HWaddr 1C:74:0D:04:9F:33
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:503536 errors:2906 dropped:0 overruns:0 frame:0
TX packets:2247 errors:0 dropped:204 overruns:1352452 carrier:0
collisions:2704 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:15 Base address:0x4000
~ #
~ # iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DOS_INPUT all -- 0.0.0.0/0 0.0.0.0/0
SERVICE_CONTROL all -- 0.0.0.0/0 0.0.0.0/0
FrwlInChk all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOS_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
NAT_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
DMZ_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
FrwlForwardInChk all -- 0.0.0.0/0 0.0.0.0/0
FrwlForwardInChk all -- 0.0.0.0/0 0.0.0.0/0
FrwlForwardInChk all -- 0.0.0.0/0 0.0.0.0/0
FrwlForwardInChk all -- 0.0.0.0/0 0.0.0.0/0
FrwlForwardInChk all -- 0.0.0.0/0 0.0.0.0/0
FrwlForwardInChk all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
FrwlOutChk all -- 0.0.0.0/0 0.0.0.0/0
Chain DMZ_FORWARD (1 references)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
Chain DOS_FORWARD (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/sec burst 10
SYN_FLOODING tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
PING_DEATH icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 state NEW
Chain DOS_INPUT (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/sec burst 10
SYN_FLOODING tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
PORT_SCAN udp -- 0.0.0.0/0 0.0.0.0/0 state NEW PKTTYPE != broadcast recent: UPDATE seconds: 120 hit_count: 20 name: port_scan side: source
all -- 0.0.0.0/0 0.0.0.0/0 recent: SET name: port_scan side: source
PING_DEATH icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 state NEW
Chain FrwlForwardInChk (6 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> '
DROP all -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> '
DROP all -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> '
DROP all -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> '
DROP all -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> '
DROP all -- 0.0.0.0/0 0.0.0.0/0
FrwlOutChk all -- 0.0.0.0/0 0.0.0.0/0
FrwlOutChk all -- 0.0.0.0/0 0.0.0.0/0
Chain FrwlInChk (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7547
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7547
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7547
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7547
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7547
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> '
DROP all -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> '
DROP all -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> '
DROP all -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> '
DROP all -- 0.0.0.0/0 0.0.0.0/0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 6/hour burst 5 LOG flags 0 level 1 prefix `Intrusion -> '
DROP all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain FrwlOutChk (3 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain NAT_FORWARD (1 references)
target prot opt source destination
Chain PING_DEATH (2 references)
target prot opt source destination
RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 10/sec burst 10
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 1 prefix `Ping of Death Attack:'
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
Chain PORT_SCAN (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 4
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 1 prefix `Port Scan Attack:'
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain SERVICE_CONTROL (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
Chain SYN_FLOODING (2 references)
target prot opt source destination
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 recent: UPDATE seconds: 60 hit_count: 1 name: SYN_FLOOD side: source
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 recent: SET name: SYN_FLOOD side: source
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 LOG flags 0 level 1 prefix `SYN FLOODING Attack:'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
~ #
~ # uname -a
Linux (none) 2.6.30 #2 SMP PREEMPT Fri Jan 20 10:19:06 CST 2017 mips GNU/Linux
~ # mount
rootfs on / type rootfs (rw)
mtd:rootfs on / type jffs2 (ro,relatime)
proc on /proc type proc (rw,relatime)
tmpfs on /var type tmpfs (rw,relatime,size=420k)
tmpfs on /mnt type tmpfs (rw,relatime,size=16k)
sysfs on /sys type sysfs (rw,relatime)
/dev/mtdblock1 on /data type jffs2 (rw,relatime)
/dev/mtdblock3 on /firmware type jffs2 (rw,relatime)
usbfs on /proc/bus/usb type usbfs (rw,relatime)
~ # df -h
Filesystem Size Used Available Use% Mounted on
mtd:rootfs 18.0M 18.0M 0 100% /
/dev/mtdblock1 4.0M 460.0K 3.6M 11% /data
/dev/mtdblock3 19.6M 844.0K 18.8M 4% /firmware
~ # dmesg
Deflate Compression module registered
PPP BSD Compression module registered
NET: Registered protocol family 24
Broadcom DSL NAND controller (BrcmNand Controller)
-->brcmnand_scan: CS=0, numchips=1, csi=0
mtd->oobsize=0, mtd->eccOobSize=0
NAND_CS_NAND_XOR=00000000
Disabling XOR on CS#0
brcmnand_scan: Calling brcmnand_probe for CS=0
B4: NandSelect=40000001, nandConfig=14152300, chipSelect=0
brcmnand_read_id: CS0: dev_id=98f00015
After: NandSelect=40000001, nandConfig=14152300
Block size=00020000, erase shift=17
NAND Config: Reg=14152300, chipSize=64 MB, blockSize=128K, erase_shift=11
busWidth=1, pageSize=2048B, page_shift=11, page_mask=000007ff
timing1 not adjusted: 6574845b
timing2 not adjusted: 00001e96
brcmnand_adjust_acccontrol: gAccControl[CS=0]=00000000, ACC=f7ff1010
BrcmNAND mfg 98 f0 TOSHIBA TC58NVM9S3ETA00 64MB on CS0
Found NAND on CS0: ACC=f7ff1010, cfg=14152300, flashId=98f00015, tim1=6574845b, tim2=00001e96
BrcmNAND version = 0x0400 64MB @00000000
brcmnand_scan: Done brcmnand_probe
brcmnand_scan: B4 nand_select = 40000001
brcmnand_scan: After nand_select = 40000001
100 CS=0, chip->ctrl->CS[0]=0
ECC level 15, threshold at 1 bits
reqEccLevel=0, eccLevel=15
190 eccLevel=15, chip->ecclevel=15, acc=f7ff1010
brcmnand_scan 10
200 CS=0, chip->ctrl->CS[0]=0
200 chip->ecclevel=15, acc=f7ff1010
page_shift=11, bbt_erase_shift=17, chip_shift=26, phys_erase_shift=17
brcmnand_scan 220
Brcm NAND controller version = 4.0 NAND flash size 64MB @1c000000
brcmnand_scan 230
brcmnand_scan 40, mtd->oobsize=64, chip->ecclayout=00000000
brcmnand_scan 42, mtd->oobsize=64, chip->ecclevel=15, isMLC=0, chip->cellinfo=0
ECC layout=brcmnand_oob_bch4_4k
brcmnand_scan: mtd->oobsize=64
brcmnand_scan: oobavail=50, eccsize=512, writesize=2048
brcmnand_scan, eccsize=512, writesize=2048, eccsteps=4, ecclevel=15, eccbytes=3
300 CS=0, chip->ctrl->CS[0]=0
500 chip=83a47990, CS=0, chip->ctrl->CS[0]=0
-->brcmnand_default_bbt
brcmnand_default_bbt: bbt_td = bbt_main_descr
Bad block table Bbt0 not found for chip on CS0
Bad block table 1tbB not found for chip on CS0
File system address: 0xb93e0000
Scanning device for bad blocks, options=00004000
-->brcmnand_isbad_raw(offs=3fe0000
Bad block table written to 0x03fe0000, version 0x01
-->brcmnand_isbad_raw(offs=3fc0000
Bad block table written to 0x03fc0000, version 0x01
rescanning ....
----- Contents of BBT -----
----- END Contents of BBT -----
brcmnandCET: Did not find CET, recreating
brcmnandCET: Status -> Deferred
brcmnand_scan 99
Root file system size 13a0000
Creating 4 MTD partitions on "brcmnand.0":
0x0000013e0000-0x0000025e0000 : "rootfs"
0x000002760000-0x000002b60000 : "data"
0x000000000000-0x000000020000 : "nvram"
0x000002b60000-0x000003f00000 : "fw"
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
PCI: Enabling device 0000:00:0a.0 (0000 -> 0002)
PCI: Setting latency timer of device 0000:00:0a.0 to 64
ehci_hcd 0000:00:0a.0: EHCI Host Controller
ehci_hcd 0000:00:0a.0: new USB bus registered, assigned bus number 1
ehci_hcd 0000:00:0a.0: Enabling legacy PCI PM
ehci_hcd 0000:00:0a.0: irq 18, io mem 0x10002500
ehci_hcd 0000:00:0a.0: USB f.f started, EHCI 1.00
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 2 ports detected
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
PCI: Enabling device 0000:00:09.0 (0000 -> 0002)
PCI: Setting latency timer of device 0000:00:09.0 to 64
ohci_hcd 0000:00:09.0: OHCI Host Controller
ohci_hcd 0000:00:09.0: new USB bus registered, assigned bus number 2
ohci_hcd 0000:00:09.0: irq 17, io mem 0x10002600
usb usb2: configuration #1 chosen from 1 choice
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 2 ports detected
usbcore: registered new interface driver usblp
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
Watchdog Timer Init -- kthread
brcmboard: brcm_board_init entry
SES: Button Interrupt 0x1 is enabled
SES: LED GPIO 0x10 is enabled
PCIe: No device found - Powering down
Serial: BCM63XX driver $Revision: 3.00 $
Magic SysRq enabled (type ^ h for list of supported commands)
ttyS0 at MMIO 0xb0000180 (irq = 13) is a BCM63XX
ttyS1 at MMIO 0xb00001a0 (irq = 42) is a BCM63XX
Total # RxBds=1448
bcmPktDmaBds_init: Broadcom Packet DMA BDs initialized
bcmPktDma_init: Broadcom Packet DMA Library initialized
bcmxtmrt: Broadcom BCM3168D0 ATM/PTM Network Device v0.4 Jan 20 2017 09:49:26
p8021ag: p8021ag_init entry
IPSEC SPU: SUCCEEDED
GACT probability NOT on
Mirror/redirect action on
u32 classifier
input device check on
Actions configured
TCP cubic registered
Initializing XFRM netlink socket
NET: Registered protocol family 10
IPv6 over IPv4 tunneling driver
NET: Registered protocol family 17
NET: Registered protocol family 15
Initializing MCPD Module
Ebtables v2.0 registered
ebt_time registered
ebt_ftos registered
ebt_wmm_mark registered
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
VFS: Mounted root (jffs2 filesystem) readonly on device 31:0.
Freeing unused kernel memory: 152k freed
Empty flash at 0x000031e4 ends at 0x00003800
Empty flash at 0x00123504 ends at 0x00123800
Empty flash at 0x0012cb2c ends at 0x0012d000
Empty flash at 0x00131428 ends at 0x00131800
JFFS2 notice: (225) check_node_data: wrong data CRC in data node at 0x0000666c: read 0x965adb67, calculated 0x2c3d788a.
JFFS2 notice: (225) check_node_data: wrong data CRC in data node at 0x000021a0: read 0x965adb67, calculated 0x7f308400.
JFFS2 notice: (226) check_node_data: wrong data CRC in data node at 0x006f177c: read 0x61258b67, calculated 0xa38181d8.
chipinfo: module license 'proprietary' taints kernel.
Disabling lock debugging due to kernel taint
brcmchipinfo: brcm_chipinfo_init entry
Broadcom Ingress QoS Module Char Driver v0.1 Jan 20 2017 09:48:05 Registered<243>
Broadcom Ingress QoS ver 0.1 initialized
BPM: tot_mem_size=67108864B (64MB), buf_mem_size=10066320B (9MB), num of buffers=4730, buf size=2128
Broadcom BPM Module Char Driver v0.1 Jan 20 2017 09:47:59 Registered<244>
[NTC bpm] bpm_set_status: BPM status : enabled
NBUFF v1.0 Initialized
Initialized fcache state
Broadcom Packet Flow Cache Char Driver v2.2 Jan 20 2017 09:48:06 Registered<242>
Created Proc FS /procfs/fcache
Broadcom Packet Flow Cache registered with netdev chain
Broadcom Packet Flow Cache learning via BLOG enabled.
Constructed Broadcom Packet Flow Cache v2.2 Jan 20 2017 09:48:06
chipId 0x631680D0
Broadcom Forwarding Assist Processor (FAP) Char Driver v0.1 Jan 20 2017 09:48:00 Registered <241>
Enabling SMISBUS PHYS_FAP_BASE[0] is 0x10c01000
FAP Soft Reset Done
4ke Reset Done
Enabling SMISBUS PHYS_FAP_BASE[1] is 0x10c01000
FAP Soft Reset Done
4ke Reset Done
FAP Debug values at 0xa241cf90 0xa249cf90
Allocated FAP0 GSO Buffers (0xA242E018) : 1048576 bytes @ 0xA2500000
Allocated FAP1 GSO Buffers (0xA24AE018) : 1048576 bytes @ 0xA2600000
Allocated FAP0 TM SDRAM Queue Storage (a242e01c) : 341376 bytes @ a2700000
Allocated FAP1 TM SDRAM Queue Storage (a24ae01c) : 341376 bytes @ a2780000
[NTC fapProto] fapReset : Reset FAP Protocol layer
fapDrv_construct: FAP0: pManagedMemory=b0820650. wastage 8 bytes
fapDrv_construct: FAP1: pManagedMemory=b0a20650. wastage 8 bytes
bcmPktDma_bind: FAP Driver binding successfull
[FAP0] DSPRAM : stack <0x80000000><1536>, global <0x80000600><3960>, free <2696>, total<8192>
[FAP1] DSPRAM : stack <0x80000000><1536>, global <0x80000600><3960>, free <2696>, total<8192>
[FAP0] PSM : addr<0x80002000>, used <23436>, free <1140>, total <24576>
[FAP1] PSM : addr<0x80002000>, used <23436>, free <1140>, total <24576>
[FAP0] DQM : availableMemory 14652 bytes, nextByteAddress 0xE0004948
[FAP1] DQM : availableMemory 14652 bytes, nextByteAddress 0xE0004948
[FAP0] GSO Buffer set to 0xA2500000
[FAP1] GSO Buffer set to 0xA2600000
[FAP0] FAP BPM Initialized.
[FAP1] FAP BPM Initialized.
[FAP0] FAP TM: ON
[FAP1] FAP TM: ON
bcmxtmcfg: bcmxtmcfg_init entry
adsl: adsl_init entry
Broadcom BCM63168D0 Ethernet Network Device v0.1 Jan 20 2017 09:49:21
fapDrv_psmAlloc: fapIdx=0, size: 4800, offset=b0820650 bytes remaining 7000
ETH Init: Ch:0 - 200 tx BDs at 0xb0820650
fapDrv_psmAlloc: fapIdx=1, size: 4800, offset=b0a20650 bytes remaining 7000
ETH Init: Ch:1 - 200 tx BDs at 0xb0a20650
fapDrv_psmAlloc: wastage 8 bytes
fapDrv_psmAlloc: fapIdx=0, size: 4808, offset=b0821910 bytes remaining 2184
ETH Init: Ch:0 - 600 rx BDs at 0xb0821910
fapDrv_psmAlloc: wastage 8 bytes
fapDrv_psmAlloc: fapIdx=1, size: 4808, offset=b0a21910 bytes remaining 2184
ETH Init: Ch:1 - 600 rx BDs at 0xb0a21910
dgasp: kerSysRegisterDyingGaspHandler: bcmsw registered
eth2: MAC Address: 1C:74:0D:04:9F:30
eth1: MAC Address: 1C:74:0D:04:9F:30
eth0: MAC Address: 1C:74:0D:04:9F:30
eth3: MAC Address: 1C:74:0D:04:9F:30
eth4: MAC Address: 1C:74:0D:04:9F:30
eth0 Link UP 10 mbps full duplex
eth4 Link UP 1000 mbps full duplex
message received before monitor task is initialized kerSysSendtoMonitorTask
Broadcom BCM3168D0 USB Network Device v0.4a Jan 20 2017 09:48:11
usb0: MAC Address: 1C 74 0D 04 9F 31
usb0: Host MAC Address: 1C 74 0D 04 9F 32
hub 1-0:1.0: over-current change on port 2
USBD Initialization done status 0
USB Link DOWN.
message received before monitor task is initialized kerSysSendtoMonitorTask
[NTC arl] arlEnable : Enabled ARL binding to FAP
Broadcom Address Resolution Logic Processor (ARL) Char Driver v0.1 Jan 20 2017 09:47:58 Registered <245>
--SMP support
wl: dsl_tx_pkt_flush_len=338
wl: high_wmark_tot=3074
PCI: Setting latency timer of device 0000:00:00.0 to 64
wl: passivemode=1
wl: napimode=0
wl0: allocskbmode=1 currallocskbsz=256
Neither SPROM nor OTP has valid image
wl:srom/otp not programmed, using main memory mapped srom info(wombo board)
wl:loading /etc/wlan/bcm6362_map.bin
srom rev:8
wl: reading /etc/wlan/bcmcmn_nvramvars.bin, file size=32
wl0: Broadcom BCM435f 802.11 Wireless Controller 6.30.102.7.cpe4.12L08.4
dgasp: kerSysRegisterDyingGaspHandler: wl0 registered
Broadcom 802.1Q VLAN Interface, v0.1
Host MIPS Clock divider pwrsaving is enabled
DDR Self Refresh pwrsaving is enabled
Energy Efficient Ethernet is disabled
eth0 Link DOWN.
message received before monitor task is initialized kerSysSendtoMonitorTask
ip_tables: (C) 2000-2006 Netfilter Core Team
eth0 Link UP 10 mbps full duplex
message received before monitor task is initialized kerSysSendtoMonitorTask
ip6_tables: (C) 2000-2006 Netfilter Core Team
device eth0 entered promiscuous mode
br0: port 1(eth0) entering forwarding state
device eth2 entered promiscuous mode
br0: port 1(eth0) entering disabled state
br0: port 1(eth0) entering forwarding state
ADDRCONF(NETDEV_UP): eth2: link is not ready
device eth3 entered promiscuous mode
br0: port 1(eth0) entering disabled state
br0: port 1(eth0) entering forwarding state
ADDRCONF(NETDEV_UP): eth3: link is not ready
device eth1 entered promiscuous mode
br0: port 1(eth0) entering disabled state
br0: port 1(eth0) entering forwarding state
ADDRCONF(NETDEV_UP): eth1: link is not ready
device wl0 entered promiscuous mode
br0: port 1(eth0) entering disabled state
br0: port 1(eth0) entering forwarding state
br0: port 5(wl0) entering forwarding state
*** dslThread dslPid=1286
BcmAdsl_Initialize=0xC026FB70, g_pFnNotifyCallback=0xC02AC8F4
lmemhdr[2]=0x100CE000, pAdslLMem[2]=0x100CE000
pSdramPHY=0xA3FFFFF8, 0x1B7768 0xDEADBEEF
*** XfaceOffset: 0x5FF90 => 0x5FF90 ***
*** PhySdramSize got adjusted: 0xDACE8 => 0x111500 ***
AdslCoreSharedMemInit: shareMemSize=133853(133856)
AdslCoreHwReset: pLocSbSta=80d80000 bkupThreshold=3072
AdslCoreHwReset: AdslOemDataAddr = 0xA3F9A5F4
***BcmDiagsMgrRegisterClient: 0 ***
dgasp: kerSysRegisterDyingGaspHandler: dsl0 registered
fapDrv_psmAlloc: fapIdx=1, size: 1600, offset=b0a22be0 bytes remaining 584
XTM Init: Ch:0 - 200 rx BDs at 0xb0a22be0
fapDrv_psmAlloc: fapIdx=1, size: 128, offset=b0a23220 bytes remaining 456
XTM Init: Ch:1 - 16 rx BDs at 0xb0a23220
bcmxtmrt: PTM/ATM Non-Bonding Mode configured in system
Line 0: xDSL G.994 training
message received before monitor task is initialized kerSysSendtoMonitorTask
device eth4 entered promiscuous mode
br0: port 6(eth4) entering forwarding state
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)
monitor task is initialized pid= 295
br0: port 5(wl0) entering disabled state
device wl0 left promiscuous mode
br0: port 5(wl0) entering disabled state
Line 0: VDSL G.993 started
device wl0 entered promiscuous mode
br0: port 6(eth4) entering disabled state
br0: port 1(eth0) entering disabled state
br0: port 6(eth4) entering forwarding state
br0: port 1(eth0) entering forwarding state
br0: port 5(wl0) entering forwarding state
br0: port 5(wl0) entering disabled state
device wl0 left promiscuous mode
br0: port 5(wl0) entering disabled state
device wl0 entered promiscuous mode
br0: port 6(eth4) entering disabled state
br0: port 1(eth0) entering disabled state
br0: port 6(eth4) entering forwarding state
br0: port 1(eth0) entering forwarding state
br0: port 5(wl0) entering forwarding state
Line 0: VDSL2 link up, Bearer 0, us=3199, ds=31545
bcmxtmcfg: XTM Link Information, port = 0, State = UP, Service Support = PTM
bcmxtmcfg: ReconfigureSAR port 0 traffictype 2
bcmxtmcfg: Normal(XTM/PTM) Mode enabled
TxLineRateTimer=10003
bcmxtmrt: MAC address: 1c 74 0d 04 9f 34
[DoCreateDeviceReq.3137]: register_netdev
[DoCreateDeviceReq.3139]: register_netdev done
bcmxtmcfg: Reserve PTM vcid=0 ptmPri=1 port=0 bondingPort=4
bcmxtmcfg: Reserve PTM vcid=1 ptmPri=2 port=0 bondingPort=4
bcmxtmcfg: Reserve TxQueueIdx=0 for vcid 0
bcmxtmcfg: Reserve MP group=0 priority=0 weight=1
XTM Init: Ch:0 - 400 tx BDs at 0xa0810000
bcmxtmcfg: Connection UP, LinkActiveStatus=0x1, US=3199000, DS=31545000
[FAP0] xtmCreateDevice : devId 0, encapType 0, headerLen 0
[FAP1] xtmCreateDevice : devId 0, encapType 0, headerLen 0
[FAP0] xtmLinkUp : devId 0, matchId 0
[FAP1] xtmLinkUp : devId 0, matchId 0
[FAP0] xtmLinkUp : devId 0, matchId 1
[FAP1] xtmLinkUp : devId 0, matchId 1
ptm0.1 MAC address set to 1C:74:0D:04:9F:35
netdev path : ptm0.1 -> ptm0
BCMVLAN : ptm0 mode was set to RG
device ptm0 entered promiscuous mode
netdev path : ppp1.1 -> ptm0.1 -> ptm0
Netfilter messages via NETLINK v0.30.
bcmxtmcfg: Reserve TxQueueIdx=1 for vcid 0
XTM Init: Ch:1 - 400 tx BDs at 0xa0948000
bcmxtmcfg: Reserve TxQueueIdx=2 for vcid 0
XTM Init: Ch:2 - 400 tx BDs at 0xa096c000
bcmxtmcfg: Reserve TxQueueIdx=3 for vcid 0
XTM Init: Ch:3 - 400 tx BDs at 0xa080c000
usbserial: `0x' invalid for parameter `vendor'
Intrusion -> IN=ppp1.1 OUT= MAC= SRC=191.101.167.235 DST=85.135.150.207 LEN=40 TOS=0x00 PREC=0x00 TTL=249 PROTO=TCP SPT=38685 DPT=8545 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
Intrusion -> IN=ppp1.1 OUT= MAC= SRC=77.72.82.92 DST=85.135.150.207 LEN=40 TOS=0x00 PREC=0x00 TTL=249 PROTO=TCP SPT=58529 DPT=12393 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Intrusion -> IN=ppp1.1 OUT= MAC= SRC=77.72.82.80 DST=85.135.150.207 LEN=40 TOS=0x00 PREC=0x00 TTL=249 PROTO=TCP SPT=58011 DPT=8610 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Intrusion -> IN=ppp1.1 OUT= MAC= SRC=77.72.85.17 DST=85.135.150.207 LEN=40 TOS=0x00 PREC=0x00 TTL=250 PROTO=TCP SPT=47589 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
~ #
Buenisimooooo !!!!!!!