[Whistle graphic] Hacking the Whistle InterJet
Root Howto

How to open root up on a Whistle Jet with the original software:

The Whistle Jet (WJ) is a Freebsd 2.2.6-RELEASE box that has been modified.

Here is /BUILD from one:

FreeBSD built1.whistle.com 2.2.6-RELEASE FreeBSD 2.2.6-RELEASE #0: Tue Mar 31 12
:19:58 PST 1998     root@pau-amma.whistle.com:/usr/src/sys/compile/BUILT1  i386
Fri Jan 29 11:53:36 PST 1999

1) build a freebsd box

2) plug in the original WJ disk drive and mount up it's /data partition

The original WJ fstab looks like so:

/dev/wd0e       /                       ufs     ro                   1 1
/dev/wd0a       /pingpong               ufs     rw,noauto            1 2
/dev/wd0f       /extra                  ufs     rw,noauto            1 2
/dev/wd0g       /var                    ufs     rw                   1 2
/dev/wd0h       /data                   ufs     rw                   1 2
/dev/wd0b       swap                    swap    sw                   0 0
proc            /proc                   procfs  rw                   0 0

Note that the WJ uses the old style names for drives, you'll need to mount
them with your newer style names.  So to mount /data you'll want to do
something like:

# mount /dev/ad1s1h /mnt/data

3) edit /mnt/data/system/master.passwd and remove the crypted
password so the first line looks like:

root::0:0::0:0:Charlie &:/root:/bin/sh

and save it.

4) run pwd_mkdb(8) on the master.passwd file:

# pwd_mkdb -d /mnt/data/system/pwd.db /mnt/data/system/master.passwd

If you want to use the serial port on the back as a console you'll need
to edit /mnt/etc/ttys and /mnt/pingpong/etc/ttys to have the line:

ttyd0   "/usr/libexec/getty std.9600"   xterms  off secure


ttyd0   "/usr/libexec/getty std.9600"   vt100 on secure

and then include the -Dh flag in /boot.config with:

echo "-Dh" >/mnt/boot.config

4a) Edit /etc/inetd.conf and enable telnet. [noted by Julian Elischer]

5) put the drive back in the WJ and boot it up.  you should be able
to telnet in or use the serial port to console in at 9600 baud.


Julian's description of the root partition and boot process:
There are two root partitions.
When you do a software upgrade, the new image is loaded onto whichever
you are currently NOT using. then "nextboot" is run using /etc/nextboot.conf
so that the next boot will use the OTHER root partition

wd(0,a)/kernel wd(0,a)/kernel wd(0,e)/kernel wd(0,e)/kernel

This will try twice to boot on partition a and then if they both fail
it will try to boot on partition e. (where presumably
the old image that worked is still residing).
 This is a nextboot.conf from the 'a' part.. the one on the 'e'
part would be reversed.. This info is stored on block 1 (not 0).

(see an old nextboot man page)

On each boot the first entry is zero'd out. On a successfull boot
the entire sequence is written back with the current successfull option
first on the list... FreeBSD lost this capacity in 3.x but we kept
using it way later since we needed it.

Get to the root of the issue! Select ...
Hacking the Whistle InterJet | my pages | feedback

was last updated: 2016-10-15