~~Patching and/or removing Component Protection on MH2p Alpine~~ Access Shell via challenge method Prepare “Special firmware” with the below files (located in ‘MH2p Full\\S0 ‘special’ update’) onto a FAT32 SD card (this changes changes Public Key of Challenge): *Note: the ‘mmx_challenge.txt’ file is blank and you don’t need to worry about it: To start the update hold two fingers in top right corner to enter SWUP (Red Engineering Menu) Mode and use the Update option:UU ter hy ae Sey Ta CL Me heel ks oo) Ca bt Mee Ug ee ha Once the update had finished, select ‘Resume’ *Note: From this point onwards EVERYTHING needs to be done while the MMI is in the RED Menu! *Note: We will be using D-Link DUB-E100 to Telnet/PuTTY on the unit:Configure your laptop's Ethernet connection as per below: Internet Protocol Version 4 (ICP/IPv4) Properties x General ‘You can getiP setings assigned automatcallif your network supports tis capabilty. Otherwise, you need to ask your network admhistrator for the appropriate IP setunas, (Ocbtain an P address automatically @© tse the folowing P address: 1B address: 12, 16 250.123 Subnet mask 255, 255. 255. 0 Defauit gateway Obtain DNS server address automatical @ sete foning ONS server addresses Preferred DNS server: Alternate DNS server Cvaldte settings upon ext Meal Plug your D-Link and Putty (or Telnet) to 172.16,250.248 via port 22111: $RR PUTT Configuration x Category Session Besic options for your PUTTY session a ror ‘Specify the destination you want to connect to. & i tegboard Host Namo (or IP addrese) Bort a 72. 16250248 fom] Features Connection ype: “— OSH OSeil @Oer Tee v pearance Eehavour load, save or dele a sored essen Leila Saved Sessons Selection 7 Colours (2: Connecton Defau Setinas lead Data a Save be SSH 7 Serial oe Telnet losin SUPDUP Chose window on ext: Aways Q)Never Onion dean ext About ‘en CancelYou will be presented with the CHALLENGE KEY (this changes after every reboot) — you will copy this long string and paste it into the mmx_challenge.txt document which you will Save. P =o x 320n423432425430813746454441314430350A44 455 SF 1DADSESISOSEAISSSFSEAISISFATSSNSS: '5F30343850524F440R3131303€303138303130303030303030373430643934303230303030303031 310A4150552D303031303€2£303228323032415031333431330i 48 - PUTTY “Note: mmx_challenge.txt and mmx_response.txt should be blank before you perform the operation explained earlier. “Note: the above mentioned should be in the same folder as the Generator (encrypt.exe) and it’s *.dll companion (libcrypto- 11.dll) and all are found in ‘MH2p Full\Patch Tutorial\Tut+Generator\Generator’ Now run the Generator (this will take 2 seconds to do it’s magic) and now check the mmx_response.txt file — Copy that string and Paste it directly into the PuTTY window you already had open and press Enter. The PuTTY window should close.You have now opened Telnet access and can connect via port 23. Putty (or Telnet) to 172.16.250.248 via port 23 IR PUTTY configuration Catogay: Er Session Logging Terminal Keyboard Bel Features El Window Appearance Behaviour Basic options for your PUTTY session Speciy the deathation you want to connect to une or IP adress) [reremome di Connection ype: sega @other: [Telnet ¥ Load, save or delete a stored session Username is root and there will be no password, but only for one time! After reboot the unit will ask again for a password. cg 172.16,250.248 - PuTT¥ To disable password you need to run these commands: (RUN ALL COMMANDS ONLY FROM RED MENU !!) ‘mount -t qnx6 /dev/mnanda0t177.2 /mnt/swup cp /mnt/swup/etc/nopasswd /mnt/swup/etc/passwd sync Now even after reboot your unit will have no password ©