Serial + SSH/Telnet Open

[superwofy]

I realized I didn't create one of these for EVO. The procedure is very similar to the original ID3.
As far as I am aware, for the latest iLevels which patched the usb script vulnerabilities this is the only way outside of the L5 UDS key.

Gaining access to the EVO's UART is more difficult than ID3 since it's on the bottom card edge connector of the bottom board. If you're precise enough you could probably solder through the gap without taking out the bottom board.

Connect pins 3 and 4 on the bottom card edge connector to a TTL adapter. Connect one more lead to GND (case for example). Pins are marked from the perspective of the EVO's CPU.


Once connected:

For iLevel 23-07 you will be asked to login even via Serial - use the same credentials as SSH/Telnet.

1. #> sysetshellevo
2. syset:> setk SYS_DEBUG=true
3. syset:> store
4. OnOffDSICommander appreset

SSH and Telnet will now be enabled for hu-jacinto and hu-omap

Connect to 169.254.199.99(jacinto) / 169.254.199.119 (omap).

Logon: root
Password: ts&SK412


To install the scp binary, copy "scp" to the root of a USB drive, connect to Omap and run:

mount -uw /fs/sda0 && \
mv /fs/usb0/scp /bin/ && \
chmod 0775 /bin/scp && \
sleep 5 && \
mount -ur /fs/sda0