Gaining access to a FileStore

EEA index

FileStore
Description
Hardware
Error codes
NVRAM
Disc format
Disc image
Accessing
Password file
E01 vs E01S
Rescuing
Emulator
SD card

Intro
MDFS
Others
Clocks
Bridges
Interfaces
Misc h/w
Testing
Misc info

Introduction

If you forget your Syst password, or are otherwise locked out of the server, you will be pleased to know that is isn't overly secure.

Here are two methods that you can try:

  • Insert a floppy disc that is formatted and contains a null Password file with only Syst on it (no password) and log into that disc.
    If you are wondering how to make such a disc, this is the situation that the server leaves the disc in should you *FSFormat a disc, and then do nothing else with it.

  • If you have no such disc, then switch on the server with the front door open so that it enters maintenance mode.
    Log onto the server using the *FSUser name (this is Syst by default).
    If you have successfully logged in via the desktop, your network name should change to the station number of the server prefixed with an exclamation mark (ie: !254).
    Proceed to format a disc for a blank Passwords file to log in as above.

 

Making a FileStore startup disc

Formatting a FS disc.
With reference to the above picture...
  • Turn the server off. If you have a harddisc unit, disconnect it!
  • Open the front flap.
  • Turn the server on. Both LEDs will be lit. Count to ten.
  • Go to the command line. BBC Micro, Master, RISC OS, it's all the same...
  • Enter *Net to select the network filing system.
  • Log in with *I Am Syst (assuming 'default' user is Syst, there is no password).
  • To format the drive in the left drive, enter *FSFormat 4 FSDisc - you can replace 'FSDisc' with the title of your choosing, so long as all discs have different names!
    The right drive is 5.
  • The disc will thunk eighty times (formatting). Then it will shhrrp back to the start and thunk eighty times more (verifying). Once this has been done, the filing system structure and a default Passwords file will be written to the disc.
  • - You may or may not see an 'OK' message sent via Notify.
  • - The server is a bit braindead (at least v1.40 that I'm using). If the disc fails to verify, the server will appear to stop responding. You may need to power cycle it.
  • After the disc has verified and had the structure laid down, you can return to a normal server mode of operation... Close the front flap and then enter *FSMode U.
  • The server will examine its disc drives looking for a valid disc with a Passwords file. Don't worry if it seems to hang looking for a disc that isn't in the right drive. It'll give up before too long. The MODE indicator will go out. You're now in server mode.
  • Log in, once again, with *I Am Syst. The default user file has no password - you ought to enter one!
  • - If you disconnected the harddisc, don't forget to turn the server off and plug it back in!

 

Accessing other devices

It appears that once you are logged into the server, you are logged in. You can access any of the files on any of the discs using the privileges to which you are granted. In the case of a system manager (i.e. the Syst account) you have complete access. For regular users, much stuff outside of their own URD will be either read-only or inaccessible.

Therefore, it should not be too traumatic an event, should you take delivery of a FileStore from, for example, eBay - to get yourself in and then access the passwords file on the harddisc in order to blank it and create your own.

You might wonder why I advised to disconnect the harddisc unit above. This is because the server looks for users from the leftmost drive, and the harddisc is more left than the floppies.
Don't worry - it makes sense! You see, you can get into the server, you can format a floppy and it will create a new password file with Syst ready. But, wait, problem! If you want to log in as Syst, the server will look to the harddisc first. If Syst exists on the harddisc, you'll be asked for a password...

However, if you disconnect the harddisc, you can log in to the floppy. Why would you want to do this? Well, you can log in as Syst and then create a unique user (pick a name unlikely to exist in the harddisc users file - Hitomi or Nataliya...) which you can assign as having supervisor privileges.
Reconnect the harddisc. Then log in (as Hitomi or Nataliya...) and hey presto! you'll have supervisor access. You may not be able to do much with the Syst account (deleting it is not advised), but you can now change the permissions to the Passwords file on the harddisc allowing you to see what the Syst password actually IS!

In other words, after logging in as Syst...

*NewUser Nataliya
*Priv Nataliya S

Then switch off, reconnect the harddisc, and after switching back on...
*I Am Nataliya
Then, ba-da-bing, ba-da-boom, you'll be in, system manager access.
I know, I know. It doesn't look terribly inspiring. There were no bells and whistles and "PROTECTION BREACHED" messages all over the screen, along with klaxons and flashing red lights. Sorry, that sort of stuff only happens in really bad movies.

 

Sometimes it just ain't that easy!

If you are supplying somebody with a device that contains built-in security, then basic etiquette requires that you remove such security as a matter of good faith. Or, at the very least, that you supply the manager password.
The sad reality of the matter, these days, is that you may be offered the FileStore by somebody who 'inherited' the thing, found it in a cupboard, etc, and simply doesn't know what the heck it is - if for no other reason than I guess they never thought to Google and find my EEA! ☺

Imagine, if you will, if *FSMaxDrive has been set to 3 (disabling floppies) and *FSUser has set a custom non-Syst default user.

Now what? The answer is simple. You cannot log into the server. It is inaccessible.

Um... yeah... but not for us... ☺

 

Getting in, the brute force method

It has always been said that no matter how many layers of security you provide, nothing can keep a determined person out once they have physical access to the server.
This scenario is the one that faced Mark Ferns, and now he shall describe how he got into the server:

If you get a Filestore which will not allow you to login either as Syst (or, sometimes, Boot) it is possible that the accounts have been locked or deleted. If the administrator really wanted to make life difficult he could have also set *FSMaxDrive 3 which would disable both floppy drives and prevent you booting from a formatted floppy disc. The only way around this problem is to either get hold of a second E01 (E01S) and connect the hard disc to that and boot off floppy or "break-in" to the Filestore and either remove or short the CMOS memory!

To short the CMOS memory, open up the E01/E01S and locate IC2 (under floppy disc drive 4). There should be an HD146818P (or xxxx6818 equivalent) Real-Time Clock chip in the socket.
There is no built-in battery in this chip which means that CMOS RAM can be cleared on this chip by just removing it from the socket for a few seconds and replacing it.
To reduce chances of damage to the chip, it is preferable instead to short pins 12 and 24 for a few seconds (with the server powered off!).

Rick's note: I've seen those NiCad batteries pack a punch and burn out tracks so you short at your own risk.
Me? I'd prefer to whip the chip out, you can do this with a blunt knife, and a whole lot of care. Lift each side a millimetre or two at a time. If you try to prise out one side, then the other, you'll end up with bent legs. Never good.
Anyway, your server, your choice...
Here is a diagram of the 6818 chip: 
              __    __
        1   -|* \__/  |-  24  5 volts DC
        2   -|        |-  23
        3   -|        |-  22
        4   -|        |-  21
        5   -|        |-  20
        6   -|        |-  19
        7   -|        |-  18
        8   -|        |-  17
        9   -|        |-  16
        10  -|        |-  15
        11  -|        |-  14
Ground  12  -|________|-  13
If you removed the chip, re-insert it now (otherwise the FileStore will not boot) and power-on with your boot floppy inserted in drive 4. If the CMOS has been successfully cleared, it will now check the floppy drives for discs.
Login as Syst, it will take a while as it will load the account info off the floppy. You are now in a position to reset the passwords on the FileStore hard disc.

 

I've done the NVRAM reset, but don't have a boot floppy!

This is described above. The bit with the screendump of all these *Commands? That'll set you up with a floppy...

 

Copyright © 2009 Rick Murray, with thanks to Mark Ferns