The 10119 firmware does not come with either telnet or ssh on. If you are sufficiently motivated, and willing to take a risk with your box, it is possible to get root on it.
Take a fresh download of the 10119 firmware, firmware-nt1-1_10119rfke.zip
; it unzips to a .bin file. It's not actually a .bin file, the file extension is a lie; it's a .tar.gz, so go ahead and untar and ungzip it. In it, you'll find, among a variety of other files including the actual firmware.tar.gz, a preinst.sh
and a postinst.sh
. Those scripts are run, like their names suggest, before and after a firmware install. They are run as root. Anything you add to them will be run as root. I recommend putting the interesting stuff in postinst.sh, and have it run after the firmware install.
The crucial thing to know about rooting the N1A1 is that it has a daemon, platformd, which at boot time will revert certain config files to the factory standard. As it happens, platformd has very strong opinions about what's in /etc/ssh/sshd_config. So to get sshd running usefully on your N1A1, you're going to have to run your own sshd instance.
Just to get started, you can call sshd against the config file of your choice in postinst.sh. To do this, write up or find an sshd config file you like, and get it onto the N1A1; you can drop it in the web share directory if you want. The absolute path to the web share is /mnt/disk/volume1/myweb/. (User file shares are all under /mnt/disk/volume1/ too.) Once you have it there, you can add the line
/usr/sbin/sshd -f /mnt/disk/volume1/myweb/sshd_config
to postinst.sh. You're going to need to do a couple other things in postinst.sh, too. Mine had a /etc/nologin file. I don't know if that's doing anything to thwart logins but to blow it away, add:
if [ -e '/etc/nologin' ]; then
rm -rf /etc/nologin
fi
You can't log into an account which doesn't have a home dir, and the homedirs of accounts created on the N1A1 are specified to be directories which don't exist (this may be intended as a security feature to keep out users). Likewise, you can't log in to an account the shell of which has been set to something bogus, and all the user accounts and the admin account have their shell set to IIRC "/bin/false". So also add to postinst.sh:
if [ ! -e '/home/admin' ]; then
mkdir /home/admin
fi
chown admin:admin /home/admin
usermod -d /home/admin/ admin
chsh -s /bin/bash admin
That's to make the "admin" account log-in-able. While you're in there, you might as well give yourself root:
echo root:yourfavoritetemporaryrootpassword | chpasswd
Okay, now you have that all in there, re-tar/gzip the firmware package back up, rename it to be a ".bin" (Why? Ask LG.) and then, fire up your N1A1's web interface, and do a firmware upgrade with your new hacked version of the firmware package.
You might want to do a backup of your files before trying any of this. Just sayin'.
If this worked, once it finishes going through the install-reboot process, you should now be able to ssh in with either your admin account or the root account.
But please note: if you reboot your N1A1, your sshd instance will not come up again automatically, and you will lose your shell access. So you might want to take this occasion to, first thing, set up a second sshd (with your own config file) while you're in there, so it does come up on boot like a regular sshd.
Worked like a charm with the latest update (10124)! .bin file is actually only a .tar file not a tar.gz, Thanks! – Remco – 2016-08-05T21:24:36.697