der Mouse writes: >For one thing, that assumes the machine will boot far enough for you to >log in (as root, since presumably nobody else can read /dev/eeprom). >If it's set fully secure (eeprom secure=full), this is not normally the >case. As for whether it's the first word, that is not true on the one >machine I just tried; it may depend on the machine (this was tried on a >SPARCstation 1+). A far more useful thing is to use 'od -a' on the correct offset. The fully comprehensive guide to the eeprom can be gleaned from examining /usr/include/mon/{eeprom.h,password.h}. According to this the password structure is at 0x490, and the password itself at 0x494-0x49b inclusive. Also, as I mentioned before, certain actions appear to ignore the password. The most notable of this is the ability to sometimes state which device and file to boot from. This prompt seems to appear with diskless machines and a boot server that is down (or maybe just disconnections from the network at the correct time). And, once again, I have seen machines have their prom passwords wiped by nothing more complex than repeated 'L1-A' 'c' commands during reboot. Although I haven't tested this myself for a couple of years, so more recent PROMs maybe fixed. >When I did "strings - /dev/eeprom", I got 8 strings: > > 45670123 > 31204567 > Ec#Y;A1y > sd()vmunix > le()vmunix This reminds me of someone who had a PROM password along the lines of the 'le()vmunix' style of string. Rather cunningly picked to deterr the confuse strings attack :) James -- James Bonfield (jkb@mrc-lmb.cam.ac.uk) Tel: 0223 402499 Fax: 0223 412282 Medical Research Council - Laboratory of Molecular Biology, Hills Road, Cambridge, CB2 2QH, England.