Jump to content
Legomaniac

Cow Milking Robot Hacks/Mods X11

Recommended Posts

 Hi Everyone, update time. I plugged in a keyboard and it did do interesting things, sort of. Ctrl + Alt + FX (X != 2 ) directs you to a console login. I tried all the obvious-ish default passwords. Lely, Password, 123456, etc. It is quite slow on the password denied response, so perhaps I need to buy a rubber ducky and let it go all night long or something. The good news is it does keep milking cows while messing with it, you just have to remember to CtrlAltF2 before you unplug the keyboard. 

Video: 

I haven't done a hard reboot, I think that's the next step, remove power and see what shows up during boot. 

 

  • Like 1

Share this post


Link to post
Share on other sites
Just now, user_1577 said:

@Legomaniac I was able to login with username: lely password: lely no root access though:sad:

I'm actually not sure I tried that! Mostly I tried to log into root or 'admin' I'll try lely lely

it likely is vulnerable to privilege escalation attacks somewhere 

Share this post


Link to post
Share on other sites
9 minutes ago, Legomaniac said:

I'm actually not sure I tried that! Mostly I tried to log into root or 'admin' I'll try lely lely

it likely is vulnerable to privilege escalation attacks somewhere 

I'm not home but I tried to ssh in as username lely password lely

no sauce yet

Share this post


Link to post
Share on other sites

Thats strange just tried it again for me and it logged in:

 

login as: lely
lely@10.4.1.101's password:
Linux elink-tab 3.10.17-R07 #1 SMP PREEMPT Mon Feb 15 15:14:56 CET 2016 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Sep 11 23:34:29 2017 from 10.4.1.1
lely@elink-tab:~$ ls /
bin   dev  home          lib    media  opt   root  sbin  sys  usr
boot  etc  lely_install  lib64  mnt    proc  run   srv   tmp  var
lely@elink-tab:~$

 
 

  • Like 1

Share this post


Link to post
Share on other sites
5 minutes ago, user_1577 said:

Thats strange just tried it again for me and it logged in:

 


login as: lely
lely@10.4.1.101's password:
Linux elink-tab 3.10.17-R07 #1 SMP PREEMPT Mon Feb 15 15:14:56 CET 2016 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Sep 11 23:34:29 2017 from 10.4.1.1
lely@elink-tab:~$ ls /
bin   dev  home          lib    media  opt   root  sbin  sys  usr
boot  etc  lely_install  lib64  mnt    proc  run   srv   tmp  var
lely@elink-tab:~$

 

Did you copy & paste that or type it out? Also, what version of robot is it, and what software version is i running?

Share this post


Link to post
Share on other sites

so, What I'm getting looks like this: 

If you trust this host, enter "y" to add the key to                                                             
PuTTY's cache and carry on connecting.                                                                          
If you want to carry on connecting just once, without                                                           
adding the key to the cache, enter "n".                                                                         
If you do not trust this host, press Return to abandon the                                                      
connection.                                                                                                     
Store key in cache? (y/n) yes                                                                                   
login as: lely                                                                                                  
lely@10.4.1.101's password:  (I entered lely)                                                                                   
Access denied                                                                                                   
lely@10.4.1.101's password:                                                                                     

Update: I tried it on robot 2 and got the same results.

PS C:\Program Files\PuTTY> .\plink.exe 10.4.1.102                                                               
The first key-exchange algorithm supported by the server is                                                     
diffie-hellman-group1-sha1, which is below the configured warning threshold.                                    
Continue with connection? (y/n) y                                                                               
The server's host key is not cached in the registry. You                                                        
have no guarantee that the server is the computer you                                                           
think it is.                                                                                                    
The server's rsa2 key fingerprint is:                                                                           
ssh-rsa 1040 be:44:a8:36:71:ec:1e:b9:df:28:23:d3:c9:eb:b6:8a                                                    
If you trust this host, enter "y" to add the key to                                                             
PuTTY's cache and carry on connecting.                                                                          
If you want to carry on connecting just once, without                                                           
adding the key to the cache, enter "n".                                                                         
If you do not trust this host, press Return to abandon the                                                      
connection.                                                                                                     
Store key in cache? (y/n) y                                                                                     
login as: Lely                                                                                                  
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:                                                                                     
Access denied                                                                                                   
Lely@10.4.1.102's password:               

So it appears that your robot has a different default ssh password than mine, or perhaps mine has password login disabled :( 

Question for those in the know, If you disable password login, will it still give you a 'fake' password prompt?

Edited by Legomaniac
More info

Share this post


Link to post
Share on other sites
Quote

Question for those in the know, If you disable password login, will it still give you a 'fake' password prompt?

Quite likely, yeah.

Share this post


Link to post
Share on other sites

What kind of combinations did you try ?
because It should be Lely Lely.

admin - admin
Lely - Lely
lely - lely
.. .. .

  • Like 1

Share this post


Link to post
Share on other sites
On 1/12/2018 at 9:10 AM, LivingDodo said:

What kind of combinations did you try ?
because It should be Lely Lely.

admin - admin
Lely - Lely
lely - lely
.. .. .

We tried all of those and a few other combos (like admin-password, lely-password, and a few other common ones like that).

Share this post


Link to post
Share on other sites

@legomaniac ive been trying to learn how to access t4c remotely for a month now. i still get lost in the vocabulary. would you be willing to help me set it up privately? also the passwords on some of our brand new a4 stuff is Service: lely or service: lelylely and there was another one that the password had some numbers in it but i cant remember that anymore. 

 

cant wait till someone figures this out. i'm getting tired of having to go over to reset m4use buckets!

Share this post


Link to post
Share on other sites

Nmap scan port 80 http:// ipaddress into your internet exploder press enter tada 

Share this post


Link to post
Share on other sites

bigbiz must be doing something wrong.

Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-22 17:43 Eastern Daylight Time
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating Ping Scan at 17:43
Scanning 71.120.95.4 [4 ports]
Completed Ping Scan at 17:43, 3.18s elapsed (1 total hosts)
Nmap scan report for 71.120.95.4 [host down]
NSE: Script Post-scanning.
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 9.66 seconds

Raw packets sent: 8 (304B) | Rcvd: 3 (205B)
 

i'm assuming there are some settings i need to change on my other router/computer but i don't know what. Where do i look now? even some key words to search and read about would help.  its all new to me but i like to learn.

Share this post


Link to post
Share on other sites
On 4/22/2018 at 5:47 PM, hemmy15 said:

bigbiz must be doing something wrong.

Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-22 17:43 Eastern Daylight Time
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating Ping Scan at 17:43
Scanning 71.120.95.4 [4 ports]
Completed Ping Scan at 17:43, 3.18s elapsed (1 total hosts)
Nmap scan report for 71.120.95.4 [host down]
NSE: Script Post-scanning.
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Initiating NSE at 17:43
Completed NSE at 17:43, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 9.66 seconds

Raw packets sent: 8 (304B) | Rcvd: 3 (205B)
 

i'm assuming there are some settings i need to change on my other router/computer but i don't know what. Where do i look now? even some key words to search and read about would help.  its all new to me but i like to learn.

Sorry Hemmy15, I've been not on here much for a while again... 

Accessing t4c remotely and accessing the robot touchscreen remotely are different systems, but I can help you do both.

You will need to get a machine that runs Linux (or a linux instance in a VM like virtualbox on the T4CPC), and also has access to the LAN that the robots are on. The amount of linux required is pretty minimal, but the more 'remoteness' you need, the more complex it gets. 

I can do it from anywhere in the world I have internet, using my phone, but I don't because it's pretty tedious. If you're trying to just reset the buckets from an office I bet I can get you up and running in an hour. Send me a private message and I'll be in touch. In the meantime,  this video is step 1. Do this on the T4C server in the barn, and  if you don't have TeamViewer, get that too

 

Share this post


Link to post
Share on other sites
We do not have implemented the robotic machines with the cows, so far, thus helping us to know to much about the port connection of the network with the software. Might me because of the technology gap, we might have not received this techniques still. It helped me a lot to improve the technology here, though I am unable to provide you any solution.

Share this post


Link to post
Share on other sites

Wou. I find this to be a very interesting topic. 

My parents have A4s. I have made T4C achievable remotely to them.

Just grant asses to other computer to folder lely-pc/T4C/.

Connect it to T4C-PC via LAN or VPN.

Open http://lely-pc/T4C/Content/Login.aspx and use it as you were on T4C-PC.

Share this post


Link to post
Share on other sites

Really cool stuff guys, I want to do exactly the same thing. I want to be able to access the elink (robot touchscreen) from anywhere. I have vncviewer on the touchscreen, but as others said it seems to be read only.  I also plugged a keyboard in to the touchscreen and the username lely and password lely worked for me just as it did for @user_1577.  However I don't have any experience working with a Linux terminal so I would have no idea how to change the vnc viewer to write (if thats even possible). Could anybody help me out?

 

Share this post


Link to post
Share on other sites

Eureka! I think I have the last piece of the puzzle

Plug your keyboard into the elink

Hit crt+alt+F2 to enter the terminal

Username: lely

Password: lely

the elink has x11vnc installed on it already. For more information on x11vnc visit http://www.karlrunge.com/x11vnc/

to start a new vnc session type the following directly into the terminal

x11vnc -forever

This vnc session will be open until the elink shuts off again. There are instructions online to make it auto start on bootup and add a password but I havent reached that point yet. 

the terminal will give you a port number, most likely it will be 5901  (5900 was the view only session)

either download realvnc viewer on your desktop or if you look on your t4c computer there should already be one in C:\Lely file\6.1 Milking and cooling software set A4 2016-13 v6.1 (b540)\Tools\RU E-Link Viewer

To access the robot of your choice enter the IP address:port# into the vnc viewer on your desktop

For me it was 10.4.1.102:5901

Go ahead and give that cow some extra feed.

Share this post


Link to post
Share on other sites

I can get to the user login in through ctrl + alt + F1,  F2 gets me back to main screen, but lely for login and password dont work for me, almost 8 yr lely a4.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...