NetBSD on Airport Express

Just stumbled on this article https://jcs.org/2018/06/12/airport_ssh and I just had to try it out on my Airport Express, even though the method was for the Extreme.
It worked like a charm, as easy as:

python -m acp -t 192.168.234.189 -p xxx --setprop dbug 0x3000
python -m acp -t 192.168.234.189 -p xxx --reboot

Dmesg:


ry = 49844 KB
mainbus0 (root)
cpu0 at mainbus0: Marvell 88F6183 rev 2 (ARMv5TE core) [88F6183 Rev 3]
cpu0: WB enabled EABT
cpu0: 32KB/32B 1-way Instruction cache
cpu0: 32KB/32B 4-way write-back Data cache
cpu0: This kernel does not fully support this CPU.
cpu0: Recompile with "options CPU_ARMV5TE" to correct this.
mbus0 at mainbus0 base 0xf1020000 irq 0: AHB to MBUS Bridge
mvaud0 at mbus0audio0 at mvaud0: full duplex, mmap, independent
mv_audiodec_init: bypassed
mvdevb0 at mbus0 target 1, irq 15: Device Bus
com0 at mvdevb0 offset 0x2000, irq 3: ns16550a, working fifo
com0: console
com1 at mvdevb0 offset 0x2100, irq 4: ns16550a, working fifo
mvtwsi0 at mvdevb0 offset 0x1000, irq 5: Two Wire Serial Interface
mvtwsi0: I2C clocked at 94.696 Khz
iic0 at mvtwsi0: I2C bus
stdflash_orion_match: flash width 4213/0
stdflash0 at mvdevb0 DevCS1: Onboard SPIBootFlash
this is a spansion part...we should check the spansion specific subid (6 entries)
FLASH look for .... 0) 1/2018/20/2018
FLASH look for .... 1) 1/2018/c2/2017
FLASH look for .... 2) 1/2018/c2/2018
FLASH look for .... 3) 1/2018/c2/2013
FLASH look for .... 4) 1/2018/ef/4018
FLASH look for .... 5) 1/2018/1/2018
FLASH SUPPORTED.... 1/2018/5/0
flash0 at stdflash0 00000000-00700000, untranslated, read/write
flash1 at stdflash0 00700000-00e00000, untranslated, read/write
flash2 at stdflash0 00e00000-00f40000, translated, read/write
flash3 at stdflash0 00f40000-00f80000, untranslated, read/write
flash4 at stdflash0 00f80000-01000000, untranslated, read/write
applgpio0 at mvdevb0 offset 0x0000GPIO_interrupt_pin_ex: flipping pin 17.
GPIO_interrupt_pin_ex: flipping pin 3.
(board-revision=-1)
mvgec0 at mbus0 target 7, irq 22: Gigabit Ethernet Global Controller
gec0 at mvgec0 unit 0, irq 18: Gigabit Ethernet Controller, Unit 0
gec0: MAC address: 00:16:cb:00:51:81
makphy0 at gec0 phy 8: Marvell 88E3016 Gigabit PHY, rev. 0
makphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
mvusb0 at mbus0 target 5, irq 16: ARC USB-HS Host/Device Controller
mvusb0: Core revision 4.0
ehci0 at mvusb0 irq 17, host mode: USB Host Controller
ehci0: EHCI version 1.0
usb0 at ehci0: USB revision 2.0, available bus power 500 mA
uhub0 at usb0
uhub0: ARC USB-HS Core EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
ehci0: self-powered device addr 1 (config 1) power 0 mA. Available power 500 mA (root)
uhub0: 1 port with 1 removable, self powered
mvpcie0 at mbus0 target 4, irq 10: PCI Express Controller
mvpcie_attach() - bus_num = 0, if_num = 0.
PEX0 interface detected Link X1
mvpcie0: INTn interrupting on irq 11
pci0 at mvpcie0 bus 0
pci0: i/o space, memory space enabled
mv0 at pci0 dev 1 function 0
mv0: interrupting at INTA
mv0: load firmware image (96740 bytes)
wlan: mac acl policy registered
mv0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
mv0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
mv0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
mv0: 11na MCS: 15Mbps 30Mbps 45Mbps 60Mbps 90Mbps 120Mbps 135Mbps 150Mbps 30Mbps 60Mbps 90Mbps 120Mbps 180Mbps 240Mbps 270Mbps 300Mbps
mv0: 11ng MCS: 15Mbps 30Mbps 45Mbps 60Mbps 90Mbps 120Mbps 135Mbps 150Mbps 30Mbps 60Mbps 90Mbps 120Mbps 180Mbps 240Mbps 270Mbps 300Mbps
mv0: versions [driver 0.8.7.0 hw 5 fw 3.7.2.2] (regioncode 16)
mv0: multi-bss support
mvidma0 at mbus0 target 6, irq 24: IDMA Controller
mvidma0: DMA Assist enabled for copyin/copyout and copy/zero page on channel 3
mvaud1 at mbus0 target 5audio1 at mvaud1: full duplex, mmap, independent
mv_audiodec_init: bypassed
clock: hz=100 stathz=0 profhz=0
md0: internal 10240 KB image area
IPsec: Initialized Security Association Processing.
boot device:
root on md0a dumps on md0b
root file system type: ffs
WARNING: no TOD clock present
WARNING: using filesystem time
WARNING: CHECK AND RESET THE DATE!

Filesystem:

Filesystem Size Used Avail Capacity Mounted on
/dev/md0a 9.7M 7.7M 2.0M 79% /
/dev/flash2a 1.1M 41K 1.0M 3% /mnt/Flash
mfs:141 15M 512B 14M 0% /mnt/Memory

Running processes (with airtunes enabled):

PID TTY STAT TIME COMMAND
0 ? DKs 0:00.01 [swapper]
1 ? Is 0:00.02 init
2 ? DK 0:05.30 [stdflash0]
3 ? DK 0:00.00 [usb0]
4 ? DK 0:00.00 [usbtask-hc]
5 ? DK 0:00.00 [usbtask-dr]
6 ? DK 0:00.01 [pagedaemon]
7 ? DK 0:00.04 [ioflush]
8 ? DK 0:00.01 [aiodoned]
9 ? DK 0:00.01 [sfdaemon]
18 ? DK 0:00.02 [physiod]
96 ? Ia 0:00.03 /sbin/sntpd -client=time.apple.com
97 ? I 0:00.35 /sbin/wpa_supplicant -K -M -F /var/log/hostap_wlan1.log -D net80211 -i wlan1 -c /etc/hostap_wlan1.conf
99 ? I 0:00.01 /sbin/iCloudd
141 ? Ss 0:00.03 mount_mfs -s 32768 swap /mnt/Memory
164 ? Ia 0:00.02 /sbin/airtunesd -i bridge0
175 ? Is 0:00.00 /usr/sbin/inetd -l
183 ? Is 0:00.01 /usr/sbin/cron
245 ? Sa 0:01.54 /sbin/mDNSResponder -d
253 ? I 0:00.74 /usr/sbin/sshd -D -e
271 ? Ss 0:00.87 sshd: root@ttyp0
415 ? I 0:00.03 /sbin/link_local bridge0
467 ? I 0:00.04 /sbin/dhclient -q -d
505 ? I 0:00.06 /sbin/snmpd -f -DALL -c /etc/snmpd.conf -p /var/run/snmpd.pid
539 ? Ia 0:00.22 /sbin/printd -i -d local.
604 ttyp0 R+ 0:00.00 ps -ax
627 ttyp0 Ss 0:00.05 -sh
94 tty00- S 0:00.06 svscan /var/sv
107 tty00- Ia 0:08.53 /sbin/ACPd -nofork
108 tty00- I 0:00.02 supervise dnscache
110 tty00- I 0:00.01 supervise walldns
112 tty00- I 0:00.01 supervise log
113 tty00- I 0:00.01 supervise log
116 tty00- I 0:00.01 cat -
118 tty00- I 0:00.02 cat -
184 tty00 Is+ 0:00.04 -sh
186 tty01 Is+ 0:00.05 -sh

It runs SNMP daemon:

snmpwalk -c public 192.168.234.189| head

SNMPv2-MIB::sysDescr.0 = STRING: Apple AirPort - Apple Inc., 2006-2012. All rights Reserved.
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.255
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2064754916) 238 days, 23:25:49.16
SNMPv2-MIB::sysContact.0 = STRING: default_user@contact.domain
SNMPv2-MIB::sysName.0 = STRING: airport-express
SNMPv2-MIB::sysLocation.0 = STRING: defaultlocation
SNMPv2-MIB::sysServices.0 = INTEGER: 12
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORID.1 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.2 = OID: TCP-MIB::tcpMIB

It seems to have racoon installed, pppoe.
PF is enabled by default:

airport-express# pfctl -s all
FILTER RULES:
block drop all
pass on lo0 all flags S/SA keep state
pass out proto tcp from any to any port = domain flags S/SA keep state
pass out proto udp from any to any port = domain keep state
pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state
pass out inet6 proto ipv6-icmp all icmp6-type routersol keep state
pass in inet6 proto ipv6-icmp all icmp6-type neighbradv keep state
pass in inet6 proto ipv6-icmp all icmp6-type routeradv keep state
pass out inet proto icmp all icmp-type echoreq keep state
No queue in use

Interesting huh?

Leave a Reply