Breaking Into ASOS

The OS/2 Museum recently acquired a Quantum Bigfoot TS hard disk in mint condition. The Bigfoot drives, as some readers may remember, were rather oddball late-1990s 5.25″ IDE drives that were cheap, slow, and relatively big. There was a sticker on the disk that suggested the drive once lived inside a Compaq machine. After attaching the disk to a Linux system, it turned out that the drive was not empty but the contents were too foreign for Linux to handle.

After hooking up the image of the drive to a VM, it turned out that the drive is not only bootable but actually boots into some… bizarre thing that Compaq and SCO cooked up. Here’s what the screen looks like when booted up:

Some kind of Microsoft/SCO/Compaq server?

Not much to see there. At all. After switching the virtual terminal (with Alt-F2, where did you think Linux stole that idea?) it turned out to be a curious mix of an off-the-shelf OS with some heavy custom tweaking:

Compaq ASOS, a customized SCO OpenServer

Okay, so it’s SCO OpenServer Release 5, but with some sort of Compaq modifications. With the “ASOS” keyword there’s something to search for. It turns out the hard disk came out of a Compaq Prosignia NeoServer, an oddball late-1990s network server. In other words, a low-powered cheapo Celeron PC running a web server, file server, print server, etc., all remotely manageable. For whatever reason, Compaq decided to base that on top of SCO OpenServer. The NeoServer looked a bit like a shredder or a trash can but it was 1999 and it said “network” and “internet” so it had to be good. A significant chunk of the NeoServer functionality relied on a product called VisionFS, which was roughly similar to Samba.

Now, the NeoServer line was clearly not very successful and finding documentation is tricky. There are lots of dead links. Anyone know of a complete Compaq FTP archive? (The one on isn’t and lacks the entire /pub/supportinformation/techpubs/user_reference_guides subtree.)

Then again, according to one old forum post, the NeoServer was locked down such that it was actually not possible to log in as root on the console. So, how does one break down into OpenServer?

ASOS is configured with the semi-undocumented QUIET=YES boot option. That means there is no opportunity to interrupt the boot process. I found no way to get to any kind of single-user boot in an OpenServer configured that way.

The obvious alternative would be attaching the disk (image) to Linux… but that’s no good because Linux does not support the OpenServer file system (HTFS). The only remaining alternative is then booting the OpenServer installation CD.

Even that provides no obvious way to get to a command shell, but there are actually two ways. One is pressing the F8 key (not documented) after the installer boots. That brings up a debug screen with a “Shell escape” option:

Magic F8 OpenServer installer debug menu

The other option is entering ‘tools’ on the OpenServer installer boot menu, like this:

OpenServer ‘tools’ boot magic

Once the installer boots up, instead of installing the OS it goes to this menu:

The ‘tools’ menu in OpenServer

With that, we finally get a root shell and we can mount the hard disk file system with mount /mnt /dev/hd0root. At this point it should be possible to run passwd and reset/remove the root password. But alas, it’s not that simple. It should be and there are guides on resetting the root password, but none of that works on Compaq’s ASOS. The trouble is that /etc/passwd is just a symlink to /rwroot/etc/passwd and I simply don’t know where that is. The “rwroot” concept must be something ASOS specific since I could not find any references to it elsewhere.

Looking inside the root filesystem’s /idev directory, there is /idev/rwroot with a major of 1 and minor of 43. So let’s try mknod /dev/rwroot b 1 43, then mkdir /rwroot and finally mount /dev/rwroot /rwroot. That actually works and now we can can finally open the real /etc/passwd file in vi:

The real ASOS passwd file

Of course the actual passwords are in the shadow file but it’s trivial to zap the root password. One reboot later… and it’s a success! We’re in:

ASOS root shell

This information might have even helped someone 20 years ago…

PS: It turned out that getting root access wasn’t that useful. The system configuration is effectively fixed, the kernel can’t be reconfigured etc. In the end the best approach turned out to be setting up an OpenServer VM, configuring networking for file exchange, and then attaching the Bigfoot drive image. It was not trivial to figure out what’s where on the disk between fdisk partitions and divvy divisions but this explainer helped a lot. The drive really appears to have been used in a Compaq ProSignia NeoServer and decommissioned in 2002.

This entry was posted in Compaq, PC history, SCO. Bookmark the permalink.

4 Responses to Breaking Into ASOS

  1. Fernando says:

    I think that the odds are that the web server is apache, I remember seeing apache in the Skunkworks of SCO.

    I made a little search to see if I could find more information, there is so little. I found this two softpaqs, probably you already found them, but in case not:
    From your screenshot I think you have version 1.2, this will update to 1.9:
    The exe:

    This is to go from 2.0 to 2.7
    The exe:

  2. Michal Necasek says:

    It is indeed Apache.

    I found the SoftPaqs but what I was really after was the documentation, and that sadly appears to be gone. It didn’t get onto because it was all stored on Compaq’s FTP, and apparently no one managed to mirror it.

    What survived about ASOS is really very little, I’m sure in part because there were only two iterations of the machine (Prosignia NeoServer and then NeoServer 150) and then the whole thing was gone.

  3. Julien Oster says:

    So apart from the filesystem shenanigans, is it markedly different from SCO OpenServer?

  4. Michal Necasek says:

    It *is* OpenServer. It is customized but as far as I can tell, the code is all more or less standard SCO stuff.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.