My Device is SMCWAPS-G with an internal HD. This concept should work on other brands as well. Here's one way to enable telnetd on unmodified firmware by using FTP and backup_usb.sh. This mod will reset after you reboot the Device.
SMC Firmwares
http://62.168.45.50/smc/drivers/storage/WAPS-G/http://62.168.45.50/smc/drivers/storage/WAPS-G/R400b8a/R4.00b8a 2006/9/8
Fix the problem: After upgrading the firmware R400b8, SMC_WAPS-G will may not start the internal harddisc sometimes.
R4.00b8 2006/8/24
If harddisc has been idle for more 5 minites, it will become powerdown state.
R4.00b5v4 2006/3/13
Modified the "Router" texts to "SMCWAPS-G" in Backup setting option.
R4.00b5v3 2006/3/10
Modified all "barricade" texts to "SMCWAPS-G" in UI. added a message on login page.( the default password is smcadmin!)
** R4.00b5v3 & R4.00b5v4 has telnetd in busybox.
** R4.00b8a has no telnetd.
** If your device is not SMC, please follow direction to change firmware header
-------
Steps
-------
1. Enable FTP on the Device
-----------
2. How to enable FTP for root with / folder access?
a. FTP into Device using Username nobody and Password of <blank> (no password). Filezilla is a good FTP app to use.
b. Download /etc/passwd to your computer
c. Edit local copy of passwd and change root account to following (set root's password to same as nobody's)
root:$1$$qRPK7m23GJusamGpoGLby/:0:0:root:/:/bin/ash
d. FTP into Device using Username nobody and upload local passwd file to /etc/passwd
e. Now you can FTP as Username root and Password of <blank> (no password) with access to root directory
f. If you mess up passwd file and lock yourself out, please reboot the Device to reload passwd.
-----------
3. Busybox with telnetd? Get a file listing of /sbin. If your busybox has telnetd, you will see the file telnetd. If your version of busybox has no telnetd, you can get another version of busybox with telnetd. SMC's R4.00b5v4 busybox has telnetd. You can obtain it thru:
a. Flash R4.00b5v4's firmware. Download R4.00b5v4's /bin/busybox as busybox.b5v4 (thru FTP)
b. Download and extract attached file busybox.b5v4.zip
c. Download from URL
http://rapidshare.com/files/59329456/busybox.b5v4.htmlIf your busybox has no telnetd:
a. Upload busybox.b5v4 to /bin/busybox.b5v4
b. Set execute permission on busybox.b5v4 (thru FTP)
-----------
4. Start telnetd in /bin/backup_usb.sh (backup function).
a. FTP into Device as root.
b. Download /bin/backup_usb.sh to local
c. Modify local file backup_usb.sh and add "busybox telnetd &" or "busybox.b5v4 telnetd &" after the first line.
#!/bin/sh
busybox telnetd &
# or
# busybox.b5v4 telnetd &
# or
# telnetd &
d. Insert a flash drive into Device's USB port
e. On the Device, hold down backup button for 4+ seconds to start /bin/backup_usb.sh. This will start telnetd.
-----------
5. Telnet into the Device as Username root and Password of <blank> (no password)
