Router shadow password generation [migrated]
I'm reverse engineering a router, I'm fairly new to embedded devices and how Linux boots up, but I have a root UART shell, there's already a password hash in the /etc/shadow file, these passwords/hashes must be set somewhere right? How do devices like this usually do it, is there a script that is run during boot, or would it be in a binary in the /lib folder or something? I'm guessing it does this on the first boot up only?
Would it also be as simple as searching for a mkpasswd string in all the above? I really want to see if I can find what/how the password hash is generated, or hopefully some plaintext hardcoded string somewhere, but not really sure of where to start looking.
The modem is running OpenWrt. I've searched in /etc, /lib, /sbin, /sbin/lib, checked in other partitions.
Any tips or guidance on this stuff would be great, thanks!
