====== AS/400 ======
{{template>project:infobox|name=As400 midrange|image=AS400.jpg?200|
sw=-|
hw=-|
founder=[[user:ruza]]| interested=[[user:maxfx]]\\ [[user:malanius]]\\ [[user:Sachy]]\\ [[user:rainbof]]\\| status=radioaktivni|
}}
~~META:
status = active
~~
The IBM System i, then known as the AS/400, was the continuation of the System/38 database machine architecture (announced by IBM in October 1978 and delivered in August 1979). The AS/400 removed capability-based addressing.The AS/400 added source compatibility with the System/36 is combining the two primary computers manufactured by the IBM Rochester plant. The System/36 was IBM's most successful mini-computer but the architecture had reached its limit. The first AS/400 systems (known by the development code names Silverlake and Olympic) were delivered in 1988 under the tagline "Best of Both Worlds" and the product line has been refreshed continually since then.
IBM AS/400 is actually not a mainframe from a hardware point of view, precisely said its an **midrange server**, but philosophy of operating system is very close and available for "getting to know" about mainframe technologies. We have one such machine in our hackerspace and there are people who are interested in gaining skills with this technology.
What is commonly named as as400 had a few generations throughout the history:
* Generation 1 - AS400 (running OS400 operating system)
* Generation 2 - **eServer iSeries (running i5/OS operating system)**
* Generation 3 - System i (running i5/OS operating system)
* Generation 4 - Power Systems (optionally running the IBM i Operating system)
|HW |[[https://www-01.ibm.com/support/knowledgecenter/POWER6/iphad/i270.htm|IBM iSeries 9406-270 eServer]] (POWER6) |
|Twinax console |IBM InfoWindow II 3487 |
|OS |OS/400 V5R4M0 aka i5/OS |
|hostname/ip |**as400.brm**, 192.168.77.7 |
|as400 service tools LAN adapter |**as400-st.brm**,192.168.77.29 |
|ISO images & other SW |data.brm:/data/mirror/software/as400/ |
|access |tn5250/x3270 \\ Remote Control Panel: iSeries Operation Console, iSeries Access for Windows |
{{:project:as400-case.gif}}
* Power Supply Magnetek 3902-55-1 [[https://drive.google.com/file/d/0Bz8nZOpcPlRCSW9SSlBEY3laLVk/view?usp=sharing|foto]]
* backside [[https://drive.google.com/file/d/0Bz8nZOpcPlRCbS1lUWhOZnd3RDQ/view?usp=sharing|foto]]
* S1 - (has a square-wave-form symbol). To be able to connect via this port AS400 needs to be in **Standby** Operation mode (02 M). Then You can connect using serial cable from your Operations Console computer and open the [[http://wiki.midrange.com/index.php/ASMI|ASMI]] in serial mode.
* J11 (remote power on); J14 (UPS); J15 ([[https://www.ibm.com/support/knowledgecenter/POWER6/areaj/spcn.htm|SPCN]] 0); J16 (SPCN 1).
* C07 - empty
* C06 - 2838, [[https://drive.google.com/open?id=0Bz8nZOpcPlRCUkc2QVZPVmZYSkE|Ethernet card]]
* C05 - 2746, [[https://drive.google.com/open?id=0Bz8nZOpcPlRCZFhVNjJYcGE4Rm8|Twinax console card]]
* C04 - 2842, [[https://drive.google.com/open?id=0Bz8nZOpcPlRCRUd1Rkp2VncwTW8|IBM 2842-9406 PCI Node IOP Card, 53P3459]]
* no label, empty
* C03 - 2749, [[https://drive.google.com/open?id=0Bz8nZOpcPlRCdDRudXJrTXJPMFE|IBM 04N5036 SCSi Magnetic PCI Media Controller]]
* C02 - empty
* C01 - 2763, [[https://drive.google.com/open?id=0Bz8nZOpcPlRCRGtiQjNFbjdxeWs|RAID SCSI controller]]
* [[https://drive.google.com/open?id=0Bz8nZOpcPlRCSjE5WVUyT0tZdlE|more foto of the hardware]]
* [[https://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzar5/rzar5loc810.htm|System case features]] (ibm.com)
===== Frontend panel =====
Frontend panel (or Control Panel) has four important buttons:
* **Up/Down** (aka increase/descrease) - two black buttons (F)
* **Enter** - blue button (G)
* **Power** - white button (B)
{{:project:rv5b002.gif}}
* (A) Power On Light
* A blinking light indicates power to the unit.
* A constant light indicates that the unit is up and is working.
* (B) Power button
* (C) Processor Activity
* (D) System Attention
* (E) Function/Data Display
* (F) Increment and Decrement buttons
* (G) Enter button
===== Console selection =====
In order to select to which console output will be sent hold "space bar" key and PowerOn.
There are following [[http://wiki.midrange.com/index.php/Console|console]] types.
* **Operations Console**
* **direct-attached** or **direct cable attachment** - 9-pin serial
* **LAN attached** or **LAN console**
* **Hardware Managed Console** ([[http://wiki.midrange.com/index.php/HMC_Operations|HMC]])
* **Thin Console** - Neoware c50 thin client running a customized Linux image, which includes an IBM 5250 emulator. It boots from internal flash memory.
* **Twinax** - A 5250 device, or equipment which emulates one. Must be wired to the first twinax controller IOP on port 0 (zero) and setup with logical address 0 (zero)
===== Boot =====
In order to **BOOT UP into normal operation mode** perform following steps on the frontend control panel:
- select function **02** using black buttons and Enter by pressing the blue button
- select IPL type **B** using black buttons and Enter by pressing the blue button
- select IPL mode **N** using black buttons and Enter by pressing the blue button
- power on using white button
Various alphanumeric codes will be shown on the display panel. That means the system is booting fine. Wait few minutes. If it will be stuck at some alphanumeric code for more than few minutes, just google that code and you will know what is broken.
===== Power off =====
In order to properly **POWER OFF** an AS400 issue an PWRDWNSYS command from OS or perform following steps on the frontend control panel:
- select function **02** using black buttons and Enter by pressing the blue button
- select IPL type **B** using black buttons and Enter by pressing the blue button
- select IPL mode **M** using black buttons and Enter by pressing the blue button
- press the white button. A system should respond showing an **0?** code on the display
- power off using white button again
- wait few minutes till AS400 properly shuts itself down
- shutdown terminal (power button on terminal)
or
- select function **08** using arrow keys on the front panel of server and confirm question **0?** by pressing twice white button.
- wait few minutes to shutdown
- shutdown terminal (power button on terminal)
===== HW maintenance mode =====
boot into 02 C M S
===== Restricted state =====
is similar to **single user mode** from UNIX world (all the subsystems have ended and only a single user job remains active). ([[https://www.ibm.com/developerworks/community/wikis/form/anonymous/api/wiki/efb1a870-a9b3-4352-94b0-b7381ebbd0e1/page/9d7f92e3-56bd-476f-bdcb-2245aa9d585d/attachment/57bab23c-2f64-4641-9bce-46ac24307e93/media/RestrictedState.pdf|RestrictedState.pdf (ibm.com)]])
===== Additional info on boot modes =====
==== Control panel functions ====
|**normal (01-49)** |Functions 21-49 are available in manual mode) \\ Functions 11 through 19, if enabled, represent the words of the SRC. You must record SRC information for error reporting and contact your service provider. |[[https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_61/rzal2/rzatmnormfunc.htm?lang=cs|Běžné funkce ovládacího panelu]] |
|extended (50-70) | |[[https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_61/rzal2/rzatmextfunc.htm?lang=cs|Rozšířené funkce ovládacího panelu]] |
|low-level debug 57-70 |enabled in manual mode via functions: \\ * 25 (service switch 1) and \\ * 26 (service switch 2) |[[https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_61/rzal2/rzatmlldfunc.htm?lang=cs|Funkce panelu nízkoúrovňového ladění]] |
[[https://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzal2/rzal2cpnlfunct.htm|control panel functions]] (ibm.com)
==== IPL type ====
{{ :project:as400:iplab.gif|}}
IPL type: A, **B**, C, D (You will probably almost always use the "B" side.)
* A - **original LIC** with permanently applied PTFs (no temporary PTF)
* When IPL type B fails
* When the procedures direct you to use IPL type A
* When you suspect problems with temporary Licensed Internal Code PTFs
* **B** - **production version** of the LIC with temporary PTF applied
* - loads a copy of the Licensed Internal Code that has both the Temporary and Permanently applied PTFs. This is normally your most current or newest code. You would use the B side most of the time, especially for routine work. You would run from this side when you permanently apply certain PTFs.
* C - reserved for hardware service representative use.
* D - installing and reloading programs. This loads the system programs from an alternate IPL load source, such as a tape drive or CD-ROM. You would also use this if your load source disk had failed, or installing a new system. You can both "scratch" install a system (initialize it) at this point, or just replace the license internal code. For booting from CD you need disc labelled "1BASE LIC MACH. CODE". For installation "B2995 01" and then "B2995 02" - you'll be requested to change the CD on the appropriate time.
==== IPL modes ====
* **Normal (unattended)** - When you power on the system in normal mode, it performs the IPL and presents the Sign On screen on all available display stations. The operator cannot change the system during the IPL. You would use a normal mode IPL to:
* Perform an IPL and **run the system for most routine work**
* Load PTFs
* **Manual (attended)** - After power-on an operator uses the control panel to direct the system for special needs. IPL, DST and the operating system present menus and prompts that allow you to make changes to the system. Use manual mode to IPL and run the system to perform the following actions:
* Change IPL options (including system values)
* Install the operating system
* Manually load program temporary fixes (PTFs)
* Make some types of system hardware upgrades
* Use DST
* For some Disk maintenance & management.
==== IPL Speeds ====
IPL speed is changeable while the system is powered off.
^IPL Speed ^Action or Description ^Details |
|F |Fast override for one IPL. |Fast IPL run. Some hardware diagnostics are skipped. |
|S |Slow override for one IPL. |Full hardware diagnostics run. Use whenever hardware is changed, for intermittent hardware failure, and on the first installation IPL. The following diagnostics are run: \\ * Main storage tests \\ * CEC Inter-chip interface tests (wire test) \\ * Extended Logical Built-in Self Tests. |
|SE |Hardware upgrade. |Support-directed procedure only. |
|V=F |Use system-defined speed. | |
|V=S |Use system-defined speed. | |
|V |Fast IPL or slow IPL set by the system value (selected at function 02). |Function 02 selection or the system default at each IPL. |
=== Links ===
* [[https://publib.boulder.ibm.com/iseries/v5r2/ic2924/info/rzal2/rzal2startstop.htm|Start and stop iSeries]] (ibm.com)
* [[https://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzal2/rzal2cpdetails.htm|Control panel buttons, lights, and indicators]] (ibm.com)
* [[http://as400bks.rochester.ibm.com/html/as400/v4r5/ic2924/v4r5hwpdf/pdf/y4459023.pdf|AS400 service functions]] (ibm.com)
* CHGIPLA: [[http://www.itjungle.com/fhg/fhg050212-story03.html|Secrets Of The IBM i IPL Parameters]] (itjungle.com)
* [[http://www.mcpressonline.com/operating-systems/ibm-i-os400-i5os/secrets-of-ipls-exposed.html|Secrets of IPLs exposed]]
===== Boot into DST =====
* function 21 + Enter, QSECOFR password
* [[https://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzamh/rzamhaccess.htm|https://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzamh/rzamhaccess.htm]]
* [[https://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzamh/rzamhrecover.htm|Recover or reset QSECOFR passwords (QSECOFR user profile vs service tools user ID)]]
===== Console settings =====
If there is an error code a6005008 on display, a console is either off, in wrong port (for Twinax must be port 0, address 0 to be the system primary console) or misconfigured. There is a [[http://archive.midrange.com/midrange-l/200604/msg00320.html|good howto on midrange.com ML]] about configuring the console from the front panel. (If you go from 65+21 to 11 to see your changes wait a little bit, it takes ~5-10s to apply and display correct values). System *probably* must be in the manual IPL mode.
You can view and change settings of the Twinax console itself using Shift-SetUp keys - remember it should be configured to be port0, address 0 and one display only.
===== Operations console =====
[[:project:iseries_operations_console_intermediate_configuration|iSeries Operations Console Intermediate Configuration]]
===== Access =====
==== tn5250 ====
Telnet 5250, or TN5250 describes either the process of sending and receiving 5250 data streams using the Telnet protocol or the software that emulates a 5250 class terminal communication via that process. TN5250 allows a 5250 terminal emulator to communicate over a TCP/IP network instead of an SNA network. Standard telnet clients cannot be used as a substitute for TN5250 clients, as they use a different data stream format.
[[http://tn5250.sourceforge.net/|"green console"]] on your pc/ntb
* [[http://permalink.gmane.org/gmane.comp.emulators.tn5250/1520|SSL2 patch]] for Ubuntu client
--- sslstream.c 2008-11-21 09:12:21.000000000 +0100
+++ sslstream-new.c 2014-10-18 04:56:12.000000000 +0200
@@ -368,16 +368,13 @@
methstr[4] = '\0';
}
- if (!strcmp(methstr, "ssl2")) {
- meth = SSLv2_client_method();
- TN5250_LOG(("SSL Method = SSLv2_client_method()\n"));
- } else if (!strcmp(methstr, "ssl3")) {
- meth = SSLv3_client_method();
- TN5250_LOG(("SSL Method = SSLv3_client_method()\n"));
- } else {
- meth = SSLv23_client_method();
- TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
- }
+ if (!strcmp(methstr, "ssl3")) {
+ meth = SSLv3_client_method();
+ TN5250_LOG(("SSL Method = SSLv3_client_method()\n"));
+ } else {
+ meth = SSLv23_client_method();
+ TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
+ }
/* create a new SSL context */
{{:project:as400.png }}
==== tn5250j ====
is an Java alternative client ([[http://tn5250j.sf.net|http://tn5250j.sf.net]])
===== OS/400 instalation =====
* Instalation must be performed in mode **01 A M V=F**.
* [[:project:mainframe:os400-instalaceos|OS/400 instalace OS]]
* [[:project:mainframe:os400-cheatsheet|OS/400 commands]]
===== System Reference Codes =====
* [[:project:mainframe:ipl-status-src|OS/400 IPL status SRC R5v4]]
* [[https://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzamf/rzamfiplsrcfinder.htm|IPL system reference code finder]]
===== Hacking =====
* [[http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Carmel/bh-eu-06-Carmel.pdf|http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Carmel/bh-eu-06-Carmel.pdf]]
* [[https://www.sans.org/reading-room/whitepapers/basics/as-400-iseries-comprehensive-guide-setting-system-values-common-practice-securi-425|OS/400 security settings]], [[https://publib.boulder.ibm.com/iseries/v5r1/ic2924/books/c415300515.htm|Tips and Tools for Securing Your iSeries]]
* [[https://www.youtube.com/watch?v=JsqUZ3xGdLc|DEF CON 23 - Bart Kulach - Hack the Legacy: IBM I aka AS400 Revealed]] (youtube.com), [[https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Bart-Kulach-Hack-the-Legacy-IBMi-revealed.pdf|pdf]]
* [[https://www.professionalsecuritytesters.org/article-print-310.html|Reverse shell using netcat on AS/400]]
===== Passwords =====
[[https://www.youtube.com/watch?v=BtbCJSmf48c|How to reset ASMI passwords on a IBM POWER5 server (9131 model)]]
===== Links =====
* [[https://wiki.midrange.com/index.php/History_of_OS/400History of OS/400|]]
* [[http://docplayer.cz/4252667-Zaklady-as-400-vladimir-zupka.html|Základy AS/400. Vladimír Župka]]
* CL commands: [[:project:mainframe:commands|project:mainframe:commands ]]
* texas400: [[http://www.texas400.com/tutas400toc.html|tutorial]], [[http://www.texas400.com/favtiptech.html|tips]], [[http://www.texas400.com/showcaseart.html|etc]]
* [[https://www.helpsystems.com/resources/articles/three-ifs-security-weaknesses-you-must-secure-now|IFS Security Weaknesses You Must Secure Now]]
* Instalation
* [[https://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzahc/rzahcswsmedialabel.htm|Media labels and their contents]]
* [[https://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzahc/rzahcswsb29xx02.htm|Standart set products]]
* [[http://www-01.ibm.com/support/docview.wss?uid=nas8N1015080|License Key Requirements for V5R4M0]]
* [[http://www.redbooks.ibm.com/redpapers/pdfs/redp4163.pdf|OpenSSH for i5/OS]]
* [[http://as400training2all.blogspot.cz/2014/10/what-is-as400.html|http://as400training2all.blogspot.cz/2014/10/what-is-as400.html]]
* [[http://public.dhe.ibm.com/systems/power/docs/systemi/v5r4/v5r4PDFListAll.html|API]]
* [[http://wiki.midrange.com/index.php/Serial_number|Serial number]]
* [[https://www.redbooks.ibm.com/redbooks/SG246251/css/SG246251_135.html|Pass DTS]]
===== Misc notes =====
* in case telnet/tn5250 is failing check number of virtual devices allowed
==== Add secondary SECOFR ====
- [[https://www.ibm.com/support/knowledgecenter/ssw_i5_54/cl/crtusrprf.htm|CRTUSRPRF]] USRPRF(BRMSEC) PASSWORD(MYSECRETPASSWORD) USRCLS(*SECOFR) SPCAUT(*USRCLS)
- under SECTOOLS (menu 3 10 8) add user to active profile list
- in case CPF1110 happened as a response to auth attempt [[https://www-01.ibm.com/support/docview.wss?uid=nas8N1017629|read this]] \\ after "CHGSYSVAL SYSVAL(QLMTSECOFR) VALUE('0')" QSECOFR is also able to log in via telnet
===== ToDo =====
* doinstalovat
* iSeries Access Family (5722-XW1)
* [[wp>ISeries_QSHELL|QSHELL]] (5722ss1-0030)
* ILE COBOL (?) 0 5722wds-0041
* daykill400, [[https://github.com/hackthelegacy/hack400tool|hack400tool]]
=== Presentations ===
[[https://brmlab.cz/event/as400clcobol|https://brmlab.cz/event/as400clcobol]]
\\