!attention!
method requiring physical access to cmu with high risk, provided without detailed command, just steps.
The problem is that we need to make a memory dump of the spi flash drive.
- dump spi flash chip content (use ch340a and flashrom, or something like that)
- extract the squashfs image from it (located at address 0x070000),
- unpack squashfs,
- replace the password in passwd file
- pack everything back to squashfs image.
- insert squashfs image back on same offset 0x070000 of dump.
- flash modified dump back into cmu and freely use the serial console with the password we set.
- profit.