Spoofing an OpenSolaris X86 hostid

Posted on May 22, 2010

hostid’s on SPARC are handy things because through the PROM they are tied directly to the hardware. On Solaris X86, not so much. They are “soft hostids”, software emulated and essentially randomly generated. Because of this fact, it is easy for an upgrade or accidental deletion to wipe out the hostid and potentially cause you problems.

This post applies only to Nevada based installs post-snv_100. Or, more specifically, following the integration of “PSARC/2007/078 Hostid for X86 systems”. For information about the sysinit module and how things worked on X86 prior to snv_100, please see the excellent post The dark side of the source – hostids by Frank Hofmann.

So the hostid is generated during installation and stored in /etc/hostid. This file contains 2 lines, a comment line and the encoded hostid. A valid hostid is 7 hex chars or less, padded to 8 hex numbers. Therefore, 0x0fffffff (zero followed by 7 f’s) is valid, whereas 0xffffffff (zero followed by 8 f’s) is not. To be clear again, these are hex numbers, not ASCII characters.

To set it we first edit /etc/hostid with vi to remove the second line, such that only the comment on line 1 remains. (Backup the hostid file if you think you might want it again later, or if your just playing around). Then we use a bit of PERL (based on an extraction from the method of the hostid service) to add in the encoded hostid. To make it effective update the boot archive (always do this manually! don’t assume reboot will do it!) and reboot:

# echo "0x0ddb00b5" | /usr/perl5/bin/perl -e 'print("\""); while(<STDIN>){chop;tr/!-~/P-~!-O/;print $_;} print("\"\n"); exit 0;' >> /etc/hostid
# sync;sync
# bootadm update-archive
updating /platform/i86pc/amd64/boot_archive
updating /platform/i86pc/boot_archive
# sync;sync;reboot

When the box comes up you’ll have your new hostid!

# hostid

If for some reason you get a hostid of 00000000 or a warning that the hostid is invalid, you either got the value too large or encoded it wrong in /etc/hostid. Check that you pasted the code above properly and try it again.

Please note, I assume you’re not doing this to be naughty. I only spent time to figure this out because I had several systems which for some reason got stuck with 00000000 hostid’s (likely because something went wrong during jumpstart).