in this tutorial I’m gonna show a quite advanced script to update the root password of openELEC or LibreELEC.
Try it out, but there is no guarantee that this is bug free!
Tested with openELEC v4.0.6, v4.2.1, v5.0.8 and openELEC v6.0.0
Tested with LibreELEC v7.90.002
Why should I change the root password at all?
I’m a security fetishist.
I need to use secure password I can’t even remember, because they are generated (I use
Now that I may want to reach my Pi from outside of my LAN, I needed to replace the password when I’m gonna connect from the WAN area…
There is a way to authenticate via public-private keys, but somehow this didn’t worked for me (and I’m 100% sure I’m doing it right, because Dustplanet is using SSH Keys for connecting, too ;))
However the wiki does state it is not possible to change the password. But that is wrong!
I could have compiled openELEC/LibreELEC from the source but that’s not what I wanted.
Some research was needed
I made some research and found out that openELEC/LibreELEC is a squash filesystem that is mounted read only.
Under the hood there is a /etc/shadow hash file where the root password is stored.
I managed to mount the filesystem writeable (unsquash it), changed the password and made a squash filesystem again.
But I had to do this the manual way.
The idea was simple, I needed to write a script that perfomrs the process automatically.
Not as easy as I thought, but I managed it. 🙂
After hours of testing and coding (and even deleting my “live” openELEC) I successfully changed the root password!
How does it work
Basically it just mounts the openeELEC image (flash) from your SD card again (looped) and enables read and write access.
A new password hash is generated with mkpasswd and the macOS version uses passlib.
The old password gets replaced and the updated files are used for a new squashfs which is copied back.
Well you can do it on macOS, too!
I wrote an extra article about it, here https://dustpla.net/2d6RT
Why you can’t do this on newer Macs
I tried to do all the setup with my virtual machine on my MacBook Pro Late 2013.
However, I found that I was unable to connect my SD card to my VM…
VMWare has an article about this issue.
That means it’s an unfixable issue and you will need a real linux operation system (or an OS booted from CD/DVD or USB)
However, with an external SD card reader like Transcend TS-RDF5K it’s not a problem anymore!
You will need to install two additional packages on your Linux
sudo apt-get install whois
to generate a new password hash for the /etc/shadow file.
sudo apt-get install squashfs-tools
to pack and unpack the suqash filesystem.
Run the script
I just want to be on the safe side:
THIS SCRIPT COMES WITH 0% (ZERO) WARRANTY! BACKUP YOUR STUFF! I’M NOT RESPONSIBLE FOR ANY DATA LOSS AND THINGS MIGHT NOT WORK AS EXPECTED!
YOU HAVE BEEN WARNED
You will need to issue this script as sudo.
One thing you need to do manually:
Find out on which device and partition openELEC/LibreELEC is stored.
Take a look at
sudo fdisk -l
for example (small L, will list all devices)
sudo ./openELEC [password] [device] (hash) (user)
the  brackets are required, but if not supplied the script is asking for input
the () brackets are optional. (You could use a different hash like sha256 or another user)
There is an option to create a backup of the current openELEC/LibreELEC image, so you can recover any data when something goes wrong.
There is also support for BerryBoot stored images!
AND NOW FOR THE DOWNLOAD:
If you want you can grab it directly with wget and make it executable
wget https://gist.githubusercontent.com/timbru31/cc2a323b88a652e6c850/raw/2414c30cef5b64a92e16267d0435aadabec7daa2/openELEC.sh && chmod +x openELEC.sh
Alternatively use curl
curl -O https://gist.githubusercontent.com/timbru31/cc2a323b88a652e6c850/raw/2414c30cef5b64a92e16267d0435aadabec7daa2/openELEC.sh && chmod +x openELEC.sh
Sources // Thanks to
A very big thanks to Keith Wright with his blog post, which showed it’s possible to change the root password: