Hi, long term user here but first time posting, never had anything before I couldn’t fix with a quick google search but this has got me stumped.
So this is a bit of a two part question, here we go
I built a project that controls a water filtration system in my garage that switches relays and solenoids, it was written on a 2016 version of raspbian, I didn’t update because had no intention of connection to internet and everything worked just fine as I wanted before so didn’t want to risk updating and possibly breaking something so left it as it was, lately I’ve added a feature that emails me the logs so updated everything and went about securing the pi ready to go online.
So first of all I changed the password then set it running updates and came back later, after the updates I rebooted the pi but after reboot the password had reset to before, hmmm seems suspect to me so went ahead and formatted the card ready for a new installation of a brand new version of raspbian, used sd formatter and formatted the card and renamed it pi, when the card remounted it was still called boot and had files in it, if I manually delete the files then remove the sd card and put it back in again the files re appear, same every time it’s formatted.
It would seem to me this card has been compromised and has some type of persistence installed into a hidden partition that keeps putting the files back which are probably some type of backdoor, this must be what is causing the password to change back after every boot.
If anyone could give me some pointers on how I can learn how to dissect this sd card and remove what’s on it that would be great.
That leads us into the next part, so after that I swapped to a different sd card, formatted it and everything worked great, card is totally blank so I installed the newest version of raspbian using dd from the command line of my Mac, it copied the iso onto the card which I then put into the pi and went about installation and setting up new user with sudo rights, put my scripts on blah blah blah, so everything now is back to how it should be with a new installation of the newest version of raspbian, brilliant everything works fine, right so I’d better back up this card onto another card, back to the Mac and dd to copy the contents of the sd card to .img
Then using dd again to copy the image back onto a new card, everything seemed to work fine until I put it in the pi and get an error message on boot
Formatted card and tried again with the same result, made another image of the card and did it all over again onto another card and it did it again.
Downloaded the latest version again, installed to a fresh card made another .img and dd to sd card again, all went fine again, put it in the pi and the same error message
0.985817 kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(179,2)
I’ve looked into the error message and it seems there are people who have similar to me but not the same.
I just can’t get my head around this, it’s worked in the past no problem but for some reason now it just won’t play ball.
Is there something with raspbian now that doesn’t let you copy sd cards using dd on a Mac?