I've modified the user hack from Ali a little bit:

The browser from R2D2 is included
The Wireless script isn't started directly anymore
It starts the script user_wlan.sh which can be modified to include your SSID and WEP-Key
The PDF includes a button to chmod the user_wlan.sh


Have fun

Edit: Added chmod

Is that really working? Even if the user_wlan.sh is not set +x?

And you need an "enc" before the WEP key, and the script name for wireless is wireless.sh
So it should be something like this:

#Enter your values below. Wep-Key is optional
ssid="INSECURE"
wep_key=""

if ["$wep_key" = ""]
then /usr/bin/wireless.sh start $ssid
else /usr/bin/wireless.sh start $ssid enc $wep_key
fi

Is that really working? Even if the user_wlan.sh is not set +x?

Damn forgot this. I couldn't try it - i'm at work at the moment. Should be possible to chmod it from the pdf, should'nt it?


And you need an "enc" before the WEP key.
So it should be something like this:

#Enter your values below. Wep-Key is optional
ssid="INSECURE"
wep_key=""

if ["$wep_key" = ""]
then /usr/bin/wired.sh start $ssid
else /usr/bin/wired.sh start $ssid enc $wep_key
fi

You are right - i'll change it.

Damn forgot this. I couldn't try it - i'm at work at the moment. Should be possible to chmod it from the pdf, should'nt it?


I think so. As long as we run as root :)

Ok i changed the files. Please try.

you read about the "improved security" fix in v2.5?

i think i know what this might mean. :\

you read about the "improved security" fix in v2.5?

i think i know what this might mean. :\
Where do you read about this?

Where do you read about this?

Irex Homepage.
They say the OS 2.5 is due today and it mentions improved security.

in "my iliad has arrived..." is a list with the v2.5 changelog


And i wanted to try setting up a toolchain next week :(

I really hope improved security just means that we can set the admin password ourselves so we can use it in insecure networks. But i don't believe it...

in "my iliad has arrived..." is a list with the v2.5 changelog


And i wanted to try setting up a toolchain next week :(

I really hope improved security just means that we can set the admin password ourselves so we can use it in insecure networks. But i don't believe it...

Why dont we just add another user? And make him able to login vis ssh and start the wired.sh script? Or do you think the update procedure is so etensive, that they change all files? :)

Why dont we just add another user? And make him able to login vis ssh and start the wired.sh script? Or do you think the update procedure is so etensive, that they change all files? :)
I think they simply deliver a new passwd file...

I think they simply deliver a new passwd file...
I hope so. Then it should still be possible to launch things from xpdf, with explicit user authorisation.

In fact a non guessable root passwort is a real need. A local network can have worms.

thus removing our new user.

nicht gut.

Yes - i think the best way is really to create an startup script, which creates an user, starts sshd and networking...

HOLY F***ING S***

i bricked my iliad.

i installed netcat (no problem), created a startup script containing the line to make netcat listen to a port and provide a shell (worked) and named it S25something.

The only thing i forgot: networking is enabled later :(

now the listening netcat blocks the iliad boot process. And i can't use netcat because the network interface is down.

damn.

now i'll be the one to figure out how friendly the iRex user support is. :\

Oh dear...well...it had to happen to someone sooner or later...I hope you'll get it fixes quick and cheap...:-(

Ouch!!!

Well, why is it not booting?

If they are taking money to fix it, we should probably start collecting money for him...

+1 set up paypal

SSH connection Refused after Updating to 2.5...
However PDF-Execution still possible! Now a script would be nice to get ssh access again?! Could Anyone provide one?

P.s.
Sorry to hear about the bricking...

thank you very much for proposing this.

unfortunately there's nothing we can do right now.

iRex Support tries to be very helpful, but


Dear Customer,

Unfortunately, our repair shop can not handle this. For the moment they can only handle mechanical problems.

Also, there are no tools available to "reflash"� it.

I will check with our development team what we can do and get back to you some time next week.

Sorry for the inconvenience.

Regards,

iRex shop


I guess it's your turn to play with v2.5 :)

Ouch.

Thats really bad news DHer.

It's hard to believe they can't reflash the iLiad, it seems very very odd that they are talking about providing an SDK for a machine which the user can't relash themselves in the first place.

so if an update failed they can't repair it O.o

You should tell them, that it happened after updating...

You should tell them, that it happened after updating...

What good would that do? They receive the iLiad, find it executing scripts they didn't put in... useless lie, methinks. :rolleyes:

@kristoffer

first we need to know if xpdf is still running as root (i assume they changed it if they are talking about "improved security").

next question: does the old script to switch on ethernet support still work? (see the green light at the travel hub)

If at least the second thing works, it should be no problem either to start the ssh daemon (if xpdf is running as root and it is still installed) or drop netcat (http://packages.debian.org/cgi-bin/download.pl?arch=arm&file=pool%2Fmain%2Fn%2Fnetcat%2Fnetcat_1.10-21_arm.deb&md5sum=32b62ca5a677d36abbe3be7a6db91abc&arch=arm&type=main) on the iliad (extract the binary, installing the package won't work without root), make it executable and execute "netcat -l -p 1234 -e /bin/sh" to spawn a netcat backdoor on port 1234. Then you can connect from your pc using netcat <IP> 1234 to get a shell on the device.

This is quite insecure, so don't do it somewhere else then in your home network.
AND DO NOT add this to the startup scripts.

Then you can go on, extract the passwd file (assuming they haven't shadowed it) and get the root password again - till there's the next update.

@kristoffer

...

next question: does the old script to switch on ethernet support still work? (see the green light at the travel hub)

...


First of all, great that you keep hanging in here!

Okay, the xpdf linking still does something, it opens the connection as after confirming the execution i am able to "surf", meaning clicking links and getting where i want to, and pinging the device is also possible...

The green light is illuminated!

please try the appended modified userhack.

copy the pdf and the arm folder in your "books" folder and tell me what happens if you try the new links.

it's great to be back to blind flight. :)

Edit: forgot to upload the tex file

is it possible to emulate the iliad on scratchbox so save potential bricking?

please try the appended modified userhack.

copy the pdf and the arm folder in your "books" folder and tell me what happens if you try the new links.

it's great to be back to blind flight. :)

Edit: forgot to upload the tex file

Okay I'll try, as long as you can assure me that it won't do the same thing to me that happened to you :scholar:

:)

Edit:
Uploaded the passwd.txt...

ok, they changed the password =)

why didn't they shadow it?

Hm so tested the other links...

i have currently just access to a windows system so I tried the windows version of netcat... but as I try to connect via "nc IP 1234" there is a small break and than nothing no message no console...

What if you type ls and return?

What if you type ls and return?

Sorry, expressed it a bit faulty... nothing in this case means it returns to prompt
awaiting the next command

C:\...

Great! After some more tries it seems to be working! ls gives me the contentlist!

Lol they really just set a root-pw...

Lol they really just set a root-pw...

And? cracked it already?

Not yet:

C:\Temp\john-16\run>john.exe c:\Temp\passwd.txt
Loaded 1 password (Standard DES [24/32 4K])
guesses: 0 time: 0:00:18:06 (3) c/s: 295862 trying: Covy27 - hbnfgH

aargh. that means the applications still run as root? x'D

now i'm really, really sorry that i broke my iliad trying to evade the "improved security" of this update.

aargh. that means the applications still run as root? x'D

i guess it does :)

No way to flash the device? They must be joking? On the other hand: If I would like to deter hacking attempts I would probably tell you the same. haha

haha.

on the other hand: which reason do they have to prevent us beta testers from testing it. I think they'd rather like to know now which holes exist then to learn about it the moment the drm is broken by someone getting root access.

And who knows, maybe some people from the board manage to create some interesting alternative application.

HOLY F***ING S***

i bricked my iliad.

i installed netcat (no problem), created a startup script containing the line to make netcat listen to a port and provide a shell (worked) and named it S25something.

The only thing i forgot: networking is enabled later :(

now the listening netcat blocks the iliad boot process. And i can't use netcat because the network interface is down.

damn.

now i'll be the one to figure out how friendly the iRex user support is. :\

Moral: always set-up an abort time.

On the other hand, I think there is some internal recovery method. Yesterday I installed xrvt. It worked (no typeface, but it was working) but this morning in the restart the keyboard was not showing. Next restart it was, but, surprise, it seems the installed packages have dissapeared. So it seems that it has refreshed from the original.

Lol they really just set a root-pw...

So they did the right option. Really it was a needed thing.

Has the sshd package been removed? Because if it is not there, we can get it from the backup of 2.4.

HOLY F***ING S***

i bricked my iliad.
:\

BTW, would do you mind to annotate yourself in the "first" list in the users wikipage?

seems like someone already did it :)

Yes, sorry, it was me, when I went to update my s/n, I noticed you were missing from the Hall of Fame. :p

thanks, Ela.
maybe i should print one of those "and all i got was this lousy t-shirt".

i bought an iliad
i hacked an iliad
i bricked an iliad
and all i got was this lousy t-shirt.
(and an entry in the hall of fame)

:)

Unfortunately i'll be more or less absent for the next few days (important exam next week tuesday).
Things i expect to be up and running until i'm back:
- fbreader compiled with the new toolchain
- hid module for the kernel
- the root password
- ssh daemon for 2.5
- a way to flash iliads using CF, SD or USB

so long, and thanks for all the fish =)

LOL! :D

Thanks for reminding me I have to read the Hitchhiker again, on the iLiad, it'll be a great experience. :)

(important exam next week tuesday).
So your subconscient responsability forgot the & in the rc.d thing in order to drive you into the exam. Have luck!

Is the hack supposed to work with yesterday's update? I tried and it didn't work for me.

I am afraid it is not working anymore. I have tryed to go step by step across the flashing of the software but is seems they have altered the upgrade procedure and I have gone into the full install too. So now I am as trapped as the rest of 2.5 people are.

Hmm STUPID!!!! I can not edit the linuxrc install file, it is in a readonly filesystem event if it seems a read/write! So my edits have not survived.

It kinda pisses me off that the iLiad can have internet connection and they deliberately cripple it. Having a wireless connection just for IDS is plain stupid.

It kinda pisses me off that the iLiad can have internet connection and they deliberately cripple it. Having a wireless connection just for IDS is plain stupid.

Yes it is.

Stick to 2.4 then? There is not way back :-(

also, the configuration file is wrote again, so the shell execution hack did not work neither.

actually everything in /etc/ got rewritten. All the files i put there are gone

/EDIT: probably they rewrite tho whole /mnt/protected

Things i expect to be up and running until i'm back: [...]


No problem. Just buy a handful of care&repair vouchers and they'll hire a few programmers. (let's say 20k euros worth of care&repair for a start)

Update:

i will buy care&repair vouchers, but only enough to restore my iliad. :)

just received the mail:


You may contact our help desk to open a ticket for repair.
They have been instructed how to proceed.

Expected repair costs are between 75 to 100E. You will be instructed to purchase vouchers for that amount at the shop.


the bright side: i'll have an working iliad again (yeah!)
the not so bright side: they most probably will install v2.5 :(

i'll keep you informed.

@ali:

You think compiling fbreader and an kernel module would cost iRex 20k€?
That's about 100 hours with a 200€/hour contractor.

I wanna know why they havn't even sent me the da**ed ticket number so I can sort mine out.

Update 2:


In the next few days you will receive a transport box, a return label and shipping instructions.

Please read the shipping instructions carefully and follow the steps and details provided.

The estimated costs for the repair of your iLiad will be 75,- €. as it is out of warranty.


Now it's official: Hacking your Iliad voids your warranty. ;)

if you want to get my t-shirt: http://iliad.spreadshirt.net/

Now it's official: Hacking your Iliad voids your warranty. ;)
It was to be expected. But then again, now we have a pretty good idea what the worst damage would be in monetary terms when one bricks his iLiad.

Btw, I love your t-shirt ;)