Quote:
Originally Posted by arivero
Moreover, I think they have actually not countered our measures; just it happens they needed more controo on the pdf to store the pagenumber.
BUT they have also rewroten the configuration, wiping any new reader instaled in 2.4.
|
Hmm, i think all the loopholes have been closed due to our findings.
Why should storing the pagenumber render the starting of external programms useless? I think the just turned off all links in xpdf, as normal links dont work either anymore.
They removed dropbear (still dont know, why it was on there).
They put a password on the root user.
But all aplications still seem to run as root.
As for wiping configs. I would think that they replaced the complete /etc/ folder and exchanged a few binaries. All my configfiles have been removed aswell.
Since there is no direct access method, there must be some way to flash the device.
The only open port now is 6000 which must be the X11 port.
So now we can only get root access in four ways i can think of.
find an exploit for the X11 on port 6000.
find an exploit with minimo.
find an exploit with xpdf.
find flash mechanism.
so far i dont know any. Do you?