[geekmaster]

I just extracted the passwd and shadow files from my DXG running 2.5.8, and ripped it with John the Ripper. It found fionaXXX (3 hex digits after fiona). That is the same password as my command above gives.

I can log in with that password with usbnet/etc/config K3_WIFI="false" (which allows any password to work over USB), but when I set that to "true", I cannot ssh in using either the 3 or the 4 hex digit fiona password. I need to telnet in and change K3_WIFI back to "false".

Does the usbnet Wi-Fi "true" option only work with *real* Wi-Fi hardware (which the DXG does not have)? It would be nice to restrict USB sessions to using the real password even if no Wi-Fi hardware.

After I telnet in, from a kindle command prompt, I can do a login command, and for root, it only accepts the 3 hex digit fiona password (from the md5sum, or from the John crack).

Attached is my wordlist with all possible 3 and 4 hex digit "fiona" passwords. John found my password in 0.00 seconds using this list.

unshadow passwd shadow
john passwd --wordlist=fiona_wordlist

Of course, it may be faster to cut the digits from the md5sum of the serial number.