08-16-2016, 02:34 PM | #3706 |
Ex-Helpdesk Junkie
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
|
08-16-2016, 07:02 PM | #3707 |
Connoisseur
Posts: 57
Karma: 748
Join Date: Aug 2016
Device: Kobo Clara HD, Kobo Clara E2, Kindle 4 Keyboard 3G
|
Reread the readme and found nothing about it being able to change the root password so i have to figure out a way to change it i have root access through kual scripts
Okay i see how do i get the root password after updating to the latest firmware (wich changes it from the standard mario) usbnetworking gives me the ssh server but its rather useless without the root password ive tried echoing replacement content /etc/shadow but that just makes it so /none/ of the accounts can log in ive been considering running kubrick copying /etc/shadow to /etc/shadow.bak and then updating and replacing /etc/shadow with the content of /etc/shadow.bak would that solve the issue of the firmware updates changing my password? last night i acheaved my ssh server over wifi but i still cannot get a root shell over it ive tried using kual scripts to change the password but that doesnt work ether (dunno why yet) Last edited by fennectech; 08-16-2016 at 07:11 PM. |
Advert | |
|
08-16-2016, 07:11 PM | #3708 |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Do not double post on this forum.
Do read: https://www.mobileread.com/forums/sho...postcount=1617 Do you need someone to post a picture of the 'enter' key so you can find it on your keyboard? YOU DO NOT HAVE TO HAVE THE ROOT PASSWORD IF YOU FOLLOW DIRECTIONS The USBnetwork package already handles that for you - Just press the 'enter' key if you see a 'user/password' prompt from the kindle. OH, wait, you still have to buy a keyboard that has a working 'enter' key. You need to do that, it is an important key to have working on your keyboard. |
08-16-2016, 07:24 PM | #3709 |
Ex-Helpdesk Junkie
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
That would be the XY problem I spoke of.
But I have to learn of it from your other posts in other threads. Okay, fine -- you clearly don't want to engage in a conversation with us about your problem. So we will stop responding to you, and let you post your thought processes in peace. Just one request: please use your own personal thread. This one is supposed to be for getting help with the packages in the first post -- it is unfair to the other members to bump this thread (generating "new post" alerts). |
08-16-2016, 08:17 PM | #3710 | |
Connoisseur
Posts: 57
Karma: 748
Join Date: Aug 2016
Device: Kobo Clara HD, Kobo Clara E2, Kindle 4 Keyboard 3G
|
Quote:
|
|
Advert | |
|
08-16-2016, 09:41 PM | #3711 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
I.E: You can see its entire length and are expected to notice if someone has spliced in a wire tap. You are still having problems backing away from what you want done to think the situation through clearly. You are not inventing computer science here, that is a known field and some of us have been practicing it for over a half of a century. It is rather insulting for you to assume we haven't thought about and dealt with whatever seems to be a challenge to yourself. Believe it or not, there are people in this world with more knowledge and experience than yourself. Last edited by knc1; 08-16-2016 at 09:44 PM. |
|
08-21-2016, 07:29 AM | #3712 |
Evangelist
Posts: 475
Karma: 445678
Join Date: Feb 2010
Device: Too many..
|
ImageMagick vulnerability?
In my reading up on ImageMagick, I came across this:
https://imagetragick.com/ Are Kindles running the screensaver hack under risk? i.e by downloading a booby-trapped image? I would think(hope? ), that the Kindle OS mishmash of linux/java/javascript is too weird for any such exploit. Some mitigation steps are suggested. I assume NiLuJe would've incorporated them into the latest build..? |
08-21-2016, 08:20 AM | #3713 |
Groupie
Posts: 175
Karma: 54048
Join Date: Mar 2016
Device: PW3 5.6.5-usbnet
|
https://www.imagemagick.org/discours...=29588#p132726
'... We have secured the delegates in ImageMagick 7.0.1-9 and 6.9.4-7 by sanitizing the parameters. ...' I assume old versions are vunerable. Anyhow I'm not sure whether gif, png and jpeg images can be used to exploit this bug. There may be a small number (~zero) of users using svg as screensaver images. |
08-21-2016, 09:24 AM | #3714 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
And it is not NiLuJe's that one need worry about, that one can not be run without a jail break (there is an execute prohibit on visible usb storage until jail broken). The IM that ships as part of the system will certainly be old enough to be vulnerable. So all you need to do is feed it a properly formated, "bad", screensaver image filename. But stock Kindles do not accept custom screensavers on USB storage. It might be worth checking if using the built-in image viewer to view files from /images gives access to the built-in convert command vulnerability. |
|
08-21-2016, 10:47 AM | #3715 |
Evangelist
Posts: 475
Karma: 445678
Join Date: Feb 2010
Device: Too many..
|
The IM from lab126 is not available on customer image kindles.
It's only available on jailbroken kindles which have retained the factory image. Or is it still available somewhere on fresh kindles? |
08-21-2016, 11:43 AM | #3716 |
Ex-Helpdesk Junkie
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
The stock imageviewer is disabled (you can enable it using Collections Manager).
|
08-21-2016, 12:01 PM | #3717 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
I keep forgetting you are exploring factory_*_something for us. |
|
08-21-2016, 09:22 PM | #3718 |
BLAM!
Posts: 13,477
Karma: 26012464
Join Date: Jun 2010
Location: Paris, France
Device: Kindle 2i, 3g, 4, 5w, PW, PW2, PW5; Kobo H2O, Forma, Elipsa, Sage, C2E
|
Thanks for the link, I somehow missed that batch of CVEs...
Yeah, current builds should use a saner-ish version, I'll probably tweak the delegates config just to be safe, though . As was mentioned, irrelevant for vanilla devices, though, I'm not even sure IM is actually used by anything (it used to (or still does?) live in /usr/local, which should tell you something ). |
08-22-2016, 07:44 AM | #3719 |
Evangelist
Posts: 475
Karma: 445678
Join Date: Feb 2010
Device: Too many..
|
The images in a book can be zoomed and panned. Could it be used for that?
/usr/local/bin which contains lab126's convert is empty in the customer image of current Kindles. Only the kindles jailbroken with the latest method have it intact. That too, only if they retain the initial factory image. An update to a later version would again wipe it out. |
08-22-2016, 11:29 AM | #3720 |
Groupie
Posts: 175
Karma: 54048
Join Date: Mar 2016
Device: PW3 5.6.5-usbnet
|
Updating screensaver to the latest version is likely a good idea. Even though it seems that exploiting this bug using PNG or JPG images from within the ss code may be tricky. I assume that SVG or MVG images are not used by common users.
|
Tags |
fonts, fw3, hack, jailbreak 3.1, niluje's hacks, screensavers, usbnet |
Thread Tools | Search this Thread |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
USB network can't connect | Slusho64 | Kindle Developer's Corner | 22 | 01-23-2013 09:00 PM |
USB Network help? | XxKryoxX | Kindle Developer's Corner | 6 | 12-31-2012 08:47 AM |
Is there a hacks to install Time to read feature in other Kindles ? | Biberkopf | Kindle Developer's Corner | 1 | 11-27-2012 04:08 PM |
Hacks DXG Font hacks ? | nimblem | Amazon Kindle | 2 | 09-21-2010 03:35 PM |
Font Hacks | wildchild06241 | Introduce Yourself | 5 | 06-24-2010 08:08 PM |