Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > More E-Book Readers > iRex > iRex Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 08-16-2006, 08:23 AM   #1
Alexander Turcic
Fully Converged
Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.
 
Alexander Turcic's Avatar
 
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
iLiad Firmware 2.6 files ready to be disassembled

For the binary-obsessed, unquenchable Linux junky, there may be nothing more tantalizing than having access to the files of a Linux system. So are you interested in tinkering with yesterday's firmware upgrade for the iLiad? Then jump over here where you can find the userland files and the kernel image - both in virgin form before the upgrade was actually started.
Alexander Turcic is offline   Reply With Quote
Old 08-16-2006, 08:33 AM   #2
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,583
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
Wow. I mean wow! Just look at /usr/bin/do_updates!

Code:
<snip>

#
# SSH server and root password checks
#

updates_done=0
new_password='b64NybVuHUa/U'

echo -n 'Checking for patches:'

if [ -x /usr/sbin/dropbearmulti ]
then
        echo -n ' rm_sshd'
        /usr/bin/ipkg remove -force-depends dropbear
        updates_done=1
fi

if [ "`grep '^root:' /etc/passwd | cut -d: -f2`" != "${new_password}" ]
then
        echo -n ' passwd'
        sed -i "s,^\\([^:]*\\):[^:]*:0:,\\1:${new_password}:0:," /etc/passwd
        updates_done=1
fi

if [ "${updates_done}" -eq 0 ]
then
        echo -n " none"
fi
echo .
Someone really doesn't like us to have SSH access, right?
TadW is offline   Reply With Quote
Advert
Old 08-16-2006, 09:07 AM   #3
doctorow
Guru
doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.
 
doctorow's Avatar
 
Posts: 914
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
So basically we need to change the script to add a password we know and maybe remove the dropbear delete code, and then - and I guess that's the harder part - find a way to get it back to the iLiad?
doctorow is offline   Reply With Quote
Old 08-16-2006, 09:43 AM   #4
deadite66
Groupie
deadite66 began at the beginning.
 
deadite66's Avatar
 
Posts: 197
Karma: 16
Join Date: Apr 2006
Device: irex iliad, uk Kindle gen3
hehe glad someone else was able to get it, my attempt failed yesterday.
deadite66 is offline   Reply With Quote
Old 08-16-2006, 10:43 AM   #5
Tscherno
iLiad Geek
Tscherno began at the beginning.
 
Tscherno's Avatar
 
Posts: 110
Karma: 10
Join Date: Jul 2006
Location: Regensburg / Germany
Device: iLiad #505; Sony T1, Amazon Paperwhite first Gen & sec is coming!
Quote:
Originally Posted by Alexander Turcic
For the binary-obsessed, unquenchable Linux junky, there may be nothing more tantalizing than having access to the files of a Linux system. So are you interested in tinkering with yesterday's firmware upgrade for the iLiad? Then jump over here where you can find the userland files and the kernel image - both in virgin form before the upgrade was actually started.
How did you get the files?!?
Tscherno is offline   Reply With Quote
Advert
Old 08-16-2006, 11:15 AM   #6
Alexander Turcic
Fully Converged
Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.
 
Alexander Turcic's Avatar
 
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
Quote:
Originally Posted by Tscherno
How did you get the files?!?
From Tad through capturing the packets.
Alexander Turcic is offline   Reply With Quote
Old 08-16-2006, 01:15 PM   #7
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
Quote:
Originally Posted by deadite66
hehe glad someone else was able to get it, my attempt failed yesterday.
I am not alone anymore :-)

Serious congratulations to the author of the Man-in-the-Middle attack. While it is theoretically standard, it is not easy when you only have one try.
arivero is offline   Reply With Quote
Old 08-16-2006, 01:28 PM   #8
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
Quote:
Originally Posted by TadW
Wow. I mean wow! Just look at /usr/bin/do_updates!
Someone really doesn't like us to have SSH access, right?
It could be claimed that it is a generic security "improvement", but it really address a honestly installed dropbear, not a hidden one from any cracking tool. Nice mine trap in any case, because do_updates was a inert script in previous version (old-root linuxrc doing the real update work) so nothing was expected to jump from it.

At least it is not a personal mine: it does not frozen the iLiad to extract 75 euros from you. On the other hand, it should not be sensible to do it, as an iLiad owner have the right to look into the internals of the firmware (except for propietary code as DisplayMgr and so).
arivero is offline   Reply With Quote
Old 08-16-2006, 03:06 PM   #9
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
HEY, IT IS NOT AGAINST US. Obviously (but it took me one hore walking/thinking) any crack would not bother on installing a .ipkg, it is too critical. And not exacly this .ipkd in any case.

So what is it? It is a tool to remove Irex's own backdoor. It means that irex service will be able to reinstall the package, perhaps remotely, perhaps from a key combination if it is already inside. And it is a security requirement to remove the package on restart even if the engineer forgets to do it.

(The other possibility is that it is a script done as result of lack of coordination between the hierarchy of analysts and programmers at iRex, and while it is typical of a big company, it should be surprising in a small intimate one as iRex is. On the other hand, if it is happening, it could signal corporate paranoia... for instance, any engineer at iRex acting on this forum or trying to contact any member this forum would risk punitive measures and so on. I have seen it to happen in corporate entities and I hope it will not move in this direction)

Last edited by arivero; 08-16-2006 at 03:13 PM.
arivero is offline   Reply With Quote
Old 08-16-2006, 03:22 PM   #10
b_k
Übernerd
b_k is on a distinguished road
 
Posts: 238
Karma: 74
Join Date: Jun 2006
Location: Germany
Device: iRex iLiad
anyone looked into ipkg.conf?

Code:
dest root /
lists_dir ext /var/lib/ipkg

src oe http://10.56.210.143/ipk
The last line is interesting I think. Could they run ipkg over the ssl-tunnel and remotely install packages?
b_k is offline   Reply With Quote
Old 08-16-2006, 10:03 PM   #11
lhl
Webmonkey
lhl began at the beginning.
 
Posts: 7
Karma: 10
Join Date: May 2006
Location: SF Bay
Device: iLiad
Anyone have a capture of the HTTP/HTTPS calls and/or the update/boot details?
lhl is offline   Reply With Quote
Old 08-17-2006, 03:37 PM   #12
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
Quote:
Originally Posted by b_k
anyone looked into ipkg.conf?

Code:
dest root /
lists_dir ext /var/lib/ipkg

src oe http://10.56.210.143/ipk
The last line is interesting I think. Could they run ipkg over the ssl-tunnel and remotely install packages?
"the ssl-tunnel"?? Do you assume there is one?
arivero is offline   Reply With Quote
Old 08-17-2006, 03:46 PM   #13
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,583
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
I think it's just a ipkg feed server in their intranet. Note this is a private LAN address.
TadW is offline   Reply With Quote
Old 08-17-2006, 04:06 PM   #14
b_k
Übernerd
b_k is on a distinguished road
 
Posts: 238
Karma: 74
Join Date: Jun 2006
Location: Germany
Device: iRex iLiad
Quote:
Originally Posted by arivero
"the ssl-tunnel"?? Do you assume there is one?
i think i said it wrong.
i was thinking, since it is a private IP, could it be that they somehow involve or plan to use the ipkg package manager to do software updates over the IDS connection.

Maybe this is more clear.
b_k is offline   Reply With Quote
Old 08-18-2006, 04:56 AM   #15
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
Quote:
Originally Posted by b_k
i think i said it wrong.
No, it was clear enough. But it would imply to install the tools for the tunnel, a excesive effort. But not impossible.
arivero is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
New Revised March Firmware Upgrade Ready Robertb Astak EZReader 43 07-01-2010 11:49 AM
OK -- I'm about ready to downgrade the firmware maxbookworm PocketBook 14 06-18-2010 03:36 PM
jetBook New Firmware v033c is Ready! sein Ectaco jetBook 80 08-12-2009 11:00 AM
Book Designer iLiad module is ready for testing vvv iRex 16 09-21-2006 12:57 PM
So is the Iliad really production ready and is the market ready for e-readers? pdam iRex 28 09-14-2006 05:24 PM


All times are GMT -4. The time now is 09:08 PM.


MobileRead.com is a privately owned, operated and funded community.