fiona root password wordlist

[geekmaster]

Quote:

Originally Posted by seaniko7

Hi,

I've seen on irc that you have wordlist for cracking fiona**** password in Kindle.

Would you mind sharing it ?

Cheers

Sure. You can download the list below in either tar.gz or zip file format.

This list contains all possible fiona*** and fiona**** passwords. For some reason, most posts on mobileread say that they need four hex digits after fiona, but on all five of my kindles, I only need three hex digits, so I included both types in this wordlist.

Why:

Spoiler:

Although you can get the fiona password by cutting three or four hex digits from the md5sum of your kindle serial number, I created this list so I could use John the Ripper to quickly verify the md5sum password with what was encrypted in the /etc/shadow file. I copied my kindle /etc/passwd and /etc/shadow to my linux PC, used the John "shadow" command to combine them, and then used my wordlist to crack the root password. John said it found my root password in 0.00 seconds. That is "infinitely" faster than using a brute-force crack (for math-heads: division by numbers approaching zero yields a quotient approaching infinity.) .

How:

Spoiler:

You can create your own fiona wordlist with a simplistic (but tedious) linux command. I know that there are better ways to do this, but my bash skills are rusty and this way got the job done without needing to RTFM.
I used copy/paste to minimize typing. Here is my one-line (3 hex digit) fiona wordlist generator:
for i in 0 1 2 3 4 5 6 7 8 9 a b c d e f; do for j in 0 1 2 3 4 5 6 7 8 9 a b c d e f; do for k in 0 1 2 3 4 5 6 7 8 9 a b c d e f; do echo fiona$i$j$k >> fiona_wordlist; done; done; done
and then I did that again after inserting another copy of the loop before the echo using a new loop var and adding that var onto the fiona password.

Using this wordlist, John the Ripper reported that my root password had three hex digits after fiona.

Also, as reported in the IRC channel, some kindles use mario for a root password (in diagnostic mode).

Please use this wordlist for honorable purposes. Thanks.

UPDATE: All default root passwords 8 characters or less, such as fionaXXX (3 hex digits). The are DES-hashed so they are truncated to 8 characters. Any new password created with "passwd" is MD5-hashed and uses all characters.

[ryran]

Slightly OT: I know you probably don't really care, but who knows--it might come in handy some day, so.... for future ref, BASH can do number & character generation via curly-bracket statements, e.g., you can replace the numbers & letters in each of your for loops with {0..9} {a..f}.

(PS: Number generation has been around for a while, but character-generation might have been added in bashV4.)

[NiLuJe]

Yup, it's a bash vsomething feature. (And isn't supported on the Kindle's version of busybox, which is built without bash compatiblity, at least on K2/K3, where we can instead use seq for number generation, at the expense of a fork).

[geekmaster]

Thanks for the pointers. I was just in a hurry and chose not to RTFM at that moment in time, and my memory for details like that just "ain't what it used to be".

Okay, I am an old-timer in this industry.

In the REALLY olden days, disk drives* were the size of a laundromat washing machine, and their removable multi-platter disk packs* held what at the time was considered a staggering amount of storage (an entire 512 Kbytes -- yes, that's right, a 10 kilogram removable disk pack held 0.0000005 terabytes). They were so expensive that they were used only for really important random access data (and temporary "scratch" files, sort of like virtual memory). Most data was stored on punch cards, with the more valuable stuff on spools of 7-track or 9-track magnetic tape, with data bits so large you could see them with the naked eye by sprinkling powdered iron on them. I had my own personal keypunch machine in my basement, and my own ASR-33 teletype (with paper tape punch) in my living room.

When I was doing the quick-and-dirty one-liner above, it was just a "one off" script, and after trying square brackets with the ".." did not work, I just brute-forced it with a hex digit list. That actually made sense, because it was faster to type 16 hex digits and copy/paste it than it would have been to look up the correct syntax. I was tempted to clean it up before publication above, but I decided to show that doing things the "hard" way is sometimes faster than doing it the "right" way, and getting it done quickly in a way that works is what really matters, rather than trying to earn "style points"...

There is a nice "Unix Rosetta Stone" that has been around for decades, that I kept posted on the wall near my desk: http://bhami.com/rosetta.html

There are *always* better ways to be found given enough time, but sometimes "good enough now" is better than "more better later".

* ADDENDUM:

Disk packs were about the size of a small car tire. Here is a photo of one:

http://www.tpsoft.com/museum_images/...20Pack%202.JPG

And here is a photo of a disk drive that used them (hint: the buttons on the front are about 1 inch by 1 inch):

http://www.computermuseum.li/Testpag...A60A-270MB.jpg

[ryran]

@geekmaster:
I'm always game to hear first-hand accounts of the days before I was using computers, but for the record.. to be absolutely clear, I wasn't in any way trying to: one-up you / criticize you / get style points / make it seem like I knew more than you. I heard you when you said you just didn't feel like looking it up, but it was simple for me to share (aside from python, which I'm learning, BASH is my only programming expertise).

Re the apple-2/3 story: That is wild. I know Apple HAS played and will continue to play an important role in terms of development/innovation of computers, but ... bleh, none of their products have ever really sat right with me. I'm sure glad we have choices.

[DustyDisks]

Quote:

Originally Posted by geekmaster

Thanks for the pointers. I was just in a hurry and chose not to RTFM at that moment in time, and my memory for details like that just "ain't what it used to be".

Okay, I am an old-timer in this industry. I have been a computer programmer for about 45 years now.

Getting close myself to be able to carry the title, "One Day Older Than Dirt!). I have played with and used some of the equipment in your post. That was the days that "Floppy" disks were really floppy.

Peace !



Edit: May well someday swap war story's!

[geekmaster]

Quote:

Originally Posted by ryran

... for the record.. to be absolutely clear, I wasn't in any way trying to: one-up you / criticize you / get style points / make it seem like I knew more than you...

I took no offsense from your comment, and that's why I started with "Thanks for the pointers." I realize that inserting a comment like that into a thread is to add a tip or clarification to assist other readers following the thread, and I do it myself.

Your feedback is appreciated. I just felt like since I started this thread, it was okay to do a little mental coredump, rather than intruding on somebody else's thread.

Perhaps we need a "War Stories" thread? I am sure others have interesting stories to tell as well...

[geekmaster]

Quote:

Originally Posted by DustyDisks

Getting close myself to be able to carry the title, "One Day Older Than Dirt!). I have played with and used some of the equipment in your post. That was the days that "Floppy" disks were really floppy.

Peace !

No need to quote my *entire* post. It is usually sufficient to only quote the part relevant to your added comments. EDIT: I see that you shortened it. That makes the thread easier to follow (especially on portable devices). Thanks.

Feel free to add some of your old-timer experience to this "variable topic" thread, for the enlightenment of anybody who stumbles upon it. Humorous anecdotes usually help keep the reader interested.

Personally, I am still waiting for my computer implant with direct neural interface*. One of these days...

EDIT: *Of course, a direct neural interface should include at least one channel of DMA (Direct Memory Access). A tool like fsck.brain would be nice too, for us old-timers!