Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 02-12-2012, 09:10 PM   #1
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
kindle passwords only 8 characters

UPDATE: This only applies to original default passwords, which use 8-character DES encryption. Any passwords changed with the "passwd" command use MD5 encryption that hashes all the password characters.

For kindle default login passwords (SSH, scp or serial port logins), the passwords are truncated to 8 characters.

That means that when I said in the past that passwords are mario or fionaXXX (3 lowercase hex digits), I was correct.

Of course, you can type as many extra random characters as you need to make you happy.

On some kindles, the root password is mario. On all of the kindles I have tested, there is also a framework user, with password mario.

So if you need to login and your root password is not working, you can login as user framework and get the root password with this command:

echo fiona$(grep Serial /proc/cpuinfo|cut -b12-27|md5sum|cut -b8-10)
Code:
$ ssh framework@192.168.15.244
framework@192.168.15.244's password: mario
#################################################
#  N O T I C E  *  N O T I C E  *  N O T I C E  # 
#################################################
Rootfs is mounted read-only. Invoke mntroot rw to
switch back to a writable rootfs.
#################################################
[framework@kindle framework]$ echo fiona$(grep Serial /proc/cpuinfo|cut -b12-27|md5sum|cut -b8-10)
fiona62b
[framework@kindle framework]$ exit
$ ssh root@192.168.15.244
root@192.168.15.244's password: fiona62b
#################################################
#  N O T I C E  *  N O T I C E  *  N O T I C E  # 
#################################################
Rootfs is mounted read-only. Invoke mntroot rw to
switch back to a writable rootfs.
#################################################
[root@kindle root]# exit
$ ssh root@192.168.15.244
root@192.168.15.244's password: fiona62bhello
#################################################
#  N O T I C E  *  N O T I C E  *  N O T I C E  # 
#################################################
Rootfs is mounted read-only. Invoke mntroot rw to
switch back to a writable rootfs.
#################################################
[root@kindle root]#

Last edited by geekmaster; 02-13-2012 at 02:25 PM.
geekmaster is offline   Reply With Quote
Old 02-13-2012, 11:40 AM   #2
mc2739
Member
mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.
 
Posts: 12
Karma: 28820
Join Date: Dec 2011
Device: Kindle Touch
Quote:
Originally Posted by geekmaster View Post
For kindle login passwords (SSH, scp or serial port logins), the passwords are truncated to 8 characters.
I'm not sure about other Kindles, but this statement is not entirely true for the Kindle Touch.

I have changed the password on my Touch to a length of greater than eight characters and logging in using ssh and scp require all characters to be entered.

I cannot verify serial port logins since I have not opened my Touch and do not have a serial cable.
mc2739 is offline   Reply With Quote
 
Advertisement
Old 02-13-2012, 01:02 PM   #3
idoit
Plus
idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.
 
idoit's Avatar
 
Posts: 367
Karma: 262144
Join Date: Jan 2012
Location: Tehran, Iran - Halifax, Canada
Device: N/A
Quote:
Originally Posted by mc2739 View Post
I'm not sure about other Kindles, but this statement is not entirely true for the Kindle Touch.

I have changed the password on my Touch to a length of greater than eight characters and logging in using ssh and scp require all characters to be entered.

I cannot verify serial port logins since I have not opened my Touch and do not have a serial cable.
Read his post again. No matter how long you type the password, the first 8 characters are considered as password (I verify this).
idoit is offline   Reply With Quote
Old 02-13-2012, 01:55 PM   #4
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Previously, I tested this using the SSH command on multiple kindles. My Touch has /usr/local copied from the diags partition. I know that the passwords on all my kindles (multple K3s, DX, DXG, multiple K4NT, and Touch) are all either mario or fionaXXX (3 hex digits), because I cracked them all using John the Ripper.

On the K4NT and Touch, when I SSH in I can type extra characters after the 8 character password. On K3 and earlier using the SSH hack, I cannot type extra characters.

This time I tried using the "login" command to test passwords in an SSH session on the Touch. I found that "login" from a command prompt does not accept extra characters, but SSH does.

I also tried changing my touch root password to "123456789". Now the login command requires the full 9 characters. SSH also required all 9 characters. Then I changed it to "12345678". The login command only worked with 8 characters, and SSH only works with 8 characters.

I also tried changing the password back to my original fionaXXX password, and it only worked as 8 characters. The shadow file does not match my original backup copy even with the same password. It is probably using a salt.

I then changed my root password to the 9 character computed fionaXXXX password, and only 9 characters works.

So, there is something special about default passwords, that allows extra characters to be appended to them. User created passwords are sensitive to length.

I copied my original shadow file back, and now I can type optional extra characters after fionaXXX.

Perhaps the different behavior has something to do with salted or unsalted password hashes, or it uses a different hash encryption type. Whatever the ORIGINAL uses only cares about the first 8 characters.

Last edited by geekmaster; 02-13-2012 at 01:58 PM.
geekmaster is offline   Reply With Quote
Old 02-13-2012, 02:06 PM   #5
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by mc2739 View Post
I'm not sure about other Kindles, but this statement is not entirely true for the Kindle Touch.

I have changed the password on my Touch to a length of greater than eight characters and logging in using ssh and scp require all characters to be entered.

I cannot verify serial port logins since I have not opened my Touch and do not have a serial cable.
I added an update to the original post. The behavior that I described only applies to original default passwords. Any passwords changed with the "passwd" command are length-sensitive. Perhaps they use a different password encryption type that hashes more than the first 8 characters.
geekmaster is offline   Reply With Quote
Old 02-13-2012, 02:21 PM   #6
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
I see that the kindle "passwd" command creates passwords that start with "$1$". According to Wikipedia, that indicates "modular" encryption using MD5 encryption with a salt:
http://en.wikipedia.org/wiki/Crypt_(Unix)

The original default root password does not start with "$", so it uses the traditional DES which truncates the password to 8 characters.

So, it turns out that both of my guesses were correct, as to why user-created passwords behave different from default root passwords.
geekmaster is offline   Reply With Quote
Old 02-13-2012, 07:43 PM   #7
mc2739
Member
mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.mc2739 solves Fermatís last theorem while doing the crossword.
 
Posts: 12
Karma: 28820
Join Date: Dec 2011
Device: Kindle Touch
@cscat

Since I have changed my password using the passwd command, that is not true on my Touch. I can only login successfully with the exact password. I cannot login with only the first eight characters, nor with added characters.

@geekmaster

Thanks for clarifying the first post. It is now clear that you meant default passwords.
mc2739 is offline   Reply With Quote
Old 02-14-2012, 10:07 AM   #8
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,021
Karma: 6359394
Join Date: Feb 2012
Device: Too many.
Suggestion withdrawn,

Last edited by knc1; 02-14-2012 at 08:47 PM.
knc1 is offline   Reply With Quote
Old 02-14-2012, 07:18 PM   #9
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by knc1 View Post
Almost.
I would suggest: "uses an encryption method" rather than "use MD5".



A better source than Wikipedia is the man(ual) command on the system of interest.
In this case: man 3 crypt

There you find that the list of "standard" ids may be locally supplimented by locally provided authentication methods.

I realize that embedded systems often do not have the documents installed (to save space) so sometimes you have to refer to a system (using the same version of libraries) that does have the documentation installed.

I suggest that just generalizing the BIG RED NOTE is probably the best advice to give here.
What are you talking about? I am talking about Kindle passwords. A better source than some man page that may not be current or correct is the GPL source code from amazon. In the Kindle 4.0.1 source code, the passwd.c module of busybox uses a flag called "algo", where if FALSE it uses DES, and if TRUE it uses MD5 with salt of "$1$", which agrees with wikipedia.

I grow weary of people trying to correct my information with their own inaccurate or incorrect information, without doing adequate research first. This happens on IRC too.
geekmaster is offline   Reply With Quote
Old 02-14-2012, 07:39 PM   #10
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,021
Karma: 6359394
Join Date: Feb 2012
Device: Too many.
Punishment accepted

Last edited by knc1; 02-14-2012 at 08:48 PM.
knc1 is offline   Reply With Quote
Old 03-05-2012, 03:17 PM   #11
varnie
Connoisseur
varnie can tie a knot in a cherry stem with his or her tonguevarnie can tie a knot in a cherry stem with his or her tonguevarnie can tie a knot in a cherry stem with his or her tonguevarnie can tie a knot in a cherry stem with his or her tonguevarnie can tie a knot in a cherry stem with his or her tonguevarnie can tie a knot in a cherry stem with his or her tonguevarnie can tie a knot in a cherry stem with his or her tonguevarnie can tie a knot in a cherry stem with his or her tonguevarnie can tie a knot in a cherry stem with his or her tonguevarnie can tie a knot in a cherry stem with his or her tonguevarnie can tie a knot in a cherry stem with his or her tongue
 
Posts: 95
Karma: 22248
Join Date: Dec 2011
Device: Kindle Touch
thanks for sharing the information, geekmaster!
it helped me to root into KT (just jailbroke it!).

Last edited by varnie; 03-05-2012 at 03:27 PM.
varnie is offline   Reply With Quote
Old 03-05-2012, 04:33 PM   #12
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,070
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by varnie View Post
thanks for sharing the information, geekmaster!
it helped me to root into KT (just jailbroke it!).
Sharing is a pillar of civilization. We could not "stand on the shoulder's of giants" if people took their biggest and best secrets to the grave.
geekmaster is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Classic Passwords etc Pomtroll Barnes & Noble NOOK 3 04-03-2013 02:25 PM
ŅConvert unicode decomposed characters to unique/normal characters? JohnQwerty Calibre 3 04-05-2012 01:08 PM
rumors, is it true that kindle 3 read pdf passwords files but kindle DXg can not? KRorschachZ Amazon Kindle 4 11-06-2010 05:35 PM
Kindle/Mobi support for accented characters guiyoforward Calibre 1 08-29-2010 11:28 PM
Confused by behavior of two pdfs w/permissions passwords, but no open passwords/DRM grr PDF 0 12-21-2009 03:21 PM


All times are GMT -4. The time now is 07:40 AM.


MobileRead.com is a privately owned, operated and funded community.